]>
Commit | Line | Data |
---|---|---|
c53ac3f8 | 1 | define profile::postgresql::ssl ( |
d2f031ec IB |
2 | Optional[String] $cert = undef, |
3 | Optional[String] $key = undef, | |
4 | Optional[String] $certname = undef, | |
5 | Optional[Boolean] $copy_keys = true, | |
6 | Optional[Boolean] $handle_config_entry = false, | |
7 | Optional[Boolean] $handle_concat_config = false, | |
8 | Optional[String] $pg_user = "postgres", | |
9 | Optional[String] $pg_group = "postgres", | |
c53ac3f8 | 10 | ) { |
d2f031ec | 11 | $datadir = $title |
c53ac3f8 IB |
12 | |
13 | file { "$datadir/certs": | |
14 | ensure => directory, | |
15 | mode => "0700", | |
16 | owner => $pg_user, | |
17 | group => $pg_group, | |
d2f031ec | 18 | require => File[$datadir], |
c53ac3f8 IB |
19 | } |
20 | ||
21 | if empty($cert) or empty($key) { | |
22 | if empty($certname) { | |
23 | fail("A certificate name is necessary to generate ssl certificate") | |
24 | } | |
25 | ||
26 | ssl::self_signed_certificate { $certname: | |
27 | common_name => $certname, | |
28 | country => "FR", | |
29 | days => "3650", | |
30 | organization => "Immae", | |
31 | owner => $pg_user, | |
32 | group => $pg_group, | |
33 | directory => "$datadir/certs", | |
34 | } | |
35 | ||
d2f031ec IB |
36 | $ssl_key = "$datadir/certs/$certname.key" |
37 | $ssl_cert = "$datadir/certs/$certname.crt" | |
c53ac3f8 IB |
38 | } elsif $copy_keys { |
39 | $ssl_key = "$datadir/certs/privkey.pem" | |
40 | $ssl_cert = "$datadir/certs/cert.pem" | |
41 | ||
42 | file { $ssl_cert: | |
43 | source => "file://$cert", | |
44 | mode => "0600", | |
45 | links => "follow", | |
46 | owner => $pg_user, | |
47 | group => $pg_group, | |
48 | require => File["$datadir/certs"], | |
49 | } | |
50 | file { $ssl_key: | |
51 | source => "file://$key", | |
52 | mode => "0600", | |
53 | links => "follow", | |
54 | owner => $pg_user, | |
55 | group => $pg_group, | |
56 | require => File["$datadir/certs"], | |
57 | } | |
58 | } else { | |
59 | $ssl_key = $key | |
60 | $ssl_cert = $cert | |
61 | } | |
62 | ||
d2f031ec IB |
63 | if $handle_config_entry { |
64 | postgresql::server::config_entry { "ssl": | |
65 | value => "on", | |
66 | } | |
c53ac3f8 | 67 | |
d2f031ec IB |
68 | postgresql::server::config_entry { "ssl_cert_file": |
69 | value => $ssl_cert, | |
70 | } | |
c53ac3f8 | 71 | |
d2f031ec IB |
72 | postgresql::server::config_entry { "ssl_key_file": |
73 | value => $ssl_key, | |
74 | } | |
75 | } elsif $handle_concat_config { | |
76 | concat::fragment { "$datadir/postgresql.conf ssl config": | |
77 | target => "$datadir/postgresql.conf", | |
78 | content => "ssl = on\nssl_key_file = '$ssl_key'\nssl_cert_file = '$ssl_cert'\n" | |
79 | } | |
c53ac3f8 IB |
80 | } |
81 | } |