add file control for pg_hba

manifests/main/files.pp

@@ -6,5 +6,19 @@
 class postgresql_cd::main::files (
 
 ) inherits postgresql_cd::params {
-  require postgresql_cd::main::dirs
+  if $fqdn == $pl_server_fqdn {
+    require postgresql_cd::main::dirs
+
+    file { '/var/lib/pgsql/data/pg_hba.conf':
+      ensure => file,
+      owner    => 'postgres',
+      group    => 'postgres',
+      mode     => '0600',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => postgresql_db_t,
+      seluser  => unconfined_u,
+      content  => template('postgresql_cd/pg_hba.conf.erb'),
+    }
+  }
 }

templates/pg_hba.conf.erb.erb

@@ -0,0 +1,18 @@
+################################################################################
+##########          pg_hba.conf header generated by puppet            ##########
+################################################################################
+# general syntax
+
+# Type database user address method options
+
+# "local" is for Unix domain socket connections only
+local   all             all                                     md5
+# IPv4 local connections:
+host    all             all             127.0.0.1/32            md5
+# IPv6 local connections:
+host    all             all             ::1/128                 md5
+# Allow replication connections from localhost, by a user with the
+# replication privilege.
+local   replication     all                                     md5
+host    replication     all             127.0.0.1/32            md5
+host    replication     all             ::1/128                 md5

templates/pg_hba_rule.conf.erb

@@ -0,0 +1,3 @@
+# description:  <%=@name%>
+# order number: <%=@psql_auth_order%>
+<%= @pl_auth_type %>  <%= @pl_auth_database %>  <%= @pl_auth_user %> <%= @pl_auth_address %> <%=@pl_auth_method %> <%=@psql_auth_option%>