source => 'puppet:///modules/postgres/backup_server/postgres-make-one-base-backup',
mode => '0555'
}
- file { "/etc/ssh/userkeys/${postgres::backup_server::globals::backup_unix_user}":
- content => template('postgres/backup_server/sshkeys-manual.erb'),
- }
ssh::authorized_key_collect { 'postgres::backup_server':
target_user => $postgres::backup_server::globals::backup_unix_user,
collect_tag => $postgres::backup_server::globals::tag_source_sshkey,
mode => '0400'
}
Concat::Fragment <<| tag == $postgres::backup_server::globals::tag_source_pgpassline |>>
+
+ ####
+ # Let us connect to the clusters we want
+ #
+ # We export this, and the backup clients collect it
+ #
+ # this rule is only needed for clusters that we do not manage
+ # with postgres::cluster. Hopefully these will go away with time
+ @@ferm::rule::simple { "pg-backup_server::${::fqdn}":
+ tag => 'postgres::backup_server::to-client',
+ description => 'Allow access access from backup host',
+ chain => 'pg-backup',
+ saddr => $base::public_addresses,
+ }
}