]>
Commit | Line | Data |
---|---|---|
1 | define profile::postgresql::ssl ( | |
2 | Optional[String] $cert = undef, | |
3 | Optional[String] $key = undef, | |
4 | Optional[String] $certname = undef, | |
5 | Optional[Boolean] $copy_keys = true, | |
6 | Optional[Boolean] $handle_config_entry = false, | |
7 | Optional[Boolean] $handle_concat_config = false, | |
8 | Optional[String] $pg_user = "postgres", | |
9 | Optional[String] $pg_group = "postgres", | |
10 | ) { | |
11 | $datadir = $title | |
12 | ||
13 | file { "$datadir/certs": | |
14 | ensure => directory, | |
15 | mode => "0700", | |
16 | owner => $pg_user, | |
17 | group => $pg_group, | |
18 | require => File[$datadir], | |
19 | } | |
20 | ||
21 | if empty($cert) or empty($key) { | |
22 | if empty($certname) { | |
23 | fail("A certificate name is necessary to generate ssl certificate") | |
24 | } | |
25 | ||
26 | ssl::self_signed_certificate { $certname: | |
27 | common_name => $certname, | |
28 | country => "FR", | |
29 | days => "3650", | |
30 | organization => "Immae", | |
31 | owner => $pg_user, | |
32 | group => $pg_group, | |
33 | directory => "$datadir/certs", | |
34 | } | |
35 | ||
36 | $ssl_key = "$datadir/certs/$certname.key" | |
37 | $ssl_cert = "$datadir/certs/$certname.crt" | |
38 | } elsif $copy_keys { | |
39 | $ssl_key = "$datadir/certs/privkey.pem" | |
40 | $ssl_cert = "$datadir/certs/cert.pem" | |
41 | ||
42 | file { $ssl_cert: | |
43 | source => "file://$cert", | |
44 | mode => "0600", | |
45 | links => "follow", | |
46 | owner => $pg_user, | |
47 | group => $pg_group, | |
48 | require => File["$datadir/certs"], | |
49 | } | |
50 | file { $ssl_key: | |
51 | source => "file://$key", | |
52 | mode => "0600", | |
53 | links => "follow", | |
54 | owner => $pg_user, | |
55 | group => $pg_group, | |
56 | require => File["$datadir/certs"], | |
57 | } | |
58 | } else { | |
59 | $ssl_key = $key | |
60 | $ssl_cert = $cert | |
61 | } | |
62 | ||
63 | if $handle_config_entry { | |
64 | postgresql::server::config_entry { "ssl": | |
65 | value => "on", | |
66 | } | |
67 | ||
68 | postgresql::server::config_entry { "ssl_cert_file": | |
69 | value => $ssl_cert, | |
70 | } | |
71 | ||
72 | postgresql::server::config_entry { "ssl_key_file": | |
73 | value => $ssl_key, | |
74 | } | |
75 | } elsif $handle_concat_config { | |
76 | concat::fragment { "$datadir/postgresql.conf ssl config": | |
77 | target => "$datadir/postgresql.conf", | |
78 | content => "ssl = on\nssl_key_file = '$ssl_key'\nssl_cert_file = '$ssl_cert'\n" | |
79 | } | |
80 | } | |
81 | } |