modules/postgres/manifests/cluster.pp

   1 # postgresql cluster configuration
   2 #
   3 # @param pg_version      pg version of the cluster
   4 # @param pg_cluster      cluster name
   5 # @param pg_port         port of the postgres cluster
   6 # @param manage_hba      manage pg_hba
   7 # @param confdir         directory where the configuration resides
   8 define postgres::cluster(
   9   String $pg_version,
  10   String $pg_cluster = 'main',
  11   Integer $pg_port = 5432,
  12   Boolean $manage_hba = false,
  13   String $confdir = "/etc/postgresql/${pg_version}/${pg_cluster}",
  14 ) {
  15   $reload = "postgresql ${pg_version}/${pg_cluster} reload"
  16   exec { $reload:
  17     command     => "systemctl reload postgresql@${pg_version}-${pg_cluster}.service",
  18     refreshonly => true,
  19   }
  20
  21   ferm::rule::simple { "postgres::cluster::hba_entry::${pg_version}::${pg_cluster}":
  22     description => "check access to pg${pg_version}/${pg_cluster}",
  23     port        => $pg_port,
  24     target      => "pg-${pg_port}",
  25   }
  26
  27   # hba entries and firewall rules
  28   Postgres::Cluster::Hba_entry <<| tag == "postgres::cluster::${pg_version}::${pg_cluster}::hba::${::fqdn}" |>>
  29
  30   if $manage_hba {
  31     concat { "postgres::cluster::${pg_version}::${pg_cluster}::hba":
  32       path           => "${confdir}/pg_hba.conf",
  33       mode           => '0440',
  34       group          => 'postgres',
  35       ensure_newline => true,
  36       notify         => Exec[$reload],
  37     }
  38     concat::fragment{ "postgres::cluster::pg_hba-head::${pg_version}::${pg_cluster}":
  39       target  => "postgres::cluster::${pg_version}::${pg_cluster}::hba",
  40       order   => '00',
  41       content => template('postgres/cluster/pg_hba.conf-head.erb'),
  42     }
  43     Concat::Fragment <| tag == "postgres::cluster::${pg_version}::${pg_cluster}::hba" |>
  44   }
  45 }