X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fpostgres%2Fmanifests%2Fcluster.pp;h=970c1ba6901635de261595cd5b02a148d29a762d;hb=694793a4317a94b7dc1483f4a52d4b1868224ed6;hp=a57f5433f9cd6d434bc36c5b968e33e165a8d9df;hpb=6d314df91bf2f73b895e096dde7eb882d4653904;p=mirror%2Fdsa-puppet.git

diff --git a/modules/postgres/manifests/cluster.pp b/modules/postgres/manifests/cluster.pp
index a57f5433f..970c1ba69 100644
--- a/modules/postgres/manifests/cluster.pp
+++ b/modules/postgres/manifests/cluster.pp
@@ -5,38 +5,96 @@
 # @param pg_port         port of the postgres cluster
 # @param manage_hba      manage pg_hba
 # @param confdir         directory where the configuration resides
+# @param backups         make backups of this cluster (unless it is recovering/a replication target)
 define postgres::cluster(
-  String $pg_version,
-  String $pg_cluster = 'main',
-  Integer $pg_port = 5432,
+  Optional[Integer] $pg_port = undef,
+  Optional[String] $pg_cluster = undef,
+  Optional[String] $pg_version = undef,
   Boolean $manage_hba = false,
   String $confdir = "/etc/postgresql/${pg_version}/${pg_cluster}",
+  Boolean $backups = true,
 ) {
-  $reload = "postgresql ${pg_version}/${pg_cluster} reload"
+  # get remaining cluster info and verify consistency
+  ###
+  $clusters = $facts['postgresql_clusters']
+  if $pg_port {
+    $filtered = $clusters.filter |$cluster| { $cluster['port'] == $pg_port }
+    if $filtered.length != 1 {
+      fail("Did not find exactly one cluster with port ${pg_port}")
+    }
+    $cluster = $filtered[0]
+  } elsif $pg_cluster and $pg_version {
+    $filtered = $clusters.filter |$cluster| { $cluster['version'] == $pg_version and $cluster['cluster'] == $pg_cluster}
+    if $filtered.length != 1 {
+      fail("Did not find exactly one cluster ${pg_version}/${pg_cluster}")
+    }
+    $cluster = $filtered[0]
+  } else {
+    fail('postgres::cluster::hba_entry needs either the port of both a pg version and cluster name')
+  }
+  $real_port    = $cluster['port']
+  $real_version = $cluster['version']
+  $real_cluster = $cluster['cluster']
+  if $pg_version and $pg_version != $real_version {
+    fail("Inconsisten cluster version information: ${pg_version} != ${real_version}")
+  }
+  if $pg_cluster and $pg_cluster != $real_cluster {
+    fail("Inconsisten cluster name information: ${pg_cluster} != ${real_cluster}")
+  }
+  ###
+
+  # basic infra
+  ###
+  $reload = "postgresql ${real_version}/${real_cluster} reload"
   exec { $reload:
-    command     => "systemctl reload postgresql@${pg_version}-${pg_cluster}.service",
+    command     => "systemctl reload postgresql@${real_version}-${real_cluster}.service",
     refreshonly => true,
   }
+  ferm::rule::chain { "postgres::cluster::hba_entry::chain::pg-${real_port}":
+    description => "chain for pg${real_version}/${real_cluster}",
+    chain       => "pg-${real_port}",
+  }
+  ferm::rule::simple { "postgres::cluster::hba_entry::${real_version}::${real_cluster}":
+    description => "check access to pg${real_version}/${real_cluster}",
+    port        => $real_port,
+    target      => "pg-${real_port}",
+  }
+  ###
 
-  ferm::rule::simple { "postgres::cluster::hba_entry::${pg_version}::${pg_cluster}":
-    description => "check access to pg${pg_version}/${pg_cluster}",
-    port        => $pg_port,
-    target      => "pg-${pg_port}",
+  if $backups and !$cluster['status']['recovery'] {
+    postgres::backup_cluster { "${real_version}::${real_cluster}":
+      pg_version => $real_version,
+      pg_cluster => $real_cluster,
+      pg_port    => $real_port,
+    }
   }
 
+  # hba entries and firewall rules
+  Postgres::Cluster::Hba_entry <<| tag == "postgres::cluster::${real_version}::${real_cluster}::hba::${::fqdn}" |>>
+  Postgres::Cluster::Hba_entry <<| tag == "postgres::cluster::${real_port}::hba::${::fqdn}" |>>
+
   if $manage_hba {
-    concat { "postgres::cluster::${pg_version}::${pg_cluster}::hba":
+    concat { "postgres::cluster::${real_version}::${real_cluster}::hba":
       path           => "${confdir}/pg_hba.conf",
       mode           => '0440',
       group          => 'postgres',
       ensure_newline => true,
       notify         => Exec[$reload],
     }
-    concat::fragment{ "postgres::cluster::pg_hba-head::${pg_version}::${pg_cluster}":
-      target  => "postgres::cluster::${pg_version}::${pg_cluster}::hba",
+    concat::fragment{ "postgres::cluster::pg_hba-head::${real_version}::${real_cluster}":
+      target  => "postgres::cluster::${real_version}::${real_cluster}::hba",
       order   => '00',
       content => template('postgres/cluster/pg_hba.conf-head.erb'),
     }
-    Concat::Fragment <| tag == "postgres::cluster::${pg_version}::${pg_cluster}::hba" |>
+    postgres::cluster::hba_entry { "postgres::cluster::${real_port}::local-connections":
+      pg_port         => $real_port,
+      connection_type => 'host',
+      database        => 'all',
+      user            => 'all',
+      address         => ['127.0.0.1', '::1'],
+      order           => '30',
+      firewall        => false,
+    }
+    Concat::Fragment <| tag == "postgres::cluster::${real_version}::${real_cluster}::hba" |>
   }
 }