-#
+# postgres backup server
class postgres::backup_server {
include postgres::backup_server::globals
+ $make_base_backups = '/usr/local/bin/postgres-make-base-backups'
+
ensure_packages ( [
'libhash-merge-simple-perl',
'libyaml-perl',
}
Concat::Fragment <<| tag == $postgres::backup_server::globals::tag_base_backup |>>
- file { $postgres::backup_server::globals::make_base_backups:
+ file { $make_base_backups:
mode => '0555',
content => template('postgres/backup_server/postgres-make-base-backups.erb'),
}
file { '/var/lib/dsa/postgres-make-base-backups':
ensure => directory,
- owner => 'debbackup',
+ owner => $postgres::backup_server::globals::backup_unix_user,
mode => '0755',
}
concat::fragment { 'puppet-crontab--postgres-make_base_backups':
target => '/etc/cron.d/puppet-crontab',
content => @("EOF")
- */30 * * * * debbackup sleep $(( RANDOM \% 1200 )); chronic ${$postgres::backup_server::globals::make_base_backups}
+ */30 * * * * ${postgres::backup_server::globals::backup_unix_user} sleep $(( RANDOM \% 1200 )); chronic ${make_base_backups}
| EOF
}
#
# do not let other hosts directly build our authorized_keys file,
# instead go via a script that somewhat validates intput
- file { '/etc/dsa/postgresql-backup':
- ensure => 'directory',
- }
file { '/usr/local/bin/postgres-make-backup-sshauthkeys':
- content => template('postgres/backup_server/postgres-make-backup-sshauthkeys.erb'),
- mode => '0555',
- notify => Exec['postgres-make-backup-sshauthkeys'],
+ ensure => absent,
}
file { '/usr/local/bin/postgres-make-one-base-backup':
source => 'puppet:///modules/postgres/backup_server/postgres-make-one-base-backup',
mode => '0555'
}
- file { '/etc/dsa/postgresql-backup/sshkeys-manual':
+ file { "/etc/ssh/userkeys/${postgres::backup_server::globals::backup_unix_user}":
content => template('postgres/backup_server/sshkeys-manual.erb'),
- notify => Exec['postgres-make-backup-sshauthkeys'],
- }
- concat { $postgres::backup_server::globals::sshkeys_sources:
- notify => Exec['postgres-make-backup-sshauthkeys'],
- }
- concat::fragment { 'postgresql-backup/source-sshkeys-header':
- target => $postgres::backup_server::globals::sshkeys_sources ,
- content => @(EOF),
- # <name> <ip addresses> <key>
- | EOF
- order => '00',
}
- Concat::Fragment <<| tag == $postgres::backup_server::globals::tag_source_sshkey |>>
- exec { 'postgres-make-backup-sshauthkeys':
- command => '/usr/local/bin/postgres-make-backup-sshauthkeys',
- refreshonly => true,
+ ssh::authorized_key_collect { 'postgres::backup_server':
+ target_user => $postgres::backup_server::globals::backup_unix_user,
+ collect_tag => $postgres::backup_server::globals::tag_source_sshkey,
}
####
# Maintain /etc/nagios/dsa-check-backuppg.conf
#
+ file { '/etc/dsa/postgresql-backup':
+ ensure => 'directory',
+ }
file { '/etc/dsa/postgresql-backup/dsa-check-backuppg.conf.d':
ensure => 'directory',
purge => true,
refreshonly => true,
}
+ file { '/etc/sudoers.d/backup-server':
+ mode => '0440',
+ content => template('postgres/backup_server/sudoers.erb'),
+ }
+
+
####
# Maintain .pgpass file on backup servers
# #
concat { $postgres::backup_server::globals::pgpassfile:
- owner => 'debbackup',
- group => 'debbackup',
+ owner => $postgres::backup_server::globals::backup_unix_user,
+ group => $postgres::backup_server::globals::backup_unix_group,
mode => '0400'
}
- concat::fragment{ 'pgpass-local':
- target => $postgres::backup_server::globals::pgpassfile,
- source => '/home/debbackup/.pgpass-local',
- order => '00'
- }
Concat::Fragment <<| tag == $postgres::backup_server::globals::tag_source_pgpassline |>>
}