projects / mirror / dsa-puppet.git / blob
? search:


3042a5f93b17e40619683aba83e51dceb27d051c
[mirror/dsa-puppet.git] / modules / postgres / manifests / backup_server.pp
1 #
2 class postgres::backup_server {
3   include postgres::backup_server::globals
4
5   ensure_packages ( [
6     'libhash-merge-simple-perl',
7     'libyaml-perl',
8     'python-yaml',
9     'pigz',
10     'postgresql-client',
11     'postgresql-client-9.6',
12   ], {
13     ensure => 'installed'
14   })
15
16   ####
17   # Regularly pull base backups
18   #
19   concat { $postgres::backup_server::globals::make_base_backups:
20     mode => '0555',
21   }
22   concat::fragment { 'make-base-backups-header':
23     target => $postgres::backup_server::globals::make_base_backups,
24     content => template('postgres/backup_server/postgres-make-base-backups.erb'),
25     order  => '00',
26   }
27   Concat::Fragment <<| tag == $postgres::backup_server::globals::tag_base_backup |>>
28   concat::fragment { 'make-base-backups-tail':
29     target => $postgres::backup_server::globals::make_base_backups,
30     content  => @(EOTEMPLATE),
31         # EOF by make-base-backups-tail fragment
32         EOF
33         | EOTEMPLATE
34     order  => '99',
35   }
36   file { '/etc/cron.d/puppet-postgres-make-base-backups': ensure => absent; }
37   file { '/var/lib/dsa/postgres-make-base-backups':
38     ensure => directory,
39     owner => 'debbackup',
40     mode => '0755',
41   }
42   concat::fragment { 'dsa-puppet-stuff--postgres-make_base_backups':
43     target => '/etc/cron.d/dsa-puppet-stuff',
44     content  => @("EOF")
45       */30 * * * * debbackup sleep $(( RANDOM \% 1200 )); chronic ${$postgres::backup_server::globals::make_base_backups}
46       | EOF
47   }
48
49   ####
50   # Maintain authorized_keys file on backup servers for WAL shipping
51   #
52   # do not let other hosts directly build our authorized_keys file,
53   # instead go via a script that somewhat validates intput
54   file { '/etc/dsa/postgresql-backup':
55     ensure => 'directory',
56   }
57   file { '/usr/local/bin/postgres-make-backup-sshauthkeys':
58     content => template('postgres/backup_server/postgres-make-backup-sshauthkeys.erb'),
59     mode   => '0555',
60     notify  => Exec['postgres-make-backup-sshauthkeys'],
61   }
62   file { '/usr/local/bin/postgres-make-one-base-backup':
63     source  => 'puppet:///modules/postgres/backup_server/postgres-make-one-base-backup',
64     mode   => '0555'
65   }
66   file { '/etc/dsa/postgresql-backup/sshkeys-manual':
67     content => template('postgres/backup_server/sshkeys-manual.erb'),
68     notify  => Exec['postgres-make-backup-sshauthkeys'],
69   }
70   concat { $postgres::backup_server::globals::sshkeys_sources:
71     notify  => Exec['postgres-make-backup-sshauthkeys'],
72   }
73   concat::fragment { 'postgresql-backup/source-sshkeys-header':
74     target => $postgres::backup_server::globals::sshkeys_sources ,
75     content  => @(EOF),
76         # <name> <ip addresses> <key>
77         | EOF
78     order  => '00',
79   }
80   Concat::Fragment <<| tag == $postgres::backup_server::globals::tag_source_sshkey |>>
81   exec { "postgres-make-backup-sshauthkeys":
82     command => "/usr/local/bin/postgres-make-backup-sshauthkeys",
83     refreshonly => true,
84   }
85
86   ####
87   # Maintain /etc/nagios/dsa-check-backuppg.conf
88   #
89   file { '/etc/dsa/postgresql-backup/dsa-check-backuppg.conf.d':
90     ensure => 'directory',
91     purge   => true,
92     force   => true,
93     recurse => true,
94     source  => 'puppet:///files/empty/',
95     notify => Exec['update dsa-check-backuppg-manual.conf'],
96   }
97   file { '/etc/dsa/postgresql-backup/dsa-check-backuppg.conf.d/manual.conf':
98     content => template('postgres/backup_server/dsa-check-backuppg-manual.conf.erb'),
99     notify => Exec['update dsa-check-backuppg-manual.conf']
100   }
101   File<<| tag == $postgres::backup_server::globals::tag_dsa_check_backupp |>>
102   exec { "update dsa-check-backuppg-manual.conf":
103     command  => @(EOF),
104         perl -MYAML=LoadFile,Dump -MHash::Merge::Simple=merge -E 'say Dump(merge(map{LoadFile($_)}@ARGV))' /etc/dsa/postgresql-backup/dsa-check-backuppg.conf.d/*.conf > /etc/nagios/dsa-check-backuppg.conf
105         | EOF
106     provider => shell,
107     refreshonly => true,
108   }
109
110   ####
111   # Maintain .pgpass file on backup servers
112   # #
113   concat { $postgres::backup_server::globals::pgpassfile:
114     owner => 'debbackup',
115     group => 'debbackup',
116     mode  => '0400'
117   }
118   concat::fragment{ 'pgpass-local':
119     target => $postgres::backup_server::globals::pgpassfile,
120     source => '/home/debbackup/.pgpass-local',
121     order  => '00'
122   }
123   Concat::Fragment <<| tag == $postgres::backup_server::globals::tag_source_pgpassline |>>
124 }
Unnamed repository; edit this file 'description' to name the repository.