Add ssl certificate for postgresql connection

[perso/Immae/Projets/Puppet.git] / modules / role / manifests / backup / postgresql.pp

diff --git a/modules/role/manifests/backup/postgresql.pp b/modules/role/manifests/backup/postgresql.pp
index aef177b776a64b1bf30ee75639e015ba72f611ba..ee62a0022ed2fb3efdacd480f8d734780904ed18 100644 (file)
--- a/modules/role/manifests/backup/postgresql.pp
+++ b/modules/role/manifests/backup/postgresql.pp
@@ -121,16 +121,38 @@ class role::backup::postgresql inherits role::backup {
     } else {
       $pg_backup_host = $host["vars"]["real_hostname"][0]
     }
+
+    $pg_path = "$mountpoint/$pg_backup_host/postgresql"
+    $pg_backup_path = "$mountpoint/$pg_backup_host/postgresql_backup"
+    $pg_host = "$pg_backup_host"
+    $pg_port = $pg_infos["dbport"]
+
     if has_key($host["vars"], "postgresql_backup_port") {
       $pg_listen_port = $host["vars"]["postgresql_backup_port"][0]
+      file { "$pg_path/certs":
+        ensure => directory,
+        mode   => "0700",
+        owner  => $pg_user,
+        group  => $pg_group,
+      } ->
+      ssl::self_signed_certificate { $backup_host_cn:
+        common_name  => $backup_host_cn,
+        country      => "FR",
+        days         => "3650",
+        organization => "Immae",
+        owner        => $pg_user,
+        group        => $pg_group,
+        directory    => "$pg_path/certs",
+        before       => File["$pg_path/postgresql.conf"],
+      }
+      $ssl_key  = "$pg_path/certs/$backup_host_cn.key"
+      $ssl_cert = "$pg_path/certs/$backup_host_cn.crt"
     } else {
       $pg_listen_port = undef
+      $ssl_key = undef
+      $ssl_cert = undef
     }
 
-    $pg_path = "$mountpoint/$pg_backup_host/postgresql"
-    $pg_backup_path = "$mountpoint/$pg_backup_host/postgresql_backup"
-    $pg_host = "$pg_backup_host"
-    $pg_port = $pg_infos["dbport"]
 
     unless empty($host) {
       $host["ipHostNumber"].each |$ip| {