From 5feedbb4f3e35cfb63201a360a685127b2608345 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Tue, 26 Jun 2018 01:04:09 +0200 Subject: Allow host to replicate the cluster from backup --- modules/role/manifests/backup/postgresql.pp | 62 +++++++++++++++++++++++++---- 1 file changed, 55 insertions(+), 7 deletions(-) (limited to 'modules/role/manifests') diff --git a/modules/role/manifests/backup/postgresql.pp b/modules/role/manifests/backup/postgresql.pp index b26773c..9e1c9f7 100644 --- a/modules/role/manifests/backup/postgresql.pp +++ b/modules/role/manifests/backup/postgresql.pp @@ -13,7 +13,7 @@ class role::backup::postgresql inherits role::backup { $ldap_server = lookup("base_installation::ldap_server") $ldap_base = lookup("base_installation::ldap_base") $ldap_dn = lookup("base_installation::ldap_dn") - $ldap_attribute = "uid" + $pgbouncer_ldap_attribute = "uid" $pg_slot = regsubst($ldap_cn, '-', "_", "G") @@ -71,18 +71,13 @@ class role::backup::postgresql inherits role::backup { ], } - file { "/etc/pam_ldap.d": - ensure => directory, - mode => "0755", - owner => "root", - group => "root", - } -> file { "/etc/pam_ldap.d/pgbouncer.conf": ensure => "present", mode => "0600", owner => $pg_user, group => "root", content => template("role/backup/pam_ldap_pgbouncer.conf.erb"), + require => File["/etc/pam_ldap.d"], } -> file { "/etc/pam.d/pgbouncer": ensure => "present", @@ -94,6 +89,29 @@ class role::backup::postgresql inherits role::backup { } } + $ldap_attribute = "cn" + + file { "/etc/pam_ldap.d": + ensure => directory, + mode => "0755", + owner => "root", + group => "root", + } -> + file { "/etc/pam_ldap.d/postgresql.conf": + ensure => "present", + mode => "0600", + owner => $pg_user, + group => "root", + content => template("profile/postgresql_master/pam_ldap_postgresql.conf.erb"), + } -> + file { "/etc/pam.d/postgresql": + ensure => "present", + mode => "0644", + owner => "root", + group => "root", + source => "puppet:///modules/profile/postgresql_master/pam_postgresql" + } + $pg_backup_hosts.each |$backup_host_cn, $pg_infos| { $host = find_host($facts["ldapvar"]["other"], $backup_host_cn) if empty($host) { @@ -108,6 +126,31 @@ class role::backup::postgresql inherits role::backup { $pg_host = "$pg_backup_host" $pg_port = $pg_infos["dbport"] + unless empty($host) { + $host["ipHostNumber"].each |$ip| { + $infos = split($ip, "/") + $ipaddress = $infos[0] + if (length($infos) == 1 and $ipaddress =~ /:/) { + $mask = "128" + } elsif (length($infos) == 1) { + $mask = "32" + } else { + $mask = $infos[1] + } + + postgresql::server::pg_hba_rule { "allow TCP access for initial replication from $ipaddress/$mask": + type => 'hostssl', + database => 'replication', + user => $backup_host_cn, + address => "$ipaddress/$mask", + auth_method => 'pam', + order => "06-01", + target => "$pg_path/pg_hba.conf", + postgresql_version => "10", + } + } + } + if !empty($ldap_filter) and ($pg_infos["pgbouncer"]) { concat::fragment { "pgbouncer_$pg_backup_host": target => "/etc/pgbouncer/pgbouncer.ini", @@ -292,6 +335,11 @@ class role::backup::postgresql inherits role::backup { Concat["$pg_path/pg_hba.conf"], Concat["$pg_path/recovery.conf"], File["$pg_path/postgresql.conf"], + ], + subscribe => [ + Concat["$pg_path/pg_hba.conf"], + Concat["$pg_path/recovery.conf"], + File["$pg_path/postgresql.conf"], ] } } -- cgit v1.2.3