X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fsnapshot_db.pp;h=c620c8793feb45577e20d8c5eb990fb7a47d31ce;hb=HEAD;hp=b2371cf508f19c86ed046e873ae89f70246fe1f0;hpb=0f806816ccf63a07ad9af840e00cf6c80d51f298;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/snapshot_db.pp b/modules/roles/manifests/snapshot_db.pp
index b2371cf50..c620c8793 100644
--- a/modules/roles/manifests/snapshot_db.pp
+++ b/modules/roles/manifests/snapshot_db.pp
@@ -1,19 +1,32 @@
+# db server providing snapshot databases
+#
+# @param db_port          port of the snapshot cluster
+# @param guest_addresses  addresses to allow for the guest account
+# @param upstream_db_server  if this node is a replica, name of the upstream db server
+# @param upstream_db_port    if this node is a replica, port of the upstream db server
+# @param upstream_db_role    if this node is a replica, replication role on the upstream db server
 class roles::snapshot_db (
-  Boolean $ignore_old_postgres = false
+  Integer $db_port,
+  Array[Stdlib::IP::Address] $guest_addresses = ['127.0.0.1', '::1'],
+  Optional[String] $upstream_db_server = undef,
+  Optional[Integer] $upstream_db_port = undef,
+  String $upstream_db_role = "repuser-${::hostname}",
 ) {
   $now = Timestamp()
   $date = $now.strftime('%F')
 
-  if versioncmp($date, '2020-01-15') <= 0 {
+  if versioncmp($::lsbmajdistrelease, '9') <= 0 {
+    $ensure = 'absent'
+  } elsif versioncmp($date, '2020-01-15') <= 0 {
     $ensure = 'present'
   } else {
     $ensure = 'absent'
-    notify {"Temporary old pg ignore rule expired, clean up puppet":
+    notify {'Temporary old pg ignore rule expired, clean up puppet':
       loglevel => warning,
     }
   }
   file { '/etc/nagios/obsolete-packages-ignore.d/puppet-postgres':
-    ensure => $ensure,
+    ensure  => $ensure,
     content => @(EOF),
       libperl5.24:amd64
       postgresql-client-9.6
@@ -26,4 +39,26 @@ class roles::snapshot_db (
       | EOF
   }
 
+
+  postgres::cluster::hba_entry { 'snapshot-guest':
+    pg_port  => $db_port,
+    database => 'snapshot',
+    user     => 'guest',
+    address  => $guest_addresses,
+    method   => 'trust',
+    order    => '20',
+  }
+
+  if $upstream_db_server {
+    if !$upstream_db_port {
+      fail ('Also need a port if we have a upstream_db_server')
+    }
+    @@postgres::cluster::hba_entry { "snapshot-replica-to-${::fqdn}":
+      tag      => "postgres::cluster::${upstream_db_port}::hba::${upstream_db_server}",
+      pg_port  => $upstream_db_port,
+      database => 'replication',
+      user     => $upstream_db_role,
+      address  => $base::public_addresses,
+    }
+  }
 }