aboutsummaryrefslogtreecommitdiff
path: root/modules/profile/manifests/postgresql
diff options
context:
space:
mode:
Diffstat (limited to 'modules/profile/manifests/postgresql')
-rw-r--r--modules/profile/manifests/postgresql/master.pp49
-rw-r--r--modules/profile/manifests/postgresql/replication.pp5
2 files changed, 50 insertions, 4 deletions
diff --git a/modules/profile/manifests/postgresql/master.pp b/modules/profile/manifests/postgresql/master.pp
index 969905f..02315a6 100644
--- a/modules/profile/manifests/postgresql/master.pp
+++ b/modules/profile/manifests/postgresql/master.pp
@@ -1,8 +1,51 @@
1define profile::postgresql::master ( 1define profile::postgresql::master (
2 $letsencrypt_host = undef, 2 $letsencrypt_host = undef,
3 $backup_hosts = [], 3 $backup_hosts = [],
4 Optional[String] $pg_user = "postgres",
5 Optional[String] $pg_group = "postgres",
4) { 6) {
5 profile::postgresql::ssl { "/var/lib/postgres/data": 7 $pg_path = "/var/lib/postgres"
8 $pg_data_path = "$pg_path/data"
9
10 $postgresql_backup_port = $facts.dig("ldapvar", "self", "vars", "postgresql_backup_port", 0)
11 if ($postgresql_backup_port and !empty($backup_hosts)) {
12 $password_seed = lookup("base_installation::puppet_pass_seed")
13 $ldap_cn = lookup("base_installation::ldap_cn")
14 $ldap_password = generate_password(24, $password_seed, "ldap")
15
16 $host = find_host($facts["ldapvar"]["other"], $backup_hosts[0])
17 if empty($host) {
18 fail("No backup host to recover from")
19 } elsif has_key($host["vars"], "host") {
20 $pg_backup_host = $host["vars"]["host"][0]
21 } else {
22 $pg_backup_host = $host["vars"]["real_hostname"][0]
23 }
24
25 exec { "pg_basebackup $pg_data_path":
26 cwd => $pg_path,
27 user => $pg_user,
28 creates => "$pg_data_path/PG_VERSION",
29 environment => ["PGPASSWORD=$ldap_password"],
30 command => "/usr/bin/pg_basebackup -w -h $pg_backup_host -p $postgresql_backup_port -U $ldap_cn -D $pg_data_path",
31 before => File[$pg_data_path],
32 require => File[$pg_path],
33 notify => Exec["cleanup pg_basebackup $pg_data_path"],
34 } -> file { "$pg_data_path/recovery.conf":
35 before => Concat["$pg_data_path/pg_hba.conf"],
36 ensure => absent,
37 }
38
39 exec { "cleanup pg_basebackup $pg_data_path":
40 refreshonly => true,
41 cwd => $pg_path,
42 user => $pg_user,
43 before => Class["postgresql::server::config"],
44 command => "/usr/bin/rm -f $pg_data_path/postgresql.conf && touch $pg_data_path/postgresql.conf",
45 }
46 }
47
48 profile::postgresql::ssl { $pg_data_path:
6 cert => "/etc/letsencrypt/live/$letsencrypt_host/cert.pem", 49 cert => "/etc/letsencrypt/live/$letsencrypt_host/cert.pem",
7 key => "/etc/letsencrypt/live/$letsencrypt_host/privkey.pem", 50 key => "/etc/letsencrypt/live/$letsencrypt_host/privkey.pem",
8 require => Letsencrypt::Certonly[$letsencrypt_host], 51 require => Letsencrypt::Certonly[$letsencrypt_host],
diff --git a/modules/profile/manifests/postgresql/replication.pp b/modules/profile/manifests/postgresql/replication.pp
index 2fcb71c..b050058 100644
--- a/modules/profile/manifests/postgresql/replication.pp
+++ b/modules/profile/manifests/postgresql/replication.pp
@@ -52,6 +52,7 @@ define profile::postgresql::replication (
52 if $handle_role { 52 if $handle_role {
53 postgresql::server::role { $host_cn: 53 postgresql::server::role { $host_cn:
54 replication => true, 54 replication => true,
55 require => Service["postgresql"],
55 } 56 }
56 57
57 if $add_self_role { 58 if $add_self_role {
@@ -60,13 +61,15 @@ define profile::postgresql::replication (
60 # Needed to be replicated to the backup and be able to recover later 61 # Needed to be replicated to the backup and be able to recover later
61 ensure_resource("postgresql::server::role", $ldap_cn, { 62 ensure_resource("postgresql::server::role", $ldap_cn, {
62 replication => true, 63 replication => true,
64 require => Service["postgresql"],
63 }) 65 })
64 } 66 }
65 } 67 }
66 68
67 if $handle_slot { 69 if $handle_slot {
68 postgresql_replication_slot { regsubst($host_cn, '-', "_", "G"): 70 postgresql_replication_slot { regsubst($host_cn, '-', "_", "G"):
69 ensure => present 71 ensure => present,
72 require => Service["postgresql"],
70 } 73 }
71 } 74 }
72} 75}