2 files changed, 6 insertions, 60 deletions
diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp
index 2cd1bcc..97ce572 100644
--- a/modules/profile/manifests/postgresql.pp
+++ b/modules/profile/manifests/postgresql.pp
@@ -1,4 +1,7 @@
-class profile::postgresql {
+class profile::postgresql (
+  Optional[String] $pg_user  = "postgres",
+  Optional[String] $pg_group = "postgres",
+) {
  $password_seed = lookup("base_installation::puppet_pass_seed")
  class { '::postgresql::globals':
@@ -7,16 +10,13 @@ class profile::postgresql {
    pg_hba_conf_defaults => false,
  }
-  # FIXME: get it from the postgresql module?
-  $pg_user = "postgres"
  class { '::postgresql::client': }
  # FIXME: postgresql module is buggy and doesn't create dir?
  file { "/var/lib/postgres":
    ensure  => directory,
    owner   => $pg_user,
-    group   => $pg_user,
+    group   => $pg_group,
    before  => File["/var/lib/postgres/data"],
    require => Package["postgresql-server"],
  }
@@ -26,59 +26,7 @@ class profile::postgresql {
    listen_addresses  => "*",
  }
-  postgresql::server::pg_hba_rule { 'local access as postgres user':
+  profile::postgresql::base_pg_hba_rules { "default": }
-    description => 'Allow local access to postgres user',
-    type        => 'local',
-    database    => 'all',
-    user        => $pg_user,
-    auth_method => 'ident',
-    order       => "00-01",
-  }
-  postgresql::server::pg_hba_rule { 'localhost access as postgres user':
-    description => 'Allow localhost access to postgres user',
-    type        => 'host',
-    database    => 'all',
-    user        => $pg_user,
-    address     => "127.0.0.1/32",
-    auth_method => 'md5',
-    order       => "00-02",
-  }
-  postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user':
-    description => 'Allow localhost access to postgres user',
-    type        => 'host',
-    database    => 'all',
-    user        => $pg_user,
-    address     => "::1/128",
-    auth_method => 'md5',
-    order       => "00-03",
-  }
-  postgresql::server::pg_hba_rule { 'deny access to postgresql user':
-    description => 'Deny remote access to postgres user',
-    type        => 'host',
-    database    => 'all',
-    user        => $pg_user,
-    address     => "0.0.0.0/0",
-    auth_method => 'reject',
-    order       => "00-04",
-  }
-  postgresql::server::pg_hba_rule { 'local access':
-    description => 'Allow local access with password',
-    type        => 'local',
-    database    => 'all',
-    user        => 'all',
-    auth_method => 'md5',
-    order       => "10-01",
-  }
-  postgresql::server::pg_hba_rule { 'local access with same name':
-    description => 'Allow local access with same name',
-    type        => 'local',
-    database    => 'all',
-    user        => 'all',
-    auth_method => 'ident',
-    order       => "10-02",
-  }
 }
diff --git a/modules/profile/manifests/postgresql/base_pg_hba_rules.pp b/modules/profile/manifests/postgresql/base_pg_hba_rules.pp
index 13ab4ff..07c4bb6 100644
--- a/modules/profile/manifests/postgresql/base_pg_hba_rules.pp
+++ b/modules/profile/manifests/postgresql/base_pg_hba_rules.pp
@@ -43,8 +43,6 @@ define profile::postgresql::base_pg_hba_rules (
    address     => "::1/128",
    auth_method => 'md5',
    order       => "00-03",
-    target      => "$pg_path/pg_hba.conf",
-    postgresql_version => "10",
  }
  postgresql::server::pg_hba_rule { "$title - deny access to postgresql user":
    description => 'Deny remote access to postgres user',

diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp index 2cd1bcc..97ce572 100644 --- a/modules/profile/manifests/postgresql.pp +++ b/modules/profile/manifests/postgresql.pp
@@ -1,4 +1,7 @@
1	class profile::postgresql {	1	class profile::postgresql (
		2	Optional[String] $pg_user = "postgres",
		3	Optional[String] $pg_group = "postgres",
		4	) {
2	$password_seed = lookup("base_installation::puppet_pass_seed")	5	$password_seed = lookup("base_installation::puppet_pass_seed")
3		6
4	class { '::postgresql::globals':	7	class { '::postgresql::globals':
@@ -7,16 +10,13 @@ class profile::postgresql {
7	pg_hba_conf_defaults => false,	10	pg_hba_conf_defaults => false,
8	}	11	}
9		12
10	# FIXME: get it from the postgresql module?
11	$pg_user = "postgres"
12
13	class { '::postgresql::client': }	13	class { '::postgresql::client': }
14		14
15	# FIXME: postgresql module is buggy and doesn't create dir?	15	# FIXME: postgresql module is buggy and doesn't create dir?
16	file { "/var/lib/postgres":	16	file { "/var/lib/postgres":
17	ensure => directory,	17	ensure => directory,
18	owner => $pg_user,	18	owner => $pg_user,
19	group => $pg_user,	19	group => $pg_group,
20	before => File["/var/lib/postgres/data"],	20	before => File["/var/lib/postgres/data"],
21	require => Package["postgresql-server"],	21	require => Package["postgresql-server"],
22	}	22	}
@@ -26,59 +26,7 @@ class profile::postgresql {
26	listen_addresses => "*",	26	listen_addresses => "*",
27	}	27	}
28		28
29	postgresql::server::pg_hba_rule { 'local access as postgres user':	29	profile::postgresql::base_pg_hba_rules { "default": }
30	description => 'Allow local access to postgres user',
31	type => 'local',
32	database => 'all',
33	user => $pg_user,
34	auth_method => 'ident',
35	order => "00-01",
36	}
37	postgresql::server::pg_hba_rule { 'localhost access as postgres user':
38	description => 'Allow localhost access to postgres user',
39	type => 'host',
40	database => 'all',
41	user => $pg_user,
42	address => "127.0.0.1/32",
43	auth_method => 'md5',
44	order => "00-02",
45	}
46	postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user':
47	description => 'Allow localhost access to postgres user',
48	type => 'host',
49	database => 'all',
50	user => $pg_user,
51	address => "::1/128",
52	auth_method => 'md5',
53	order => "00-03",
54	}
55	postgresql::server::pg_hba_rule { 'deny access to postgresql user':
56	description => 'Deny remote access to postgres user',
57	type => 'host',
58	database => 'all',
59	user => $pg_user,
60	address => "0.0.0.0/0",
61	auth_method => 'reject',
62	order => "00-04",
63	}
64
65	postgresql::server::pg_hba_rule { 'local access':
66	description => 'Allow local access with password',
67	type => 'local',
68	database => 'all',
69	user => 'all',
70	auth_method => 'md5',
71	order => "10-01",
72	}
73
74	postgresql::server::pg_hba_rule { 'local access with same name':
75	description => 'Allow local access with same name',
76	type => 'local',
77	database => 'all',
78	user => 'all',
79	auth_method => 'ident',
80	order => "10-02",
81	}
82		30
83	}	31	}
84		32


diff --git a/modules/profile/manifests/postgresql/base_pg_hba_rules.pp b/modules/profile/manifests/postgresql/base_pg_hba_rules.pp index 13ab4ff..07c4bb6 100644 --- a/modules/profile/manifests/postgresql/base_pg_hba_rules.pp +++ b/modules/profile/manifests/postgresql/base_pg_hba_rules.pp
@@ -43,8 +43,6 @@ define profile::postgresql::base_pg_hba_rules (
43	address => "::1/128",	43	address => "::1/128",
44	auth_method => 'md5',	44	auth_method => 'md5',
45	order => "00-03",	45	order => "00-03",
46	target => "$pg_path/pg_hba.conf",
47	postgresql_version => "10",
48	}	46	}
49	postgresql::server::pg_hba_rule { "$title - deny access to postgresql user":	47	postgresql::server::pg_hba_rule { "$title - deny access to postgresql user":
50	description => 'Deny remote access to postgres user',	48	description => 'Deny remote access to postgres user',