From 1ec9655400103e5dddacc921fe0b996004ba065c Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Fri, 1 Sep 2017 17:26:25 +0000 Subject: [PATCH] switch salsa db to postgres::backup_cluster --- modules/postgres/manifests/backup_cluster.pp | 4 +- modules/postgres/manifests/backup_source.pp | 2 + modules/salsa/manifests/database.pp | 48 ++------------------ 3 files changed, 8 insertions(+), 46 deletions(-) diff --git a/modules/postgres/manifests/backup_cluster.pp b/modules/postgres/manifests/backup_cluster.pp index 83edaf17f..989b93a43 100644 --- a/modules/postgres/manifests/backup_cluster.pp +++ b/modules/postgres/manifests/backup_cluster.pp @@ -9,8 +9,6 @@ define postgres::backup_cluster( $do_role = false, $do_hba = false, ) { - warning("foo ${backup_servers}") - $datadir = "/var/lib/postgresql/${pg_version}/${pg_cluster}" file { "${datadir}/.nobackup": content => "" @@ -45,7 +43,7 @@ define postgres::backup_cluster( rule => "&SERVICE_RANGE(tcp, ${pg_port}, ( @ipfilter((${backup_servers_addrs_joined})) ))", } - postgres::backup_server::register_backup_cluster { "backup-role-${::fqdn}}-${::pg_port}": + postgres::backup_server::register_backup_cluster { "backup-role-${::fqdn}}-${pg_port}": pg_port => $pg_port, pg_role => $db_backup_role, pg_password => $db_backup_role_password, diff --git a/modules/postgres/manifests/backup_source.pp b/modules/postgres/manifests/backup_source.pp index be48b370c..7bc06844c 100644 --- a/modules/postgres/manifests/backup_source.pp +++ b/modules/postgres/manifests/backup_source.pp @@ -24,7 +24,9 @@ class postgres::backup_source { postgres::backup_cluster { $::hostname: pg_version => '9.6', } + } + if $::hostname in [melartin, godard] { postgres::backup_server::register_backup_clienthost { "backup-clienthost-${::fqdn}}": } } diff --git a/modules/salsa/manifests/database.pp b/modules/salsa/manifests/database.pp index 080653199..ba3d17379 100644 --- a/modules/salsa/manifests/database.pp +++ b/modules/salsa/manifests/database.pp @@ -41,48 +41,10 @@ class salsa::database inherits salsa { } } - $datadir = assert_type(String[1], $postgresql::params::datadir) - warning("foo ") - file { "${datadir}/.nobackup": - content => "" + postgres::backup_cluster { $::hostname: + pg_version => $postgresql::params::version, + pg_port => $postgresql::params::port, + do_role => true, + do_hba => true, } - if $::postgresql_key { - $ipaddr = assert_type(String[1], join(getfromhash($site::nodeinfo, 'ldap', 'ipHostNumber'), ",")) - - @@concat::fragment { "onion::balance::instance::dsa-snippet::$name::$fqdn": - target => "/etc/dsa/postgresql-backup/sshkeys-sources", - content => @("EOF"), - ${::hostname} ${ipaddr} ${::postgresql_key} - | EOF - tag => "postgresql::server::backup-source-sshkey", - } - } - - $db_backup_role = 'debian-backup' - $db_backup_role_password = hkdf('/etc/puppet/secret', "postgresql-${::hostname}-${postgresql::params::port}-backup_role}") - - # XXX - get these from the roles and ldap - $db_backup_hosts = ['5.153.231.12/32', '93.94.130.161/32', '2001:41c8:1000:21::21:12/128', '2a02:158:380:280::161/128'] - - postgresql::server::role { $db_backup_role: - password_hash => postgresql_password($db_backup_role, $db_backup_role_password), - replication => true, - } - $db_backup_hosts.each |String $address| { - postgresql::server::pg_hba_rule { "debian_backup-${address}": - description => 'Open up PostgreSQL for backups', - type => 'hostssl', - database => 'replication', - user => $db_backup_role, - address => $address, - auth_method => 'md5', - } - } - @ferm::rule { "dsa-postgres-${postgresql::params::port}": - description => 'Allow postgress access from backup host', - domain => '(ip ip6)', - rule => "&SERVICE_RANGE(tcp, ${postgresql::params::port}, ( @ipfilter(\$HOST_PGBACKUPHOST) ))", - } - - # add cluster to make-base-backups } -- 2.20.1