aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2018-06-27 13:10:32 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2018-06-27 13:12:14 +0200
commit2f3d3a34ab0b3fd31bd84e4c935954740313dbed (patch)
tree97beae3acaf1c552cf5c19521260e76dedae5913
parentcc278743bffea94197755c0d114389f5fd69596a (diff)
downloadPuppet-2f3d3a34ab0b3fd31bd84e4c935954740313dbed.tar.gz
Puppet-2f3d3a34ab0b3fd31bd84e4c935954740313dbed.tar.zst
Puppet-2f3d3a34ab0b3fd31bd84e4c935954740313dbed.zip
Add ssl certificate for postgresql connection
-rw-r--r--modules/role/manifests/backup/postgresql.pp30
-rw-r--r--modules/role/templates/backup/postgresql.conf.erb2
2 files changed, 28 insertions, 4 deletions
diff --git a/modules/role/manifests/backup/postgresql.pp b/modules/role/manifests/backup/postgresql.pp
index aef177b..ee62a00 100644
--- a/modules/role/manifests/backup/postgresql.pp
+++ b/modules/role/manifests/backup/postgresql.pp
@@ -121,16 +121,38 @@ class role::backup::postgresql inherits role::backup {
121 } else { 121 } else {
122 $pg_backup_host = $host["vars"]["real_hostname"][0] 122 $pg_backup_host = $host["vars"]["real_hostname"][0]
123 } 123 }
124
125 $pg_path = "$mountpoint/$pg_backup_host/postgresql"
126 $pg_backup_path = "$mountpoint/$pg_backup_host/postgresql_backup"
127 $pg_host = "$pg_backup_host"
128 $pg_port = $pg_infos["dbport"]
129
124 if has_key($host["vars"], "postgresql_backup_port") { 130 if has_key($host["vars"], "postgresql_backup_port") {
125 $pg_listen_port = $host["vars"]["postgresql_backup_port"][0] 131 $pg_listen_port = $host["vars"]["postgresql_backup_port"][0]
132 file { "$pg_path/certs":
133 ensure => directory,
134 mode => "0700",
135 owner => $pg_user,
136 group => $pg_group,
137 } ->
138 ssl::self_signed_certificate { $backup_host_cn:
139 common_name => $backup_host_cn,
140 country => "FR",
141 days => "3650",
142 organization => "Immae",
143 owner => $pg_user,
144 group => $pg_group,
145 directory => "$pg_path/certs",
146 before => File["$pg_path/postgresql.conf"],
147 }
148 $ssl_key = "$pg_path/certs/$backup_host_cn.key"
149 $ssl_cert = "$pg_path/certs/$backup_host_cn.crt"
126 } else { 150 } else {
127 $pg_listen_port = undef 151 $pg_listen_port = undef
152 $ssl_key = undef
153 $ssl_cert = undef
128 } 154 }
129 155
130 $pg_path = "$mountpoint/$pg_backup_host/postgresql"
131 $pg_backup_path = "$mountpoint/$pg_backup_host/postgresql_backup"
132 $pg_host = "$pg_backup_host"
133 $pg_port = $pg_infos["dbport"]
134 156
135 unless empty($host) { 157 unless empty($host) {
136 $host["ipHostNumber"].each |$ip| { 158 $host["ipHostNumber"].each |$ip| {
diff --git a/modules/role/templates/backup/postgresql.conf.erb b/modules/role/templates/backup/postgresql.conf.erb
index c4d223e..8741507 100644
--- a/modules/role/templates/backup/postgresql.conf.erb
+++ b/modules/role/templates/backup/postgresql.conf.erb
@@ -2,6 +2,8 @@
2listen_addresses= '*' 2listen_addresses= '*'
3port = <%= @pg_listen_port %> 3port = <%= @pg_listen_port %>
4ssl = on 4ssl = on
5ssl_key_file = '<%= @ssl_key %>'
6ssl_cert_file = '<%= @ssl_cert %>'
5<%- else -%> 7<%- else -%>
6listen_addresses= '' 8listen_addresses= ''
7<%- end %> 9<%- end %>