diff options
Diffstat (limited to 'modules/profile/manifests/postgresql/replication.pp')
-rw-r--r-- | modules/profile/manifests/postgresql/replication.pp | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/modules/profile/manifests/postgresql/replication.pp b/modules/profile/manifests/postgresql/replication.pp new file mode 100644 index 0000000..2fcb71c --- /dev/null +++ b/modules/profile/manifests/postgresql/replication.pp | |||
@@ -0,0 +1,72 @@ | |||
1 | define profile::postgresql::replication ( | ||
2 | Boolean $handle_role = false, | ||
3 | Boolean $handle_config = false, | ||
4 | Boolean $add_self_role = false, | ||
5 | Boolean $handle_slot = false, | ||
6 | Optional[String] $target = undef, | ||
7 | ) { | ||
8 | include "profile::postgresql::pam_ldap" | ||
9 | |||
10 | $host_cn = $title | ||
11 | $host_infos = find_host($facts["ldapvar"]["other"], $host_cn) | ||
12 | |||
13 | if empty($host_infos) { | ||
14 | fail("Unable to find host for replication") | ||
15 | } | ||
16 | |||
17 | if empty($target) { | ||
18 | $pg_version = undef | ||
19 | } else { | ||
20 | $pg_version = "10" | ||
21 | } | ||
22 | |||
23 | $host_infos["ipHostNumber"].each |$ip| { | ||
24 | $infos = split($ip, "/") | ||
25 | $ipaddress = $infos[0] | ||
26 | if (length($infos) == 1 and $ipaddress =~ /:/) { | ||
27 | $mask = "128" | ||
28 | } elsif (length($infos) == 1) { | ||
29 | $mask = "32" | ||
30 | } else { | ||
31 | $mask = $infos[1] | ||
32 | } | ||
33 | |||
34 | postgresql::server::pg_hba_rule { "allow TCP access for replication to user $host_cn from $ipaddress/$mask": | ||
35 | type => 'hostssl', | ||
36 | database => 'replication', | ||
37 | user => $host_cn, | ||
38 | address => "$ipaddress/$mask", | ||
39 | auth_method => 'pam', | ||
40 | order => "06-01", | ||
41 | target => $target, | ||
42 | postgresql_version => $pg_version, | ||
43 | } | ||
44 | } | ||
45 | |||
46 | if $handle_config { | ||
47 | ensure_resource("postgresql::server::config_entry", "wal_level", { | ||
48 | value => "logical", | ||
49 | }) | ||
50 | } | ||
51 | |||
52 | if $handle_role { | ||
53 | postgresql::server::role { $host_cn: | ||
54 | replication => true, | ||
55 | } | ||
56 | |||
57 | if $add_self_role { | ||
58 | $ldap_cn = lookup("base_installation::ldap_cn") | ||
59 | |||
60 | # Needed to be replicated to the backup and be able to recover later | ||
61 | ensure_resource("postgresql::server::role", $ldap_cn, { | ||
62 | replication => true, | ||
63 | }) | ||
64 | } | ||
65 | } | ||
66 | |||
67 | if $handle_slot { | ||
68 | postgresql_replication_slot { regsubst($host_cn, '-', "_", "G"): | ||
69 | ensure => present | ||
70 | } | ||
71 | } | ||
72 | } | ||