enable snapshotdb-manda-01.debian.org to read sallinen's backups

diff --git a/data/common.yaml b/data/common.yaml
index d750bc0..3d4546b 100644 (file)
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -69,15 +69,5 @@ paths:
   auto_clientcerts_dir: '/srv/puppet.debian.org/ca/RESULT/clientcerts'
 apt::sources::debian::location: 'https://deb.debian.org/debian/'
 
-
-# all of these should be retired in favour of including the class role
-# with the host. weasel, 2019-09
-roles:
-  postgresql_server:
-    # these use pg-receive-file-from-backup which is defined in the
-    # postgres::backup_source class.  This should be
-    # cleaned up and handled properly, including the ssh auth keys setup
-    - snapshotdb-manda-01.debian.org
-
 classes:
   - base::includes

diff --git a/data/nodes/snapshotdb-manda-01.debian.org.yaml b/data/nodes/snapshotdb-manda-01.debian.org.yaml
index f9d1e1c..b756c7b 100644 (file)
--- a/data/nodes/snapshotdb-manda-01.debian.org.yaml
+++ b/data/nodes/snapshotdb-manda-01.debian.org.yaml
@@ -1,2 +1,5 @@
 classes:
   - roles::snapshot_db
+  - roles::postgresql::server
+
+postgres::backup_server::register_backup_clienthost::allow_read_hosts: ['sallinen']

diff --git a/modules/postgres/manifests/backup_server.pp b/modules/postgres/manifests/backup_server.pp
index 4e55a10..bf8efa0 100644 (file)
--- a/modules/postgres/manifests/backup_server.pp
+++ b/modules/postgres/manifests/backup_server.pp
@@ -52,9 +52,6 @@ class postgres::backup_server {
     source => 'puppet:///modules/postgres/backup_server/postgres-make-one-base-backup',
     mode   => '0555'
   }
-  file { "/etc/ssh/userkeys/${postgres::backup_server::globals::backup_unix_user}":
-    content => template('postgres/backup_server/sshkeys-manual.erb'),
-  }
   ssh::authorized_key_collect { 'postgres::backup_server':
     target_user => $postgres::backup_server::globals::backup_unix_user,
     collect_tag => $postgres::backup_server::globals::tag_source_sshkey,

diff --git a/modules/postgres/templates/backup_server/sshkeys-manual.erb b/modules/postgres/templates/backup_server/sshkeys-manual.erb
deleted file mode 100644 (file)
index 269a191..0000000
--- a/modules/postgres/templates/backup_server/sshkeys-manual.erb
+++ /dev/null
@@ -1,3 +0,0 @@
-# maintained manually in puppet
-# postgresql backups:
-command="/usr/local/bin/debbackup-ssh-wrap snapshotdb-manda-01 --read-allow=/srv/backups/pg/sallinen",restrict,from="82.195.75.73,2001:41b8:202:deb::311:73" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC53Sx/qzFL+GNrT01fP9tXpd9CjaOZuhLVHIOpoDQM5Nrr4DgbWA3vTghHpdpRHt18EmzWEmclTk3qej/vN6vBIG4cMc8EfpvEvXOLW2qQzMMrx5UeergUX76ie41B8yOCd9lf6H3G+rLqfBR6xEws39WgwTBRT86mKpolYDCJHX1Q8i85eJ/mw9FjHUENZYSxO4k5KBas2/G03+e+/J4TvgjyGbqCxc1RvmiMLE+cnfmeaprZuUbKkL0Df/mV2osuKStfG9ise/qtL0Kv318bsnYvXPDMdFWtFsR1lX2MpHfCFYWJd4bHtNOGSlixYbHcFlNFlSDessfLgpoKwWi3 postgres@snapshotdb-manda-01 (2019-05-23)

diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index 6122e78..8ccc72f 100644 (file)
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -1,10 +1,6 @@
 # = Class: roles
 #
 class roles {
-  if has_role('postgresql_server') {
-    include postgres::backup_source
-  }
-
   if $::keyring_debian_org_mirror {
     include roles::keyring_debian_org_mirror
   }