maximum connections the service will accept
+whether SSL is enabled (true) or disabled (false)
+the name of the server cert
+the name of the server key
+the name of the CA crt
-19 -20 -21 -22 23 24 25 @@ -353,17 +421,25 @@ 50 51 52 -53+53 +54 +55 +56 +57 +58 +59 +60 +61
# File 'manifests/params.pp', line 19
+ # File 'manifests/params.pp', line 23
class postgresql_cd::params (
String $pl_server_fqdn = undef,
# installation
- Array $reqpackages_server = ['postgresql-server','postgresql-contrib'],
+ Array $reqpackages_server = ['postgresql-server','postgresql-contrib'],
String $reqpackages_client = 'postgresql',
String $pkg_ensure = 'latest',
@@ -376,7 +452,11 @@ class postgresql_cd::params (
# main config
String $pl_listen_address = '*',
String $pl_listen_port = '5432',
- String $pl_max_conn = '100',
+ String $pl_max_conn = '100',
+ Boolean $pl_ssl_enabled = false,
+ String $pl_server_crt = 'server.crt',
+ String $pl_server_key = 'server.key',
+ String $pl_ca_crt = 'root.crt',
) {
$fqdn = $facts['networking']['fqdn']
diff --git a/manifests/params.pp b/manifests/params.pp
index a55e14c..a816b21 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -14,6 +14,10 @@
# @param [String] pl_listen_address which address should the service listen on
# @param [String] pl_listen_port which port should the service listen on
# @param [String] pl_max_conn maximum connections the service will accept
+# @param [Boolean] pl_ssl_enabled whether SSL is enabled (true) or disabled (false)
+# @param [String] pl_server_crt the name of the server cert
+# @param [String] pl_server_key the name of the server key
+# @param [String] pl_ca_crt the name of the CA crt
# @summary Class contains all parameters for the postgresql_cd module.
##############################################################################
class postgresql_cd::params (
@@ -21,7 +25,7 @@ class postgresql_cd::params (
String $pl_server_fqdn = undef,
# installation
- Array $reqpackages_server = ['postgresql-server','postgresql-contrib'],
+ Array $reqpackages_server = ['postgresql-server','postgresql-contrib'],
String $reqpackages_client = 'postgresql',
String $pkg_ensure = 'latest',
@@ -34,7 +38,11 @@ class postgresql_cd::params (
# main config
String $pl_listen_address = '*',
String $pl_listen_port = '5432',
- String $pl_max_conn = '100',
+ String $pl_max_conn = '100',
+ Boolean $pl_ssl_enabled = false,
+ String $pl_server_crt = 'server.crt',
+ String $pl_server_key = 'server.key',
+ String $pl_ca_crt = 'root.crt',
) {
$fqdn = $facts['networking']['fqdn']
diff --git a/templates/postgresql.conf.erb b/templates/postgresql.conf.erb
index 5f8aa1b..b9fcb5f 100644
--- a/templates/postgresql.conf.erb
+++ b/templates/postgresql.conf.erb
@@ -95,11 +95,17 @@ max_connections = <%= @pl_max_conn %>
# - SSL -
-#ssl = off
-#ssl_ca_file = ''
-#ssl_cert_file = 'server.crt'
+<% if @pl_ssl_enabled == true -%>
+ssl = on
+ssl_ca_file = '<%= @pl_ca_crt -%>'
+ssl_cert_file = '<%= @pl_server_crt -%>'
+ssl_key_file = '<%= @pl_server_key -%>'
+<% end -%>
+<% if @pl_ssl_enabled != true -%>
+ssl = off
+<% end -%>
+
#ssl_crl_file = ''
-#ssl_key_file = 'server.key'
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
#ssl_prefer_server_ciphers = on
#ssl_ecdh_curve = 'prime256v1'