# limitations under the License.
#
-include_recipe "nominatim::base"
+slaves = search(:node, "roles:nominatim-slave") # ~FC010
-passwords = data_bag_item("nominatim", "passwords")
-database_cluster = node[:nominatim][:database][:cluster]
-home_directory = data_bag_item("accounts", "nominatim")["home"]
+node.default[:postgresql][:settings][:defaults][:late_authentication_rules] = []
+node.default[:rsyncd][:modules] = { :archive => { :hosts_allow => [] } }
-superusers = %w(tomh lonvia twain nominatim)
-
-superusers.each do |user|
- postgresql_user user do
- cluster database_cluster
- superuser true
- end
-end
-
-postgresql_user "www-data" do
- cluster database_cluster
-end
-
-postgresql_user "replication" do
- cluster database_cluster
- password passwords["replication"]
- replication true
-end
-
-git "#{home_directory}/nominatim" do
- action :checkout
- repository node[:nominatim][:repository]
- enable_submodules true
- user "nominatim"
- group "nominatim"
- notifies :run, "execute[compile_nominatim]"
+slaves.each do |slave|
+ # set up DB access for each slave
+ node.default[:postgresql][:settings][:defaults][:late_authentication_rules].push(
+ :database => "replication",
+ :user => "replication",
+ :address => "#{slave[:networking][:internal_ipv4][:address]}/32"
+ )
+ # allow slaves access to the WAL logs
+ node.default[:rsyncd][:modules][:archive][:hosts_allow].push(
+ slave[:networking][:internal_ipv4][:address]
+ )
end