From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 28 Sep 2019 19:07:28 +0000 (+0200)
Subject: Try to modernize pg wal shipping ssh setup
X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fdsa-puppet.git;a=commitdiff_plain;h=b3d748149a3204479e9cb6787a7caf668488d8f8

Try to modernize pg wal shipping ssh setup
---

diff --git a/modules/postgres/manifests/backup_server.pp b/modules/postgres/manifests/backup_server.pp
index 97fabc2b6..6d9b79289 100644
--- a/modules/postgres/manifests/backup_server.pp
+++ b/modules/postgres/manifests/backup_server.pp
@@ -1,4 +1,4 @@
-
+# postgres backup server
 class postgres::backup_server {
   include postgres::backup_server::globals
 
@@ -75,6 +75,10 @@ class postgres::backup_server {
     command     => '/usr/local/bin/postgres-make-backup-sshauthkeys',
     refreshonly => true,
   }
+  ssh::authorized_key_collect { 'postgres::backup_server':
+    target_user => $postgres::backup_server::globals::backup_unix_user,
+    collect_tag => $postgres::backup_server::globals::tag_source_sshkey,
+  }
 
   ####
   # Maintain /etc/nagios/dsa-check-backuppg.conf
diff --git a/modules/postgres/manifests/backup_server/register_backup_clienthost.pp b/modules/postgres/manifests/backup_server/register_backup_clienthost.pp
index 12391a51e..b27b7ed61 100644
--- a/modules/postgres/manifests/backup_server/register_backup_clienthost.pp
+++ b/modules/postgres/manifests/backup_server/register_backup_clienthost.pp
@@ -6,6 +6,16 @@ define postgres::backup_server::register_backup_clienthost (
 ) {
   include postgres::backup_server::globals
 
+  $ssh_command = "/usr/local/bin/debbackup-ssh-wrap ${::hostname}"
+
+  ssh::authorized_key_add { 'register_backup_clienthost':
+    target_user => $postgres::backup_server::globals::backup_unix_user,
+    key         => dig($facts, 'ssh_keys_users', 'postgres', 'id_rsa.pub', 'line'),
+    command     => $ssh_command,
+    from        => $base::public_addresses,
+    collect_tag => $postgres::backup_server::globals::tag_source_sshkey,
+  }
+
   if $sshpubkey {
     $addr = assert_type(String[1], $ipaddrlist)
     @@concat::fragment { "postgresql::server::backup-source-clienthost::$name::$fqdn":