switch seger to modern pg backup config fu
authorPeter Palfrader <peter@palfrader.org>
Sat, 28 Sep 2019 16:50:39 +0000 (18:50 +0200)
committerPeter Palfrader <peter@palfrader.org>
Sat, 28 Sep 2019 16:50:39 +0000 (18:50 +0200)
data/common.yaml
data/nodes/seger.debian.org.yaml
modules/ferm/manifests/per_host.pp
modules/postgres/templates/backup_server/dsa-check-backuppg-manual.conf.erb
modules/postgres/templates/backup_server/postgres-make-base-backups.erb
modules/postgres/templates/backup_server/sshkeys-manual.erb

index f8fdd45..5738eb5 100644 (file)
@@ -81,7 +81,6 @@ roles:
     - buxtehude.debian.org
     - lw07.debian.org
     - sallinen.debian.org
-    - seger.debian.org
     - snapshotdb-manda-01.debian.org
 
 classes:
index 070e138..40d6321 100644 (file)
@@ -1,3 +1,4 @@
 ---
 classes:
+  - roles::postgresql::server
   - roles::security_master
index 07995cb..b2a6009 100644 (file)
@@ -209,13 +209,6 @@ class ferm::per_host {
           | EOF
       }
     }
-    seger: {
-      ferm::rule { 'dsa-postgres-backup':
-        description => 'Allow postgress access',
-        domain      => '(ip ip6)',
-        rule        => '&SERVICE_RANGE(tcp, 5432, ( $HOST_PGBACKUPHOST ))'
-      }
-    }
     sallinen: {
       ferm::rule { 'dsa-postgres':
         description => 'Allow postgress access',
index 8b11240..56d7f77 100755 (executable)
@@ -165,7 +165,6 @@ while read host port username  cluster version; do
         fi
     fi
 done << EOF
-seger.debian.org       5432    debian-backup           dak             9.6
 bmdb1.debian.org       5435    debian-backup           main            9.6
 bmdb1.debian.org       5440    debian-backup           debsources      9.6
 sallinen.debian.org    5473    debian-backup           snapshot        9.6
index 97d3dfd..2887dfe 100644 (file)
@@ -5,5 +5,4 @@ command="/usr/local/bin/debbackup-ssh-wrap bmdb1 --read-allow=/srv/backups/pg/fa
 command="/usr/local/bin/debbackup-ssh-wrap chopin",restrict,from="2001:8d8:580:400:6564:a62::3,195.20.242.124" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtJ54j48JZRNVRaCeIsRwuw3/gfBgpz9TCR1PUd+NfugscrR9xlYAac+DD7GuGkVb1FZuZLGTkrrg+Ziis5ZOEaib/WxjmdTM0FLLw+3shTaBbPP4snWj+H31wA+SS6b9bqVikaZYq3ZRO3Nt8eScphpoU4sw3BgUGE+lNgjFCx+Y6zasRon/KU+YKHtKYKMg/8Ams551oaCBPP0tXGWAeoiDAHq/PUWaaK4jyu+a2BAP/fQ2OovXsM6t+0pRpdtxCBV1kgKtgJnbV1xEFpFRvpBMQv+BQb8M4eVUJ1DgyOT4Ew3Zl1XYNvCT/YMoYOElOmRio1aD9+dh7CZCfWlYMw== postgres@chopin (20101213)
 command="/usr/local/bin/debbackup-ssh-wrap lw07 --read-allow=/srv/backups/pg/sallinen",restrict,from="185.17.185.187,2001:1af8:4020:b030:deb::187" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiLZIqnyKrsfoT1sQdbuUsOoqW1t71Sv8hpJj9yLzrSFq/YCnho9G2Q/LJm4sMB4W64uQMUX6oLsqsgIBbOZw71CBRou41zwS/D+7+sjiPy1aVXp+L+fAXqLdemCUYqXAm0bGTLboGmlDSG3/r3v3B2+vqwAoHaC/GwuoNgvHq+sfxZPo/9cDRlTyE0ktyxwdUN+czxyLtDPqz3CucOHX03p8F3lNEwFUCGIVAkP4zxZsiEjD+eCbWam0bVFoWnfXYcmf2GYKEy2PQp0ksXmbsnRIblW5zoKdEXeDjwSStFHtjqkJw2TdPLUGSXljCgy9OCXYVMUrFnXw2Ak88KYpV postgres@lw07 (20140713)
 command="/usr/local/bin/debbackup-ssh-wrap snapshotdb-manda-01 --read-allow=/srv/backups/pg/sallinen",restrict,from="82.195.75.73,2001:41b8:202:deb::311:73" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC53Sx/qzFL+GNrT01fP9tXpd9CjaOZuhLVHIOpoDQM5Nrr4DgbWA3vTghHpdpRHt18EmzWEmclTk3qej/vN6vBIG4cMc8EfpvEvXOLW2qQzMMrx5UeergUX76ie41B8yOCd9lf6H3G+rLqfBR6xEws39WgwTBRT86mKpolYDCJHX1Q8i85eJ/mw9FjHUENZYSxO4k5KBas2/G03+e+/J4TvgjyGbqCxc1RvmiMLE+cnfmeaprZuUbKkL0Df/mV2osuKStfG9ise/qtL0Kv318bsnYvXPDMdFWtFsR1lX2MpHfCFYWJd4bHtNOGSlixYbHcFlNFlSDessfLgpoKwWi3 postgres@snapshotdb-manda-01 (2019-05-23)
-command="/usr/local/bin/debbackup-ssh-wrap seger",restrict,from="82.195.75.93,2001:41b8:202:deb::311:93" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuLyOZP0eJvTEVXoI0K5xJw2OLZkaJ3yl7Gko/YfhhBebxEB9R0xu97zkiKqitmWm61BZSapdIqlUeMd+t/UgjcqpffXkGz0nx99YZgY0lq3WA4MLZiRrZGnfSzjSvcdSFXDlmv20+txEuf05h26BJUAsjQaugNd0641WPWoLK3+sHc4ZXga7//M6bia8b7n3iYCeVc8UHyjWsSPq/+QyTa49+ZXYLIraGOpZbQG276ywLm4eDc8VWalw7mB0cWJTIM9NGTSVQPEP8bvY9MqzvmmnltjyQ4Mk+PQHobMzlb99HXMNGZpM8fpHZgLjcnCurHtFGYiMBt3MlDJzA9Egp postgres@seger
 command="/usr/local/bin/debbackup-ssh-wrap sallinen",restrict,from="193.62.202.26,2001:630:206:4000:1a1a:0:c13e:ca1a" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+kslXxLI6dGRSJoHKnKpWMcTdvlMM4KbrPPDzhijemmxo2lpMRSuvzc98UE2zy4fDSWFbid1drf8XC/BwwNRLnJGFcMjJ42JcDBz9zALQfgmhFzgxFRJFsHgXxq/GJNqvq9i2Mk1dV8wpQgJNToYU5XHJjkLCT2ucV9jUZ1ZRFaLxrnM7uMXPH8HJ1vqTRHMrq/YghUMJHDBLK8ukChs2uEOYJxODJkYdbSFUC//KVScFnDC0WhhDtjCuIn4USY3KNJ9GrxhNSFc/O0XWKFAc2ntzk0d7WDH6O+9izkesXugq/ICFmDIGu4OXCnQYWdQQVsaAlFkD5lgbcw+7wG77 postgres@sallinen (2018-01-04)