puppet: Automatically back up the database if we have the secrets.

This avoids folks having to manually add to the puppet_classes.

docs/production/export-and-import.md

@@ -154,29 +154,30 @@ emails to send).  You can check whether these queues are empty using
 #### Backup details
 
 This section is primarily for users managing backups themselves
-(E.g. if they're using a remote Postgres database with an existing
+(E.g. if they're using a remote PostgreSQL database with an existing
 backup strategy), and also serves as documentation for what is
 included in the backups generated by Zulip's standard tools.  The
 data includes:
 
-* The Postgres database.  You can back it up like any Postgres
-database. We have some example tooling for doing that incrementally
-into S3 using [wal-g](https://github.com/wal-g/wal-g) in
-`puppet/zulip/manifests/postgresql_backups.pp`.
-In short, this requires:
-  - Zulip 1.4 or newer release.
-  - An Amazon S3 bucket for storing the backups.
-  - `/etc/zulip/zulip-secrets.conf` on the Postgres server like this:
+* The PostgreSQL database.  You can back this up with any standard
+database export or backup tool.  Zulip has built-in support for taking
+daily incremental backups using
+[wal-g](https://github.com/wal-g/wal-g); these backups are stored for
+30 days in S3.  If you have an Amazon S3 bucket you wish to store for
+storing the backups, edit `/etc/zulip/zulip-secrets.conf` on the
+PostgreSQL server to add:
+
     ```
-    [secrets]
     s3_backups_key = # aws public key
     s3_backups_secret_key =  # aws secret key
     s3_backups_bucket = # name of S3 backup
     ```
-  - A cron job to run `/usr/local/bin/pg_backup_and_purge.py`. There's puppet
-  config for this in `puppet/zulip/manifests/postgresql_backups.pp`.
-  - Verification that backups are running via
-  `/usr/lib/nagios/plugins/zulip_postgres_backups/check_postgres_backup`.
+
+    After adding the secrets, run
+    `/home/zulip/deployments/current/scripts/zulip-puppet-apply`.  You
+    can (and should) monitor that backups are running regularly via
+    the Nagios plugin installed into
+    `/usr/lib/nagios/plugins/zulip_postgres_backups/check_postgres_backup`.
 
 * Any user-uploaded files.  If you're using S3 as storage for file
 uploads, this is backed up in S3. But if you have instead set

puppet/zulip/manifests/postgresql_base.pp

@@ -98,4 +98,11 @@ class zulip::postgresql_base {
       creates => "${pgroonga_setup_sql_path}.applied",
     }
   }
+
+  $s3_backups_key        = zulipsecret('secrets', 's3_backups_key', '')
+  $s3_backups_secret_key = zulipsecret('secrets', 's3_backups_secret_key', '')
+  $s3_backups_bucket     = zulipsecret('secrets', 's3_backups_bucket', '')
+  if $s3_backups_key != '' and $s3_backups_secret_key != '' and $s3_backups_bucket != '' {
+    include zulip::postgresql_backups
+  }
 }

puppet/zulip_ops/manifests/profile/postgresql.pp

@@ -1,7 +1,6 @@
 class zulip_ops::profile::postgresql {
   include zulip_ops::profile::base
   include zulip::profile::postgresql
-  include zulip::postgresql_backups
 
   $common_packages = ['xfsprogs']
   package { $common_packages: ensure => 'installed' }