-
+# postgres backup server
class postgres::backup_server {
include postgres::backup_server::globals
#
# do not let other hosts directly build our authorized_keys file,
# instead go via a script that somewhat validates intput
- file { '/etc/dsa/postgresql-backup':
- ensure => 'directory',
- }
file { '/usr/local/bin/postgres-make-backup-sshauthkeys':
- content => template('postgres/backup_server/postgres-make-backup-sshauthkeys.erb'),
- mode => '0555',
- notify => Exec['postgres-make-backup-sshauthkeys'],
+ ensure => absent,
}
file { '/usr/local/bin/postgres-make-one-base-backup':
source => 'puppet:///modules/postgres/backup_server/postgres-make-one-base-backup',
mode => '0555'
}
- file { '/etc/dsa/postgresql-backup/sshkeys-manual':
+ file { "/etc/ssh/userkeys/${postgres::backup_server::globals::backup_unix_user}":
content => template('postgres/backup_server/sshkeys-manual.erb'),
- notify => Exec['postgres-make-backup-sshauthkeys'],
- }
- concat { $postgres::backup_server::globals::sshkeys_sources:
- notify => Exec['postgres-make-backup-sshauthkeys'],
}
- concat::fragment { 'postgresql-backup/source-sshkeys-header':
- target => $postgres::backup_server::globals::sshkeys_sources ,
- content => @(EOF),
- # <name> <ip addresses> <key>
- | EOF
- order => '00',
- }
- Concat::Fragment <<| tag == $postgres::backup_server::globals::tag_source_sshkey |>>
- exec { 'postgres-make-backup-sshauthkeys':
- command => '/usr/local/bin/postgres-make-backup-sshauthkeys',
- refreshonly => true,
+ ssh::authorized_key_collect { 'postgres::backup_server':
+ target_user => $postgres::backup_server::globals::backup_unix_user,
+ collect_tag => $postgres::backup_server::globals::tag_source_sshkey,
}
####
# Maintain /etc/nagios/dsa-check-backuppg.conf
#
+ file { '/etc/dsa/postgresql-backup':
+ ensure => 'directory',
+ }
file { '/etc/dsa/postgresql-backup/dsa-check-backuppg.conf.d':
ensure => 'directory',
purge => true,