1 # PRIVATE CLASS: do not call directly
2 class postgresql::server::config {
3 $ip_mask_deny_postgres_user = $postgresql::server::ip_mask_deny_postgres_user
4 $ip_mask_allow_all_users = $postgresql::server::ip_mask_allow_all_users
5 $listen_addresses = $postgresql::server::listen_addresses
6 $port = $postgresql::server::port
7 $ipv4acls = $postgresql::server::ipv4acls
8 $ipv6acls = $postgresql::server::ipv6acls
9 $pg_hba_conf_path = $postgresql::server::pg_hba_conf_path
10 $pg_ident_conf_path = $postgresql::server::pg_ident_conf_path
11 $postgresql_conf_path = $postgresql::server::postgresql_conf_path
12 $recovery_conf_path = $postgresql::server::recovery_conf_path
13 $pg_hba_conf_defaults = $postgresql::server::pg_hba_conf_defaults
14 $user = $postgresql::server::user
15 $group = $postgresql::server::group
16 $version = $postgresql::server::_version
17 $manage_pg_hba_conf = $postgresql::server::manage_pg_hba_conf
18 $manage_pg_ident_conf = $postgresql::server::manage_pg_ident_conf
19 $manage_recovery_conf = $postgresql::server::manage_recovery_conf
20 $datadir = $postgresql::server::datadir
21 $logdir = $postgresql::server::logdir
22 $service_name = $postgresql::server::service_name
23 $log_line_prefix = $postgresql::server::log_line_prefix
24 $timezone = $postgresql::server::timezone
26 if ($manage_pg_hba_conf == true) {
27 # Prepare the main pg_hba file
28 concat { $pg_hba_conf_path:
34 notify => Class['postgresql::server::reload'],
37 if $pg_hba_conf_defaults {
38 Postgresql::Server::Pg_hba_rule {
43 # Lets setup the base rules
44 $local_auth_option = $version ? {
48 postgresql::server::pg_hba_rule { 'local access as postgres user':
51 auth_method => 'ident',
52 auth_option => $local_auth_option,
55 postgresql::server::pg_hba_rule { 'local access to database with same name':
57 auth_method => 'ident',
58 auth_option => $local_auth_option,
61 postgresql::server::pg_hba_rule { 'allow localhost TCP access to postgresql user':
64 address => '127.0.0.1/32',
68 postgresql::server::pg_hba_rule { 'deny access to postgresql user':
71 address => $ip_mask_deny_postgres_user,
72 auth_method => 'reject',
76 postgresql::server::pg_hba_rule { 'allow access to all users':
78 address => $ip_mask_allow_all_users,
82 postgresql::server::pg_hba_rule { 'allow access to ipv6 localhost':
90 # ipv4acls are passed as an array of rule strings, here we transform
91 # them into a resources hash, and pass the result to create_resources
92 $ipv4acl_resources = postgresql_acls_to_resources_hash($ipv4acls,
94 create_resources('postgresql::server::pg_hba_rule', $ipv4acl_resources)
97 # ipv6acls are passed as an array of rule strings, here we transform
98 # them into a resources hash, and pass the result to create_resources
99 $ipv6acl_resources = postgresql_acls_to_resources_hash($ipv6acls,
101 create_resources('postgresql::server::pg_hba_rule', $ipv6acl_resources)
104 if $listen_addresses {
105 postgresql::server::config_entry { 'listen_addresses':
106 value => $listen_addresses,
110 postgresql::server::config_entry { 'port':
113 postgresql::server::config_entry { 'data_directory':
117 postgresql::server::config_entry { 'timezone':
122 postgresql::server::config_entry { 'log_directory':
127 # Allow timestamps in log by default
128 if $log_line_prefix {
129 postgresql::server::config_entry {'log_line_prefix':
130 value => $log_line_prefix,
134 # RedHat-based systems hardcode some PG* variables in the init script, and need to be overriden
135 # in /etc/sysconfig/pgsql/postgresql. Create a blank file so we can manage it with augeas later.
136 if ($::osfamily == 'RedHat') and ($::operatingsystemrelease !~ /^7/) and ($::operatingsystem != 'Fedora') {
137 file { '/etc/sysconfig/pgsql/postgresql':
142 # The init script from the packages of the postgresql.org repository
143 # sources an alternate sysconfig file.
144 # I. e. /etc/sysconfig/pgsql/postgresql-9.3 for PostgreSQL 9.3
145 # Link to the sysconfig file set by this puppet module
146 file { "/etc/sysconfig/pgsql/postgresql-${version}":
148 target => '/etc/sysconfig/pgsql/postgresql',
149 require => File[ '/etc/sysconfig/pgsql/postgresql' ],
155 if ($manage_pg_ident_conf == true) {
156 concat { $pg_ident_conf_path:
162 notify => Class['postgresql::server::reload'],
166 if ($manage_recovery_conf == true) {
167 concat { $recovery_conf_path:
173 notify => Class['postgresql::server::reload'],
177 if $::osfamily == 'RedHat' {
178 if $::operatingsystemrelease =~ /^7/ or $::operatingsystem == 'Fedora' {
180 # - $::operatingsystem
184 file { 'systemd-override':
186 path => "/etc/systemd/system/${service_name}.service",
189 content => template('postgresql/systemd-override.erb'),
190 notify => [ Exec['restart-systemd'], Class['postgresql::server::service'] ],
191 before => Class['postgresql::server::reload'],
193 exec { 'restart-systemd':
194 command => 'systemctl daemon-reload',
196 path => '/bin:/usr/bin:/usr/local/bin'
200 elsif $::osfamily == 'Gentoo' {
202 # - $::operatingsystem
206 file { 'systemd-override':
208 path => "/etc/systemd/system/${service_name}.service",
211 content => template('postgresql/systemd-override.erb'),
212 notify => [ Exec['restart-systemd'], Class['postgresql::server::service'] ],
213 before => Class['postgresql::server::reload'],
215 exec { 'restart-systemd':
216 command => 'systemctl daemon-reload',
218 path => '/bin:/usr/bin:/usr/local/bin'