order => '00',
content => template('postgres/cluster/pg_hba.conf-head.erb'),
}
+ postgres::cluster::hba_entry { 'local-connections':
+ pg_port => $real_port,
+ database => 'all',
+ user => 'all',
+ address => ['127.0.0.1', '::1'],
+ order => '30',
+ firewall => false,
+ }
Concat::Fragment <| tag == "postgres::cluster::${real_version}::${real_cluster}::hba" |>
}
}
# @param address hosts that match
# @param method auth method
# @param order ordering of this entry in pg_hba.conf
+# @param firewall also add a firewall rule
define postgres::cluster::hba_entry (
Optional[Integer] $pg_port = undef,
Optional[String] $pg_cluster = undef,
Optional[Variant[Stdlib::IP::Address, Array[Stdlib::IP::Address]]] $address = undef,
Enum['md5', 'trust'] $method = 'md5',
String $order = '50',
+ Boolean $firewall = true,
) {
$address_methods = ['md5', 'trust']
if $method in $address_methods {
}
###
- if ($address) {
+ if ($address and $firewall) {
ferm::rule::simple { "postgres::cluster::hba_entry::${name}":
description => "allow access to pg${real_version}/${real_cluster}: ${name}",
saddr => $address,
# "local" is for Unix domain socket connections only
local all all peer
-# IPv4 local connections:
-host all all 127.0.0.1/32 md5
-# IPv6 local connections:
-host all all ::1/128 md5
-# Allow replication connections from localhost, by a user with the
-# replication privilege.
-#local replication all peer
-#host replication all 127.0.0.1/32 md5
-#host replication all ::1/128 md5
######################################
projects / mirror / dsa-puppet.git / commitdiff