diff options
Diffstat (limited to 'modules/profile/manifests/postgresql')
-rw-r--r-- | modules/profile/manifests/postgresql/master.pp | 49 | ||||
-rw-r--r-- | modules/profile/manifests/postgresql/replication.pp | 5 |
2 files changed, 50 insertions, 4 deletions
diff --git a/modules/profile/manifests/postgresql/master.pp b/modules/profile/manifests/postgresql/master.pp index 969905f..02315a6 100644 --- a/modules/profile/manifests/postgresql/master.pp +++ b/modules/profile/manifests/postgresql/master.pp | |||
@@ -1,8 +1,51 @@ | |||
1 | define profile::postgresql::master ( | 1 | define profile::postgresql::master ( |
2 | $letsencrypt_host = undef, | 2 | $letsencrypt_host = undef, |
3 | $backup_hosts = [], | 3 | $backup_hosts = [], |
4 | Optional[String] $pg_user = "postgres", | ||
5 | Optional[String] $pg_group = "postgres", | ||
4 | ) { | 6 | ) { |
5 | profile::postgresql::ssl { "/var/lib/postgres/data": | 7 | $pg_path = "/var/lib/postgres" |
8 | $pg_data_path = "$pg_path/data" | ||
9 | |||
10 | $postgresql_backup_port = $facts.dig("ldapvar", "self", "vars", "postgresql_backup_port", 0) | ||
11 | if ($postgresql_backup_port and !empty($backup_hosts)) { | ||
12 | $password_seed = lookup("base_installation::puppet_pass_seed") | ||
13 | $ldap_cn = lookup("base_installation::ldap_cn") | ||
14 | $ldap_password = generate_password(24, $password_seed, "ldap") | ||
15 | |||
16 | $host = find_host($facts["ldapvar"]["other"], $backup_hosts[0]) | ||
17 | if empty($host) { | ||
18 | fail("No backup host to recover from") | ||
19 | } elsif has_key($host["vars"], "host") { | ||
20 | $pg_backup_host = $host["vars"]["host"][0] | ||
21 | } else { | ||
22 | $pg_backup_host = $host["vars"]["real_hostname"][0] | ||
23 | } | ||
24 | |||
25 | exec { "pg_basebackup $pg_data_path": | ||
26 | cwd => $pg_path, | ||
27 | user => $pg_user, | ||
28 | creates => "$pg_data_path/PG_VERSION", | ||
29 | environment => ["PGPASSWORD=$ldap_password"], | ||
30 | command => "/usr/bin/pg_basebackup -w -h $pg_backup_host -p $postgresql_backup_port -U $ldap_cn -D $pg_data_path", | ||
31 | before => File[$pg_data_path], | ||
32 | require => File[$pg_path], | ||
33 | notify => Exec["cleanup pg_basebackup $pg_data_path"], | ||
34 | } -> file { "$pg_data_path/recovery.conf": | ||
35 | before => Concat["$pg_data_path/pg_hba.conf"], | ||
36 | ensure => absent, | ||
37 | } | ||
38 | |||
39 | exec { "cleanup pg_basebackup $pg_data_path": | ||
40 | refreshonly => true, | ||
41 | cwd => $pg_path, | ||
42 | user => $pg_user, | ||
43 | before => Class["postgresql::server::config"], | ||
44 | command => "/usr/bin/rm -f $pg_data_path/postgresql.conf && touch $pg_data_path/postgresql.conf", | ||
45 | } | ||
46 | } | ||
47 | |||
48 | profile::postgresql::ssl { $pg_data_path: | ||
6 | cert => "/etc/letsencrypt/live/$letsencrypt_host/cert.pem", | 49 | cert => "/etc/letsencrypt/live/$letsencrypt_host/cert.pem", |
7 | key => "/etc/letsencrypt/live/$letsencrypt_host/privkey.pem", | 50 | key => "/etc/letsencrypt/live/$letsencrypt_host/privkey.pem", |
8 | require => Letsencrypt::Certonly[$letsencrypt_host], | 51 | require => Letsencrypt::Certonly[$letsencrypt_host], |
diff --git a/modules/profile/manifests/postgresql/replication.pp b/modules/profile/manifests/postgresql/replication.pp index 2fcb71c..b050058 100644 --- a/modules/profile/manifests/postgresql/replication.pp +++ b/modules/profile/manifests/postgresql/replication.pp | |||
@@ -52,6 +52,7 @@ define profile::postgresql::replication ( | |||
52 | if $handle_role { | 52 | if $handle_role { |
53 | postgresql::server::role { $host_cn: | 53 | postgresql::server::role { $host_cn: |
54 | replication => true, | 54 | replication => true, |
55 | require => Service["postgresql"], | ||
55 | } | 56 | } |
56 | 57 | ||
57 | if $add_self_role { | 58 | if $add_self_role { |
@@ -60,13 +61,15 @@ define profile::postgresql::replication ( | |||
60 | # Needed to be replicated to the backup and be able to recover later | 61 | # Needed to be replicated to the backup and be able to recover later |
61 | ensure_resource("postgresql::server::role", $ldap_cn, { | 62 | ensure_resource("postgresql::server::role", $ldap_cn, { |
62 | replication => true, | 63 | replication => true, |
64 | require => Service["postgresql"], | ||
63 | }) | 65 | }) |
64 | } | 66 | } |
65 | } | 67 | } |
66 | 68 | ||
67 | if $handle_slot { | 69 | if $handle_slot { |
68 | postgresql_replication_slot { regsubst($host_cn, '-', "_", "G"): | 70 | postgresql_replication_slot { regsubst($host_cn, '-', "_", "G"): |
69 | ensure => present | 71 | ensure => present, |
72 | require => Service["postgresql"], | ||
70 | } | 73 | } |
71 | } | 74 | } |
72 | } | 75 | } |