|
| 1 | + |
| 2 | +# http://www.postgresql.org/docs/9.3/static/ssl-tcp.html |
| 3 | +# http://blog.roomthirteen.de/2013/01/07/solved-installing-postgresql-on-ubuntu-12-04/ |
| 4 | +# http://stackoverflow.com/questions/4294689/how-to-generate-a-key-with-passphrase-from-the-command-line |
| 5 | + |
| 6 | +class postgresql::server::ssl_certificate ( |
| 7 | + |
| 8 | + $force = 0, |
| 9 | + $datadir = $postgresql::server::datadir, |
| 10 | + $certificate_days = $postgresql::server::certificate_days, |
| 11 | + $certificate_country = $postgresql::server::certificate_country, |
| 12 | + $certificate_state = $postgresql::server::certificate_state, |
| 13 | + $certificate_locality = $postgresql::server::certificate_locality, |
| 14 | + $certificate_organization = $postgresql::server::certificate_organization, |
| 15 | + $certificate_common_name = $postgresql::server::certificate_common_name, |
| 16 | + $certificate_email = $postgresql::server::certificate_email, |
| 17 | + |
| 18 | +){ |
| 19 | + |
| 20 | + # /C=CA/ST=British Columbia/L=Comox/O=TheBrain.ca/CN=thebrain.ca/[email protected]' |
| 21 | + $certificate_subject = "/C=${certificate_country}/ST=${certificate_state}/L=${certificate_locality}/O=${certificate_organization}/CN=${certificate_common_name}/emailAddress=${certificate_email}" |
| 22 | + |
| 23 | + $err_prefix = 'Module postgresql::server::ssl_certificate unable to create server certificate: please specify a value for postgresql::server::certificate_' |
| 24 | + if ($certificate_days == undef) { fail("${err_prefix}days") } |
| 25 | + if ($certificate_country == undef) { fail("${err_prefix}country") } |
| 26 | + if ($certificate_state == undef) { fail("${err_prefix}state") } |
| 27 | + if ($certificate_locality == undef) { fail("${err_prefix}locality") } |
| 28 | + if ($certificate_organization == undef) { fail("${err_prefix}organization") } |
| 29 | + if ($certificate_common_name == undef) { fail("${err_prefix}common_name") } |
| 30 | + if ($certificate_email == undef) { fail("${err_prefix}email") } |
| 31 | + |
| 32 | + notify { 'debug_postgresql::server::ssl_certificate': |
| 33 | + message => "The postgresql data path is at: ${datadir}", |
| 34 | + } |
| 35 | + |
| 36 | + file { "${datadir}/validate_self_signed_ssl_certificate.pl": |
| 37 | + source => 'puppet:///modules/postgresql/validate_self_signed_ssl_certificate.pl', |
| 38 | + mode => '0775', |
| 39 | + owner => 'postgres', |
| 40 | + group => 'postgres', |
| 41 | + } |
| 42 | + |
| 43 | + file { "${datadir}/generate_self_signed_pg_server_certificate.sh": |
| 44 | + source => 'puppet:///modules/postgresql/generate_self_signed_pg_server_certificate.sh', |
| 45 | + mode => '0775', |
| 46 | + owner => 'postgres', |
| 47 | + group => 'postgres', |
| 48 | + } |
| 49 | + |
| 50 | + exec { 'generate_self_signed_pg_server_certificate': |
| 51 | + command => "${datadir}/generate_self_signed_pg_server_certificate.sh ${datadir} ${postgresql::server::user} ${postgresql::server::group} '${certificate_subject}' ${certificate_days} ${force}", |
| 52 | + } |
| 53 | + |
| 54 | +} |
| 55 | + |
0 commit comments