11 files changed, 88 insertions, 20 deletions

diff --git a/modules/postgresql/manifests/database.pp b/modules/postgresql/manifests/database.pp
index 82670b5e..34cee2a6 100644
--- a/modules/postgresql/manifests/database.pp
+++ b/modules/postgresql/manifests/database.pp
@@ -3,15 +3,16 @@ define postgresql::database($description = '',
                             $user = 'postgres',
                             $callback_notify = '') {
 
-    exec { "createdb -O $user -U postgres $name '$description'":
+    exec { "createdb -O ${user} -U postgres ${name} '${description}' ":
         user    => 'root',
-        unless  => "psql -A -t -U postgres -l | grep '^$name|'",
+        unless  => "psql -A -t -U postgres -l | grep '^${name}|'",
         require => Service['postgresql'],
     }
 
     # this is fetched by the manifest asking the database creation,
     # once the db have been created
     # FIXME proper ordering ?
+    # FIXME In puppet >3.0 word 'tag' is reserved, so it has to be renamed
     @@postgresql::database_callback { $name:
         tag             => $name,
         callback_notify => $callback_notify,
diff --git a/modules/postgresql/manifests/database_callback.pp b/modules/postgresql/manifests/database_callback.pp
index 8d4b217c..0ab1771f 100644
--- a/modules/postgresql/manifests/database_callback.pp
+++ b/modules/postgresql/manifests/database_callback.pp
@@ -1,7 +1,7 @@
 define postgresql::database_callback($callback_notify = '') {
     # dummy declaration, so we can trigger the notify
     if $callback_notify {
-        exec { "callback $name":
+        exec { "callback ${name}":
             command => '/bin/true',
             notify  => $callback_notify,
         }
diff --git a/modules/postgresql/manifests/hba_entry.pp b/modules/postgresql/manifests/hba_entry.pp
new file mode 100644
index 00000000..30fccda0
--- /dev/null
+++ b/modules/postgresql/manifests/hba_entry.pp
@@ -0,0 +1,40 @@
+# == Define: postgresql::hba_entry
+#
+# Set a new entry to pg_hba.conf file
+#
+# === Parameters
+#
+# See pgsql doc for more details about pg_hba.conf parameters :
+# https://www.postgresql.org/docs/9.1/static/auth-pg-hba-conf.html
+#
+# [*namevar*]
+#   namevar is not used.
+#
+# [*type*]
+#   can be local, host, hostssl, hostnossl
+#
+# [*database*]
+#   database name
+#
+# [*user*]
+#   user name
+#
+# [*address*]
+#   host name or IP address range
+#
+# [*method*]
+#   authentication method to use
+#
+define postgresql::hba_entry(
+  $type,
+  $database,
+  $user,
+  $address,
+  $method
+) {
+  include postgresql::var
+  Postgresql::Pg_hba <| title == $postgresql::var::hba_file |> {
+    conf_lines +> "${type} ${database} ${user} ${address} ${method}",
+  }
+}
+# vim: sw=2
diff --git a/modules/postgresql/manifests/pg_hba.pp b/modules/postgresql/manifests/pg_hba.pp
new file mode 100644
index 00000000..777eee47
--- /dev/null
+++ b/modules/postgresql/manifests/pg_hba.pp
@@ -0,0 +1,13 @@
+define postgresql::pg_hba(
+  $conf_lines = []
+) {
+  $db = list_exported_ressources('Postgresql::Db_and_user')
+
+  $forum_lang = list_exported_ressources('Phpbb::Locale_db')
+
+# (tmb) disable rewriting config as we are moving to mariadb
+#  postgresql::config { $name:
+#    content => template('postgresql/pg_hba.conf'),
+#  }
+}
+# vim: sw=2
diff --git a/modules/postgresql/manifests/remote_database.pp b/modules/postgresql/manifests/remote_database.pp
index 19beb712..15b54651 100644
--- a/modules/postgresql/manifests/remote_database.pp
+++ b/modules/postgresql/manifests/remote_database.pp
@@ -1,3 +1,4 @@
+# FIXME: In puppet >3.0 word 'tag' is reserved, so it has to be renamed
 define postgresql::remote_database($description = '',
                                    $user = 'postgresql',
                                    $callback_notify = '',
diff --git a/modules/postgresql/manifests/remote_db_and_user.pp b/modules/postgresql/manifests/remote_db_and_user.pp
index bb331304..07e3ea23 100644
--- a/modules/postgresql/manifests/remote_db_and_user.pp
+++ b/modules/postgresql/manifests/remote_db_and_user.pp
@@ -1,3 +1,4 @@
+# FIXME: In puppet >3.0 word 'tag' is reserved, so it have to be renamed
 define postgresql::remote_db_and_user($password,
                                       $description = '',
                                       $tag = 'default',
@@ -10,7 +11,7 @@ define postgresql::remote_db_and_user($password,
         password        => $password,
     }
 
-    # fetch the exported ressources that should have been exported
+    # fetch the exported resources that should have been exported
     # once the db was created, and trigger a notify to the object
     # passed as callback_notify
     Postgresql::Database_callback <<| tag == $name |>>
diff --git a/modules/postgresql/manifests/remote_user.pp b/modules/postgresql/manifests/remote_user.pp
index ed2bf033..fb53df4c 100644
--- a/modules/postgresql/manifests/remote_user.pp
+++ b/modules/postgresql/manifests/remote_user.pp
@@ -1,3 +1,4 @@
+# FIXME: In puppet >3.0 word 'tag' is reserved, so it have to be renamed
 define postgresql::remote_user( $password,
                                 $tag = 'default') {
     @@postgresql::user { $name:
diff --git a/modules/postgresql/manifests/server.pp b/modules/postgresql/manifests/server.pp
index 84be87ad..8b92bb2b 100644
--- a/modules/postgresql/manifests/server.pp
+++ b/modules/postgresql/manifests/server.pp
@@ -1,15 +1,14 @@
 class postgresql::server {
-    $pgsql_data = '/var/lib/pgsql/data/'
-    $pg_version = '9.0'
+    include postgresql::var
 
     # missing requires is corrected in cooker,
     # should be removed
     # once the fix is in a stable release
-    package { "postgresql${pg_version}-plpgsql":
+    package { "postgresql${postgresql::var::pg_version}-plpgsql":
         alias => 'postgresql-plpgsql',
     }
 
-    package { "postgresql${pg_version}-server":
+    package { "postgresql${postgresql::var::pg_version}-server":
         alias   => 'postgresql-server',
         require => Package['postgresql-plpgsql'],
     }
@@ -22,9 +21,9 @@ class postgresql::server {
         refreshonly => true,
     }
 
-    openssl::self_signed_splitted_cert { "pgsql.$::domain":
+    openssl::self_signed_splitted_cert { "pgsql.${::domain}":
         filename  => 'server',
-        directory => $pgsql_data,
+        directory => $postgresql::var::pgsql_data,
         owner     => 'postgres',
         group     => 'postgres',
         require   => Package['postgresql-server']
@@ -35,16 +34,20 @@ class postgresql::server {
         content => template('postgresql/pam'),
     }
 
-    $db = list_exported_ressources('Postgresql::Db_and_user')
+    @postgresql::pg_hba { $postgresql::var::hba_file: }
 
-    $forum_lang = list_exported_ressources('Phpbb::Locale_db')
+    postgresql::hba_entry { 'allow_local_ipv4':
+        type     => 'host',
+        database => 'all',
+        user     => 'all',
+        address  => '127.0.0.1/32',
+        method   => 'md5',
+    }
 
     postgresql::config {
-        "$pgsql_data/pg_hba.conf":
-            content => template('postgresql/pg_hba.conf');
-        "$pgsql_data/pg_ident.conf":
+        "${postgresql::var::pgsql_data}/pg_ident.conf":
             content => template('postgresql/pg_ident.conf');
-        "$pgsql_data/postgresql.conf":
+        "${postgresql::var::pgsql_data}/postgresql.conf":
             content => template('postgresql/postgresql.conf');
     }
 }
diff --git a/modules/postgresql/manifests/tagged.pp b/modules/postgresql/manifests/tagged.pp
index 56cdc033..6a49e3ff 100644
--- a/modules/postgresql/manifests/tagged.pp
+++ b/modules/postgresql/manifests/tagged.pp
@@ -1,3 +1,4 @@
+# FIXME: In puppet >3.0 word 'tag' is reserved, so it have to be renamed
 define postgresql::tagged() {
     # TODO add a system of tag so we can declare database on more than one
     # server
diff --git a/modules/postgresql/manifests/user.pp b/modules/postgresql/manifests/user.pp
index b70dd122..5b73b243 100644
--- a/modules/postgresql/manifests/user.pp
+++ b/modules/postgresql/manifests/user.pp
@@ -1,13 +1,13 @@
 # TODO convert to a regular type, so we can later change password
 # without erasing the current user
 define postgresql::user($password) {
-    $sql = "CREATE ROLE $name ENCRYPTED PASSWORD '\$pass' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;"
+    $sql = "CREATE ROLE ${name} ENCRYPTED PASSWORD '\${pass}' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;"
 
-    exec { "psql -U postgres -c \"$sql\" ":
+    exec { "psql -U postgres -c \"${sql}\" ":
         user        => 'root',
         # do not leak the password on commandline
-        environment => "pass=$password",
-        unless      => "psql -A -t -U postgres -c '\\du $name' | grep '$name'",
+        environment => "pass=${password}",
+        unless      => "psql -A -t -U postgres -c '\\du ${name}' | grep '${name}'",
         require     => Service['postgresql'],
     }
 }
diff --git a/modules/postgresql/manifests/var.pp b/modules/postgresql/manifests/var.pp
new file mode 100644
index 00000000..b31c7ffe
--- /dev/null
+++ b/modules/postgresql/manifests/var.pp
@@ -0,0 +1,7 @@
+class postgresql::var {
+
+  $pgsql_data = '/var/lib/pgsql/data/'
+  $pg_version = '9.6'
+  $hba_file = "${pgsql_data}/pg_hba.conf"
+}
+# vim: sw=2