- ####
- # Maintain authorized_keys file on backup servers for WAL shipping
- #
- # do not let other hosts directly build our authorized_keys file,
- # instead go via a script that somewhat validates intput
- file { '/etc/dsa/postgresql-backup':
- ensure => 'directory',
- }
- file { '/usr/local/bin/postgres-make-backup-sshauthkeys':
- content => template('postgres/backup_server/postgres-make-backup-sshauthkeys.erb'),
- mode => '0555',
- notify => Exec['postgres-make-backup-sshauthkeys'],
- }
- file { '/etc/dsa/postgresql-backup/sshkeys-manual':
- content => template('postgres/backup_server/sshkeys-manual.erb'),
- notify => Exec['postgres-make-backup-sshauthkeys'],
- }
- concat { $postgres::backup_server::globals::sshkeys_sources:
- notify => Exec['postgres-make-backup-sshauthkeys'],
- }
- concat::fragment { 'postgresql-backup/source-sshkeys-header':
- target => $postgres::backup_server::globals::sshkeys_sources ,
- content => @(EOF),
- # <name> <ip addresses> <key>
- | EOF
- order => '00',
- }
- Concat::Fragment <<| tag == $postgres::backup_server::globals::tag_source_sshkey |>>
- exec { "postgres-make-backup-sshauthkeys":
- command => "/usr/local/bin/postgres-make-backup-sshauthkeys",
- refreshonly => true,
- }
+ ####
+ # Regularly pull base backups
+ #
+ concat { $postgres::backup_server::globals::base_backup_clusters:
+ ensure_newline => true,
+ }
+ Concat::Fragment <<| tag == $postgres::backup_server::globals::tag_base_backup |>>