aboutsummaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2018-06-26 01:04:09 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2018-06-27 09:07:50 +0200
commit5feedbb4f3e35cfb63201a360a685127b2608345 (patch)
treef268f78f54cc8039c962ca1c926971f6242d2319 /modules
parentbcc5318b2e938234fcc93f70d6af21367290c1ce (diff)
downloadPuppet-5feedbb4f3e35cfb63201a360a685127b2608345.tar.gz
Puppet-5feedbb4f3e35cfb63201a360a685127b2608345.tar.zst
Puppet-5feedbb4f3e35cfb63201a360a685127b2608345.zip
Allow host to replicate the cluster from backup
Diffstat (limited to 'modules')
-rw-r--r--modules/profile/manifests/postgresql_master.pp50
-rw-r--r--modules/role/manifests/backup/postgresql.pp62
-rw-r--r--modules/role/templates/backup/pam_ldap_pgbouncer.conf.erb2
3 files changed, 81 insertions, 33 deletions
diff --git a/modules/profile/manifests/postgresql_master.pp b/modules/profile/manifests/postgresql_master.pp
index 9966f0d..6f8854d 100644
--- a/modules/profile/manifests/postgresql_master.pp
+++ b/modules/profile/manifests/postgresql_master.pp
@@ -83,33 +83,33 @@ define profile::postgresql_master (
83 ensure => present 83 ensure => present
84 } 84 }
85 } 85 }
86 }
86 87
87 $ldap_server = lookup("base_installation::ldap_server") 88 $ldap_server = lookup("base_installation::ldap_server")
88 $ldap_base = lookup("base_installation::ldap_base") 89 $ldap_base = lookup("base_installation::ldap_base")
89 $ldap_dn = lookup("base_installation::ldap_dn") 90 $ldap_dn = lookup("base_installation::ldap_dn")
90 $ldap_password = generate_password(24, $password_seed, "ldap") 91 $ldap_password = generate_password(24, $password_seed, "ldap")
91 $ldap_attribute = "cn" 92 $ldap_attribute = "cn"
92 93
93 file { "/etc/pam_ldap.d": 94 file { "/etc/pam_ldap.d":
94 ensure => directory, 95 ensure => directory,
95 mode => "0755", 96 mode => "0755",
96 owner => "root", 97 owner => "root",
97 group => "root", 98 group => "root",
98 } -> 99 } ->
99 file { "/etc/pam_ldap.d/postgresql.conf": 100 file { "/etc/pam_ldap.d/postgresql.conf":
100 ensure => "present", 101 ensure => "present",
101 mode => "0600", 102 mode => "0600",
102 owner => $::profile::postgresql::pg_user, 103 owner => $::profile::postgresql::pg_user,
103 group => "root", 104 group => "root",
104 content => template("profile/postgresql_master/pam_ldap_postgresql.conf.erb"), 105 content => template("profile/postgresql_master/pam_ldap_postgresql.conf.erb"),
105 } -> 106 } ->
106 file { "/etc/pam.d/postgresql": 107 file { "/etc/pam.d/postgresql":
107 ensure => "present", 108 ensure => "present",
108 mode => "0644", 109 mode => "0644",
109 owner => "root", 110 owner => "root",
110 group => "root", 111 group => "root",
111 source => "puppet:///modules/profile/postgresql_master/pam_postgresql" 112 source => "puppet:///modules/profile/postgresql_master/pam_postgresql"
112 }
113 } 113 }
114 114
115} 115}
diff --git a/modules/role/manifests/backup/postgresql.pp b/modules/role/manifests/backup/postgresql.pp
index b26773c..9e1c9f7 100644
--- a/modules/role/manifests/backup/postgresql.pp
+++ b/modules/role/manifests/backup/postgresql.pp
@@ -13,7 +13,7 @@ class role::backup::postgresql inherits role::backup {
13 $ldap_server = lookup("base_installation::ldap_server") 13 $ldap_server = lookup("base_installation::ldap_server")
14 $ldap_base = lookup("base_installation::ldap_base") 14 $ldap_base = lookup("base_installation::ldap_base")
15 $ldap_dn = lookup("base_installation::ldap_dn") 15 $ldap_dn = lookup("base_installation::ldap_dn")
16 $ldap_attribute = "uid" 16 $pgbouncer_ldap_attribute = "uid"
17 17
18 $pg_slot = regsubst($ldap_cn, '-', "_", "G") 18 $pg_slot = regsubst($ldap_cn, '-', "_", "G")
19 19
@@ -71,18 +71,13 @@ class role::backup::postgresql inherits role::backup {
71 ], 71 ],
72 } 72 }
73 73
74 file { "/etc/pam_ldap.d":
75 ensure => directory,
76 mode => "0755",
77 owner => "root",
78 group => "root",
79 } ->
80 file { "/etc/pam_ldap.d/pgbouncer.conf": 74 file { "/etc/pam_ldap.d/pgbouncer.conf":
81 ensure => "present", 75 ensure => "present",
82 mode => "0600", 76 mode => "0600",
83 owner => $pg_user, 77 owner => $pg_user,
84 group => "root", 78 group => "root",
85 content => template("role/backup/pam_ldap_pgbouncer.conf.erb"), 79 content => template("role/backup/pam_ldap_pgbouncer.conf.erb"),
80 require => File["/etc/pam_ldap.d"],
86 } -> 81 } ->
87 file { "/etc/pam.d/pgbouncer": 82 file { "/etc/pam.d/pgbouncer":
88 ensure => "present", 83 ensure => "present",
@@ -94,6 +89,29 @@ class role::backup::postgresql inherits role::backup {
94 } 89 }
95 } 90 }
96 91
92 $ldap_attribute = "cn"
93
94 file { "/etc/pam_ldap.d":
95 ensure => directory,
96 mode => "0755",
97 owner => "root",
98 group => "root",
99 } ->
100 file { "/etc/pam_ldap.d/postgresql.conf":
101 ensure => "present",
102 mode => "0600",
103 owner => $pg_user,
104 group => "root",
105 content => template("profile/postgresql_master/pam_ldap_postgresql.conf.erb"),
106 } ->
107 file { "/etc/pam.d/postgresql":
108 ensure => "present",
109 mode => "0644",
110 owner => "root",
111 group => "root",
112 source => "puppet:///modules/profile/postgresql_master/pam_postgresql"
113 }
114
97 $pg_backup_hosts.each |$backup_host_cn, $pg_infos| { 115 $pg_backup_hosts.each |$backup_host_cn, $pg_infos| {
98 $host = find_host($facts["ldapvar"]["other"], $backup_host_cn) 116 $host = find_host($facts["ldapvar"]["other"], $backup_host_cn)
99 if empty($host) { 117 if empty($host) {
@@ -108,6 +126,31 @@ class role::backup::postgresql inherits role::backup {
108 $pg_host = "$pg_backup_host" 126 $pg_host = "$pg_backup_host"
109 $pg_port = $pg_infos["dbport"] 127 $pg_port = $pg_infos["dbport"]
110 128
129 unless empty($host) {
130 $host["ipHostNumber"].each |$ip| {
131 $infos = split($ip, "/")
132 $ipaddress = $infos[0]
133 if (length($infos) == 1 and $ipaddress =~ /:/) {
134 $mask = "128"
135 } elsif (length($infos) == 1) {
136 $mask = "32"
137 } else {
138 $mask = $infos[1]
139 }
140
141 postgresql::server::pg_hba_rule { "allow TCP access for initial replication from $ipaddress/$mask":
142 type => 'hostssl',
143 database => 'replication',
144 user => $backup_host_cn,
145 address => "$ipaddress/$mask",
146 auth_method => 'pam',
147 order => "06-01",
148 target => "$pg_path/pg_hba.conf",
149 postgresql_version => "10",
150 }
151 }
152 }
153
111 if !empty($ldap_filter) and ($pg_infos["pgbouncer"]) { 154 if !empty($ldap_filter) and ($pg_infos["pgbouncer"]) {
112 concat::fragment { "pgbouncer_$pg_backup_host": 155 concat::fragment { "pgbouncer_$pg_backup_host":
113 target => "/etc/pgbouncer/pgbouncer.ini", 156 target => "/etc/pgbouncer/pgbouncer.ini",
@@ -292,6 +335,11 @@ class role::backup::postgresql inherits role::backup {
292 Concat["$pg_path/pg_hba.conf"], 335 Concat["$pg_path/pg_hba.conf"],
293 Concat["$pg_path/recovery.conf"], 336 Concat["$pg_path/recovery.conf"],
294 File["$pg_path/postgresql.conf"], 337 File["$pg_path/postgresql.conf"],
338 ],
339 subscribe => [
340 Concat["$pg_path/pg_hba.conf"],
341 Concat["$pg_path/recovery.conf"],
342 File["$pg_path/postgresql.conf"],
295 ] 343 ]
296 } 344 }
297 } 345 }
diff --git a/modules/role/templates/backup/pam_ldap_pgbouncer.conf.erb b/modules/role/templates/backup/pam_ldap_pgbouncer.conf.erb
index 12fa9bb..384a418 100644
--- a/modules/role/templates/backup/pam_ldap_pgbouncer.conf.erb
+++ b/modules/role/templates/backup/pam_ldap_pgbouncer.conf.erb
@@ -3,5 +3,5 @@ host <%= @ldap_server %>
3base <%= @ldap_base %> 3base <%= @ldap_base %>
4binddn <%= @ldap_dn %> 4binddn <%= @ldap_dn %>
5bindpw <%= @ldap_password %> 5bindpw <%= @ldap_password %>
6pam_login_attribute <%= @ldap_attribute %> 6pam_login_attribute <%= @pgbouncer_ldap_attribute %>
7pam_filter <%= @ldap_filter %> 7pam_filter <%= @ldap_filter %>