class profile::postgresql {
- $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} }
+ $password_seed = lookup("base_installation::puppet_pass_seed")
class { '::postgresql::globals':
encoding => 'UTF-8',
}
class { '::postgresql::server':
- postgres_password => generate_password(24, $password_seed, "postgres")
+ postgres_password => generate_password(24, $password_seed, "postgres"),
+ listen_addresses => "*",
}
postgresql::server::pg_hba_rule { 'local access as postgres user':
database => 'all',
user => $pg_user,
auth_method => 'ident',
- order => "a1",
+ order => "00-01",
+ }
+ postgresql::server::pg_hba_rule { 'localhost access as postgres user':
+ description => 'Allow localhost access to postgres user',
+ type => 'host',
+ database => 'all',
+ user => $pg_user,
+ address => "127.0.0.1/32",
+ auth_method => 'md5',
+ order => "00-02",
+ }
+ postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user':
+ description => 'Allow localhost access to postgres user',
+ type => 'host',
+ database => 'all',
+ user => $pg_user,
+ address => "::1/128",
+ auth_method => 'md5',
+ order => "00-03",
}
postgresql::server::pg_hba_rule { 'deny access to postgresql user':
description => 'Deny remote access to postgres user',
user => $pg_user,
address => "0.0.0.0/0",
auth_method => 'reject',
- order => "a2",
+ order => "00-04",
}
postgresql::server::pg_hba_rule { 'local access':
database => 'all',
user => 'all',
auth_method => 'md5',
- order => "b1",
+ order => "10-01",
}
postgresql::server::pg_hba_rule { 'local access with same name':
database => 'all',
user => 'all',
auth_method => 'ident',
- order => "b2",
+ order => "10-02",
}
}