From 1b3c9823c19750767cf0abdabbd0b77ff9edb0d2 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 29 Sep 2019 18:50:17 +0200
Subject: [PATCH] manage pg_hba on fasolo

---
 data/common.yaml                              |  4 ++++
 data/nodes/bmdb1.debian.org.yaml              |  1 +
 data/nodes/fasolo.debian.org.yaml             |  2 ++
 .../postgresql/ftp_master_dak_replica.pp      | 20 +++++++++++++++++++
 4 files changed, 27 insertions(+)
 create mode 100644 modules/roles/manifests/postgresql/ftp_master_dak_replica.pp

diff --git a/data/common.yaml b/data/common.yaml
index b9e458947..06f3e9b0f 100644
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -51,6 +51,10 @@ bacula::client::storage_server: storace.debian.org
 roles::debsources::db_address: bmdb1.debian.org
 roles::debsources::db_port: 5440
 
+roles::postgresql::ftp_master_dak_replica::db_server: fasolo.debian.org
+roles::postgresql::ftp_master_dak_replica::db_port: 5433
+roles::postgresql::ftp_master_dak_replica::db_role: repuser
+
 
 # == other variables
 #####################
diff --git a/data/nodes/bmdb1.debian.org.yaml b/data/nodes/bmdb1.debian.org.yaml
index 32e5d8c68..63dac30bc 100644
--- a/data/nodes/bmdb1.debian.org.yaml
+++ b/data/nodes/bmdb1.debian.org.yaml
@@ -1,6 +1,7 @@
 ---
 classes:
   - roles::postgresql::server
+  - roles::postgresql::ftp_master_dak_replica
 
 postgres::backup_server::register_backup_clienthost::allow_read_hosts: ['fasolo']
 roles::postgresql::server::manage_clusters_hba: [5440]
diff --git a/data/nodes/fasolo.debian.org.yaml b/data/nodes/fasolo.debian.org.yaml
index 0ab201179..6f59726f9 100644
--- a/data/nodes/fasolo.debian.org.yaml
+++ b/data/nodes/fasolo.debian.org.yaml
@@ -5,3 +5,5 @@ classes:
   - roles::postgresql::server
   - roles::static_master
   - roles::static_source
+
+roles::postgresql::server::manage_clusters_hba: true
diff --git a/modules/roles/manifests/postgresql/ftp_master_dak_replica.pp b/modules/roles/manifests/postgresql/ftp_master_dak_replica.pp
new file mode 100644
index 000000000..bcd958565
--- /dev/null
+++ b/modules/roles/manifests/postgresql/ftp_master_dak_replica.pp
@@ -0,0 +1,20 @@
+#
+# replica of the dak instance on ftp-master
+#
+# @param db_server  address of the database server for ftp-master's dak
+# @param db_port    port of the database cluster for ftp-master's dak
+# @param db_role    replication user
+class roles::postgresql::ftp_master_dak_replica (
+  String $db_server,
+  Intger $db_port,
+  String $db_role,
+) {
+
+  @@postgres::cluster::hba_entry { 'dak-replica':
+    tag      => "postgres::cluster::${db_port}::hba::${db_server}",
+    pg_port  => $db_port,
+    database => 'replication',
+    user     => $db_role,
+    address  => $base::public_addresses,
+  }
+}
-- 
2.20.1