diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-02-17 19:31:35 +0100 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-02-18 01:12:24 +0100 |
commit | 57ae81eaeb85a2892f1afe07ea5be1917f64d065 (patch) | |
tree | 5551bf297aa0ae8978bda4720197c70abcee0314 /modules/profile/manifests | |
parent | 28f9451daeac73f91b031470060c883008b4a363 (diff) | |
download | Puppet-57ae81eaeb85a2892f1afe07ea5be1917f64d065.tar.gz Puppet-57ae81eaeb85a2892f1afe07ea5be1917f64d065.tar.zst Puppet-57ae81eaeb85a2892f1afe07ea5be1917f64d065.zip |
Add postgresql module and cryptoportfolio role
Diffstat (limited to 'modules/profile/manifests')
-rw-r--r-- | modules/profile/manifests/postgresql.pp | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp new file mode 100644 index 0000000..50e510e --- /dev/null +++ b/modules/profile/manifests/postgresql.pp | |||
@@ -0,0 +1,65 @@ | |||
1 | class profile::postgresql { | ||
2 | $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } | ||
3 | |||
4 | class { '::postgresql::globals': | ||
5 | encoding => 'UTF-8', | ||
6 | locale => 'en_US.UTF-8', | ||
7 | pg_hba_conf_defaults => false, | ||
8 | } | ||
9 | |||
10 | # FIXME: get it from the postgresql module? | ||
11 | $pg_user = "postgres" | ||
12 | |||
13 | class { '::postgresql::client': } | ||
14 | |||
15 | # FIXME: postgresql module is buggy and doesn't create dir? | ||
16 | file { "/var/lib/postgres": | ||
17 | ensure => directory, | ||
18 | owner => $pg_user, | ||
19 | group => $pg_user, | ||
20 | before => File["/var/lib/postgres/data"], | ||
21 | require => Package["postgresql-server"], | ||
22 | } | ||
23 | |||
24 | class { '::postgresql::server': | ||
25 | postgres_password => generate_password(24, $password_seed, "postgres") | ||
26 | } | ||
27 | |||
28 | postgresql::server::pg_hba_rule { 'local access as postgres user': | ||
29 | description => 'Allow local access to postgres user', | ||
30 | type => 'local', | ||
31 | database => 'all', | ||
32 | user => $pg_user, | ||
33 | auth_method => 'ident', | ||
34 | order => "a1", | ||
35 | } | ||
36 | postgresql::server::pg_hba_rule { 'deny access to postgresql user': | ||
37 | description => 'Deny remote access to postgres user', | ||
38 | type => 'host', | ||
39 | database => 'all', | ||
40 | user => $pg_user, | ||
41 | address => "0.0.0.0/0", | ||
42 | auth_method => 'reject', | ||
43 | order => "a2", | ||
44 | } | ||
45 | |||
46 | postgresql::server::pg_hba_rule { 'local access': | ||
47 | description => 'Allow local access with password', | ||
48 | type => 'local', | ||
49 | database => 'all', | ||
50 | user => 'all', | ||
51 | auth_method => 'md5', | ||
52 | order => "b1", | ||
53 | } | ||
54 | |||
55 | postgresql::server::pg_hba_rule { 'local access with same name': | ||
56 | description => 'Allow local access with same name', | ||
57 | type => 'local', | ||
58 | database => 'all', | ||
59 | user => 'all', | ||
60 | auth_method => 'ident', | ||
61 | order => "b2", | ||
62 | } | ||
63 | |||
64 | } | ||
65 | |||