]>
Commit | Line | Data |
---|---|---|
57ae81ea IB |
1 | class profile::postgresql { |
2 | $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } | |
3 | ||
4 | class { '::postgresql::globals': | |
5 | encoding => 'UTF-8', | |
6 | locale => 'en_US.UTF-8', | |
7 | pg_hba_conf_defaults => false, | |
8 | } | |
9 | ||
10 | # FIXME: get it from the postgresql module? | |
11 | $pg_user = "postgres" | |
12 | ||
13 | class { '::postgresql::client': } | |
14 | ||
15 | # FIXME: postgresql module is buggy and doesn't create dir? | |
16 | file { "/var/lib/postgres": | |
17 | ensure => directory, | |
18 | owner => $pg_user, | |
19 | group => $pg_user, | |
20 | before => File["/var/lib/postgres/data"], | |
21 | require => Package["postgresql-server"], | |
22 | } | |
23 | ||
24 | class { '::postgresql::server': | |
b3015828 IB |
25 | postgres_password => generate_password(24, $password_seed, "postgres"), |
26 | listen_addresses => "*", | |
57ae81ea IB |
27 | } |
28 | ||
29 | postgresql::server::pg_hba_rule { 'local access as postgres user': | |
30 | description => 'Allow local access to postgres user', | |
31 | type => 'local', | |
32 | database => 'all', | |
33 | user => $pg_user, | |
34 | auth_method => 'ident', | |
35 | order => "a1", | |
36 | } | |
159db2fd IB |
37 | postgresql::server::pg_hba_rule { 'localhost access as postgres user': |
38 | description => 'Allow localhost access to postgres user', | |
39 | type => 'host', | |
40 | database => 'all', | |
41 | user => $pg_user, | |
42 | address => "127.0.0.1/32", | |
43 | auth_method => 'md5', | |
44 | order => "a2", | |
45 | } | |
46 | postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user': | |
47 | description => 'Allow localhost access to postgres user', | |
48 | type => 'host', | |
49 | database => 'all', | |
50 | user => $pg_user, | |
51 | address => "::1/128", | |
52 | auth_method => 'md5', | |
53 | order => "a3", | |
54 | } | |
57ae81ea IB |
55 | postgresql::server::pg_hba_rule { 'deny access to postgresql user': |
56 | description => 'Deny remote access to postgres user', | |
57 | type => 'host', | |
58 | database => 'all', | |
59 | user => $pg_user, | |
60 | address => "0.0.0.0/0", | |
61 | auth_method => 'reject', | |
159db2fd | 62 | order => "a4", |
57ae81ea IB |
63 | } |
64 | ||
65 | postgresql::server::pg_hba_rule { 'local access': | |
66 | description => 'Allow local access with password', | |
67 | type => 'local', | |
68 | database => 'all', | |
69 | user => 'all', | |
70 | auth_method => 'md5', | |
71 | order => "b1", | |
72 | } | |
73 | ||
74 | postgresql::server::pg_hba_rule { 'local access with same name': | |
75 | description => 'Allow local access with same name', | |
76 | type => 'local', | |
77 | database => 'all', | |
78 | user => 'all', | |
79 | auth_method => 'ident', | |
80 | order => "b2", | |
81 | } | |
82 | ||
83 | } | |
84 |