modules/postgres/manifests/backup_server.pp

   1 #
   2 class postgres::backup_server {
   3         include postgres::backup_server::globals
   4
   5         ####
   6         # Regularly pull base backups
   7         #
   8         ensure_packages ( "postgresql-client-9.6", { ensure => 'installed' })
   9
  10         concat { $postgres::backup_server::globals::make_base_backups:
  11                 mode => '0555',
  12         }
  13         concat::fragment { 'make-base-backups-header':
  14                 target => $postgres::backup_server::globals::make_base_backups,
  15                 content => template('postgres/backup_server/postgres-make-base-backups.erb'),
  16                 order  => '00',
  17         }
  18         Concat::Fragment <<| tag == $postgres::backup_server::globals::tag_base_backup |>>
  19         concat::fragment { 'make-base-backups-tail':
  20                 target => $postgres::backup_server::globals::make_base_backups,
  21                 content  => @(EOTEMPLATE),
  22                                 # EOF by make-base-backups-tail fragment
  23                                 EOF
  24                                 | EOTEMPLATE
  25                 order  => '99',
  26         }
  27         file { '/etc/cron.d/puppet-postgres-make-base-backups': ensure => absent; }
  28         file { '/var/lib/dsa/postgres-make-base-backups':
  29                 ensure => directory,
  30                 owner => 'debbackup',
  31                 mode => '0755',
  32         }
  33         concat::fragment { 'dsa-puppet-stuff--postgres-make_base_backups':
  34                 target => '/etc/cron.d/dsa-puppet-stuff',
  35                 content  => @("EOF")
  36                         */30 * * * * debbackup sleep $(( RANDOM \% 1200 )); chronic ${$postgres::backup_server::globals::make_base_backups}
  37                         | EOF
  38         }
  39
  40         ####
  41         # Maintain authorized_keys file on backup servers for WAL shipping
  42         #
  43         # do not let other hosts directly build our authorized_keys file,
  44         # instead go via a script that somewhat validates intput
  45         file { '/etc/dsa/postgresql-backup':
  46                 ensure => 'directory',
  47         }
  48         file { '/usr/local/bin/postgres-make-backup-sshauthkeys':
  49                 content => template('postgres/backup_server/postgres-make-backup-sshauthkeys.erb'),
  50                 mode   => '0555',
  51                 notify  => Exec['postgres-make-backup-sshauthkeys'],
  52         }
  53         file { '/usr/local/bin/postgres-make-one-base-backup':
  54                 source  => 'puppet:///modules/postgres/backup_server/postgres-make-one-base-backup',
  55                 mode   => '0555'
  56         }
  57         file { '/etc/dsa/postgresql-backup/sshkeys-manual':
  58                 content => template('postgres/backup_server/sshkeys-manual.erb'),
  59                 notify  => Exec['postgres-make-backup-sshauthkeys'],
  60         }
  61         concat { $postgres::backup_server::globals::sshkeys_sources:
  62                 notify  => Exec['postgres-make-backup-sshauthkeys'],
  63         }
  64         concat::fragment { 'postgresql-backup/source-sshkeys-header':
  65                 target => $postgres::backup_server::globals::sshkeys_sources ,
  66                 content  => @(EOF),
  67                                 # <name> <ip addresses> <key>
  68                                 | EOF
  69                 order  => '00',
  70         }
  71         Concat::Fragment <<| tag == $postgres::backup_server::globals::tag_source_sshkey |>>
  72         exec { "postgres-make-backup-sshauthkeys":
  73                 command => "/usr/local/bin/postgres-make-backup-sshauthkeys",
  74                 refreshonly => true,
  75         }
  76
  77         ####
  78         # Maintain /etc/nagios/dsa-check-backuppg.conf
  79         #
  80         file { '/etc/dsa/postgresql-backup/dsa-check-backuppg.conf.d':
  81                 ensure => 'directory',
  82                 purge   => true,
  83                 force   => true,
  84                 recurse => true,
  85                 source  => 'puppet:///files/empty/',
  86                 notify => Exec['update dsa-check-backuppg-manual.conf'],
  87         }
  88         file { '/etc/dsa/postgresql-backup/dsa-check-backuppg.conf.d/manual.conf':
  89                 content => template('postgres/backup_server/dsa-check-backuppg-manual.conf.erb'),
  90                 notify => Exec['update dsa-check-backuppg-manual.conf']
  91         }
  92         File<<| tag == $postgres::backup_server::globals::tag_dsa_check_backupp |>>
  93         ensure_packages ( "libhash-merge-simple-perl", { ensure => 'installed' })
  94         exec { "update dsa-check-backuppg-manual.conf":
  95                 command  => @(EOF),
  96                                 perl -MYAML=LoadFile,Dump -MHash::Merge::Simple=merge -E 'say Dump(merge(map{LoadFile($_)}@ARGV))' /etc/dsa/postgresql-backup/dsa-check-backuppg.conf.d/*.conf > /etc/nagios/dsa-check-backuppg.conf
  97                                 | EOF
  98                 provider => shell,
  99                 refreshonly => true,
 100         }
 101
 102         ####
 103         # Maintain .pgpass file on backup servers
 104         # #
 105         concat { $postgres::backup_server::globals::pgpassfile:
 106                 owner => 'debbackup',
 107                 group => 'debbackup',
 108                 mode  => '0400'
 109         }
 110         concat::fragment{ 'pgpass-local':
 111                 target => $postgres::backup_server::globals::pgpassfile,
 112                 source => '/home/debbackup/.pgpass-local',
 113                 order  => '00'
 114         }
 115         Concat::Fragment <<| tag == $postgres::backup_server::globals::tag_source_pgpassline |>>
 116 }