# @param pg_port port of the postgres cluster
# @param manage_hba manage pg_hba
# @param confdir directory where the configuration resides
+# @param backups make backups of this cluster (unless it is recovering/a replication target)
define postgres::cluster(
- String $pg_version,
- String $pg_cluster = 'main',
- Integer $pg_port = 5432,
+ Optional[Integer] $pg_port = undef,
+ Optional[String] $pg_cluster = undef,
+ Optional[String] $pg_version = undef,
Boolean $manage_hba = false,
String $confdir = "/etc/postgresql/${pg_version}/${pg_cluster}",
+ Boolean $backups = true,
) {
- $reload = "postgresql ${pg_version}/${pg_cluster} reload"
+ # get remaining cluster info and verify consistency
+ ###
+ $clusters = $facts['postgresql_clusters']
+ if $pg_port {
+ $filtered = $clusters.filter |$cluster| { $cluster['port'] == $pg_port }
+ if $filtered.length != 1 {
+ fail("Did not find exactly one cluster with port ${pg_port}")
+ }
+ $cluster = $filtered[0]
+ } elsif $pg_cluster and $pg_version {
+ $filtered = $clusters.filter |$cluster| { $cluster['version'] == $pg_version and $cluster['cluster'] == $pg_cluster}
+ if $filtered.length != 1 {
+ fail("Did not find exactly one cluster ${pg_version}/${pg_cluster}")
+ }
+ $cluster = $filtered[0]
+ } else {
+ fail('postgres::cluster::hba_entry needs either the port of both a pg version and cluster name')
+ }
+ $real_port = $cluster['port']
+ $real_version = $cluster['version']
+ $real_cluster = $cluster['cluster']
+ if $pg_version and $pg_version != $real_version {
+ fail("Inconsisten cluster version information: ${pg_version} != ${real_version}")
+ }
+ if $pg_cluster and $pg_cluster != $real_cluster {
+ fail("Inconsisten cluster name information: ${pg_cluster} != ${real_cluster}")
+ }
+ ###
+
+ # basic infra
+ ###
+ $reload = "postgresql ${real_version}/${real_cluster} reload"
exec { $reload:
- command => "systemctl reload postgresql@${pg_version}-${pg_cluster}.service",
+ command => "systemctl reload postgresql@${real_version}-${real_cluster}.service",
refreshonly => true,
}
+ ferm::rule::simple { "postgres::cluster::hba_entry::${real_version}::${real_cluster}":
+ description => "check access to pg${real_version}/${real_cluster}",
+ port => $real_port,
+ target => "pg-${real_port}",
+ }
+ ###
- ferm::rule::simple { "postgres::cluster::hba_entry::${pg_version}::${pg_cluster}":
- description => "check access to pg${pg_version}/${pg_cluster}",
- port => $pg_port,
- target => "pg-${pg_port}",
+ if $backups and !$cluster['status']['recovery'] {
+ postgres::backup_cluster { "${real_version}::${real_cluster}":
+ pg_version => $real_version,
+ pg_cluster => $real_cluster,
+ pg_port => $real_port,
+ }
}
# hba entries and firewall rules
- Postgres::Cluster::Hba_entry <<| tag == "postgres::cluster::${pg_version}::${pg_cluster}::hba::${::fqdn}" |>>
- Postgres::Cluster::Hba_entry <<| tag == "postgres::cluster::${pg_port}::hba::${::fqdn}" |>>
+ Postgres::Cluster::Hba_entry <<| tag == "postgres::cluster::${real_version}::${real_cluster}::hba::${::fqdn}" |>>
+ Postgres::Cluster::Hba_entry <<| tag == "postgres::cluster::${real_port}::hba::${::fqdn}" |>>
if $manage_hba {
- concat { "postgres::cluster::${pg_version}::${pg_cluster}::hba":
+ concat { "postgres::cluster::${real_version}::${real_cluster}::hba":
path => "${confdir}/pg_hba.conf",
mode => '0440',
group => 'postgres',
ensure_newline => true,
notify => Exec[$reload],
}
- concat::fragment{ "postgres::cluster::pg_hba-head::${pg_version}::${pg_cluster}":
- target => "postgres::cluster::${pg_version}::${pg_cluster}::hba",
+ concat::fragment{ "postgres::cluster::pg_hba-head::${real_version}::${real_cluster}":
+ target => "postgres::cluster::${real_version}::${real_cluster}::hba",
order => '00',
content => template('postgres/cluster/pg_hba.conf-head.erb'),
}
- Concat::Fragment <| tag == "postgres::cluster::${pg_version}::${pg_cluster}::hba" |>
+ Concat::Fragment <| tag == "postgres::cluster::${real_version}::${real_cluster}::hba" |>
}
}
projects / mirror / dsa-puppet.git / blobdiff