Page Menu
Home
Software Heritage
Search
Configure Global Search
Log In
Files
F9312854
config.pp
No One
Temporary
Actions
Download File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
4 KB
Subscribers
None
config.pp
View Options
# PRIVATE CLASS: do not call directly
class
postgresql
::
server
::
config
{
$ensure
=
$postgresql::server::ensure
$ip_mask_deny_postgres_user
=
$postgresql::server::ip_mask_deny_postgres_user
$ip_mask_allow_all_users
=
$postgresql::server::ip_mask_allow_all_users
$listen_addresses
=
$postgresql::server::listen_addresses
$ipv4acls
=
$postgresql::server::ipv4acls
$ipv6acls
=
$postgresql::server::ipv6acls
$pg_hba_conf_path
=
$postgresql::server::pg_hba_conf_path
$postgresql_conf_path
=
$postgresql::server::postgresql_conf_path
$pg_hba_conf_defaults
=
$postgresql::server::pg_hba_conf_defaults
$user
=
$postgresql::server::user
$group
=
$postgresql::server::group
$version
=
$postgresql::server::version
$manage_pg_hba_conf
=
$postgresql::server::manage_pg_hba_conf
if
(
$ensure
==
'present'
or
$ensure
==
true
)
{
if
(
$manage_pg_hba_conf
==
true
)
{
# Prepare the main pg_hba file
concat
{
$pg_hba_conf_path:
owner
=>
0
,
group
=>
$group,
mode
=>
'0640'
,
warn
=>
true
,
notify
=>
Class
[
'postgresql::server::reload'
],
}
if
$pg_hba_conf_defaults
{
Postgresql
::
Server
::
Pg_hba_rule
{
database
=>
'all'
,
user
=>
'all'
,
}
# Lets setup the base rules
$local_auth_option
=
$version
?
{
'8.1'
=>
'sameuser'
,
default
=>
undef
,
}
postgresql
::
server
::
pg_hba_rule
{
'local access as postgres user'
:
type
=>
'local'
,
user
=>
$user,
auth_method
=>
'ident'
,
auth_option
=>
$local_auth_option,
order
=>
'001'
,
}
postgresql
::
server
::
pg_hba_rule
{
'local access to database with same name'
:
type
=>
'local'
,
auth_method
=>
'ident'
,
auth_option
=>
$local_auth_option,
order
=>
'002'
,
}
postgresql
::
server
::
pg_hba_rule
{
'allow localhost TCP access to postgresql user'
:
type
=>
'host'
,
user
=>
$user,
address
=>
'127.0.0.1/32'
,
auth_method
=>
'md5'
,
order
=>
'003'
,
}
postgresql
::
server
::
pg_hba_rule
{
'deny access to postgresql user'
:
type
=>
'host'
,
user
=>
$user,
address
=>
$ip_mask_deny_postgres_user,
auth_method
=>
'reject'
,
order
=>
'004'
,
}
# ipv4acls are passed as an array of rule strings, here we transform
# them into a resources hash, and pass the result to create_resources
$ipv4acl_resources
=
postgresql_acls_to_resources_hash
(
$ipv4acls,
'ipv4acls'
,
10
)
create_resources
(
'postgresql::server::pg_hba_rule'
,
$ipv4acl_resources)
postgresql
::
server
::
pg_hba_rule
{
'allow access to all users'
:
type
=>
'host'
,
address
=>
$ip_mask_allow_all_users,
auth_method
=>
'md5'
,
order
=>
'100'
,
}
postgresql
::
server
::
pg_hba_rule
{
'allow access to ipv6 localhost'
:
type
=>
'host'
,
address
=>
'::1/128'
,
auth_method
=>
'md5'
,
order
=>
'101'
,
}
# ipv6acls are passed as an array of rule strings, here we transform
# them into a resources hash, and pass the result to create_resources
$ipv6acl_resources
=
postgresql_acls_to_resources_hash
(
$ipv6acls,
'ipv6acls'
,
102
)
create_resources
(
'postgresql::server::pg_hba_rule'
,
$ipv6acl_resources)
}
}
# We must set a "listen_addresses" line in the postgresql.conf if we
# want to allow any connections from remote hosts.
postgresql
::
server
::
config_entry
{
'listen_addresses'
:
value
=>
$listen_addresses,
}
}
else
{
file
{
$pg_hba_conf_path:
ensure
=>
absent
,
}
file
{
$postgresql_conf_path:
ensure
=>
absent
,
}
}
}
File Metadata
Details
Attached
Mime Type
text/x-c++
Expires
Thu, Jul 3, 11:12 AM (1 w, 1 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3452101
Attached To
rSPPG PostgreSQL puppet module
Event Timeline
Log In to Comment