1 files changed, 60 insertions, 0 deletions

diff --git a/modules/profile/manifests/postgresql/replication.pp b/modules/profile/manifests/postgresql/replication.pp
new file mode 100644
index 0000000..33b147f
--- /dev/null
+++ b/modules/profile/manifests/postgresql/replication.pp
@@ -0,0 +1,60 @@
+define profile::postgresql::replication (
+  Boolean $handle_role = false,
+  Boolean $add_self_role = false,
+  Boolean $handle_slot = false,
+) {
+  include "profile::postgresql::pam_ldap"
+
+  $host_cn = $title
+  $host_infos = find_host($facts["ldapvar"]["other"], $host_cn)
+
+  if empty($host_infos) {
+    fail("Unable to find host for replication")
+  }
+
+  ensure_resource("postgresql::server::config_entry", "wal_level", {
+    value => "logical",
+  })
+
+  $host_infos["ipHostNumber"].each |$ip| {
+    $infos = split($ip, "/")
+    $ipaddress = $infos[0]
+    if (length($infos) == 1 and $ipaddress =~ /:/) {
+      $mask = "128"
+    } elsif (length($infos) == 1) {
+      $mask = "32"
+    } else {
+      $mask = $infos[1]
+    }
+
+    postgresql::server::pg_hba_rule { "allow TCP access for replication to user $host_cn from $ipaddress/$mask":
+      type        => 'hostssl',
+      database    => 'replication',
+      user        => $host_cn,
+      address     => "$ipaddress/$mask",
+      auth_method => 'pam',
+      order       => "06-01",
+    }
+  }
+
+  if $handle_role {
+    postgresql::server::role { $host_cn:
+      replication => true,
+    }
+
+    if $add_self_role {
+      $ldap_cn = lookup("base_installation::ldap_cn")
+
+      # Needed to be replicated to the backup and be able to recover later
+      ensure_resource("postgresql::server::role", $ldap_cn, {
+        replication => true,
+      })
+    }
+  }
+
+  if $handle_slot {
+    postgresql_replication_slot { regsubst($host_cn, '-', "_", "G"):
+      ensure => present
+    }
+  }
+}