Replace debbackup with parameterized username in most places

author Peter Palfrader <peter@palfrader.org>

Sat, 28 Sep 2019 18:58:10 +0000 (20:58 +0200)

committer Peter Palfrader <peter@palfrader.org>

Sat, 28 Sep 2019 18:58:10 +0000 (20:58 +0200)
author Peter Palfrader <peter@palfrader.org>
Sat, 28 Sep 2019 18:58:10 +0000 (20:58 +0200)
committer Peter Palfrader <peter@palfrader.org>
Sat, 28 Sep 2019 18:58:10 +0000 (20:58 +0200)
diff --git a/data/common.yaml b/data/common.yaml

index 4abd2a2..9fc2b89 100644 (file)
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -31,6 +31,7 @@ roles::dns_primary::allow_access:
    - '2a01:3f0:0:27::24'
    - '2a01:3f0:0:28::25'
  postgres::backup_cluster::db_backup_role: 'debian-backup'
+postgres::backup_server::global::backup_unix_user: 'debbackup'
  # bacula
  #
  bacula::email_all: 'bacula-reports@admin.debian.org'
diff --git a/modules/postgres/manifests/backup_server.pp b/modules/postgres/manifests/backup_server.pp

index a4c6689..4d78c99 100644 (file)
--- a/modules/postgres/manifests/backup_server.pp
+++ b/modules/postgres/manifests/backup_server.pp
@@ -29,13 +29,13 @@ class postgres::backup_server {
    }
    file { '/var/lib/dsa/postgres-make-base-backups':
      ensure => directory,
-    owner  => 'debbackup',
+    owner  => $postgres::backup_server::globals::backup_unix_user,
      mode   => '0755',
    }
    concat::fragment { 'puppet-crontab--postgres-make_base_backups':
      target  => '/etc/cron.d/puppet-crontab',
      content => @("EOF")
-      */30 * * * * debbackup sleep $(( RANDOM \% 1200 )); chronic ${make_base_backups}
+      */30 * * * * ${postgres::backup_server::globals::backup_unix_user} sleep $(( RANDOM \% 1200 )); chronic ${make_base_backups}
        | EOF
    }
  
@@ -109,14 +109,9 @@ class postgres::backup_server {
    # Maintain .pgpass file on backup servers
    # #
    concat { $postgres::backup_server::globals::pgpassfile:
-    owner => 'debbackup',
-    group => 'debbackup',
+    owner => $postgres::backup_server::globals::backup_unix_user,
+    group => $postgres::backup_server::globals::backup_unix_group,
      mode  => '0400'
    }
-  concat::fragment{ 'pgpass-local':
-    target => $postgres::backup_server::globals::pgpassfile,
-    source => '/home/debbackup/.pgpass-local',
-    order  => '00'
-  }
    Concat::Fragment <<| tag == $postgres::backup_server::globals::tag_source_pgpassline |>>
  }
diff --git a/modules/postgres/manifests/backup_server/globals.pp b/modules/postgres/manifests/backup_server/globals.pp

index bdac822..327ed6e 100644 (file)
--- a/modules/postgres/manifests/backup_server/globals.pp
+++ b/modules/postgres/manifests/backup_server/globals.pp
@@ -1,9 +1,13 @@
  # Global definitions for the postgres::backup_server setup
  #
+# @param backup_unix_user      unix user on the backup host
+# @param backup_unix_group     group of unix user on the backup host
  # @param pgpassfile            pg password file for pg_basebackup runs
  # @param base_backup_clusters  where to store the list of clusters to make base backups of
  class postgres::backup_server::globals(
-  String $pgpassfile = '/home/debbackup/.pgpass',
+  String $backup_unix_user,
+  String $backup_unix_group = $backup_unix_user,
+  String $pgpassfile = "/home/${backup_unix_user}/.pgpass",
    String $sshkeys_sources = '/etc/dsa/postgresql-backup/sshkeys-sources',
    String $base_backup_clusters = '/etc/dsa/postgresql-backup/base-backup-clusters',
  ) {
diff --git a/modules/postgres/templates/backup_server/postgres-make-base-backups.erb b/modules/postgres/templates/backup_server/postgres-make-base-backups.erb

index fc56411..2141833 100755 (executable)
--- a/modules/postgres/templates/backup_server/postgres-make-base-backups.erb
+++ b/modules/postgres/templates/backup_server/postgres-make-base-backups.erb
@@ -42,7 +42,7 @@ STATEDIR=/var/lib/dsa/postgres-make-base-backups
  set -u
  
  if [ "$(id -u)" = 0 ]; then
-    echo >&2 "Do not run me as root.  Probably you want sudo -u debbackup."
+    echo >&2 "Do not run me as root.  Probably you want sudo -u <%= @backup_unix_user %>."
      exit 1
  fi
  
diff --git a/modules/postgres/templates/backup_server/sudoers.erb b/modules/postgres/templates/backup_server/sudoers.erb

index de633ca..3b31cbf 100644 (file)
--- a/modules/postgres/templates/backup_server/sudoers.erb
+++ b/modules/postgres/templates/backup_server/sudoers.erb
@@ -1,3 +1,3 @@
  # edit with visudo!
  
-nagios         ALL=(debbackup)         NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg ""
+nagios         ALL=(<%= @backup_unix_user %>)          NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg ""
diff --git a/modules/roles/TODO b/modules/roles/TODO

index 282bf29..fd128d8 100644 (file)
--- a/modules/roles/TODO
+++ b/modules/roles/TODO
@@ -7,3 +7,6 @@
    using exim::vdomain
  
  - move the postgres::backup_server stuff out of the salsa/database manifest
+
+- postgres/templates/backup_source/pg-backup-file.conf.erb:
+  get username from params, hosts from rolehosts
author	Peter Palfrader <peter@palfrader.org>
	Sat, 28 Sep 2019 18:58:10 +0000 (20:58 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Sat, 28 Sep 2019 18:58:10 +0000 (20:58 +0200)
data/common.yaml		patch \| blob \| history
modules/postgres/manifests/backup_server.pp		patch \| blob \| history
modules/postgres/manifests/backup_server/globals.pp		patch \| blob \| history
modules/postgres/templates/backup_server/postgres-make-base-backups.erb		patch \| blob \| history
modules/postgres/templates/backup_server/sudoers.erb		patch \| blob \| history
modules/roles/TODO		patch \| blob \| history