Regression: cannot configure multiple servers per host

Question

Regression: cannot configure multiple servers per host

Closed this issue 7 years ago · 3 comments

I believe a1afc14 introduced a regression: before this commit, a single postgresql::server::pg_hba_rule was realized in barman::autoconfigure. Now two of them get realized inside barman::server, which itself can be instantiated multiple times. Since the pg_hba_rules get instantiated with the same titles (based on $::hostname), we hit a "duplicate declaration" error as soon as we have more than one declared for the same host.

Answer 1 · 2017-01-27T15:06:41.000Z

Greetings,

I believe that earlier support for backing up multiple instances on the same machine via autoconfigure, if present, was unintentional.

Despite this, I don't see a reason why this mode of operation should not be supported.

If it used to work for you, could you please attach the relevant parts of your manifests so we can attempt to reproduce it?

Thank you!

Answer 2 · 2017-06-29T10:48:18.000Z

Sorry for the delayed answer. Your message went under the radar.

I imagine this should be a relatively common scenario:

node 'pg1' {
  class { '::barman::postgres':
    barman_dbuser => 'user1',
  }
}

node 'pg2' {
  class { '::barman::postgres':
    barman_dbuser => 'user2',
  }
}

node 'backup' {
  class { '::barman':
    autoconfigure => true,
  }
}

This is how we get to the problem:

each postgres nodes (pg1 and pg2) export a barman::server resource through the barman::postgres class
the backup server realizes resources from both nodes and exports postgresql::server::pg_hba_rule resources for each with a title based solely on its own $hostname (i.e.: all pg_hba_rules will be based on the same value: backup)
both postgres nodes try to realize all postgresql::server::pg_hba_rules, but since the titles are the same (all based on backup's hostname), we get a duplicate resource error.

One naive solution would be to add $name to the titles of the exported postgresql::server::pg_hba_rule resources in barman::server. This would however still have the problem that we might add wrong credentials to the wrong postgres servers. In the example above pg1 doesn't know user2, but will realize the pg_hba entry for it anyway.
This second problem is probably not so common, since I imagine barman credential reuse across servers to be relatively common, but it's still worth considering.
A less-naive solution would probably involve checking how the puppetlabs-postgresql module collects postgresql::server::pg_hba_rules and ensure the right ones get collected on the right servers.

Thoughts?

Answer 3 · 2017-08-23T12:00:33.000Z

PR #48 fixes this the "right" way: only resources exported by the barman::postgres host itself are realized. So there's no resource leakage or overlapping.
Please take a look when you have the time.