diff options
Diffstat (limited to 'modules/role/manifests/cryptoportfolio/postgresql.pp')
| -rw-r--r-- | modules/role/manifests/cryptoportfolio/postgresql.pp | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/modules/role/manifests/cryptoportfolio/postgresql.pp b/modules/role/manifests/cryptoportfolio/postgresql.pp index 5db5e25..d951874 100644 --- a/modules/role/manifests/cryptoportfolio/postgresql.pp +++ b/modules/role/manifests/cryptoportfolio/postgresql.pp | |||
| @@ -126,4 +126,70 @@ class role::cryptoportfolio::postgresql inherits role::cryptoportfolio { | |||
| 126 | order => "05-02", | 126 | order => "05-02", |
| 127 | } | 127 | } |
| 128 | 128 | ||
| 129 | $backup_host = "backup-1" | ||
| 130 | |||
| 131 | unless empty($backup_host) { | ||
| 132 | ensure_packages(["pam_ldap"]) | ||
| 133 | |||
| 134 | $facts["ldapvar"]["other"].each |$host| { | ||
| 135 | if ($host["cn"][0] == $backup_host) { | ||
| 136 | $host["ipHostNumber"].each |$ip| { | ||
| 137 | $infos = split($ip, "/") | ||
| 138 | $ipaddress = $infos[0] | ||
| 139 | if (length($infos) == 1 and $ipaddress =~ /:/) { | ||
| 140 | $mask = "128" | ||
| 141 | } elsif (length($infos) == 1) { | ||
| 142 | $mask = "32" | ||
| 143 | } else { | ||
| 144 | $mask = $infos[1] | ||
| 145 | } | ||
| 146 | |||
| 147 | postgresql::server::pg_hba_rule { "allow TCP access to replication user from backup for replication from $ipaddress/$mask": | ||
| 148 | type => 'hostssl', | ||
| 149 | database => 'replication', | ||
| 150 | user => 'all', | ||
| 151 | address => "$ipaddress/$mask", | ||
| 152 | auth_method => 'pam', | ||
| 153 | order => "06-01", | ||
| 154 | } | ||
| 155 | } | ||
| 156 | |||
| 157 | postgresql::server::role { $backup_host: | ||
| 158 | replication => true, | ||
| 159 | } | ||
| 160 | |||
| 161 | postgresql_replication_slot { regsubst($backup_host, '-', "_", "G"): | ||
| 162 | ensure => present | ||
| 163 | } | ||
| 164 | } | ||
| 165 | } | ||
| 166 | |||
| 167 | $ldap_server = lookup("base_installation::ldap_server") | ||
| 168 | $ldap_base = lookup("base_installation::ldap_base") | ||
| 169 | $ldap_dn = lookup("base_installation::ldap_dn") | ||
| 170 | $ldap_password = generate_password(24, $password_seed, "ldap") | ||
| 171 | $ldap_attribute = "cn" | ||
| 172 | |||
| 173 | file { "/etc/pam_ldap.d": | ||
| 174 | ensure => directory, | ||
| 175 | mode => "0755", | ||
| 176 | owner => "root", | ||
| 177 | group => "root", | ||
| 178 | } -> | ||
| 179 | file { "/etc/pam_ldap.d/postgresql.conf": | ||
| 180 | ensure => "present", | ||
| 181 | mode => "0644", | ||
| 182 | owner => "root", | ||
| 183 | group => "root", | ||
| 184 | content => template("role/cryptoportfolio/pam_ldap_postgresql.conf.erb"), | ||
| 185 | } -> | ||
| 186 | file { "/etc/pam.d/postgresql": | ||
| 187 | ensure => "present", | ||
| 188 | mode => "0644", | ||
| 189 | owner => "root", | ||
| 190 | group => "root", | ||
| 191 | source => "puppet:///modules/role/cryptoportfolio/pam_postgresql" | ||
| 192 | } | ||
| 193 | } | ||
| 194 | |||
| 129 | } | 195 | } |