1 # Class: postgresql::config
5 # [*postgres_password*] - postgres db user password.
6 # [*ip_mask_deny_postgres_user*] - ip mask for denying remote access for postgres user; defaults to '0.0.0.0/0',
7 # meaning that all TCP access for postgres user is denied.
8 # [*ip_mask_allow_all_users*] - ip mask for allowing remote access for other users (besides postgres);
9 # defaults to '127.0.0.1/32', meaning only allow connections from localhost
10 # [*listen_addresses*] - what IP address(es) to listen on; comma-separated list of addresses; defaults to
11 # 'localhost', '*' = all
12 # [*ipv4acls*] - list of strings for access control for connection method, users, databases, IPv4
13 # addresses; see postgresql documentation about pg_hba.conf for information
14 # [*ipv6acls*] - list of strings for access control for connection method, users, databases, IPv6
15 # addresses; see postgresql documentation about pg_hba.conf for information
16 # [*pg_hba_conf_path*] - path to pg_hba.conf file
17 # [*postgresql_conf_path*] - path to postgresql.conf file
18 # [*manage_redhat_firewall*] - boolean indicating whether or not the module should open a port in the firewall on
19 # redhat-based systems; this parameter is likely to change in future versions. Possible
20 # changes include support for non-RedHat systems and finer-grained control over the
21 # firewall rule (currently, it simply opens up the postgres port to all TCP connections).
22 # [*manage_pg_hba_conf*] - boolean indicating whether or not the module manages pg_hba.conf file.
31 # class { 'postgresql::config':
32 # postgres_password => 'postgres',
33 # ip_mask_allow_all_users => '0.0.0.0/0',
36 class postgresql::config(
37 $postgres_password = undef,
38 $ip_mask_deny_postgres_user = $postgresql::params::ip_mask_deny_postgres_user,
39 $ip_mask_allow_all_users = $postgresql::params::ip_mask_allow_all_users,
40 $listen_addresses = $postgresql::params::listen_addresses,
41 $ipv4acls = $postgresql::params::ipv4acls,
42 $ipv6acls = $postgresql::params::ipv6acls,
43 $pg_hba_conf_path = $postgresql::params::pg_hba_conf_path,
44 $postgresql_conf_path = $postgresql::params::postgresql_conf_path,
45 $manage_redhat_firewall = $postgresql::params::manage_redhat_firewall,
46 $manage_pg_hba_conf = $postgresql::params::manage_pg_hba_conf
47 ) inherits postgresql::params {
49 # Basically, all this class needs to handle is passing parameters on
50 # to the "beforeservice" and "afterservice" classes, and ensure
51 # the proper ordering.
53 class { 'postgresql::config::beforeservice':
54 ip_mask_deny_postgres_user => $ip_mask_deny_postgres_user,
55 ip_mask_allow_all_users => $ip_mask_allow_all_users,
56 listen_addresses => $listen_addresses,
57 ipv4acls => $ipv4acls,
58 ipv6acls => $ipv6acls,
59 pg_hba_conf_path => $pg_hba_conf_path,
60 postgresql_conf_path => $postgresql_conf_path,
61 manage_redhat_firewall => $manage_redhat_firewall,
62 manage_pg_hba_conf => $manage_pg_hba_conf,
65 class { 'postgresql::config::afterservice':
66 postgres_password => $postgres_password,
69 Class['postgresql::config'] ->
70 Class['postgresql::config::beforeservice'] ->
71 Service['postgresqld'] ->
72 Class['postgresql::config::afterservice']