X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprofile%2Fmanifests%2Fpostgresql.pp;h=fedbcb1ef7574f5675690a3b83bf25d01177873d;hb=78df3a44178b9f807531e11c3f95329a8194a76b;hp=1024c6657c62ee3f71b1ed1b191efa5bf9fc4574;hpb=b859262351650df3368d4f3fa49a487a7d9b35b7;p=perso%2FImmae%2FProjets%2FPuppet.git

diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp
index 1024c66..fedbcb1 100644
--- a/modules/profile/manifests/postgresql.pp
+++ b/modules/profile/manifests/postgresql.pp
@@ -1,5 +1,8 @@
-class profile::postgresql {
-  $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} }
+class profile::postgresql (
+  Optional[String] $pg_user  = "postgres",
+  Optional[String] $pg_group = "postgres",
+) {
+  $password_seed = lookup("base_installation::puppet_pass_seed")
 
   class { '::postgresql::globals':
     encoding             => 'UTF-8',
@@ -7,16 +10,13 @@ class profile::postgresql {
     pg_hba_conf_defaults => false,
   }
 
-  # FIXME: get it from the postgresql module?
-  $pg_user = "postgres"
-
   class { '::postgresql::client': }
 
   # FIXME: postgresql module is buggy and doesn't create dir?
   file { "/var/lib/postgres":
     ensure  => directory,
     owner   => $pg_user,
-    group   => $pg_user,
+    group   => $pg_group,
     before  => File["/var/lib/postgres/data"],
     require => Package["postgresql-server"],
   }
@@ -26,59 +26,15 @@ class profile::postgresql {
     listen_addresses  => "*",
   }
 
-  postgresql::server::pg_hba_rule { 'local access as postgres user':
-    description => 'Allow local access to postgres user',
-    type        => 'local',
-    database    => 'all',
-    user        => $pg_user,
-    auth_method => 'ident',
-    order       => "a1",
-  }
-  postgresql::server::pg_hba_rule { 'localhost access as postgres user':
-    description => 'Allow localhost access to postgres user',
-    type        => 'host',
-    database    => 'all',
-    user        => $pg_user,
-    address     => "127.0.0.1/32",
-    auth_method => 'md5',
-    order       => "a2",
-  }
-  postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user':
-    description => 'Allow localhost access to postgres user',
-    type        => 'host',
-    database    => 'all',
-    user        => $pg_user,
-    address     => "::1/128",
-    auth_method => 'md5',
-    order       => "a3",
-  }
-  postgresql::server::pg_hba_rule { 'deny access to postgresql user':
-    description => 'Deny remote access to postgres user',
-    type        => 'host',
-    database    => 'all',
-    user        => $pg_user,
-    address     => "0.0.0.0/0",
-    auth_method => 'reject',
-    order       => "a4",
-  }
-
-  postgresql::server::pg_hba_rule { 'local access':
-    description => 'Allow local access with password',
-    type        => 'local',
-    database    => 'all',
-    user        => 'all',
-    auth_method => 'md5',
-    order       => "b1",
-  }
+  profile::postgresql::base_pg_hba_rules { "default": }
 
-  postgresql::server::pg_hba_rule { 'local access with same name':
-    description => 'Allow local access with same name',
-    type        => 'local',
-    database    => 'all',
-    user        => 'all',
-    auth_method => 'ident',
-    order       => "b2",
+  @profile::monitoring::local_service { "Databases are present in postgresql":
+    sudos => {
+      "naemon-postgresql-database-public" => "naemon ALL=(postgres) NOPASSWD: /usr/bin/psql -c select\\ nspname\\ from\\ pg_catalog.pg_namespace"
+    },
+    local => {
+      check_command => "check_command_output!psql -c 'select nspname from pg_catalog.pg_namespace'!public!-r postgres",
+    }
   }
-
 }