-class profile::postgresql {
+class profile::postgresql (
+ Optional[String] $pg_user = "postgres",
+ Optional[String] $pg_group = "postgres",
+) {
$password_seed = lookup("base_installation::puppet_pass_seed")
class { '::postgresql::globals':
pg_hba_conf_defaults => false,
}
- # FIXME: get it from the postgresql module?
- $pg_user = "postgres"
-
class { '::postgresql::client': }
# FIXME: postgresql module is buggy and doesn't create dir?
file { "/var/lib/postgres":
ensure => directory,
owner => $pg_user,
- group => $pg_user,
+ group => $pg_group,
before => File["/var/lib/postgres/data"],
require => Package["postgresql-server"],
}
listen_addresses => "*",
}
- postgresql::server::pg_hba_rule { 'local access as postgres user':
- description => 'Allow local access to postgres user',
- type => 'local',
- database => 'all',
- user => $pg_user,
- auth_method => 'ident',
- order => "00-01",
- }
- postgresql::server::pg_hba_rule { 'localhost access as postgres user':
- description => 'Allow localhost access to postgres user',
- type => 'host',
- database => 'all',
- user => $pg_user,
- address => "127.0.0.1/32",
- auth_method => 'md5',
- order => "00-02",
- }
- postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user':
- description => 'Allow localhost access to postgres user',
- type => 'host',
- database => 'all',
- user => $pg_user,
- address => "::1/128",
- auth_method => 'md5',
- order => "00-03",
- }
- postgresql::server::pg_hba_rule { 'deny access to postgresql user':
- description => 'Deny remote access to postgres user',
- type => 'host',
- database => 'all',
- user => $pg_user,
- address => "0.0.0.0/0",
- auth_method => 'reject',
- order => "00-04",
- }
-
- postgresql::server::pg_hba_rule { 'local access':
- description => 'Allow local access with password',
- type => 'local',
- database => 'all',
- user => 'all',
- auth_method => 'md5',
- order => "10-01",
- }
+ profile::postgresql::base_pg_hba_rules { "default": }
- postgresql::server::pg_hba_rule { 'local access with same name':
- description => 'Allow local access with same name',
- type => 'local',
- database => 'all',
- user => 'all',
- auth_method => 'ident',
- order => "10-02",
+ @profile::monitoring::local_service { "Databases are present in postgresql":
+ sudos => {
+ "naemon-postgresql-database-public" => "naemon ALL=(postgres) NOPASSWD: /usr/bin/psql -c select\\ nspname\\ from\\ pg_catalog.pg_namespace"
+ },
+ local => {
+ check_command => "check_command_output!psql -c 'select nspname from pg_catalog.pg_namespace'!public!-r postgres",
+ }
}
-
}