Add postgresql module and cryptoportfolio role

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2018-02-17 19:31:35 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2018-02-18 01:12:24 +0100
commit: 57ae81eaeb85a2892f1afe07ea5be1917f64d065 (patch)
tree: 5551bf297aa0ae8978bda4720197c70abcee0314 /modules
parent: 28f9451daeac73f91b031470060c883008b4a363 (diff)
download: Puppet-57ae81eaeb85a2892f1afe07ea5be1917f64d065.tar.gz
Puppet-57ae81eaeb85a2892f1afe07ea5be1917f64d065.tar.zst
Puppet-57ae81eaeb85a2892f1afe07ea5be1917f64d065.zip
3 files changed, 79 insertions, 0 deletions
diff --git a/modules/postgresql b/modules/postgresql
new file mode 160000
+Subproject 52ea030ad94397ba0d066c36c3028a255341f9f
diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp
new file mode 100644
index 0000000..50e510e
--- /dev/null
+++ b/modules/profile/manifests/postgresql.pp
@@ -0,0 +1,65 @@
+class profile::postgresql {
+  $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} }
+  class { '::postgresql::globals':
+    encoding             => 'UTF-8',
+    locale               => 'en_US.UTF-8',
+    pg_hba_conf_defaults => false,
+  }
+  # FIXME: get it from the postgresql module?
+  $pg_user = "postgres"
+  class { '::postgresql::client': }
+  # FIXME: postgresql module is buggy and doesn't create dir?
+  file { "/var/lib/postgres":
+    ensure  => directory,
+    owner   => $pg_user,
+    group   => $pg_user,
+    before  => File["/var/lib/postgres/data"],
+    require => Package["postgresql-server"],
+  }
+  class { '::postgresql::server':
+    postgres_password => generate_password(24, $password_seed, "postgres")
+  }
+  postgresql::server::pg_hba_rule { 'local access as postgres user':
+    description => 'Allow local access to postgres user',
+    type        => 'local',
+    database    => 'all',
+    user        => $pg_user,
+    auth_method => 'ident',
+    order       => "a1",
+  }
+  postgresql::server::pg_hba_rule { 'deny access to postgresql user':
+    description => 'Deny remote access to postgres user',
+    type        => 'host',
+    database    => 'all',
+    user        => $pg_user,
+    address     => "0.0.0.0/0",
+    auth_method => 'reject',
+    order       => "a2",
+  }
+  postgresql::server::pg_hba_rule { 'local access':
+    description => 'Allow local access with password',
+    type        => 'local',
+    database    => 'all',
+    user        => 'all',
+    auth_method => 'md5',
+    order       => "b1",
+  }
+  postgresql::server::pg_hba_rule { 'local access with same name':
+    description => 'Allow local access with same name',
+    type        => 'local',
+    database    => 'all',
+    user        => 'all',
+    auth_method => 'ident',
+    order       => "b2",
+  }
+}
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp
new file mode 100644
index 0000000..2755fee
--- /dev/null
+++ b/modules/role/manifests/cryptoportfolio.pp
@@ -0,0 +1,14 @@
+class role::cryptoportfolio {
+  include "base_installation"
+  include "profile::postgresql"
+  $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} }
+  postgresql::server::db { 'cryptoportfolio':
+    user =>  'cryptoportfolio',
+    password =>  postgresql_password('cryptoportfolio', generate_password(24, $password_seed, "postgres_cryptoportfolio")),
+  }
+  ensure_packages("go")
+}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2018-02-17 19:31:35 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2018-02-18 01:12:24 +0100
commit	57ae81eaeb85a2892f1afe07ea5be1917f64d065 (patch)
tree	5551bf297aa0ae8978bda4720197c70abcee0314 /modules
parent	28f9451daeac73f91b031470060c883008b4a363 (diff)
download	Puppet-57ae81eaeb85a2892f1afe07ea5be1917f64d065.tar.gz Puppet-57ae81eaeb85a2892f1afe07ea5be1917f64d065.tar.zst Puppet-57ae81eaeb85a2892f1afe07ea5be1917f64d065.zip

diff --git a/modules/postgresql b/modules/postgresql new file mode 160000
		Subproject 52ea030ad94397ba0d066c36c3028a255341f9f


diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp new file mode 100644 index 0000000..50e510e --- /dev/null +++ b/modules/profile/manifests/postgresql.pp
@@ -0,0 +1,65 @@
	1	class profile::postgresql {
	2	$password_seed = lookup("base_installation::puppet_pass_seed") \|$key\| { {} }
	3
	4	class { '::postgresql::globals':
	5	encoding => 'UTF-8',
	6	locale => 'en_US.UTF-8',
	7	pg_hba_conf_defaults => false,
	8	}
	9
	10	# FIXME: get it from the postgresql module?
	11	$pg_user = "postgres"
	12
	13	class { '::postgresql::client': }
	14
	15	# FIXME: postgresql module is buggy and doesn't create dir?
	16	file { "/var/lib/postgres":
	17	ensure => directory,
	18	owner => $pg_user,
	19	group => $pg_user,
	20	before => File["/var/lib/postgres/data"],
	21	require => Package["postgresql-server"],
	22	}
	23
	24	class { '::postgresql::server':
	25	postgres_password => generate_password(24, $password_seed, "postgres")
	26	}
	27
	28	postgresql::server::pg_hba_rule { 'local access as postgres user':
	29	description => 'Allow local access to postgres user',
	30	type => 'local',
	31	database => 'all',
	32	user => $pg_user,
	33	auth_method => 'ident',
	34	order => "a1",
	35	}
	36	postgresql::server::pg_hba_rule { 'deny access to postgresql user':
	37	description => 'Deny remote access to postgres user',
	38	type => 'host',
	39	database => 'all',
	40	user => $pg_user,
	41	address => "0.0.0.0/0",
	42	auth_method => 'reject',
	43	order => "a2",
	44	}
	45
	46	postgresql::server::pg_hba_rule { 'local access':
	47	description => 'Allow local access with password',
	48	type => 'local',
	49	database => 'all',
	50	user => 'all',
	51	auth_method => 'md5',
	52	order => "b1",
	53	}
	54
	55	postgresql::server::pg_hba_rule { 'local access with same name':
	56	description => 'Allow local access with same name',
	57	type => 'local',
	58	database => 'all',
	59	user => 'all',
	60	auth_method => 'ident',
	61	order => "b2",
	62	}
	63
	64	}
	65


diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp new file mode 100644 index 0000000..2755fee --- /dev/null +++ b/modules/role/manifests/cryptoportfolio.pp
@@ -0,0 +1,14 @@
	1	class role::cryptoportfolio {
	2	include "base_installation"
	3
	4	include "profile::postgresql"
	5
	6	$password_seed = lookup("base_installation::puppet_pass_seed") \|$key\| { {} }
	7
	8	postgresql::server::db { 'cryptoportfolio':
	9	user => 'cryptoportfolio',
	10	password => postgresql_password('cryptoportfolio', generate_password(24, $password_seed, "postgres_cryptoportfolio")),
	11	}
	12
	13	ensure_packages("go")
	14	}