[perso/Immae/Projets/Puppet.git] / modules / profile / manifests / postgresql.pp

class profile::postgresql {
  $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} }

  class { '::postgresql::globals':
    encoding             => 'UTF-8',
    locale               => 'en_US.UTF-8',
    pg_hba_conf_defaults => false,
  }

  # FIXME: get it from the postgresql module?
  $pg_user = "postgres"

  class { '::postgresql::client': }

  # FIXME: postgresql module is buggy and doesn't create dir?
  file { "/var/lib/postgres":
    ensure  => directory,
    owner   => $pg_user,
    group   => $pg_user,
    before  => File["/var/lib/postgres/data"],
    require => Package["postgresql-server"],
  }

  class { '::postgresql::server':
    postgres_password => generate_password(24, $password_seed, "postgres"),
    listen_addresses  => "*",
  }

  postgresql::server::pg_hba_rule { 'local access as postgres user':
    description => 'Allow local access to postgres user',
    type        => 'local',
    database    => 'all',
    user        => $pg_user,
    auth_method => 'ident',
    order       => "a1",
  }
  postgresql::server::pg_hba_rule { 'localhost access as postgres user':
    description => 'Allow localhost access to postgres user',
    type        => 'host',
    database    => 'all',
    user        => $pg_user,
    address     => "127.0.0.1/32",
    auth_method => 'md5',
    order       => "a2",
  }
  postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user':
    description => 'Allow localhost access to postgres user',
    type        => 'host',
    database    => 'all',
    user        => $pg_user,
    address     => "::1/128",
    auth_method => 'md5',
    order       => "a3",
  }
  postgresql::server::pg_hba_rule { 'deny access to postgresql user':
    description => 'Deny remote access to postgres user',
    type        => 'host',
    database    => 'all',
    user        => $pg_user,
    address     => "0.0.0.0/0",
    auth_method => 'reject',
    order       => "a4",
  }

  postgresql::server::pg_hba_rule { 'local access':
    description => 'Allow local access with password',
    type        => 'local',
    database    => 'all',
    user        => 'all',
    auth_method => 'md5',
    order       => "b1",
  }

  postgresql::server::pg_hba_rule { 'local access with same name':
    description => 'Allow local access with same name',
    type        => 'local',
    database    => 'all',
    user        => 'all',
    auth_method => 'ident',
    order       => "b2",
  }

}
Commit	Line	Data
57ae81ea IB	1	class profile::postgresql {
	2	$password_seed = lookup("base_installation::puppet_pass_seed") \|$key\| { {} }
	3
	4	class { '::postgresql::globals':
	5	encoding => 'UTF-8',
	6	locale => 'en_US.UTF-8',
	7	pg_hba_conf_defaults => false,
	8	}
	9
	10	# FIXME: get it from the postgresql module?
	11	$pg_user = "postgres"
	12
	13	class { '::postgresql::client': }
	14
	15	# FIXME: postgresql module is buggy and doesn't create dir?
	16	file { "/var/lib/postgres":
	17	ensure => directory,
	18	owner => $pg_user,
	19	group => $pg_user,
	20	before => File["/var/lib/postgres/data"],
	21	require => Package["postgresql-server"],
	22	}
	23
	24	class { '::postgresql::server':
b3015828 IB	25	postgres_password => generate_password(24, $password_seed, "postgres"),
b3015828 IB	26	listen_addresses => "*",
57ae81ea IB	27	}
	28
	29	postgresql::server::pg_hba_rule { 'local access as postgres user':
	30	description => 'Allow local access to postgres user',
	31	type => 'local',
	32	database => 'all',
	33	user => $pg_user,
	34	auth_method => 'ident',
	35	order => "a1",
	36	}
159db2fd IB	37	postgresql::server::pg_hba_rule { 'localhost access as postgres user':
	38	description => 'Allow localhost access to postgres user',
	39	type => 'host',
	40	database => 'all',
	41	user => $pg_user,
	42	address => "127.0.0.1/32",
	43	auth_method => 'md5',
	44	order => "a2",
	45	}
	46	postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user':
	47	description => 'Allow localhost access to postgres user',
	48	type => 'host',
	49	database => 'all',
	50	user => $pg_user,
	51	address => "::1/128",
	52	auth_method => 'md5',
	53	order => "a3",
	54	}
57ae81ea IB	55	postgresql::server::pg_hba_rule { 'deny access to postgresql user':
	56	description => 'Deny remote access to postgres user',
	57	type => 'host',
	58	database => 'all',
	59	user => $pg_user,
	60	address => "0.0.0.0/0",
	61	auth_method => 'reject',
159db2fd	62	order => "a4",
57ae81ea IB	63	}
	64
	65	postgresql::server::pg_hba_rule { 'local access':
	66	description => 'Allow local access with password',
	67	type => 'local',
	68	database => 'all',
	69	user => 'all',
	70	auth_method => 'md5',
	71	order => "b1",
	72	}
	73
	74	postgresql::server::pg_hba_rule { 'local access with same name':
	75	description => 'Allow local access with same name',
	76	type => 'local',
	77	database => 'all',
	78	user => 'all',
	79	auth_method => 'ident',
	80	order => "b2",
	81	}
	82
	83	}
	84