pg: put postgres ssh keys onto backup server

[mirror/dsa-puppet.git] / modules / postgres / manifests / backup_server.pp

diff --git a/modules/postgres/manifests/backup_server.pp b/modules/postgres/manifests/backup_server.pp
index 4fda760..2bda5dc 100644 (file)
--- a/modules/postgres/manifests/backup_server.pp
+++ b/modules/postgres/manifests/backup_server.pp
@@ -19,4 +19,30 @@ class postgres::backup_server {
                        content  => "20 0 * * 6 debbackup chronic /usr/local/bin/postgres-make-base-backups\n",
                }
        }
+
+       file { '/etc/dsa/postgresql-backup':
+               ensure => 'directory',
+       }
+       file { '/usr/local/bin/postgres-make-backup-sshauthkeys':
+               content => template('postgres/backup_server/postgres-make-backup-sshauthkeys.erb'),
+               mode   => '0555',
+               notify  => Exec['postgres-make-backup-sshauthkeys'],
+       }
+       concat { '/etc/dsa/postgresql-backup/sshkeys-sources':
+               notify  => Exec['postgres-make-backup-sshauthkeys'],
+       }
+       concat::fragment { 'postgresql-backup/source-sshkeys-header':
+               target => '/etc/dsa/postgresql-backup/sshkeys-sources',
+               content  => @(EOF),
+                               # <name> <ip addresses> <key>
+                               | EOF
+               order  => '00',
+       }
+
+       Concat::Fragment <<| tag == "postgresql::server::backup-source-sshkey" |>>
+
+       exec { "postgres-make-backup-sshauthkeys":
+               command => "/usr/local/bin/postgres-make-backup-sshauthkeys",
+               refreshonly => true,
+       }
 }