-define postgres::backup_server::register_backup_clienthost (
- $sshpubkey = $::postgresql_key,
- $ipaddrlist = join(getfromhash($site::nodeinfo, 'ldap', 'ipHostNumber'), ","),
- $hostname = $::hostname,
-) {
- include postgres::backup_server::globals
+ ####
+ # Maintain authorized_keys file on backup servers for WAL shipping
+ #
+ # do not let other hosts directly build our authorized_keys file,
+ # instead go via a script that somewhat validates intput
+ file { '/etc/dsa/postgresql-backup':
+ ensure => 'directory',
+ }
+ file { '/usr/local/bin/postgres-make-backup-sshauthkeys':
+ content => template('postgres/backup_server/postgres-make-backup-sshauthkeys.erb'),
+ mode => '0555',
+ notify => Exec['postgres-make-backup-sshauthkeys'],
+ }
+ file { '/usr/local/bin/postgres-make-one-base-backup':
+ source => 'puppet:///modules/postgres/backup_server/postgres-make-one-base-backup',
+ mode => '0555'
+ }
+ file { '/etc/dsa/postgresql-backup/sshkeys-manual':
+ content => template('postgres/backup_server/sshkeys-manual.erb'),
+ notify => Exec['postgres-make-backup-sshauthkeys'],
+ }
+ concat { $postgres::backup_server::globals::sshkeys_sources:
+ notify => Exec['postgres-make-backup-sshauthkeys'],
+ }
+ concat::fragment { 'postgresql-backup/source-sshkeys-header':
+ target => $postgres::backup_server::globals::sshkeys_sources ,
+ content => @(EOF),
+ # <name> <ip addresses> <key>
+ | EOF
+ order => '00',
+ }
+ Concat::Fragment <<| tag == $postgres::backup_server::globals::tag_source_sshkey |>>
+ exec { 'postgres-make-backup-sshauthkeys':
+ command => '/usr/local/bin/postgres-make-backup-sshauthkeys',
+ refreshonly => true,
+ }