From 3925777d9715d271c0643faef9f520e7816dba89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Thu, 28 Jun 2018 10:32:57 +0200 Subject: Refactor cryptoportfolio postgresql --- modules/profile/manifests/postgresql.pp | 64 ++-------------------- .../manifests/postgresql/base_pg_hba_rules.pp | 2 - 2 files changed, 6 insertions(+), 60 deletions(-) (limited to 'modules/profile') diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp index 2cd1bcc..97ce572 100644 --- a/modules/profile/manifests/postgresql.pp +++ b/modules/profile/manifests/postgresql.pp @@ -1,4 +1,7 @@ -class profile::postgresql { +class profile::postgresql ( + Optional[String] $pg_user = "postgres", + Optional[String] $pg_group = "postgres", +) { $password_seed = lookup("base_installation::puppet_pass_seed") class { '::postgresql::globals': @@ -7,16 +10,13 @@ class profile::postgresql { pg_hba_conf_defaults => false, } - # FIXME: get it from the postgresql module? - $pg_user = "postgres" - class { '::postgresql::client': } # FIXME: postgresql module is buggy and doesn't create dir? file { "/var/lib/postgres": ensure => directory, owner => $pg_user, - group => $pg_user, + group => $pg_group, before => File["/var/lib/postgres/data"], require => Package["postgresql-server"], } @@ -26,59 +26,7 @@ class profile::postgresql { listen_addresses => "*", } - postgresql::server::pg_hba_rule { 'local access as postgres user': - description => 'Allow local access to postgres user', - type => 'local', - database => 'all', - user => $pg_user, - auth_method => 'ident', - order => "00-01", - } - postgresql::server::pg_hba_rule { 'localhost access as postgres user': - description => 'Allow localhost access to postgres user', - type => 'host', - database => 'all', - user => $pg_user, - address => "127.0.0.1/32", - auth_method => 'md5', - order => "00-02", - } - postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user': - description => 'Allow localhost access to postgres user', - type => 'host', - database => 'all', - user => $pg_user, - address => "::1/128", - auth_method => 'md5', - order => "00-03", - } - postgresql::server::pg_hba_rule { 'deny access to postgresql user': - description => 'Deny remote access to postgres user', - type => 'host', - database => 'all', - user => $pg_user, - address => "0.0.0.0/0", - auth_method => 'reject', - order => "00-04", - } - - postgresql::server::pg_hba_rule { 'local access': - description => 'Allow local access with password', - type => 'local', - database => 'all', - user => 'all', - auth_method => 'md5', - order => "10-01", - } - - postgresql::server::pg_hba_rule { 'local access with same name': - description => 'Allow local access with same name', - type => 'local', - database => 'all', - user => 'all', - auth_method => 'ident', - order => "10-02", - } + profile::postgresql::base_pg_hba_rules { "default": } } diff --git a/modules/profile/manifests/postgresql/base_pg_hba_rules.pp b/modules/profile/manifests/postgresql/base_pg_hba_rules.pp index 13ab4ff..07c4bb6 100644 --- a/modules/profile/manifests/postgresql/base_pg_hba_rules.pp +++ b/modules/profile/manifests/postgresql/base_pg_hba_rules.pp @@ -43,8 +43,6 @@ define profile::postgresql::base_pg_hba_rules ( address => "::1/128", auth_method => 'md5', order => "00-03", - target => "$pg_path/pg_hba.conf", - postgresql_version => "10", } postgresql::server::pg_hba_rule { "$title - deny access to postgresql user": description => 'Deny remote access to postgres user', -- cgit v1.2.3