diff options
Diffstat (limited to 'modules/profile/manifests/postgresql/ssl.pp')
| -rw-r--r-- | modules/profile/manifests/postgresql/ssl.pp | 47 |
1 files changed, 28 insertions, 19 deletions
diff --git a/modules/profile/manifests/postgresql/ssl.pp b/modules/profile/manifests/postgresql/ssl.pp index e4da8af..dc56c0b 100644 --- a/modules/profile/manifests/postgresql/ssl.pp +++ b/modules/profile/manifests/postgresql/ssl.pp | |||
| @@ -1,20 +1,21 @@ | |||
| 1 | define profile::postgresql::ssl ( | 1 | define profile::postgresql::ssl ( |
| 2 | Optional[String] $cert = undef, | 2 | Optional[String] $cert = undef, |
| 3 | Optional[String] $key = undef, | 3 | Optional[String] $key = undef, |
| 4 | Optional[String] $certname = undef, | 4 | Optional[String] $certname = undef, |
| 5 | Optional[Boolean] $copy_keys = true, | 5 | Optional[Boolean] $copy_keys = true, |
| 6 | Optional[String] $pg_user = $profile::postgresql::pg_user, | 6 | Optional[Boolean] $handle_config_entry = false, |
| 7 | Optional[String] $pg_group = $profile::postgresql::pg_user | 7 | Optional[Boolean] $handle_concat_config = false, |
| 8 | Optional[String] $pg_user = "postgres", | ||
| 9 | Optional[String] $pg_group = "postgres", | ||
| 8 | ) { | 10 | ) { |
| 9 | $pg_dir = $title | 11 | $datadir = $title |
| 10 | $datadir = "$pg_dir/data" | ||
| 11 | 12 | ||
| 12 | file { "$datadir/certs": | 13 | file { "$datadir/certs": |
| 13 | ensure => directory, | 14 | ensure => directory, |
| 14 | mode => "0700", | 15 | mode => "0700", |
| 15 | owner => $pg_user, | 16 | owner => $pg_user, |
| 16 | group => $pg_group, | 17 | group => $pg_group, |
| 17 | require => File[$pg_dir], | 18 | require => File[$datadir], |
| 18 | } | 19 | } |
| 19 | 20 | ||
| 20 | if empty($cert) or empty($key) { | 21 | if empty($cert) or empty($key) { |
| @@ -32,8 +33,8 @@ define profile::postgresql::ssl ( | |||
| 32 | directory => "$datadir/certs", | 33 | directory => "$datadir/certs", |
| 33 | } | 34 | } |
| 34 | 35 | ||
| 35 | $ssl_key = "$datadir/certs/$backup_host_cn.key" | 36 | $ssl_key = "$datadir/certs/$certname.key" |
| 36 | $ssl_cert = "$datadir/certs/$backup_host_cn.crt" | 37 | $ssl_cert = "$datadir/certs/$certname.crt" |
| 37 | } elsif $copy_keys { | 38 | } elsif $copy_keys { |
| 38 | $ssl_key = "$datadir/certs/privkey.pem" | 39 | $ssl_key = "$datadir/certs/privkey.pem" |
| 39 | $ssl_cert = "$datadir/certs/cert.pem" | 40 | $ssl_cert = "$datadir/certs/cert.pem" |
| @@ -59,15 +60,23 @@ define profile::postgresql::ssl ( | |||
| 59 | $ssl_cert = $cert | 60 | $ssl_cert = $cert |
| 60 | } | 61 | } |
| 61 | 62 | ||
| 62 | postgresql::server::config_entry { "ssl": | 63 | if $handle_config_entry { |
| 63 | value => "on", | 64 | postgresql::server::config_entry { "ssl": |
| 64 | } | 65 | value => "on", |
| 66 | } | ||
| 65 | 67 | ||
| 66 | postgresql::server::config_entry { "ssl_cert_file": | 68 | postgresql::server::config_entry { "ssl_cert_file": |
| 67 | value => $ssl_cert, | 69 | value => $ssl_cert, |
| 68 | } | 70 | } |
| 69 | 71 | ||
| 70 | postgresql::server::config_entry { "ssl_key_file": | 72 | postgresql::server::config_entry { "ssl_key_file": |
| 71 | value => $ssl_key, | 73 | value => $ssl_key, |
| 74 | } | ||
| 75 | } elsif $handle_concat_config { | ||
| 76 | concat::fragment { "$datadir/postgresql.conf ssl config": | ||
| 77 | target => "$datadir/postgresql.conf", | ||
| 78 | content => "ssl = on\nssl_key_file = '$ssl_key'\nssl_cert_file = '$ssl_cert'\n" | ||
| 79 | } | ||
| 72 | } | 80 | } |
| 81 | |||
| 73 | } | 82 | } |