1 # postgresql cluster configuration
3 # @param pg_version pg version of the cluster
4 # @param pg_cluster cluster name
5 # @param pg_port port of the postgres cluster
6 # @param manage_hba manage pg_hba
7 # @param confdir directory where the configuration resides
8 # @param backups make backups of this cluster (unless it is recovering/a replication target)
9 define postgres::cluster(
10 Optional[Integer] $pg_port = undef,
11 Optional[String] $pg_cluster = undef,
12 Optional[String] $pg_version = undef,
13 Boolean $manage_hba = false,
14 String $confdir = "/etc/postgresql/${pg_version}/${pg_cluster}",
15 Boolean $backups = true,
17 # get remaining cluster info and verify consistency
19 $clusters = $facts['postgresql_clusters']
21 $filtered = $clusters.filter |$cluster| { $cluster['port'] == $pg_port }
22 if $filtered.length != 1 {
23 fail("Did not find exactly one cluster with port ${pg_port}")
25 $cluster = $filtered[0]
26 } elsif $pg_cluster and $pg_version {
27 $filtered = $clusters.filter |$cluster| { $cluster['version'] == $pg_version and $cluster['cluster'] == $pg_cluster}
28 if $filtered.length != 1 {
29 fail("Did not find exactly one cluster ${pg_version}/${pg_cluster}")
31 $cluster = $filtered[0]
33 fail('postgres::cluster::hba_entry needs either the port of both a pg version and cluster name')
35 $real_port = $cluster['port']
36 $real_version = $cluster['version']
37 $real_cluster = $cluster['cluster']
38 if $pg_version and $pg_version != $real_version {
39 fail("Inconsisten cluster version information: ${pg_version} != ${real_version}")
41 if $pg_cluster and $pg_cluster != $real_cluster {
42 fail("Inconsisten cluster name information: ${pg_cluster} != ${real_cluster}")
48 $reload = "postgresql ${real_version}/${real_cluster} reload"
50 command => "systemctl reload postgresql@${real_version}-${real_cluster}.service",
53 ferm::rule::chain { "postgres::cluster::hba_entry::chain::pg-${real_port}":
54 description => "chain for pg${real_version}/${real_cluster}",
55 chain => "pg-${real_port}",
57 ferm::rule::simple { "postgres::cluster::hba_entry::${real_version}::${real_cluster}":
58 description => "check access to pg${real_version}/${real_cluster}",
60 target => "pg-${real_port}",
64 if $backups and !$cluster['status']['recovery'] {
65 postgres::backup_cluster { "${real_version}::${real_cluster}":
66 pg_version => $real_version,
67 pg_cluster => $real_cluster,
68 pg_port => $real_port,
72 # hba entries and firewall rules
73 Postgres::Cluster::Hba_entry <<| tag == "postgres::cluster::${real_version}::${real_cluster}::hba::${::fqdn}" |>>
74 Postgres::Cluster::Hba_entry <<| tag == "postgres::cluster::${real_port}::hba::${::fqdn}" |>>
77 concat { "postgres::cluster::${real_version}::${real_cluster}::hba":
78 path => "${confdir}/pg_hba.conf",
81 ensure_newline => true,
82 notify => Exec[$reload],
84 concat::fragment{ "postgres::cluster::pg_hba-head::${real_version}::${real_cluster}":
85 target => "postgres::cluster::${real_version}::${real_cluster}::hba",
87 content => template('postgres/cluster/pg_hba.conf-head.erb'),
89 Concat::Fragment <| tag == "postgres::cluster::${real_version}::${real_cluster}::hba" |>