keith/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow remote access to Postgres based on hiera param

Browse source 
Also always update the rhizomatica role password if it has changed
This commit is contained in:
Keith Whyte 2021-06-23 00:06:19 +02:00
parent 99149dc916
commit fb78bacc12
1 changed files with 23 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

21
modules/rhizo_base/manifests/postgresql.pp
View file

@ -27,6 +27,21 @@ class rhizo_base::postgresql::common {
password => postgresql_password($pgsql_user, $pgsql_pwd), password => postgresql_password($pgsql_user, $pgsql_pwd),
} }
postgresql::server::role { $pgsql_user:
password_hash => postgresql_password($pgsql_user, $pgsql_pwd),
update_password => true
}
if (hiera('rhizo::remote_postgres', 0) == 1) {
postgresql::server::pg_hba_rule { 'Network remote access':
type => 'host',
database => $pgsql_db,
user => $pgsql_user,
address => '10.23.100.0/24',
auth_method => 'md5',
}
}
} }
class rhizo_base::postgresql::ubuntu inherits rhizo_base::postgresql::common { class rhizo_base::postgresql::ubuntu inherits rhizo_base::postgresql::common {
@ -42,11 +57,17 @@ class rhizo_base::postgresql::ubuntu inherits rhizo_base::postgresql::common {
class rhizo_base::postgresql::debian inherits rhizo_base::postgresql::common { class rhizo_base::postgresql::debian inherits rhizo_base::postgresql::common {
if (hiera('rhizo::remote_postgres', 0) == 1) {
$listen = '*'
} else {
$listen = 'localhost'
}
class { 'postgresql::globals': class { 'postgresql::globals':
manage_package_repo => true, manage_package_repo => true,
version => '9.6', version => '9.6',
}-> }->
class { 'postgresql::server': class { 'postgresql::server':
listen_addresses => $listen,
} }
} }