confdroid/confdroid_postgresql
3
0
Fork 0
Code Issues Projects Wiki Activity

Merge branch 'jenkins-build-11' into 'master'

Browse Source 
Auto-merge for build 11

See merge request puppet/postgresql_cd!8
This commit is contained in:
Jenkins
2025-09-28 13:55:21 +00:00
parent a04d459bd8 c15e6b3618
commit da0ddb9d5b
13 changed files with 383 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.vscode/settings.json vendored
View File

@@ -14,6 +14,7 @@
"geqo", "geqo",
"hashagg", "hashagg",
"hashjoin", "hashjoin",
"hostnossl",
"hostssl", "hostssl",
"indexonlyscan", "indexonlyscan",
"indexscan", "indexscan",
@@ -34,10 +35,12 @@
"naptime", "naptime",
"nestloop", "nestloop",
"partitionwise", "partitionwise",
"pghba",
"pgsql", "pgsql",
"restartpoint", "restartpoint",
"seqscan", "seqscan",
"seqscans", "seqscans",
"sspi",
"sysconfdir", "sysconfdir",
"sysv", "sysv",
"tablespace", "tablespace",

5
doc/_index.html
View File

@@ -108,6 +108,11 @@
</li> </li>
<li>
<span class='object_link'><a href="puppet_classes/postgresql_cd_3A_3Aserver_3A_3Apghba_3A_3Apg_hba.html" title="puppet_classes::postgresql_cd::server::pghba::pg_hba (puppet_class)">postgresql_cd::server::pghba::pg_hba</a></span>
</li>
<li> <li>
<span class='object_link'><a href="puppet_classes/postgresql_cd_3A_3Aserver_3A_3Aservice.html" title="puppet_classes::postgresql_cd::server::service (puppet_class)">postgresql_cd::server::service</a></span> <span class='object_link'><a href="puppet_classes/postgresql_cd_3A_3Aserver_3A_3Aservice.html" title="puppet_classes::postgresql_cd::server::service (puppet_class)">postgresql_cd::server::service</a></span>

9
doc/puppet_class_list.html
View File

@@ -92,7 +92,14 @@
</li> </li>
<li id="object_puppet_classes::postgresql_cd::server::service" class="odd"> <li id="object_puppet_classes::postgresql_cd::server::pghba::pg_hba" class="odd">
<div class="item">
<span class='object_link'><a href="puppet_classes/postgresql_cd_3A_3Aserver_3A_3Apghba_3A_3Apg_hba.html" title="puppet_classes::postgresql_cd::server::pghba::pg_hba (puppet_class)">postgresql_cd::server::pghba::pg_hba</a></span>
</div>
</li>
<li id="object_puppet_classes::postgresql_cd::server::service" class="even">
<div class="item"> <div class="item">
<span class='object_link'><a href="puppet_classes/postgresql_cd_3A_3Aserver_3A_3Aservice.html" title="puppet_classes::postgresql_cd::server::service (puppet_class)">postgresql_cd::server::service</a></span> <span class='object_link'><a href="puppet_classes/postgresql_cd_3A_3Aserver_3A_3Aservice.html" title="puppet_classes::postgresql_cd::server::service (puppet_class)">postgresql_cd::server::service</a></span>
</div> </div>

28
doc/puppet_classes/postgresql_cd_3A_3Amain_3A_3Afiles.html
View File

@@ -134,7 +134,8 @@
36 36
37 37
38 38
39</pre> 39
40</pre>
</td> </td>
<td> <td>
<pre class="code"><span class="info file"># File 'manifests/main/files.pp', line 6</span> <pre class="code"><span class="info file"># File 'manifests/main/files.pp', line 6</span>
@@ -146,18 +147,19 @@ class postgresql_cd::main::files (
require postgresql_cd::server::initdb require postgresql_cd::server::initdb
require postgresql_cd::main::dirs require postgresql_cd::main::dirs
file { &#39;/var/lib/pgsql/data/pg_hba.conf&#39;: # outsourced to pghba::pghba for concatenation
ensure =&gt; file, # file { &#39;/var/lib/pgsql/data/pg_hba.conf&#39;:
owner =&gt; &#39;postgres&#39;, # ensure =&gt; file,
group =&gt; &#39;postgres&#39;, # owner =&gt; &#39;postgres&#39;,
mode =&gt; &#39;0600&#39;, # group =&gt; &#39;postgres&#39;,
selrange =&gt; s0, # mode =&gt; &#39;0600&#39;,
selrole =&gt; object_r, # selrange =&gt; s0,
seltype =&gt; postgresql_db_t, # selrole =&gt; object_r,
seluser =&gt; unconfined_u, # seltype =&gt; postgresql_db_t,
content =&gt; template(&#39;postgresql_cd/pg_hba.conf.erb&#39;), # seluser =&gt; unconfined_u,
notify =&gt; Service[$pl_service], # content =&gt; template(&#39;postgresql_cd/pg_hba.conf.erb&#39;),
} # notify =&gt; Service[$pl_service],
# }
file { &#39;/var/lib/pgsql/data/postgresql.conf&#39;: file { &#39;/var/lib/pgsql/data/postgresql.conf&#39;:
ensure =&gt; file, ensure =&gt; file,

12
doc/puppet_classes/postgresql_cd_3A_3Aparams.html
View File

@@ -81,6 +81,8 @@
<span class='object_link'><a href="postgresql_cd_3A_3Afirewall_3A_3Aiptables.html" title="puppet_classes::postgresql_cd::firewall::iptables (puppet_class)">postgresql_cd::firewall::iptables</a></span><br/> <span class='object_link'><a href="postgresql_cd_3A_3Afirewall_3A_3Aiptables.html" title="puppet_classes::postgresql_cd::firewall::iptables (puppet_class)">postgresql_cd::firewall::iptables</a></span><br/>
<span class='object_link'><a href="postgresql_cd_3A_3Aserver_3A_3Apghba_3A_3Apg_hba.html" title="puppet_classes::postgresql_cd::server::pghba::pg_hba (puppet_class)">postgresql_cd::server::pghba::pg_hba</a></span><br/>
</dd> </dd>
</dl> </dl>
@@ -429,7 +431,11 @@
58 58
59 59
60 60
61</pre> 61
62
63
64
65</pre>
</td> </td>
<td> <td>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 23</span> <pre class="code"><span class="info file"># File 'manifests/params.pp', line 23</span>
@@ -470,6 +476,10 @@ class postgresql_cd::params (
# Directories # Directories
$pl_data_dir = &#39;/var/lib/pgsql/data/&#39; $pl_data_dir = &#39;/var/lib/pgsql/data/&#39;
# files
$pl_pl_pg_hba_conf = &quot;${pl_data_dir}/pg_hba.conf&quot;
$pl_pg_hba_rule_conf = &#39;postgresql_cd/pg_hba_rule.conf.erb&#39;
# includes must be last # includes must be last
include postgresql_cd::main::config include postgresql_cd::main::config
}</pre> }</pre>

220
doc/puppet_classes/postgresql_cd_3A_3Aserver_3A_3Apghba_3A_3Apg_hba.html Normal file
View File

@@ -0,0 +1,220 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Puppet Class: postgresql_cd::server::pghba::pg_hba
&mdash; Documentation by YARD 0.9.36
</title>
<link rel="stylesheet" href="../css/style.css" type="text/css" />
<link rel="stylesheet" href="../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "puppet_classes::postgresql_cd::server::pghba::pg_hba";
relpath = '../';
</script>
<script type="text/javascript" charset="utf-8" src="../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../puppet_class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../_index.html">Index (p)</a> &raquo;
<span class='title'><span class='object_link'>Puppet Classes</span></span>
&raquo;
<span class="title">postgresql_cd::server::pghba::pg_hba</span>
</div>
<div id="search">
<a class="full_list_link" id="puppet_class_list_link"
href="../puppet_class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Puppet Class: postgresql_cd::server::pghba::pg_hba</h1>
<div class="box_info">
<dl>
<dt>Inherits:</dt>
<dd><span class='object_link'><a href="postgresql_cd_3A_3Aparams.html" title="puppet_classes::postgresql_cd::params (puppet_class)">postgresql_cd::params</a></span></dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>
manifests/server/pghba/pg_hba.pp
</dd>
</dl>
</div>
<h2>Summary</h2>
Class manages pg_hba.conf file and line entries through define
pg_hba_rule.pp
<h2>Overview</h2>
<div class="docstring">
<div class="discussion">
<p>postgresql_cd::server::pg_hba.pp Module name: postgresql_cd Author: Arne Teuke (arne_teuke@puppetsoft.com) }</p>
</div>
</div>
<div class="tags">
<div class="examples">
<p class="tag_title">Examples:</p>
<p class="example_title"><div class='inline'>
<p>postgresql_cd::server::pghba::pg_hba_rule { local access for role postgres:</p>
</div></p>
<pre class="example code"><code>psql_auth_type =&gt; &#39;local&#39;,
psql_auth_database =&gt; &#39;all&#39;,
psql_auth_user =&gt; &#39;postgres&#39;,
psql_auth_method =&gt; &#39;trust&#39;,
psql_auth_order =&gt; &#39;001&#39;,
psql_auth_option =&gt; &#39;&#39;,</code></pre>
</div>
</div><div class="method_details_list">
<table class="source_code">
<tr>
<td>
<pre class="lines">
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'manifests/server/pghba/pg_hba.pp', line 15</span>
class postgresql_cd::server::pghba::pg_hba (
) inherits postgresql_cd::params {
if $fqdn == $pl_server_fqdn {
# create the pg_hba.conf file
concat { $pl_pg_hba_conf:
ensure =&gt; present,
owner =&gt; &#39;postgres&#39;,
mode =&gt; &#39;0640&#39;,
notify =&gt; Service[$pl_service],
}
# manage file header
concat::fragment { &#39;header&#39;:
target =&gt; $pl_pg_hba_conf,
content =&gt; template($pl_pg_hba_conf_erb),
order =&gt; &#39;000&#39;,
}
# manage default rules =&gt; should go into external config set
# postgresql_cd::server::pghba::pg_hba_rule { &#39;local access for role postgres&#39;:
# psql_auth_type =&gt; &#39;local&#39;,
# psql_auth_database =&gt; &#39;all&#39;,
# psql_auth_user =&gt; $ql_user_name,
# psql_auth_method =&gt; &#39;trust&#39;,
# psql_auth_order =&gt; &#39;001&#39;,
# psql_auth_option =&gt; $ql_auth_option,
# }
# postgresql_cd::server::pghba::pg_hba_rule { &#39;local access for all roles&#39;:
# psql_auth_type =&gt; &#39;local&#39;,
# psql_auth_database =&gt; &#39;all&#39;,
# psql_auth_user =&gt; &#39;all&#39;,
# psql_auth_method =&gt; &#39;trust&#39;,
# psql_auth_order =&gt; &#39;002&#39;,
# psql_auth_option =&gt; $pl_auth_option,
# }
}
}</pre>
</td>
</tr>
</table>
</div>
</div>
<div id="footer">
Generated by <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>.
</div>
</div>
</body>
</html>

25
manifests/main/files.pp
View File

@@ -10,18 +10,19 @@ class postgresql_cd::main::files (
require postgresql_cd::server::initdb require postgresql_cd::server::initdb
require postgresql_cd::main::dirs require postgresql_cd::main::dirs
file { '/var/lib/pgsql/data/pg_hba.conf': # outsourced to pghba::pghba for concatenation
ensure => file, # file { '/var/lib/pgsql/data/pg_hba.conf':
owner => 'postgres', # ensure => file,
group => 'postgres', # owner => 'postgres',
mode => '0600', # group => 'postgres',
selrange => s0, # mode => '0600',
selrole => object_r, # selrange => s0,
seltype => postgresql_db_t, # selrole => object_r,
seluser => unconfined_u, # seltype => postgresql_db_t,
content => template('postgresql_cd/pg_hba.conf.erb'), # seluser => unconfined_u,
notify => Service[$pl_service], # content => template('postgresql_cd/pg_hba.conf.erb'),
} # notify => Service[$pl_service],
# }
file { '/var/lib/pgsql/data/postgresql.conf': file { '/var/lib/pgsql/data/postgresql.conf':
ensure => file, ensure => file,

4
manifests/params.pp
View File

@@ -56,6 +56,10 @@ class postgresql_cd::params (
# Directories # Directories
$pl_data_dir = '/var/lib/pgsql/data/' $pl_data_dir = '/var/lib/pgsql/data/'
# files
$pl_pl_pg_hba_conf = "${pl_data_dir}/pg_hba.conf"
$pl_pg_hba_rule_conf = 'postgresql_cd/pg_hba_rule.conf.erb'
# includes must be last # includes must be last
include postgresql_cd::main::config include postgresql_cd::main::config
} }

55
manifests/server/pghba/pg_hba.pp Normal file
View File

@@ -0,0 +1,55 @@
## postgresql_cd::server::pg_hba.pp
# Module name: postgresql_cd
# Author: Arne Teuke (arne_teuke@puppetsoft.com)
# @summary Class manages pg_hba.conf file and line entries through define
# pg_hba_rule.pp
# @example postgresql_cd::server::pghba::pg_hba_rule { 'local access for role postgres':
# psql_auth_type => 'local',
# psql_auth_database => 'all',
# psql_auth_user => 'postgres',
# psql_auth_method => 'trust',
# psql_auth_order => '001',
# psql_auth_option => '',
# }
##############################################################################
class postgresql_cd::server::pghba::pg_hba (
) inherits postgresql_cd::params {
if $fqdn == $pl_server_fqdn {
# create the pg_hba.conf file
concat { $pl_pg_hba_conf:
ensure => present,
owner => 'postgres',
mode => '0640',
notify => Service[$pl_service],
}
# manage file header
concat::fragment { 'header':
target => $pl_pg_hba_conf,
content => template($pl_pg_hba_conf_erb),
order => '000',
}
# manage default rules => should go into external config set
# postgresql_cd::server::pghba::pg_hba_rule { 'local access for role postgres':
# psql_auth_type => 'local',
# psql_auth_database => 'all',
# psql_auth_user => $ql_user_name,
# psql_auth_method => 'trust',
# psql_auth_order => '001',
# psql_auth_option => $ql_auth_option,
# }
# postgresql_cd::server::pghba::pg_hba_rule { 'local access for all roles':
# psql_auth_type => 'local',
# psql_auth_database => 'all',
# psql_auth_user => 'all',
# psql_auth_method => 'trust',
# psql_auth_order => '002',
# psql_auth_option => $pl_auth_option,
# }
}
}

45
manifests/server/pghba/pg_hba_rule.ppp Normal file
View File

@@ -0,0 +1,45 @@
## postgresql_cd::server::pghba::pg_hba_rule
# Module name: postgresql_cd
# Author: Arne Teuke (arne_teuke@puppetsoft.com)
# @summary define manages rule entries for pg_hba configuration file
# @see https://www.postgresql.org/docs/9.6/static/auth-pg-hba-conf.html
# @param [string] pl_auth_type Specify the authentication type, can be
# 'local', 'host', 'hostssl' or 'hostnossl'.
# @param [string] pl_auth_database Specify the database for the connection
# @param [string] pl_auth_user Specify the user for the connection
# @param [string] pl_auth_address SPecify IP address or FQDN for the
# connection, i.e. where to connect FROM.
# @param [string] pl_auth_method Specify the auth method, can be 'trust',
# 'reject', 'md5' , 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap',
# 'radius', 'cert', 'pam','bsd'
# @param [string] pl_auth_option After the auth-method field, there can be
# field(s) of the form name=value that specify options for the authentication
# method.
# @param [string] pl_auth_order Specify the order in which the entry should
# appear on the list. Lower orders are higher on the list.
# @param [string] pl_auth_description Specify a description for the entry.
##############################################################################
define postgresql_cd::server::pghba::pg_hba_rule (
Optional[String] $pl_auth_type = undef,
Optional[String] $pl_auth_database = undef,
Optional[String] $pl_auth_user = undef,
Optional[String] $pl_auth_address = undef,
Optional[String] $pl_auth_method = undef,
Optional[String] $pl_auth_option = undef,
Optional[String] $pl_auth_order = undef,
Optional[String] $pl_auth_description = undef,
) {
$pl_pg_hba_conf = $postgresql_cd::params::pl_pg_hba_conf
$pl_pg_hba_rule_conf = $postgresql_cd::params::pl_pg_hba_rule_conf
$pl_data_dir = $postgresql_cd::params::pl_data_dir
# create rule fragment
concat::fragment { "pl_rule_${name}":
target => $pl_pg_hba_conf,
content => template($pl_pg_hba_rule_conf),
order => $pl_auth_order,
}
}

2
templates/pg_hba.conf.erb
View File

@@ -18,3 +18,5 @@ host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5 host replication all ::1/128 md5
host all all 0.0.0.0/0 md5 host all all 0.0.0.0/0 md5
# custom rules below

2
templates/pg_hba_rule.conf.erb
View File

@@ -1,3 +1,3 @@
# description: <%=@name%> # description: <%=@name%>
# order number: <%=@psql_auth_order%> # order number: <%=@pl_auth_order%>
<%= @pl_auth_type %> <%= @pl_auth_database %> <%= @pl_auth_user %> <%= @pl_auth_address %> <%=@pl_auth_method %> <%=@psql_auth_option%> <%= @pl_auth_type %> <%= @pl_auth_database %> <%= @pl_auth_user %> <%= @pl_auth_address %> <%=@pl_auth_method %> <%=@psql_auth_option%>

2
templates/postgresql.conf.erb
View File

@@ -96,7 +96,7 @@ max_connections = <%= @pl_max_conn %>
# - SSL - # - SSL -
<% if @pl_ssl_enabled == true -%> <% if @pl_ssl_enabled == true -%>
ssl = on ssl = on
ssl_ca_file = '<%= @pl_data_dir %><%= @pl_ca_crt -%>' ssl_ca_file = '<%= @pl_data_dir %><%= @pl_ca_crt -%>'
ssl_cert_file = '<%= @pl_data_dir %><%= @pl_server_crt -%>' ssl_cert_file = '<%= @pl_data_dir %><%= @pl_server_crt -%>'
ssl_key_file = '<%= @pl_data_dir %><%= @pl_server_key -%>' ssl_key_file = '<%= @pl_data_dir %><%= @pl_server_key -%>'