1 define profile::postgresql::ssl (
2 Optional[String] $cert = undef,
3 Optional[String] $key = undef,
4 Optional[String] $certname = undef,
5 Optional[Boolean] $copy_keys = true,
6 Optional[Boolean] $handle_config_entry = false,
7 Optional[Boolean] $handle_concat_config = false,
8 Optional[String] $pg_user = "postgres",
9 Optional[String] $pg_group = "postgres",
13 file { "$datadir/certs":
18 require => File[$datadir],
21 if empty($cert) or empty($key) {
23 fail("A certificate name is necessary to generate ssl certificate")
26 ssl::self_signed_certificate { $certname:
27 common_name => $certname,
30 organization => "Immae",
33 directory => "$datadir/certs",
36 $ssl_key = "$datadir/certs/$certname.key"
37 $ssl_cert = "$datadir/certs/$certname.crt"
39 $ssl_key = "$datadir/certs/privkey.pem"
40 $ssl_cert = "$datadir/certs/cert.pem"
43 source => "file://$cert",
48 require => File["$datadir/certs"],
51 source => "file://$key",
56 require => File["$datadir/certs"],
63 if $handle_config_entry {
64 postgresql::server::config_entry { "ssl":
68 postgresql::server::config_entry { "ssl_cert_file":
72 postgresql::server::config_entry { "ssl_key_file":
75 } elsif $handle_concat_config {
76 concat::fragment { "$datadir/postgresql.conf ssl config":
77 target => "$datadir/postgresql.conf",
78 content => "ssl = on\nssl_key_file = '$ssl_key'\nssl_cert_file = '$ssl_cert'\n"