diff options
Diffstat (limited to 'modules/profile/manifests/postgresql/ssl.pp')
-rw-r--r-- | modules/profile/manifests/postgresql/ssl.pp | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/modules/profile/manifests/postgresql/ssl.pp b/modules/profile/manifests/postgresql/ssl.pp new file mode 100644 index 0000000..e4da8af --- /dev/null +++ b/modules/profile/manifests/postgresql/ssl.pp | |||
@@ -0,0 +1,73 @@ | |||
1 | define profile::postgresql::ssl ( | ||
2 | Optional[String] $cert = undef, | ||
3 | Optional[String] $key = undef, | ||
4 | Optional[String] $certname = undef, | ||
5 | Optional[Boolean] $copy_keys = true, | ||
6 | Optional[String] $pg_user = $profile::postgresql::pg_user, | ||
7 | Optional[String] $pg_group = $profile::postgresql::pg_user | ||
8 | ) { | ||
9 | $pg_dir = $title | ||
10 | $datadir = "$pg_dir/data" | ||
11 | |||
12 | file { "$datadir/certs": | ||
13 | ensure => directory, | ||
14 | mode => "0700", | ||
15 | owner => $pg_user, | ||
16 | group => $pg_group, | ||
17 | require => File[$pg_dir], | ||
18 | } | ||
19 | |||
20 | if empty($cert) or empty($key) { | ||
21 | if empty($certname) { | ||
22 | fail("A certificate name is necessary to generate ssl certificate") | ||
23 | } | ||
24 | |||
25 | ssl::self_signed_certificate { $certname: | ||
26 | common_name => $certname, | ||
27 | country => "FR", | ||
28 | days => "3650", | ||
29 | organization => "Immae", | ||
30 | owner => $pg_user, | ||
31 | group => $pg_group, | ||
32 | directory => "$datadir/certs", | ||
33 | } | ||
34 | |||
35 | $ssl_key = "$datadir/certs/$backup_host_cn.key" | ||
36 | $ssl_cert = "$datadir/certs/$backup_host_cn.crt" | ||
37 | } elsif $copy_keys { | ||
38 | $ssl_key = "$datadir/certs/privkey.pem" | ||
39 | $ssl_cert = "$datadir/certs/cert.pem" | ||
40 | |||
41 | file { $ssl_cert: | ||
42 | source => "file://$cert", | ||
43 | mode => "0600", | ||
44 | links => "follow", | ||
45 | owner => $pg_user, | ||
46 | group => $pg_group, | ||
47 | require => File["$datadir/certs"], | ||
48 | } | ||
49 | file { $ssl_key: | ||
50 | source => "file://$key", | ||
51 | mode => "0600", | ||
52 | links => "follow", | ||
53 | owner => $pg_user, | ||
54 | group => $pg_group, | ||
55 | require => File["$datadir/certs"], | ||
56 | } | ||
57 | } else { | ||
58 | $ssl_key = $key | ||
59 | $ssl_cert = $cert | ||
60 | } | ||
61 | |||
62 | postgresql::server::config_entry { "ssl": | ||
63 | value => "on", | ||
64 | } | ||
65 | |||
66 | postgresql::server::config_entry { "ssl_cert_file": | ||
67 | value => $ssl_cert, | ||
68 | } | ||
69 | |||
70 | postgresql::server::config_entry { "ssl_key_file": | ||
71 | value => $ssl_key, | ||
72 | } | ||
73 | } | ||