From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 29 Sep 2019 19:15:05 +0000 (+0200)
Subject: manage pg_hba on sallinen
X-Git-Url: https://wiki.adam-barratt.org.uk/gitweb/?a=commitdiff_plain;h=a3f1849cf44a04b30bedc8952a8e6d160b513467;p=mirror%2Fdsa-puppet.git

manage pg_hba on sallinen
---

diff --git a/data/nodes/sallinen.debian.org.yaml b/data/nodes/sallinen.debian.org.yaml
index 6a8f996bd..19343bb09 100644
--- a/data/nodes/sallinen.debian.org.yaml
+++ b/data/nodes/sallinen.debian.org.yaml
@@ -1,5 +1,9 @@
 ---
 classes:
+  - roles::snapshot_db
   - roles::postgresql::server
   - roles::snapshot_master
   - roles::snapshot_web
+
+roles::postgresql::server::manage_clusters_hba: true
+roles::snapshot_db::db_port: 5473
diff --git a/data/nodes/snapshotdb-manda-01.debian.org.yaml b/data/nodes/snapshotdb-manda-01.debian.org.yaml
index a3bab216b..c43e8fdd4 100644
--- a/data/nodes/snapshotdb-manda-01.debian.org.yaml
+++ b/data/nodes/snapshotdb-manda-01.debian.org.yaml
@@ -6,3 +6,5 @@ postgres::backup_server::register_backup_clienthost::allow_read_hosts: ['salline
 roles::postgresql::server::manage_clusters_hba: true
 roles::snapshot_db::db_port: 5442
 roles::snapshot_db::guest_addresses: ['185.17.185.176/28', '2001:1af8:4020:b030::/64'] # leaseweb
+roles::snapshot_db::upstream_db_server: sallinen.debian.org
+roles::snapshot_db::upstream_db_port: 5473
diff --git a/modules/roles/manifests/snapshot_db.pp b/modules/roles/manifests/snapshot_db.pp
index a14df0203..9e6f9f4a4 100644
--- a/modules/roles/manifests/snapshot_db.pp
+++ b/modules/roles/manifests/snapshot_db.pp
@@ -1,10 +1,16 @@
-# db server providing (secondary) snapshot databases
+# db server providing snapshot databases
 #
 # @param db_port          port of the snapshot cluster
 # @param guest_addresses  addresses to allow for the guest account
+# @param upstream_db_server  if this node is a replica, name of the upstream db server
+# @param upstream_db_port    if this node is a replica, port of the upstream db server
+# @param upstream_db_role    if this node is a replica, replication role on the upstream db server
 class roles::snapshot_db (
   Integer $db_port,
   Array[Stdlib::IP::Address] $guest_addresses = ['127.0.0.1', '::1'],
+  Optional[String] $upstream_db_server = undef,
+  Optional[Integer] $upstream_db_port = undef,
+  String $upstream_db_role = "repuser-${::hostname}",
 ) {
   $now = Timestamp()
   $date = $now.strftime('%F')
@@ -40,7 +46,19 @@ class roles::snapshot_db (
     user     => 'guest',
     address  => $guest_addresses,
     method   => 'trust',
+    order    => '30',
   }
 
-
+  if $upstream_db_server {
+    if !$upstream_db_port {
+      fail ('Also need a port if we have a upstream_db_server')
+    }
+    @@postgres::cluster::hba_entry { "snapshot-replica-to-${::fqdn}":
+      tag      => "postgres::cluster::${upstream_db_port}::hba::${upstream_db_server}",
+      pg_port  => $upstream_db_port,
+      database => 'replication',
+      user     => $upstream_db_role,
+      address  => $base::public_addresses,
+    }
+  }
 }