modules/profile/manifests/postgresql/pam_ldap_pgbouncer.pp

   1 class profile::postgresql::pam_ldap_pgbouncer (
   2   String $pg_user = "postgres"
   3 ) {
   4   include "profile::pam_ldap"
   5
   6   $password_seed = lookup("base_installation::puppet_pass_seed")
   7   $ldap_server = lookup("base_installation::ldap_server")
   8   $ldap_base   = lookup("base_installation::ldap_base")
   9   $ldap_dn     = lookup("base_installation::ldap_dn")
  10   $ldap_password = generate_password(24, $password_seed, "ldap")
  11   $ldap_attribute = "uid"
  12   $ldap_filter = lookup("role::backup::postgresql::pgbouncer_access_filter", { "default_value" => undef })
  13
  14   if empty($ldap_filter) {
  15     fail("need ldap filter for pgbouncer")
  16   }
  17
  18   file { "/etc/pam_ldap.d/pgbouncer.conf":
  19     ensure  => "present",
  20     mode    => "0600",
  21     owner   => $pg_user,
  22     group   => "root",
  23     content => template("profile/postgresql/pam_ldap_pgbouncer.conf.erb"),
  24     require => File["/etc/pam_ldap.d"],
  25   } ->
  26   file { "/etc/pam.d/pgbouncer":
  27     ensure => "present",
  28     mode   => "0644",
  29     owner  => "root",
  30     group  => "root",
  31     source => "puppet:///modules/profile/postgresql/pam_pgbouncer"
  32   }
  33 }