diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-06-28 10:32:57 +0200 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-06-28 12:14:44 +0200 |
| commit | 3925777d9715d271c0643faef9f520e7816dba89 (patch) | |
| tree | c6e3832098d19917b0ba0bcbe119103c632c7d29 /modules/profile | |
| parent | 436cae5ebfd889b1bf625b757939a57842b564da (diff) | |
| download | Puppet-3925777d9715d271c0643faef9f520e7816dba89.tar.gz Puppet-3925777d9715d271c0643faef9f520e7816dba89.tar.zst Puppet-3925777d9715d271c0643faef9f520e7816dba89.zip | |
Refactor cryptoportfolio postgresql
Diffstat (limited to 'modules/profile')
| -rw-r--r-- | modules/profile/manifests/postgresql.pp | 64 | ||||
| -rw-r--r-- | modules/profile/manifests/postgresql/base_pg_hba_rules.pp | 2 |
2 files changed, 6 insertions, 60 deletions
diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp index 2cd1bcc..97ce572 100644 --- a/modules/profile/manifests/postgresql.pp +++ b/modules/profile/manifests/postgresql.pp | |||
| @@ -1,4 +1,7 @@ | |||
| 1 | class profile::postgresql { | 1 | class profile::postgresql ( |
| 2 | Optional[String] $pg_user = "postgres", | ||
| 3 | Optional[String] $pg_group = "postgres", | ||
| 4 | ) { | ||
| 2 | $password_seed = lookup("base_installation::puppet_pass_seed") | 5 | $password_seed = lookup("base_installation::puppet_pass_seed") |
| 3 | 6 | ||
| 4 | class { '::postgresql::globals': | 7 | class { '::postgresql::globals': |
| @@ -7,16 +10,13 @@ class profile::postgresql { | |||
| 7 | pg_hba_conf_defaults => false, | 10 | pg_hba_conf_defaults => false, |
| 8 | } | 11 | } |
| 9 | 12 | ||
| 10 | # FIXME: get it from the postgresql module? | ||
| 11 | $pg_user = "postgres" | ||
| 12 | |||
| 13 | class { '::postgresql::client': } | 13 | class { '::postgresql::client': } |
| 14 | 14 | ||
| 15 | # FIXME: postgresql module is buggy and doesn't create dir? | 15 | # FIXME: postgresql module is buggy and doesn't create dir? |
| 16 | file { "/var/lib/postgres": | 16 | file { "/var/lib/postgres": |
| 17 | ensure => directory, | 17 | ensure => directory, |
| 18 | owner => $pg_user, | 18 | owner => $pg_user, |
| 19 | group => $pg_user, | 19 | group => $pg_group, |
| 20 | before => File["/var/lib/postgres/data"], | 20 | before => File["/var/lib/postgres/data"], |
| 21 | require => Package["postgresql-server"], | 21 | require => Package["postgresql-server"], |
| 22 | } | 22 | } |
| @@ -26,59 +26,7 @@ class profile::postgresql { | |||
| 26 | listen_addresses => "*", | 26 | listen_addresses => "*", |
| 27 | } | 27 | } |
| 28 | 28 | ||
| 29 | postgresql::server::pg_hba_rule { 'local access as postgres user': | 29 | profile::postgresql::base_pg_hba_rules { "default": } |
| 30 | description => 'Allow local access to postgres user', | ||
| 31 | type => 'local', | ||
| 32 | database => 'all', | ||
| 33 | user => $pg_user, | ||
| 34 | auth_method => 'ident', | ||
| 35 | order => "00-01", | ||
| 36 | } | ||
| 37 | postgresql::server::pg_hba_rule { 'localhost access as postgres user': | ||
| 38 | description => 'Allow localhost access to postgres user', | ||
| 39 | type => 'host', | ||
| 40 | database => 'all', | ||
| 41 | user => $pg_user, | ||
| 42 | address => "127.0.0.1/32", | ||
| 43 | auth_method => 'md5', | ||
| 44 | order => "00-02", | ||
| 45 | } | ||
| 46 | postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user': | ||
| 47 | description => 'Allow localhost access to postgres user', | ||
| 48 | type => 'host', | ||
| 49 | database => 'all', | ||
| 50 | user => $pg_user, | ||
| 51 | address => "::1/128", | ||
| 52 | auth_method => 'md5', | ||
| 53 | order => "00-03", | ||
| 54 | } | ||
| 55 | postgresql::server::pg_hba_rule { 'deny access to postgresql user': | ||
| 56 | description => 'Deny remote access to postgres user', | ||
| 57 | type => 'host', | ||
| 58 | database => 'all', | ||
| 59 | user => $pg_user, | ||
| 60 | address => "0.0.0.0/0", | ||
| 61 | auth_method => 'reject', | ||
| 62 | order => "00-04", | ||
| 63 | } | ||
| 64 | |||
| 65 | postgresql::server::pg_hba_rule { 'local access': | ||
| 66 | description => 'Allow local access with password', | ||
| 67 | type => 'local', | ||
| 68 | database => 'all', | ||
| 69 | user => 'all', | ||
| 70 | auth_method => 'md5', | ||
| 71 | order => "10-01", | ||
| 72 | } | ||
| 73 | |||
| 74 | postgresql::server::pg_hba_rule { 'local access with same name': | ||
| 75 | description => 'Allow local access with same name', | ||
| 76 | type => 'local', | ||
| 77 | database => 'all', | ||
| 78 | user => 'all', | ||
| 79 | auth_method => 'ident', | ||
| 80 | order => "10-02", | ||
| 81 | } | ||
| 82 | 30 | ||
| 83 | } | 31 | } |
| 84 | 32 | ||
diff --git a/modules/profile/manifests/postgresql/base_pg_hba_rules.pp b/modules/profile/manifests/postgresql/base_pg_hba_rules.pp index 13ab4ff..07c4bb6 100644 --- a/modules/profile/manifests/postgresql/base_pg_hba_rules.pp +++ b/modules/profile/manifests/postgresql/base_pg_hba_rules.pp | |||
| @@ -43,8 +43,6 @@ define profile::postgresql::base_pg_hba_rules ( | |||
| 43 | address => "::1/128", | 43 | address => "::1/128", |
| 44 | auth_method => 'md5', | 44 | auth_method => 'md5', |
| 45 | order => "00-03", | 45 | order => "00-03", |
| 46 | target => "$pg_path/pg_hba.conf", | ||
| 47 | postgresql_version => "10", | ||
| 48 | } | 46 | } |
| 49 | postgresql::server::pg_hba_rule { "$title - deny access to postgresql user": | 47 | postgresql::server::pg_hba_rule { "$title - deny access to postgresql user": |
| 50 | description => 'Deny remote access to postgres user', | 48 | description => 'Deny remote access to postgres user', |