ensure => present
}
}
+ }
- $ldap_server = lookup("base_installation::ldap_server")
- $ldap_base = lookup("base_installation::ldap_base")
- $ldap_dn = lookup("base_installation::ldap_dn")
- $ldap_password = generate_password(24, $password_seed, "ldap")
- $ldap_attribute = "cn"
+ $ldap_server = lookup("base_installation::ldap_server")
+ $ldap_base = lookup("base_installation::ldap_base")
+ $ldap_dn = lookup("base_installation::ldap_dn")
+ $ldap_password = generate_password(24, $password_seed, "ldap")
+ $ldap_attribute = "cn"
- file { "/etc/pam_ldap.d":
- ensure => directory,
- mode => "0755",
- owner => "root",
- group => "root",
- } ->
- file { "/etc/pam_ldap.d/postgresql.conf":
- ensure => "present",
- mode => "0600",
- owner => $::profile::postgresql::pg_user,
- group => "root",
- content => template("profile/postgresql_master/pam_ldap_postgresql.conf.erb"),
- } ->
- file { "/etc/pam.d/postgresql":
- ensure => "present",
- mode => "0644",
- owner => "root",
- group => "root",
- source => "puppet:///modules/profile/postgresql_master/pam_postgresql"
- }
+ file { "/etc/pam_ldap.d":
+ ensure => directory,
+ mode => "0755",
+ owner => "root",
+ group => "root",
+ } ->
+ file { "/etc/pam_ldap.d/postgresql.conf":
+ ensure => "present",
+ mode => "0600",
+ owner => $::profile::postgresql::pg_user,
+ group => "root",
+ content => template("profile/postgresql_master/pam_ldap_postgresql.conf.erb"),
+ } ->
+ file { "/etc/pam.d/postgresql":
+ ensure => "present",
+ mode => "0644",
+ owner => "root",
+ group => "root",
+ source => "puppet:///modules/profile/postgresql_master/pam_postgresql"
}
}
$ldap_server = lookup("base_installation::ldap_server")
$ldap_base = lookup("base_installation::ldap_base")
$ldap_dn = lookup("base_installation::ldap_dn")
- $ldap_attribute = "uid"
+ $pgbouncer_ldap_attribute = "uid"
$pg_slot = regsubst($ldap_cn, '-', "_", "G")
],
}
- file { "/etc/pam_ldap.d":
- ensure => directory,
- mode => "0755",
- owner => "root",
- group => "root",
- } ->
file { "/etc/pam_ldap.d/pgbouncer.conf":
ensure => "present",
mode => "0600",
owner => $pg_user,
group => "root",
content => template("role/backup/pam_ldap_pgbouncer.conf.erb"),
+ require => File["/etc/pam_ldap.d"],
} ->
file { "/etc/pam.d/pgbouncer":
ensure => "present",
}
}
+ $ldap_attribute = "cn"
+
+ file { "/etc/pam_ldap.d":
+ ensure => directory,
+ mode => "0755",
+ owner => "root",
+ group => "root",
+ } ->
+ file { "/etc/pam_ldap.d/postgresql.conf":
+ ensure => "present",
+ mode => "0600",
+ owner => $pg_user,
+ group => "root",
+ content => template("profile/postgresql_master/pam_ldap_postgresql.conf.erb"),
+ } ->
+ file { "/etc/pam.d/postgresql":
+ ensure => "present",
+ mode => "0644",
+ owner => "root",
+ group => "root",
+ source => "puppet:///modules/profile/postgresql_master/pam_postgresql"
+ }
+
$pg_backup_hosts.each |$backup_host_cn, $pg_infos| {
$host = find_host($facts["ldapvar"]["other"], $backup_host_cn)
if empty($host) {
$pg_host = "$pg_backup_host"
$pg_port = $pg_infos["dbport"]
+ unless empty($host) {
+ $host["ipHostNumber"].each |$ip| {
+ $infos = split($ip, "/")
+ $ipaddress = $infos[0]
+ if (length($infos) == 1 and $ipaddress =~ /:/) {
+ $mask = "128"
+ } elsif (length($infos) == 1) {
+ $mask = "32"
+ } else {
+ $mask = $infos[1]
+ }
+
+ postgresql::server::pg_hba_rule { "allow TCP access for initial replication from $ipaddress/$mask":
+ type => 'hostssl',
+ database => 'replication',
+ user => $backup_host_cn,
+ address => "$ipaddress/$mask",
+ auth_method => 'pam',
+ order => "06-01",
+ target => "$pg_path/pg_hba.conf",
+ postgresql_version => "10",
+ }
+ }
+ }
+
if !empty($ldap_filter) and ($pg_infos["pgbouncer"]) {
concat::fragment { "pgbouncer_$pg_backup_host":
target => "/etc/pgbouncer/pgbouncer.ini",
Concat["$pg_path/pg_hba.conf"],
Concat["$pg_path/recovery.conf"],
File["$pg_path/postgresql.conf"],
+ ],
+ subscribe => [
+ Concat["$pg_path/pg_hba.conf"],
+ Concat["$pg_path/recovery.conf"],
+ File["$pg_path/postgresql.conf"],
]
}
}
projects / perso / Immae / Projets / Puppet.git / commitdiff
