diff --git a/manifests/firewall/iptables.pp b/manifests/firewall/iptables.pp new file mode 100644 index 0000000..d737987 --- /dev/null +++ b/manifests/firewall/iptables.pp @@ -0,0 +1,17 @@ +## postgresql_cd::firewall::iptables.pp +# Module name: postgresql_cd +# Author: Arne Teuke (arne_teuke@confdroid.com) +# @summary Class manages the alloy iptables +############################################################################### +class postgresql_cd::firewall::iptables ( + +) inherits postgresql_cd::params { + if ($fqdn == $ma_server_fqdn) and ($pl_enable_fw == true) { + firewall { "${pl_fw_rule_order}${pl_fw_port} tcp port ${pl_fw_port}": + source => $pl_source_range, + proto => 'tcp', + dport => $pl_fw_port, + jump => 'accept', + } + } +} diff --git a/manifests/main/dirs.pp b/manifests/main/dirs.pp new file mode 100644 index 0000000..04fe127 --- /dev/null +++ b/manifests/main/dirs.pp @@ -0,0 +1,10 @@ +## postgresql_cd::main::dirs.pp +# Module name: postgresql_cd +# Author: Arne Teuke (arne_teuke@confdroid.com) +# @summary Class manages logic for the postgresql_cd module. +############################################################################## +class postgresql_cd::main::dirs ( + +) inherits postgresql_cd::params { + require postgresql_cd::main::install +} diff --git a/manifests/main/files.pp b/manifests/main/files.pp new file mode 100644 index 0000000..4b4b150 --- /dev/null +++ b/manifests/main/files.pp @@ -0,0 +1,10 @@ +## postgresql_cd::main::files.pp +# Module name: postgresql_cd +# Author: Arne Teuke (arne_teuke@confdroid.com) +# @summary Class manages logic for the postgresql_cd module. +############################################################################## +class postgresql_cd::main::files ( + +) inherits postgresql_cd::params { + require postgresql_cd::main::dirs +} diff --git a/manifests/params.pp b/manifests/params.pp index 375a5d4..4109f48 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -7,6 +7,10 @@ # @param [string] reqpackages_client the packages for the client # @param [string] pkg_ensure which version of the packages to install, i.e. # 'latest', 'present' '13.20', +# @param [string] pl_fw_rule_order the prefix for the firewall rule +# @param [string] pl_fw_port the port to use for service and firewall +# @param [string] pl_source_range the source range for allowed clients +# @param [boolean] pl_enable_fw whether to enable the firewall # @summary Class contains all parameters for the postgresql_cd module. ############################################################################## class postgresql_cd::params ( @@ -18,6 +22,11 @@ class postgresql_cd::params ( String $reqpackages_client = 'postgresql', String $pkg_ensure = 'latest', + # firewall + String $pl_fw_rule_order = '50', + String $pl_fw_port = '5432', + String $pl_source_range = '0.0.0.0/0', + Boolean $pl_enable_fw = true, ) { $fqdn = $facts['networking']['fqdn'] @@ -25,6 +34,9 @@ class postgresql_cd::params ( $os_name = $facts['os']['name'] $os_release = $facts['os']['release']['major'] + # Service + $pl_service = 'postgresql' + # includes must be last include postgresql_cd::main::config } diff --git a/manifests/server/service.pp b/manifests/server/service.pp new file mode 100644 index 0000000..def529d --- /dev/null +++ b/manifests/server/service.pp @@ -0,0 +1,20 @@ +## postgresql_cd::server::service.pp +# Module name: postgresql_cd +# Author: Arne Teuke (arne_teuke@confdroid.com) +# @summary Class manages the alloy service +############################################################################### +class postgresql_cd::server::service ( + +) inherits postgresql_cd::params { + if $fqdn == $ma_server_fqdn { + require postgresql_cd::main::files + require postgresql_cd::firewall::iptables + + service { $pl_service: + ensure => running, + hasstatus => true, + hasrestart => true, + enable => true, + } + } +}