=== Multiple clusters/compatibility mode ===
-If there is potentially more than one cluster, we cannot use the puppet
-{{{postgresql::server}}} class. We also use this for clusters that were
-initially set up without puppet.
+Since we often have more than one cluster, we cannot use the puppet
+{{{postgresql::server}}} class for most things.
-* Add the server to the postgresql_server role in puppet's
- hieradata/common.yaml. This will cause some scripts to be installed on the
- host, as well as an ssh key to be created for the postgres user.
+* Add the server to the roles::postgresql::server class role in hiera.
+ This will cause some scripts to be installed on the host, as well as an ssh
+ key to be created for the postgres user.
* Add these to {{{/etc/postgresql/9.6/main/postgresql.conf}}} or equivalent
{{{
wal_level = archive
max_wal_senders = 3
archive_timeout = 1h
- archive_command = '/usr/local/bin/pg-backup-file main WAL %p'
+ archive_command = '/usr/local/bin/pg-backup-file mXXXXXX-CLUSTERNAMEHERE-XXXXain WAL %p'
}}}
* Run puppet on the postgresql server,
-==== ssh authkeys ====
-* If you need extra options in the {{{debbackup-ssh-wrap}}} call on the backup server
- (for instance of the host should be allowed to fetch files), manually copy
- {{{~postgres/.ssh/id_rsa.pub}}} to
- {{{puppet:modules/postgres/templates/backup_server/sshkeys-manual.erb}}}.
-* Otherwise, add the host to the postgres::backup_server::register_backup_clienthost line
- in {{{puppet:modules/postgres/manifests/backup_source.pp}}}.
+* If the server is a replication receiver, it needs read access to the sender's WALs
+ on the backup host (to recover from situations where the source might no longer
+ have the WALs.) This can be configured via hiera as well. Example:
+{{{
+[git|master] weasel@orinoco:~/projects/debian/d-a/dsa-puppet$ cat data/nodes/snapshotdb-manda-01.debian.org.yaml
+classes:
+ - roles::snapshot_db
+ - roles::postgresql::server
+
+postgres::backup_server::register_backup_clienthost::allow_read_hosts: ['sallinen']
+}}}
==== base backup config ====
-* Register each cluster in puppet's
- {{{puppet:modules/postgres/manifests/backup_source.pp}}}.
- This takes care of adding the replication user to pgpass on the backup servers,
- and the firewall rule and adds the cluster to {{{make-base-backups}}}.
- (The module can also create the postgres role and modify the hba file, but we
- do not do this when we don't configure the entire cluster via puppet.)
-* Historically, we also have clusters hardcoded in
- {{{puppet:modules/postgres/templates/backup_server/postgres-make-base-backups.erb}}}.
-* Run puppet on the backup hosts (storace and backuphost as of 2018).
+* Run puppet on the backup hosts (storace and backuphost as of 2019).
* On the db server, create a role. Find the password to use on the backup host in {{{~debbackup/.pgpass}}}:\\
{{{sudo -u postgres createuser -D -E -P -R -S debian-backup}}}
projects / mirror / dsa-wiki.git / blobdiff