X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fpostgres%2Fmanifests%2Fbackup_server.pp;h=84f4c0dd1910bd050692d80bc7587367a1f02546;hb=06d5a4b60525258ffd7f4ad8d350a0785a249bf5;hp=bf8efa04210dd3411f76dcd154d085e2c9d56aaa;hpb=1c07afa774f62ff6df564e37bab79ac42d7032bf;p=mirror%2Fdsa-puppet.git

diff --git a/modules/postgres/manifests/backup_server.pp b/modules/postgres/manifests/backup_server.pp
index bf8efa042..84f4c0dd1 100644
--- a/modules/postgres/manifests/backup_server.pp
+++ b/modules/postgres/manifests/backup_server.pp
@@ -98,4 +98,18 @@ class postgres::backup_server {
     mode  => '0400'
   }
   Concat::Fragment <<| tag == $postgres::backup_server::globals::tag_source_pgpassline |>>
+
+  ####
+  # Let us connect to the clusters we want
+  #
+  # We export this, and the backup clients collect it
+  #
+  # this rule is only needed for clusters that we do not manage
+  # with postgres::cluster.  Hopefully these will go away with time
+  @@ferm::rule::simple { "pg-backup_server::${::fqdn}":
+    tag         => 'postgres::backup_server::to-client',
+    description => 'Allow access access from backup host',
+    chain       => 'pg-backup',
+    saddr       => $base::public_addresses,
+  }
 }