diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-06-27 13:10:32 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-06-27 13:12:14 +0200 |
commit | 2f3d3a34ab0b3fd31bd84e4c935954740313dbed (patch) | |
tree | 97beae3acaf1c552cf5c19521260e76dedae5913 | |
parent | cc278743bffea94197755c0d114389f5fd69596a (diff) | |
download | Puppet-2f3d3a34ab0b3fd31bd84e4c935954740313dbed.tar.gz Puppet-2f3d3a34ab0b3fd31bd84e4c935954740313dbed.tar.zst Puppet-2f3d3a34ab0b3fd31bd84e4c935954740313dbed.zip |
Add ssl certificate for postgresql connection
-rw-r--r-- | modules/role/manifests/backup/postgresql.pp | 30 | ||||
-rw-r--r-- | modules/role/templates/backup/postgresql.conf.erb | 2 |
2 files changed, 28 insertions, 4 deletions
diff --git a/modules/role/manifests/backup/postgresql.pp b/modules/role/manifests/backup/postgresql.pp index aef177b..ee62a00 100644 --- a/modules/role/manifests/backup/postgresql.pp +++ b/modules/role/manifests/backup/postgresql.pp | |||
@@ -121,16 +121,38 @@ class role::backup::postgresql inherits role::backup { | |||
121 | } else { | 121 | } else { |
122 | $pg_backup_host = $host["vars"]["real_hostname"][0] | 122 | $pg_backup_host = $host["vars"]["real_hostname"][0] |
123 | } | 123 | } |
124 | |||
125 | $pg_path = "$mountpoint/$pg_backup_host/postgresql" | ||
126 | $pg_backup_path = "$mountpoint/$pg_backup_host/postgresql_backup" | ||
127 | $pg_host = "$pg_backup_host" | ||
128 | $pg_port = $pg_infos["dbport"] | ||
129 | |||
124 | if has_key($host["vars"], "postgresql_backup_port") { | 130 | if has_key($host["vars"], "postgresql_backup_port") { |
125 | $pg_listen_port = $host["vars"]["postgresql_backup_port"][0] | 131 | $pg_listen_port = $host["vars"]["postgresql_backup_port"][0] |
132 | file { "$pg_path/certs": | ||
133 | ensure => directory, | ||
134 | mode => "0700", | ||
135 | owner => $pg_user, | ||
136 | group => $pg_group, | ||
137 | } -> | ||
138 | ssl::self_signed_certificate { $backup_host_cn: | ||
139 | common_name => $backup_host_cn, | ||
140 | country => "FR", | ||
141 | days => "3650", | ||
142 | organization => "Immae", | ||
143 | owner => $pg_user, | ||
144 | group => $pg_group, | ||
145 | directory => "$pg_path/certs", | ||
146 | before => File["$pg_path/postgresql.conf"], | ||
147 | } | ||
148 | $ssl_key = "$pg_path/certs/$backup_host_cn.key" | ||
149 | $ssl_cert = "$pg_path/certs/$backup_host_cn.crt" | ||
126 | } else { | 150 | } else { |
127 | $pg_listen_port = undef | 151 | $pg_listen_port = undef |
152 | $ssl_key = undef | ||
153 | $ssl_cert = undef | ||
128 | } | 154 | } |
129 | 155 | ||
130 | $pg_path = "$mountpoint/$pg_backup_host/postgresql" | ||
131 | $pg_backup_path = "$mountpoint/$pg_backup_host/postgresql_backup" | ||
132 | $pg_host = "$pg_backup_host" | ||
133 | $pg_port = $pg_infos["dbport"] | ||
134 | 156 | ||
135 | unless empty($host) { | 157 | unless empty($host) { |
136 | $host["ipHostNumber"].each |$ip| { | 158 | $host["ipHostNumber"].each |$ip| { |
diff --git a/modules/role/templates/backup/postgresql.conf.erb b/modules/role/templates/backup/postgresql.conf.erb index c4d223e..8741507 100644 --- a/modules/role/templates/backup/postgresql.conf.erb +++ b/modules/role/templates/backup/postgresql.conf.erb | |||
@@ -2,6 +2,8 @@ | |||
2 | listen_addresses= '*' | 2 | listen_addresses= '*' |
3 | port = <%= @pg_listen_port %> | 3 | port = <%= @pg_listen_port %> |
4 | ssl = on | 4 | ssl = on |
5 | ssl_key_file = '<%= @ssl_key %>' | ||
6 | ssl_cert_file = '<%= @ssl_cert %>' | ||
5 | <%- else -%> | 7 | <%- else -%> |
6 | listen_addresses= '' | 8 | listen_addresses= '' |
7 | <%- end %> | 9 | <%- end %> |