diff options
Diffstat (limited to 'modules/profile/manifests/postgresql/replication.pp')
-rw-r--r-- | modules/profile/manifests/postgresql/replication.pp | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/modules/profile/manifests/postgresql/replication.pp b/modules/profile/manifests/postgresql/replication.pp new file mode 100644 index 0000000..33b147f --- /dev/null +++ b/modules/profile/manifests/postgresql/replication.pp | |||
@@ -0,0 +1,60 @@ | |||
1 | define profile::postgresql::replication ( | ||
2 | Boolean $handle_role = false, | ||
3 | Boolean $add_self_role = false, | ||
4 | Boolean $handle_slot = false, | ||
5 | ) { | ||
6 | include "profile::postgresql::pam_ldap" | ||
7 | |||
8 | $host_cn = $title | ||
9 | $host_infos = find_host($facts["ldapvar"]["other"], $host_cn) | ||
10 | |||
11 | if empty($host_infos) { | ||
12 | fail("Unable to find host for replication") | ||
13 | } | ||
14 | |||
15 | ensure_resource("postgresql::server::config_entry", "wal_level", { | ||
16 | value => "logical", | ||
17 | }) | ||
18 | |||
19 | $host_infos["ipHostNumber"].each |$ip| { | ||
20 | $infos = split($ip, "/") | ||
21 | $ipaddress = $infos[0] | ||
22 | if (length($infos) == 1 and $ipaddress =~ /:/) { | ||
23 | $mask = "128" | ||
24 | } elsif (length($infos) == 1) { | ||
25 | $mask = "32" | ||
26 | } else { | ||
27 | $mask = $infos[1] | ||
28 | } | ||
29 | |||
30 | postgresql::server::pg_hba_rule { "allow TCP access for replication to user $host_cn from $ipaddress/$mask": | ||
31 | type => 'hostssl', | ||
32 | database => 'replication', | ||
33 | user => $host_cn, | ||
34 | address => "$ipaddress/$mask", | ||
35 | auth_method => 'pam', | ||
36 | order => "06-01", | ||
37 | } | ||
38 | } | ||
39 | |||
40 | if $handle_role { | ||
41 | postgresql::server::role { $host_cn: | ||
42 | replication => true, | ||
43 | } | ||
44 | |||
45 | if $add_self_role { | ||
46 | $ldap_cn = lookup("base_installation::ldap_cn") | ||
47 | |||
48 | # Needed to be replicated to the backup and be able to recover later | ||
49 | ensure_resource("postgresql::server::role", $ldap_cn, { | ||
50 | replication => true, | ||
51 | }) | ||
52 | } | ||
53 | } | ||
54 | |||
55 | if $handle_slot { | ||
56 | postgresql_replication_slot { regsubst($host_cn, '-', "_", "G"): | ||
57 | ensure => present | ||
58 | } | ||
59 | } | ||
60 | } | ||