X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=input%2Fhowto%2Fpostgres-backup.creole;h=5e21e0500d44ef9866c9ba560da1e4f786baf64b;hb=35d4c16b68e908fbf383a9011df41192ac692288;hp=4f497caed40c5ec40eca4b75ac1ca3c80f6e680f;hpb=3507c51343b0adb6fd1d352892b40d8654819e4a;p=mirror%2Fdsa-wiki.git diff --git a/input/howto/postgres-backup.creole b/input/howto/postgres-backup.creole index 4f497ca..5e21e05 100644 --- a/input/howto/postgres-backup.creole +++ b/input/howto/postgres-backup.creole @@ -30,13 +30,12 @@ Add a {{{postgres::backup_cluster}}} stanza to get it backed up. === Multiple clusters/compatibility mode === -If there is potentially more than one cluster, we cannot use the puppet -{{{postgresql::server}}} class. We also use this for clusters that were -initially set up without puppet. +Since we often have more than one cluster, we cannot use the puppet +{{{postgresql::server}}} class for most things. -* Add the server to the postgresql_server role in puppet's - hieradata/common.yaml. This will cause some scripts to be installed on the - host, as well as an ssh key to be created for the postgres user. +* Add the server to the roles::postgresql::server class role in hiera. + This will cause some scripts to be installed on the host, as well as an ssh + key to be created for the postgres user. * Add these to {{{/etc/postgresql/9.6/main/postgresql.conf}}} or equivalent {{{ @@ -45,30 +44,26 @@ initially set up without puppet. wal_level = archive max_wal_senders = 3 archive_timeout = 1h - archive_command = '/usr/local/bin/pg-backup-file main WAL %p' + archive_command = '/usr/local/bin/pg-backup-file mXXXXXX-CLUSTERNAMEHERE-XXXXain WAL %p' }}} * Run puppet on the postgresql server, -==== ssh authkeys ==== -* If you need extra options in the {{{debbackup-ssh-wrap}}} call on the backup server - (for instance of the host should be allowed to fetch files), manually copy - {{{~postgres/.ssh/id_rsa.pub}}} to - {{{puppet:modules/postgres/templates/backup_server/sshkeys-manual.erb}}}. -* Otherwise, add the host to the postgres::backup_server::register_backup_clienthost line - in {{{puppet:modules/postgres/manifests/backup_source.pp}}}. +* If the server is a replication receiver, it needs read access to the sender's WALs + on the backup host (to recover from situations where the source might no longer + have the WALs.) This can be configured via hiera as well. Example: +{{{ +[git|master] weasel@orinoco:~/projects/debian/d-a/dsa-puppet$ cat data/nodes/snapshotdb-manda-01.debian.org.yaml +classes: + - roles::snapshot_db + - roles::postgresql::server + +postgres::backup_server::register_backup_clienthost::allow_read_hosts: ['sallinen'] +}}} ==== base backup config ==== -* Register each cluster in puppet's - {{{puppet:modules/postgres/manifests/backup_source.pp}}}. - This takes care of adding the replication user to pgpass on the backup servers, - and the firewall rule and adds the cluster to {{{make-base-backups}}}. - (The module can also create the postgres role and modify the hba file, but we - do not do this when we don't configure the entire cluster via puppet.) -* Historically, we also have clusters hardcoded in - {{{puppet:modules/postgres/templates/backup_server/postgres-make-base-backups.erb}}}. -* Run puppet on the backup hosts (storace and backuphost as of 2018). +* Run puppet on the backup hosts (storace and backuphost as of 2019). * On the db server, create a role. Find the password to use on the backup host in {{{~debbackup/.pgpass}}}:\\ {{{sudo -u postgres createuser -D -E -P -R -S debian-backup}}}