Try to modernize pg wal shipping ssh setup

diff --git a/modules/postgres/manifests/backup_server.pp b/modules/postgres/manifests/backup_server.pp
index 97fabc2..6d9b792 100644 (file)
--- a/modules/postgres/manifests/backup_server.pp
+++ b/modules/postgres/manifests/backup_server.pp
@@ -1,4 +1,4 @@
-
+# postgres backup server
 class postgres::backup_server {
   include postgres::backup_server::globals
 
@@ -75,6 +75,10 @@ class postgres::backup_server {
     command     => '/usr/local/bin/postgres-make-backup-sshauthkeys',
     refreshonly => true,
   }
+  ssh::authorized_key_collect { 'postgres::backup_server':
+    target_user => $postgres::backup_server::globals::backup_unix_user,
+    collect_tag => $postgres::backup_server::globals::tag_source_sshkey,
+  }
 
   ####
   # Maintain /etc/nagios/dsa-check-backuppg.conf

diff --git a/modules/postgres/manifests/backup_server/register_backup_clienthost.pp b/modules/postgres/manifests/backup_server/register_backup_clienthost.pp
index 12391a5..b27b7ed 100644 (file)
--- a/modules/postgres/manifests/backup_server/register_backup_clienthost.pp
+++ b/modules/postgres/manifests/backup_server/register_backup_clienthost.pp
@@ -6,6 +6,16 @@ define postgres::backup_server::register_backup_clienthost (
 ) {
   include postgres::backup_server::globals
 
+  $ssh_command = "/usr/local/bin/debbackup-ssh-wrap ${::hostname}"
+
+  ssh::authorized_key_add { 'register_backup_clienthost':
+    target_user => $postgres::backup_server::globals::backup_unix_user,
+    key         => dig($facts, 'ssh_keys_users', 'postgres', 'id_rsa.pub', 'line'),
+    command     => $ssh_command,
+    from        => $base::public_addresses,
+    collect_tag => $postgres::backup_server::globals::tag_source_sshkey,
+  }
+
   if $sshpubkey {
     $addr = assert_type(String[1], $ipaddrlist)
     @@concat::fragment { "postgresql::server::backup-source-clienthost::$name::$fqdn":