From d2f031ece106ed2dc37283b194edfa94718a6306 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Wed, 27 Jun 2018 21:52:02 +0200
Subject: Refactor backup postgresql

---
 modules/profile/manifests/postgresql/ssl.pp | 47 +++++++++++++++++------------
 1 file changed, 28 insertions(+), 19 deletions(-)

(limited to 'modules/profile/manifests/postgresql/ssl.pp')

diff --git a/modules/profile/manifests/postgresql/ssl.pp b/modules/profile/manifests/postgresql/ssl.pp
index e4da8af..dc56c0b 100644
--- a/modules/profile/manifests/postgresql/ssl.pp
+++ b/modules/profile/manifests/postgresql/ssl.pp
@@ -1,20 +1,21 @@
 define profile::postgresql::ssl (
-  Optional[String] $cert       = undef,
-  Optional[String] $key        = undef,
-  Optional[String] $certname   = undef,
-  Optional[Boolean] $copy_keys = true,
-  Optional[String] $pg_user    = $profile::postgresql::pg_user,
-  Optional[String] $pg_group   = $profile::postgresql::pg_user
+  Optional[String]  $cert                 = undef,
+  Optional[String]  $key                  = undef,
+  Optional[String]  $certname             = undef,
+  Optional[Boolean] $copy_keys            = true,
+  Optional[Boolean] $handle_config_entry  = false,
+  Optional[Boolean] $handle_concat_config = false,
+  Optional[String]  $pg_user              = "postgres",
+  Optional[String]  $pg_group             = "postgres",
 ) {
-  $pg_dir  = $title
-  $datadir = "$pg_dir/data"
+  $datadir = $title
 
   file { "$datadir/certs":
     ensure  => directory,
     mode    => "0700",
     owner   => $pg_user,
     group   => $pg_group,
-    require => File[$pg_dir],
+    require => File[$datadir],
   }
 
   if empty($cert) or empty($key) {
@@ -32,8 +33,8 @@ define profile::postgresql::ssl (
       directory    => "$datadir/certs",
     }
 
-    $ssl_key  = "$datadir/certs/$backup_host_cn.key"
-    $ssl_cert = "$datadir/certs/$backup_host_cn.crt"
+    $ssl_key  = "$datadir/certs/$certname.key"
+    $ssl_cert = "$datadir/certs/$certname.crt"
   } elsif $copy_keys {
     $ssl_key  = "$datadir/certs/privkey.pem"
     $ssl_cert = "$datadir/certs/cert.pem"
@@ -59,15 +60,23 @@ define profile::postgresql::ssl (
     $ssl_cert = $cert
   }
 
-  postgresql::server::config_entry { "ssl":
-    value => "on",
-  }
+  if $handle_config_entry {
+    postgresql::server::config_entry { "ssl":
+      value => "on",
+    }
 
-  postgresql::server::config_entry { "ssl_cert_file":
-    value => $ssl_cert,
-  }
+    postgresql::server::config_entry { "ssl_cert_file":
+      value => $ssl_cert,
+    }
 
-  postgresql::server::config_entry { "ssl_key_file":
-    value => $ssl_key,
+    postgresql::server::config_entry { "ssl_key_file":
+      value => $ssl_key,
+    }
+  } elsif $handle_concat_config {
+    concat::fragment { "$datadir/postgresql.conf ssl config":
+      target  => "$datadir/postgresql.conf",
+      content => "ssl = on\nssl_key_file = '$ssl_key'\nssl_cert_file = '$ssl_cert'\n"
+    }
   }
+
 }
-- 
cgit v1.2.3