require => Class['postgresql::server::contrib'],
}
- include postgres::backup_source
- $datadir = assert_type(String[1], $postgresql::params::datadir)
- warning("foo ")
- file { "${datadir}/.nobackup":
- content => ""
- }
- if $::postgresql_key {
- $ipaddr = assert_type(String[1], join(getfromhash($site::nodeinfo, 'ldap', 'ipHostNumber'), ","))
-
- @@concat::fragment { "onion::balance::instance::dsa-snippet::$name::$fqdn":
- target => "/etc/dsa/postgresql-backup/sshkeys-sources",
- content => @("EOF"),
- ${::hostname} ${ipaddr} ${::postgresql_key}
- | EOF
- tag => "postgresql::server::backup-source-sshkey",
+ $pg_config_options = {
+ 'track_counts' => 'yes',
+ 'archive_mode' => 'yes',
+ 'wal_level' => 'archive',
+ 'max_wal_senders' => '3',
+ 'archive_timeout' => '1h',
+ 'archive_command' => '/usr/local/bin/pg-backup-file main WAL %p',
+ 'ssl' => 'on',
+ 'ssl_cert_file' => '/etc/ssl/debian/certs/thishost-server.crt',
+ 'ssl_key_file' => '/etc/ssl/private/thishost-server.key',
+ }
+ $pg_config_options.each |String $key, String $value| {
+ postgresql_conf { $key:
+ value => $value,
+ target => $postgresql::params::postgresql_conf_path,
+ notify => Service['postgresqld'],
}
}
+
+ ferm::rule::simple { "pgport":
+ description => "check access to pg port",
+ port => $postgresql::params::port,
+ target => "pg-${postgresql::params::port}",
+ }
+ postgres::backup_cluster { $::hostname:
+ pg_version => $postgresql::params::version,
+ pg_port => $postgresql::params::port,
+ do_role => true,
+ do_hba => true,
+ }
}