X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprofile%2Fmanifests%2Fpostgresql%2Fssl.pp;fp=modules%2Fprofile%2Fmanifests%2Fpostgresql%2Fssl.pp;h=dc56c0bd61e77cfba9f4c7d294988167d9472bce;hb=d2f031ece106ed2dc37283b194edfa94718a6306;hp=e4da8af4fce1935fd5917538d763a16c407a9882;hpb=c53ac3f84852a42aa8b7341ee7fe0a629d2e3579;p=perso%2FImmae%2FProjets%2FPuppet.git

diff --git a/modules/profile/manifests/postgresql/ssl.pp b/modules/profile/manifests/postgresql/ssl.pp
index e4da8af..dc56c0b 100644
--- a/modules/profile/manifests/postgresql/ssl.pp
+++ b/modules/profile/manifests/postgresql/ssl.pp
@@ -1,20 +1,21 @@
 define profile::postgresql::ssl (
-  Optional[String] $cert       = undef,
-  Optional[String] $key        = undef,
-  Optional[String] $certname   = undef,
-  Optional[Boolean] $copy_keys = true,
-  Optional[String] $pg_user    = $profile::postgresql::pg_user,
-  Optional[String] $pg_group   = $profile::postgresql::pg_user
+  Optional[String]  $cert                 = undef,
+  Optional[String]  $key                  = undef,
+  Optional[String]  $certname             = undef,
+  Optional[Boolean] $copy_keys            = true,
+  Optional[Boolean] $handle_config_entry  = false,
+  Optional[Boolean] $handle_concat_config = false,
+  Optional[String]  $pg_user              = "postgres",
+  Optional[String]  $pg_group             = "postgres",
 ) {
-  $pg_dir  = $title
-  $datadir = "$pg_dir/data"
+  $datadir = $title
 
   file { "$datadir/certs":
     ensure  => directory,
     mode    => "0700",
     owner   => $pg_user,
     group   => $pg_group,
-    require => File[$pg_dir],
+    require => File[$datadir],
   }
 
   if empty($cert) or empty($key) {
@@ -32,8 +33,8 @@ define profile::postgresql::ssl (
       directory    => "$datadir/certs",
     }
 
-    $ssl_key  = "$datadir/certs/$backup_host_cn.key"
-    $ssl_cert = "$datadir/certs/$backup_host_cn.crt"
+    $ssl_key  = "$datadir/certs/$certname.key"
+    $ssl_cert = "$datadir/certs/$certname.crt"
   } elsif $copy_keys {
     $ssl_key  = "$datadir/certs/privkey.pem"
     $ssl_cert = "$datadir/certs/cert.pem"
@@ -59,15 +60,23 @@ define profile::postgresql::ssl (
     $ssl_cert = $cert
   }
 
-  postgresql::server::config_entry { "ssl":
-    value => "on",
-  }
+  if $handle_config_entry {
+    postgresql::server::config_entry { "ssl":
+      value => "on",
+    }
 
-  postgresql::server::config_entry { "ssl_cert_file":
-    value => $ssl_cert,
-  }
+    postgresql::server::config_entry { "ssl_cert_file":
+      value => $ssl_cert,
+    }
 
-  postgresql::server::config_entry { "ssl_key_file":
-    value => $ssl_key,
+    postgresql::server::config_entry { "ssl_key_file":
+      value => $ssl_key,
+    }
+  } elsif $handle_concat_config {
+    concat::fragment { "$datadir/postgresql.conf ssl config":
+      target  => "$datadir/postgresql.conf",
+      content => "ssl = on\nssl_key_file = '$ssl_key'\nssl_cert_file = '$ssl_cert'\n"
+    }
   }
+
 }