diff options
-rw-r--r-- | modules/profile/manifests/postgresql_master.pp | 50 | ||||
-rw-r--r-- | modules/role/manifests/backup/postgresql.pp | 62 | ||||
-rw-r--r-- | modules/role/templates/backup/pam_ldap_pgbouncer.conf.erb | 2 | ||||
-rw-r--r-- | python/reboot_ovh_cloud_instance.py | 3 |
4 files changed, 84 insertions, 33 deletions
diff --git a/modules/profile/manifests/postgresql_master.pp b/modules/profile/manifests/postgresql_master.pp index 9966f0d..6f8854d 100644 --- a/modules/profile/manifests/postgresql_master.pp +++ b/modules/profile/manifests/postgresql_master.pp | |||
@@ -83,33 +83,33 @@ define profile::postgresql_master ( | |||
83 | ensure => present | 83 | ensure => present |
84 | } | 84 | } |
85 | } | 85 | } |
86 | } | ||
86 | 87 | ||
87 | $ldap_server = lookup("base_installation::ldap_server") | 88 | $ldap_server = lookup("base_installation::ldap_server") |
88 | $ldap_base = lookup("base_installation::ldap_base") | 89 | $ldap_base = lookup("base_installation::ldap_base") |
89 | $ldap_dn = lookup("base_installation::ldap_dn") | 90 | $ldap_dn = lookup("base_installation::ldap_dn") |
90 | $ldap_password = generate_password(24, $password_seed, "ldap") | 91 | $ldap_password = generate_password(24, $password_seed, "ldap") |
91 | $ldap_attribute = "cn" | 92 | $ldap_attribute = "cn" |
92 | 93 | ||
93 | file { "/etc/pam_ldap.d": | 94 | file { "/etc/pam_ldap.d": |
94 | ensure => directory, | 95 | ensure => directory, |
95 | mode => "0755", | 96 | mode => "0755", |
96 | owner => "root", | 97 | owner => "root", |
97 | group => "root", | 98 | group => "root", |
98 | } -> | 99 | } -> |
99 | file { "/etc/pam_ldap.d/postgresql.conf": | 100 | file { "/etc/pam_ldap.d/postgresql.conf": |
100 | ensure => "present", | 101 | ensure => "present", |
101 | mode => "0600", | 102 | mode => "0600", |
102 | owner => $::profile::postgresql::pg_user, | 103 | owner => $::profile::postgresql::pg_user, |
103 | group => "root", | 104 | group => "root", |
104 | content => template("profile/postgresql_master/pam_ldap_postgresql.conf.erb"), | 105 | content => template("profile/postgresql_master/pam_ldap_postgresql.conf.erb"), |
105 | } -> | 106 | } -> |
106 | file { "/etc/pam.d/postgresql": | 107 | file { "/etc/pam.d/postgresql": |
107 | ensure => "present", | 108 | ensure => "present", |
108 | mode => "0644", | 109 | mode => "0644", |
109 | owner => "root", | 110 | owner => "root", |
110 | group => "root", | 111 | group => "root", |
111 | source => "puppet:///modules/profile/postgresql_master/pam_postgresql" | 112 | source => "puppet:///modules/profile/postgresql_master/pam_postgresql" |
112 | } | ||
113 | } | 113 | } |
114 | 114 | ||
115 | } | 115 | } |
diff --git a/modules/role/manifests/backup/postgresql.pp b/modules/role/manifests/backup/postgresql.pp index b26773c..9e1c9f7 100644 --- a/modules/role/manifests/backup/postgresql.pp +++ b/modules/role/manifests/backup/postgresql.pp | |||
@@ -13,7 +13,7 @@ class role::backup::postgresql inherits role::backup { | |||
13 | $ldap_server = lookup("base_installation::ldap_server") | 13 | $ldap_server = lookup("base_installation::ldap_server") |
14 | $ldap_base = lookup("base_installation::ldap_base") | 14 | $ldap_base = lookup("base_installation::ldap_base") |
15 | $ldap_dn = lookup("base_installation::ldap_dn") | 15 | $ldap_dn = lookup("base_installation::ldap_dn") |
16 | $ldap_attribute = "uid" | 16 | $pgbouncer_ldap_attribute = "uid" |
17 | 17 | ||
18 | $pg_slot = regsubst($ldap_cn, '-', "_", "G") | 18 | $pg_slot = regsubst($ldap_cn, '-', "_", "G") |
19 | 19 | ||
@@ -71,18 +71,13 @@ class role::backup::postgresql inherits role::backup { | |||
71 | ], | 71 | ], |
72 | } | 72 | } |
73 | 73 | ||
74 | file { "/etc/pam_ldap.d": | ||
75 | ensure => directory, | ||
76 | mode => "0755", | ||
77 | owner => "root", | ||
78 | group => "root", | ||
79 | } -> | ||
80 | file { "/etc/pam_ldap.d/pgbouncer.conf": | 74 | file { "/etc/pam_ldap.d/pgbouncer.conf": |
81 | ensure => "present", | 75 | ensure => "present", |
82 | mode => "0600", | 76 | mode => "0600", |
83 | owner => $pg_user, | 77 | owner => $pg_user, |
84 | group => "root", | 78 | group => "root", |
85 | content => template("role/backup/pam_ldap_pgbouncer.conf.erb"), | 79 | content => template("role/backup/pam_ldap_pgbouncer.conf.erb"), |
80 | require => File["/etc/pam_ldap.d"], | ||
86 | } -> | 81 | } -> |
87 | file { "/etc/pam.d/pgbouncer": | 82 | file { "/etc/pam.d/pgbouncer": |
88 | ensure => "present", | 83 | ensure => "present", |
@@ -94,6 +89,29 @@ class role::backup::postgresql inherits role::backup { | |||
94 | } | 89 | } |
95 | } | 90 | } |
96 | 91 | ||
92 | $ldap_attribute = "cn" | ||
93 | |||
94 | file { "/etc/pam_ldap.d": | ||
95 | ensure => directory, | ||
96 | mode => "0755", | ||
97 | owner => "root", | ||
98 | group => "root", | ||
99 | } -> | ||
100 | file { "/etc/pam_ldap.d/postgresql.conf": | ||
101 | ensure => "present", | ||
102 | mode => "0600", | ||
103 | owner => $pg_user, | ||
104 | group => "root", | ||
105 | content => template("profile/postgresql_master/pam_ldap_postgresql.conf.erb"), | ||
106 | } -> | ||
107 | file { "/etc/pam.d/postgresql": | ||
108 | ensure => "present", | ||
109 | mode => "0644", | ||
110 | owner => "root", | ||
111 | group => "root", | ||
112 | source => "puppet:///modules/profile/postgresql_master/pam_postgresql" | ||
113 | } | ||
114 | |||
97 | $pg_backup_hosts.each |$backup_host_cn, $pg_infos| { | 115 | $pg_backup_hosts.each |$backup_host_cn, $pg_infos| { |
98 | $host = find_host($facts["ldapvar"]["other"], $backup_host_cn) | 116 | $host = find_host($facts["ldapvar"]["other"], $backup_host_cn) |
99 | if empty($host) { | 117 | if empty($host) { |
@@ -108,6 +126,31 @@ class role::backup::postgresql inherits role::backup { | |||
108 | $pg_host = "$pg_backup_host" | 126 | $pg_host = "$pg_backup_host" |
109 | $pg_port = $pg_infos["dbport"] | 127 | $pg_port = $pg_infos["dbport"] |
110 | 128 | ||
129 | unless empty($host) { | ||
130 | $host["ipHostNumber"].each |$ip| { | ||
131 | $infos = split($ip, "/") | ||
132 | $ipaddress = $infos[0] | ||
133 | if (length($infos) == 1 and $ipaddress =~ /:/) { | ||
134 | $mask = "128" | ||
135 | } elsif (length($infos) == 1) { | ||
136 | $mask = "32" | ||
137 | } else { | ||
138 | $mask = $infos[1] | ||
139 | } | ||
140 | |||
141 | postgresql::server::pg_hba_rule { "allow TCP access for initial replication from $ipaddress/$mask": | ||
142 | type => 'hostssl', | ||
143 | database => 'replication', | ||
144 | user => $backup_host_cn, | ||
145 | address => "$ipaddress/$mask", | ||
146 | auth_method => 'pam', | ||
147 | order => "06-01", | ||
148 | target => "$pg_path/pg_hba.conf", | ||
149 | postgresql_version => "10", | ||
150 | } | ||
151 | } | ||
152 | } | ||
153 | |||
111 | if !empty($ldap_filter) and ($pg_infos["pgbouncer"]) { | 154 | if !empty($ldap_filter) and ($pg_infos["pgbouncer"]) { |
112 | concat::fragment { "pgbouncer_$pg_backup_host": | 155 | concat::fragment { "pgbouncer_$pg_backup_host": |
113 | target => "/etc/pgbouncer/pgbouncer.ini", | 156 | target => "/etc/pgbouncer/pgbouncer.ini", |
@@ -292,6 +335,11 @@ class role::backup::postgresql inherits role::backup { | |||
292 | Concat["$pg_path/pg_hba.conf"], | 335 | Concat["$pg_path/pg_hba.conf"], |
293 | Concat["$pg_path/recovery.conf"], | 336 | Concat["$pg_path/recovery.conf"], |
294 | File["$pg_path/postgresql.conf"], | 337 | File["$pg_path/postgresql.conf"], |
338 | ], | ||
339 | subscribe => [ | ||
340 | Concat["$pg_path/pg_hba.conf"], | ||
341 | Concat["$pg_path/recovery.conf"], | ||
342 | File["$pg_path/postgresql.conf"], | ||
295 | ] | 343 | ] |
296 | } | 344 | } |
297 | } | 345 | } |
diff --git a/modules/role/templates/backup/pam_ldap_pgbouncer.conf.erb b/modules/role/templates/backup/pam_ldap_pgbouncer.conf.erb index 12fa9bb..384a418 100644 --- a/modules/role/templates/backup/pam_ldap_pgbouncer.conf.erb +++ b/modules/role/templates/backup/pam_ldap_pgbouncer.conf.erb | |||
@@ -3,5 +3,5 @@ host <%= @ldap_server %> | |||
3 | base <%= @ldap_base %> | 3 | base <%= @ldap_base %> |
4 | binddn <%= @ldap_dn %> | 4 | binddn <%= @ldap_dn %> |
5 | bindpw <%= @ldap_password %> | 5 | bindpw <%= @ldap_password %> |
6 | pam_login_attribute <%= @ldap_attribute %> | 6 | pam_login_attribute <%= @pgbouncer_ldap_attribute %> |
7 | pam_filter <%= @ldap_filter %> | 7 | pam_filter <%= @ldap_filter %> |
diff --git a/python/reboot_ovh_cloud_instance.py b/python/reboot_ovh_cloud_instance.py index bd70e0b..1e88c89 100644 --- a/python/reboot_ovh_cloud_instance.py +++ b/python/reboot_ovh_cloud_instance.py | |||
@@ -25,6 +25,9 @@ if netboot_mode is not None: | |||
25 | result = client.post("/cloud/project/{}/instance/{}/rescueMode".format(project, | 25 | result = client.post("/cloud/project/{}/instance/{}/rescueMode".format(project, |
26 | instance["id"]), imageId=instance["imageId"], rescue=(netboot_mode == "rescue")) | 26 | instance["id"]), imageId=instance["imageId"], rescue=(netboot_mode == "rescue")) |
27 | print(result) | 27 | print(result) |
28 | else: | ||
29 | result = client.post("/cloud/project/{}/instance/{}/reboot".format(project, instance["id"]), type="soft") | ||
30 | print(result) | ||
28 | 31 | ||
29 | # reboot normal: | 32 | # reboot normal: |
30 | #result = client.post("/cloud/project/{}/instance/{}/reboot".format(project, instance["id"]), type="soft") | 33 | #result = client.post("/cloud/project/{}/instance/{}/reboot".format(project, instance["id"]), type="soft") |