aboutsummaryrefslogtreecommitdiff
path: root/modules/profile/manifests/postgresql/replication.pp
blob: b05005869d4863100263179b094065367a865b69 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
define profile::postgresql::replication (
  Boolean          $handle_role   = false,
  Boolean          $handle_config = false,
  Boolean          $add_self_role = false,
  Boolean          $handle_slot   = false,
  Optional[String] $target        = undef,
) {
  include "profile::postgresql::pam_ldap"

  $host_cn = $title
  $host_infos = find_host($facts["ldapvar"]["other"], $host_cn)

  if empty($host_infos) {
    fail("Unable to find host for replication")
  }

  if empty($target) {
    $pg_version = undef
  } else {
    $pg_version = "10"
  }

  $host_infos["ipHostNumber"].each |$ip| {
    $infos = split($ip, "/")
    $ipaddress = $infos[0]
    if (length($infos) == 1 and $ipaddress =~ /:/) {
      $mask = "128"
    } elsif (length($infos) == 1) {
      $mask = "32"
    } else {
      $mask = $infos[1]
    }

    postgresql::server::pg_hba_rule { "allow TCP access for replication to user $host_cn from $ipaddress/$mask":
      type               => 'hostssl',
      database           => 'replication',
      user               => $host_cn,
      address            => "$ipaddress/$mask",
      auth_method        => 'pam',
      order              => "06-01",
      target             => $target,
      postgresql_version => $pg_version,
    }
  }

  if $handle_config {
    ensure_resource("postgresql::server::config_entry", "wal_level", {
      value => "logical",
    })
  }

  if $handle_role {
    postgresql::server::role { $host_cn:
      replication => true,
      require => Service["postgresql"],
    }

    if $add_self_role {
      $ldap_cn = lookup("base_installation::ldap_cn")

      # Needed to be replicated to the backup and be able to recover later
      ensure_resource("postgresql::server::role", $ldap_cn, {
        replication => true,
        require => Service["postgresql"],
      })
    }
  }

  if $handle_slot {
    postgresql_replication_slot { regsubst($host_cn, '-', "_", "G"):
      ensure  => present,
      require => Service["postgresql"],
    }
  }
}