1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
define profile::postgresql::replication (
Boolean $handle_role = false,
Boolean $handle_config = false,
Boolean $add_self_role = false,
Boolean $handle_slot = false,
Optional[String] $target = undef,
) {
include "profile::postgresql::pam_ldap"
$host_cn = $title
$host_infos = find_host($facts["ldapvar"]["other"], $host_cn)
if empty($host_infos) {
fail("Unable to find host for replication")
}
if empty($target) {
$pg_version = undef
} else {
$pg_version = "10"
}
$host_infos["ipHostNumber"].each |$ip| {
$infos = split($ip, "/")
$ipaddress = $infos[0]
if (length($infos) == 1 and $ipaddress =~ /:/) {
$mask = "128"
} elsif (length($infos) == 1) {
$mask = "32"
} else {
$mask = $infos[1]
}
postgresql::server::pg_hba_rule { "allow TCP access for replication to user $host_cn from $ipaddress/$mask":
type => 'hostssl',
database => 'replication',
user => $host_cn,
address => "$ipaddress/$mask",
auth_method => 'pam',
order => "06-01",
target => $target,
postgresql_version => $pg_version,
}
}
if $handle_config {
ensure_resource("postgresql::server::config_entry", "wal_level", {
value => "logical",
})
}
if $handle_role {
postgresql::server::role { $host_cn:
replication => true,
require => Service["postgresql"],
}
if $add_self_role {
$ldap_cn = lookup("base_installation::ldap_cn")
# Needed to be replicated to the backup and be able to recover later
ensure_resource("postgresql::server::role", $ldap_cn, {
replication => true,
require => Service["postgresql"],
})
}
}
if $handle_slot {
postgresql_replication_slot { regsubst($host_cn, '-', "_", "G"):
ensure => present,
require => Service["postgresql"],
}
}
}
|
