X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fsalsa%2Fmanifests%2Fdatabase.pp;h=32a53a716fd4ff9669af4102fdac32d013612137;hb=d1562b78d6fbb28adc0567ee289cf9a2cdc5223f;hp=080653199e42e819e310f907784bf5c9d327a06f;hpb=4b3905325654c4c15acf07925dc8a9a19b488a6e;p=mirror%2Fdsa-puppet.git diff --git a/modules/salsa/manifests/database.pp b/modules/salsa/manifests/database.pp index 080653199..32a53a716 100644 --- a/modules/salsa/manifests/database.pp +++ b/modules/salsa/manifests/database.pp @@ -18,10 +18,6 @@ class salsa::database inherits salsa { require => Class['postgresql::server::contrib'], } - - - include postgres::backup_source - $pg_config_options = { 'track_counts' => 'yes', 'archive_mode' => 'yes', @@ -41,48 +37,15 @@ class salsa::database inherits salsa { } } - $datadir = assert_type(String[1], $postgresql::params::datadir) - warning("foo ") - file { "${datadir}/.nobackup": - content => "" + ferm::rule::simple { "pgport": + description => "check access to pg port", + port => $postgresql::params::port, + target => "pg-${postgresql::params::port}", } - if $::postgresql_key { - $ipaddr = assert_type(String[1], join(getfromhash($site::nodeinfo, 'ldap', 'ipHostNumber'), ",")) - - @@concat::fragment { "onion::balance::instance::dsa-snippet::$name::$fqdn": - target => "/etc/dsa/postgresql-backup/sshkeys-sources", - content => @("EOF"), - ${::hostname} ${ipaddr} ${::postgresql_key} - | EOF - tag => "postgresql::server::backup-source-sshkey", - } + postgres::backup_cluster { $::hostname: + pg_version => $postgresql::params::version, + pg_port => $postgresql::params::port, + do_role => true, + do_hba => true, } - - $db_backup_role = 'debian-backup' - $db_backup_role_password = hkdf('/etc/puppet/secret', "postgresql-${::hostname}-${postgresql::params::port}-backup_role}") - - # XXX - get these from the roles and ldap - $db_backup_hosts = ['5.153.231.12/32', '93.94.130.161/32', '2001:41c8:1000:21::21:12/128', '2a02:158:380:280::161/128'] - - postgresql::server::role { $db_backup_role: - password_hash => postgresql_password($db_backup_role, $db_backup_role_password), - replication => true, - } - $db_backup_hosts.each |String $address| { - postgresql::server::pg_hba_rule { "debian_backup-${address}": - description => 'Open up PostgreSQL for backups', - type => 'hostssl', - database => 'replication', - user => $db_backup_role, - address => $address, - auth_method => 'md5', - } - } - @ferm::rule { "dsa-postgres-${postgresql::params::port}": - description => 'Allow postgress access from backup host', - domain => '(ip ip6)', - rule => "&SERVICE_RANGE(tcp, ${postgresql::params::port}, ( @ipfilter(\$HOST_PGBACKUPHOST) ))", - } - - # add cluster to make-base-backups }