diff options
Diffstat (limited to 'modules/profile/manifests/postgresql/ssl.pp')
-rw-r--r-- | modules/profile/manifests/postgresql/ssl.pp | 47 |
1 files changed, 28 insertions, 19 deletions
diff --git a/modules/profile/manifests/postgresql/ssl.pp b/modules/profile/manifests/postgresql/ssl.pp index e4da8af..dc56c0b 100644 --- a/modules/profile/manifests/postgresql/ssl.pp +++ b/modules/profile/manifests/postgresql/ssl.pp | |||
@@ -1,20 +1,21 @@ | |||
1 | define profile::postgresql::ssl ( | 1 | define profile::postgresql::ssl ( |
2 | Optional[String] $cert = undef, | 2 | Optional[String] $cert = undef, |
3 | Optional[String] $key = undef, | 3 | Optional[String] $key = undef, |
4 | Optional[String] $certname = undef, | 4 | Optional[String] $certname = undef, |
5 | Optional[Boolean] $copy_keys = true, | 5 | Optional[Boolean] $copy_keys = true, |
6 | Optional[String] $pg_user = $profile::postgresql::pg_user, | 6 | Optional[Boolean] $handle_config_entry = false, |
7 | Optional[String] $pg_group = $profile::postgresql::pg_user | 7 | Optional[Boolean] $handle_concat_config = false, |
8 | Optional[String] $pg_user = "postgres", | ||
9 | Optional[String] $pg_group = "postgres", | ||
8 | ) { | 10 | ) { |
9 | $pg_dir = $title | 11 | $datadir = $title |
10 | $datadir = "$pg_dir/data" | ||
11 | 12 | ||
12 | file { "$datadir/certs": | 13 | file { "$datadir/certs": |
13 | ensure => directory, | 14 | ensure => directory, |
14 | mode => "0700", | 15 | mode => "0700", |
15 | owner => $pg_user, | 16 | owner => $pg_user, |
16 | group => $pg_group, | 17 | group => $pg_group, |
17 | require => File[$pg_dir], | 18 | require => File[$datadir], |
18 | } | 19 | } |
19 | 20 | ||
20 | if empty($cert) or empty($key) { | 21 | if empty($cert) or empty($key) { |
@@ -32,8 +33,8 @@ define profile::postgresql::ssl ( | |||
32 | directory => "$datadir/certs", | 33 | directory => "$datadir/certs", |
33 | } | 34 | } |
34 | 35 | ||
35 | $ssl_key = "$datadir/certs/$backup_host_cn.key" | 36 | $ssl_key = "$datadir/certs/$certname.key" |
36 | $ssl_cert = "$datadir/certs/$backup_host_cn.crt" | 37 | $ssl_cert = "$datadir/certs/$certname.crt" |
37 | } elsif $copy_keys { | 38 | } elsif $copy_keys { |
38 | $ssl_key = "$datadir/certs/privkey.pem" | 39 | $ssl_key = "$datadir/certs/privkey.pem" |
39 | $ssl_cert = "$datadir/certs/cert.pem" | 40 | $ssl_cert = "$datadir/certs/cert.pem" |
@@ -59,15 +60,23 @@ define profile::postgresql::ssl ( | |||
59 | $ssl_cert = $cert | 60 | $ssl_cert = $cert |
60 | } | 61 | } |
61 | 62 | ||
62 | postgresql::server::config_entry { "ssl": | 63 | if $handle_config_entry { |
63 | value => "on", | 64 | postgresql::server::config_entry { "ssl": |
64 | } | 65 | value => "on", |
66 | } | ||
65 | 67 | ||
66 | postgresql::server::config_entry { "ssl_cert_file": | 68 | postgresql::server::config_entry { "ssl_cert_file": |
67 | value => $ssl_cert, | 69 | value => $ssl_cert, |
68 | } | 70 | } |
69 | 71 | ||
70 | postgresql::server::config_entry { "ssl_key_file": | 72 | postgresql::server::config_entry { "ssl_key_file": |
71 | value => $ssl_key, | 73 | value => $ssl_key, |
74 | } | ||
75 | } elsif $handle_concat_config { | ||
76 | concat::fragment { "$datadir/postgresql.conf ssl config": | ||
77 | target => "$datadir/postgresql.conf", | ||
78 | content => "ssl = on\nssl_key_file = '$ssl_key'\nssl_cert_file = '$ssl_cert'\n" | ||
79 | } | ||
72 | } | 80 | } |
81 | |||
73 | } | 82 | } |