1 files changed, 73 insertions, 0 deletions
diff --git a/modules/profile/manifests/postgresql/ssl.pp b/modules/profile/manifests/postgresql/ssl.pp
new file mode 100644
index 0000000..e4da8af
--- /dev/null
+++ b/modules/profile/manifests/postgresql/ssl.pp
@@ -0,0 +1,73 @@
+define profile::postgresql::ssl (
+  Optional[String] $cert       = undef,
+  Optional[String] $key        = undef,
+  Optional[String] $certname   = undef,
+  Optional[Boolean] $copy_keys = true,
+  Optional[String] $pg_user    = $profile::postgresql::pg_user,
+  Optional[String] $pg_group   = $profile::postgresql::pg_user
+) {
+  $pg_dir  = $title
+  $datadir = "$pg_dir/data"
+  file { "$datadir/certs":
+    ensure  => directory,
+    mode    => "0700",
+    owner   => $pg_user,
+    group   => $pg_group,
+    require => File[$pg_dir],
+  }
+  if empty($cert) or empty($key) {
+    if empty($certname) {
+      fail("A certificate name is necessary to generate ssl certificate")
+    }
+    ssl::self_signed_certificate { $certname:
+      common_name  => $certname,
+      country      => "FR",
+      days         => "3650",
+      organization => "Immae",
+      owner        => $pg_user,
+      group        => $pg_group,
+      directory    => "$datadir/certs",
+    }
+    $ssl_key  = "$datadir/certs/$backup_host_cn.key"
+    $ssl_cert = "$datadir/certs/$backup_host_cn.crt"
+  } elsif $copy_keys {
+    $ssl_key  = "$datadir/certs/privkey.pem"
+    $ssl_cert = "$datadir/certs/cert.pem"
+    file { $ssl_cert:
+      source  => "file://$cert",
+      mode    => "0600",
+      links   => "follow",
+      owner   => $pg_user,
+      group   => $pg_group,
+      require => File["$datadir/certs"],
+    }
+    file { $ssl_key:
+      source  => "file://$key",
+      mode    => "0600",
+      links   => "follow",
+      owner   => $pg_user,
+      group   => $pg_group,
+      require => File["$datadir/certs"],
+    }
+  } else {
+    $ssl_key  = $key
+    $ssl_cert = $cert
+  }
+  postgresql::server::config_entry { "ssl":
+    value => "on",
+  }
+  postgresql::server::config_entry { "ssl_cert_file":
+    value => $ssl_cert,
+  }
+  postgresql::server::config_entry { "ssl_key_file":
+    value => $ssl_key,
+  }
+}

diff --git a/modules/profile/manifests/postgresql/ssl.pp b/modules/profile/manifests/postgresql/ssl.pp new file mode 100644 index 0000000..e4da8af --- /dev/null +++ b/modules/profile/manifests/postgresql/ssl.pp
@@ -0,0 +1,73 @@
	1	define profile::postgresql::ssl (
	2	Optional[String] $cert = undef,
	3	Optional[String] $key = undef,
	4	Optional[String] $certname = undef,
	5	Optional[Boolean] $copy_keys = true,
	6	Optional[String] $pg_user = $profile::postgresql::pg_user,
	7	Optional[String] $pg_group = $profile::postgresql::pg_user
	8	) {
	9	$pg_dir = $title
	10	$datadir = "$pg_dir/data"
	11
	12	file { "$datadir/certs":
	13	ensure => directory,
	14	mode => "0700",
	15	owner => $pg_user,
	16	group => $pg_group,
	17	require => File[$pg_dir],
	18	}
	19
	20	if empty($cert) or empty($key) {
	21	if empty($certname) {
	22	fail("A certificate name is necessary to generate ssl certificate")
	23	}
	24
	25	ssl::self_signed_certificate { $certname:
	26	common_name => $certname,
	27	country => "FR",
	28	days => "3650",
	29	organization => "Immae",
	30	owner => $pg_user,
	31	group => $pg_group,
	32	directory => "$datadir/certs",
	33	}
	34
	35	$ssl_key = "$datadir/certs/$backup_host_cn.key"
	36	$ssl_cert = "$datadir/certs/$backup_host_cn.crt"
	37	} elsif $copy_keys {
	38	$ssl_key = "$datadir/certs/privkey.pem"
	39	$ssl_cert = "$datadir/certs/cert.pem"
	40
	41	file { $ssl_cert:
	42	source => "file://$cert",
	43	mode => "0600",
	44	links => "follow",
	45	owner => $pg_user,
	46	group => $pg_group,
	47	require => File["$datadir/certs"],
	48	}
	49	file { $ssl_key:
	50	source => "file://$key",
	51	mode => "0600",
	52	links => "follow",
	53	owner => $pg_user,
	54	group => $pg_group,
	55	require => File["$datadir/certs"],
	56	}
	57	} else {
	58	$ssl_key = $key
	59	$ssl_cert = $cert
	60	}
	61
	62	postgresql::server::config_entry { "ssl":
	63	value => "on",
	64	}
	65
	66	postgresql::server::config_entry { "ssl_cert_file":
	67	value => $ssl_cert,
	68	}
	69
	70	postgresql::server::config_entry { "ssl_key_file":
	71	value => $ssl_key,
	72	}
	73	}