diff options
Diffstat (limited to 'modules/profile/manifests/postgresql/pam_ldap_pgbouncer.pp')
-rw-r--r-- | modules/profile/manifests/postgresql/pam_ldap_pgbouncer.pp | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/modules/profile/manifests/postgresql/pam_ldap_pgbouncer.pp b/modules/profile/manifests/postgresql/pam_ldap_pgbouncer.pp new file mode 100644 index 0000000..67714f2 --- /dev/null +++ b/modules/profile/manifests/postgresql/pam_ldap_pgbouncer.pp | |||
@@ -0,0 +1,33 @@ | |||
1 | class profile::postgresql::pam_ldap_pgbouncer ( | ||
2 | String $pg_user = "postgres" | ||
3 | ) { | ||
4 | include "profile::pam_ldap" | ||
5 | |||
6 | $password_seed = lookup("base_installation::puppet_pass_seed") | ||
7 | $ldap_server = lookup("base_installation::ldap_server") | ||
8 | $ldap_base = lookup("base_installation::ldap_base") | ||
9 | $ldap_dn = lookup("base_installation::ldap_dn") | ||
10 | $ldap_password = generate_password(24, $password_seed, "ldap") | ||
11 | $ldap_attribute = "uid" | ||
12 | $ldap_filter = lookup("role::backup::postgresql::pgbouncer_access_filter", { "default_value" => undef }) | ||
13 | |||
14 | if empty($ldap_filter) { | ||
15 | fail("need ldap filter for pgbouncer") | ||
16 | } | ||
17 | |||
18 | file { "/etc/pam_ldap.d/pgbouncer.conf": | ||
19 | ensure => "present", | ||
20 | mode => "0600", | ||
21 | owner => $pg_user, | ||
22 | group => "root", | ||
23 | content => template("profile/postgresql/pam_ldap_pgbouncer.conf.erb"), | ||
24 | require => File["/etc/pam_ldap.d"], | ||
25 | } -> | ||
26 | file { "/etc/pam.d/pgbouncer": | ||
27 | ensure => "present", | ||
28 | mode => "0644", | ||
29 | owner => "root", | ||
30 | group => "root", | ||
31 | source => "puppet:///modules/profile/postgresql/pam_pgbouncer" | ||
32 | } | ||
33 | } | ||