X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fpostgres%2Fmanifests%2Fbackup_cluster.pp;h=dcbf28f673fe02fe869622474bd2e5da41e6bbc5;hb=HEAD;hp=7741d9408c8a3b0dfedc22dc259932dfece98e3d;hpb=06d5a4b60525258ffd7f4ad8d350a0785a249bf5;p=mirror%2Fdsa-puppet.git

diff --git a/modules/postgres/manifests/backup_cluster.pp b/modules/postgres/manifests/backup_cluster.pp
index 7741d9408..dcbf28f67 100644
--- a/modules/postgres/manifests/backup_cluster.pp
+++ b/modules/postgres/manifests/backup_cluster.pp
@@ -30,6 +30,8 @@ define postgres::backup_cluster(
   Boolean $do_role = false,
   Boolean $do_hba = false,
 ) {
+  include postgres::backup_source
+
   $datadir = "/var/lib/postgresql/${pg_version}/${pg_cluster}"
   file { "${datadir}/.nobackup":
     content  => ''
@@ -58,27 +60,12 @@ define postgres::backup_cluster(
     }
   }
 
-  # Send connections to the port to the pg-backup chain
-  # there, the register_backup_clienthost class will have
-  # realized the exported allows from the backup servers.
-  #
-  # Any non-matching traffic will fall through and it can
-  # be allowed elsewhere
-  #
-  # this rule is only needed for clusters that we do not manage
-  # with postgres::cluster.  Hopefully these will go away with time
-  ferm::rule::simple { "dsa-postgres-backup-${pg_port}":
-    description => 'Check for postgres access from backup host',
-    port        => $pg_port,
-    target      => 'pg-backup',
-  }
-
-  postgres::cluster::hba_entry { 'backup-replication':
+  postgres::cluster::hba_entry { "backup-replication::${pg_version}::${pg_cluster}":
     pg_version => $pg_version,
     pg_cluster => $pg_cluster,
     pg_port    => $pg_port,
     database   => 'replication',
-    user       => db_backup_role,
+    user       => $db_backup_role,
     address    => $backup_servers_addrs,
   }
   postgres::backup_server::register_backup_cluster { "backup-role-${::fqdn}}-${pg_port}":