diff options
Diffstat (limited to 'modules/role/manifests/cryptoportfolio/postgresql.pp')
-rw-r--r-- | modules/role/manifests/cryptoportfolio/postgresql.pp | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/modules/role/manifests/cryptoportfolio/postgresql.pp b/modules/role/manifests/cryptoportfolio/postgresql.pp index 5db5e25..d951874 100644 --- a/modules/role/manifests/cryptoportfolio/postgresql.pp +++ b/modules/role/manifests/cryptoportfolio/postgresql.pp | |||
@@ -126,4 +126,70 @@ class role::cryptoportfolio::postgresql inherits role::cryptoportfolio { | |||
126 | order => "05-02", | 126 | order => "05-02", |
127 | } | 127 | } |
128 | 128 | ||
129 | $backup_host = "backup-1" | ||
130 | |||
131 | unless empty($backup_host) { | ||
132 | ensure_packages(["pam_ldap"]) | ||
133 | |||
134 | $facts["ldapvar"]["other"].each |$host| { | ||
135 | if ($host["cn"][0] == $backup_host) { | ||
136 | $host["ipHostNumber"].each |$ip| { | ||
137 | $infos = split($ip, "/") | ||
138 | $ipaddress = $infos[0] | ||
139 | if (length($infos) == 1 and $ipaddress =~ /:/) { | ||
140 | $mask = "128" | ||
141 | } elsif (length($infos) == 1) { | ||
142 | $mask = "32" | ||
143 | } else { | ||
144 | $mask = $infos[1] | ||
145 | } | ||
146 | |||
147 | postgresql::server::pg_hba_rule { "allow TCP access to replication user from backup for replication from $ipaddress/$mask": | ||
148 | type => 'hostssl', | ||
149 | database => 'replication', | ||
150 | user => 'all', | ||
151 | address => "$ipaddress/$mask", | ||
152 | auth_method => 'pam', | ||
153 | order => "06-01", | ||
154 | } | ||
155 | } | ||
156 | |||
157 | postgresql::server::role { $backup_host: | ||
158 | replication => true, | ||
159 | } | ||
160 | |||
161 | postgresql_replication_slot { regsubst($backup_host, '-', "_", "G"): | ||
162 | ensure => present | ||
163 | } | ||
164 | } | ||
165 | } | ||
166 | |||
167 | $ldap_server = lookup("base_installation::ldap_server") | ||
168 | $ldap_base = lookup("base_installation::ldap_base") | ||
169 | $ldap_dn = lookup("base_installation::ldap_dn") | ||
170 | $ldap_password = generate_password(24, $password_seed, "ldap") | ||
171 | $ldap_attribute = "cn" | ||
172 | |||
173 | file { "/etc/pam_ldap.d": | ||
174 | ensure => directory, | ||
175 | mode => "0755", | ||
176 | owner => "root", | ||
177 | group => "root", | ||
178 | } -> | ||
179 | file { "/etc/pam_ldap.d/postgresql.conf": | ||
180 | ensure => "present", | ||
181 | mode => "0644", | ||
182 | owner => "root", | ||
183 | group => "root", | ||
184 | content => template("role/cryptoportfolio/pam_ldap_postgresql.conf.erb"), | ||
185 | } -> | ||
186 | file { "/etc/pam.d/postgresql": | ||
187 | ensure => "present", | ||
188 | mode => "0644", | ||
189 | owner => "root", | ||
190 | group => "root", | ||
191 | source => "puppet:///modules/role/cryptoportfolio/pam_postgresql" | ||
192 | } | ||
193 | } | ||
194 | |||
129 | } | 195 | } |