update postgresql.conf with SSL settings
This commit is contained in:
Arne Teuke
@@ -14,6 +14,10 @@
|
|||||||
# @param [String] pl_listen_address which address should the service listen on
|
# @param [String] pl_listen_address which address should the service listen on
|
||||||
# @param [String] pl_listen_port which port should the service listen on
|
# @param [String] pl_listen_port which port should the service listen on
|
||||||
# @param [String] pl_max_conn maximum connections the service will accept
|
# @param [String] pl_max_conn maximum connections the service will accept
|
||||||
|
# @param [Boolean] pl_ssl_enabled whether SSL is enabled (true) or disabled (false)
|
||||||
|
# @param [String] pl_server_crt the name of the server cert
|
||||||
|
# @param [String] pl_server_key the name of the server key
|
||||||
|
# @param [String] pl_ca_crt the name of the CA crt
|
||||||
# @summary Class contains all parameters for the postgresql_cd module.
|
# @summary Class contains all parameters for the postgresql_cd module.
|
||||||
##############################################################################
|
##############################################################################
|
||||||
class postgresql_cd::params (
|
class postgresql_cd::params (
|
||||||
@@ -21,7 +25,7 @@ class postgresql_cd::params (
|
|||||||
String $pl_server_fqdn = undef,
|
String $pl_server_fqdn = undef,
|
||||||
|
|
||||||
# installation
|
# installation
|
||||||
Array $reqpackages_server = ['postgresql-server','postgresql-contrib'],
|
Array $reqpackages_server = ['postgresql-server','postgresql-contrib'],
|
||||||
String $reqpackages_client = 'postgresql',
|
String $reqpackages_client = 'postgresql',
|
||||||
String $pkg_ensure = 'latest',
|
String $pkg_ensure = 'latest',
|
||||||
|
|
||||||
@@ -34,7 +38,11 @@ class postgresql_cd::params (
|
|||||||
# main config
|
# main config
|
||||||
String $pl_listen_address = '*',
|
String $pl_listen_address = '*',
|
||||||
String $pl_listen_port = '5432',
|
String $pl_listen_port = '5432',
|
||||||
String $pl_max_conn = '100',
|
String $pl_max_conn = '100',
|
||||||
|
Boolean $pl_ssl_enabled = false,
|
||||||
|
String $pl_server_crt = 'server.crt',
|
||||||
|
String $pl_server_key = 'server.key',
|
||||||
|
String $pl_ca_crt = 'root.crt',
|
||||||
|
|
||||||
) {
|
) {
|
||||||
$fqdn = $facts['networking']['fqdn']
|
$fqdn = $facts['networking']['fqdn']
|
||||||
|
|||||||
@@ -95,11 +95,17 @@ max_connections = <%= @pl_max_conn %>
|
|||||||
|
|
||||||
# - SSL -
|
# - SSL -
|
||||||
|
|
||||||
#ssl = off
|
<% if @pl_ssl_enabled == true -%>
|
||||||
#ssl_ca_file = ''
|
ssl = on
|
||||||
#ssl_cert_file = 'server.crt'
|
ssl_ca_file = '<%= @pl_ca_crt -%>'
|
||||||
|
ssl_cert_file = '<%= @pl_server_crt -%>'
|
||||||
|
ssl_key_file = '<%= @pl_server_key -%>'
|
||||||
|
<% end -%>
|
||||||
|
<% if @pl_ssl_enabled != true -%>
|
||||||
|
ssl = off
|
||||||
|
<% end -%>
|
||||||
|
|
||||||
#ssl_crl_file = ''
|
#ssl_crl_file = ''
|
||||||
#ssl_key_file = 'server.key'
|
|
||||||
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
|
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
|
||||||
#ssl_prefer_server_ciphers = on
|
#ssl_prefer_server_ciphers = on
|
||||||
#ssl_ecdh_curve = 'prime256v1'
|
#ssl_ecdh_curve = 'prime256v1'
|
||||||
|
|||||||
Reference in New Issue
Block a user