From 58e12e6714ac1954e90bfe6c4686f03fa882ae5f Mon Sep 17 00:00:00 2001 From: 12ww1160 Date: Fri, 5 Dec 2025 16:21:33 +0100 Subject: [PATCH] OP#207fix variable relationship and add firewall rule --- manifests/bouncer/bouncer.pp | 10 +++++----- manifests/bouncer/bouncer_rule.pp | 12 ++++++------ manifests/firewall/iptables.pp | 8 ++++++++ templates/server/bouncer/bouncer_rule.erb | 2 +- 4 files changed, 20 insertions(+), 12 deletions(-) diff --git a/manifests/bouncer/bouncer.pp b/manifests/bouncer/bouncer.pp index c6e5c1d..3043427 100644 --- a/manifests/bouncer/bouncer.pp +++ b/manifests/bouncer/bouncer.pp @@ -3,11 +3,11 @@ # Author: 12ww1160 (12ww1160@confdroid.com) # @summary Class manages the pgbouncer service # @example confdroid_postgresql::bouncer::bouncer_rule { 'test connection': -# pl_bouncer_db_name => 'test', -# pl_bouncer_host => '127.0.0.7', -# pl_bouncer_port => '5432', -# pl_bouncer_user => 'test_user', -# pl_bouncer_order => '001', +# pl_bouncer_db_name => 'test', +# pl_bouncer_host => '127.0.0.7', +# pl_bouncer_host_port => '5432', +# pl_bouncer_user => 'test_user', +# pl_bouncer_order => '001', # } ############################################################################### class confdroid_postgresql::bouncer::bouncer ( diff --git a/manifests/bouncer/bouncer_rule.pp b/manifests/bouncer/bouncer_rule.pp index dd9e1b4..8d42240 100644 --- a/manifests/bouncer/bouncer_rule.pp +++ b/manifests/bouncer/bouncer_rule.pp @@ -5,18 +5,18 @@ # @see https://www.postgresql.org/docs/9.6/static/auth-pg-hba-conf.html # @param [String] pl_bouncer_db_name db name for the bouncer rule # @param [String] pl_bouncer_host IP of the db host to bounce to -# @param [String] pl_bouncer_port port of the db host to bounce to +# @param [String] pl_bouncer_host_port port of the db host to bounce to # @param [String] pl_bouncer_user user for the connection. Must be defined in # userlist.txt # @param [String] pl_bouncer_order the order in which the rule should appear ############################################################################## define confdroid_postgresql::bouncer::bouncer_rule ( - String $pl_bouncer_db_name = undef, - String $pl_bouncer_host = '127.0.0.1', - String $pl_bouncer_port = '5432', - String $pl_bouncer_user = undef, - String $pl_bouncer_order = undef, + String $pl_bouncer_db_name = undef, + String $pl_bouncer_host = '127.0.0.1', + String $pl_bouncer_host_port = '5432', + String $pl_bouncer_user = undef, + String $pl_bouncer_order = undef, ) { $pl_bouncer_ini_file = $confdroid_postgresql::params::pl_bouncer_ini_file diff --git a/manifests/firewall/iptables.pp b/manifests/firewall/iptables.pp index e80d0cc..87a25b5 100644 --- a/manifests/firewall/iptables.pp +++ b/manifests/firewall/iptables.pp @@ -13,5 +13,13 @@ class confdroid_postgresql::firewall::iptables ( dport => $pl_fw_port, jump => 'accept', } + if $pl_use_pg_bouncer == true { + firewall { "${pl_fw_rule_order}${pl_bouncer_port} tcp port ${pl_bouncer_port}": + source => $pl_source_range, + proto => 'tcp', + dport => $pl_bouncer_port, + jump => 'accept', + } + } } } diff --git a/templates/server/bouncer/bouncer_rule.erb b/templates/server/bouncer/bouncer_rule.erb index f988bf3..48b6d24 100644 --- a/templates/server/bouncer/bouncer_rule.erb +++ b/templates/server/bouncer/bouncer_rule.erb @@ -1 +1 @@ -<%= @pl_bouncer_db_name %> = host=<%= @pl_bouncer_host %> port=<%= @pl_bouncer_port %> auth_user=<%= @pl_bouncer_user %> dbname=<%= @pl_bouncer_db_name %> +<%= @pl_bouncer_db_name %> = host=<%= @pl_bouncer_host %> port=<%= @pl_bouncer_host_port %> auth_user=<%= @pl_bouncer_user %> dbname=<%= @pl_bouncer_db_name %>