1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
define profile::postgresql::ssl (
Optional[String] $cert = undef,
Optional[String] $key = undef,
Optional[String] $certname = undef,
Optional[Boolean] $copy_keys = true,
Optional[String] $pg_user = $profile::postgresql::pg_user,
Optional[String] $pg_group = $profile::postgresql::pg_user
) {
$pg_dir = $title
$datadir = "$pg_dir/data"
file { "$datadir/certs":
ensure => directory,
mode => "0700",
owner => $pg_user,
group => $pg_group,
require => File[$pg_dir],
}
if empty($cert) or empty($key) {
if empty($certname) {
fail("A certificate name is necessary to generate ssl certificate")
}
ssl::self_signed_certificate { $certname:
common_name => $certname,
country => "FR",
days => "3650",
organization => "Immae",
owner => $pg_user,
group => $pg_group,
directory => "$datadir/certs",
}
$ssl_key = "$datadir/certs/$backup_host_cn.key"
$ssl_cert = "$datadir/certs/$backup_host_cn.crt"
} elsif $copy_keys {
$ssl_key = "$datadir/certs/privkey.pem"
$ssl_cert = "$datadir/certs/cert.pem"
file { $ssl_cert:
source => "file://$cert",
mode => "0600",
links => "follow",
owner => $pg_user,
group => $pg_group,
require => File["$datadir/certs"],
}
file { $ssl_key:
source => "file://$key",
mode => "0600",
links => "follow",
owner => $pg_user,
group => $pg_group,
require => File["$datadir/certs"],
}
} else {
$ssl_key = $key
$ssl_cert = $cert
}
postgresql::server::config_entry { "ssl":
value => "on",
}
postgresql::server::config_entry { "ssl_cert_file":
value => $ssl_cert,
}
postgresql::server::config_entry { "ssl_key_file":
value => $ssl_key,
}
}
|
