|
@@ -240,6 +240,7 @@ Resources:
|
|
|
* [postgresql::server::database](#resource-postgresqlserverdatabase)
|
|
|
* [postgresql::server::database_grant](#resource-postgresqlserverdatabasegrant)
|
|
|
* [postgresql::server::pg_hba_rule](#resource-postgresqlserverpghbarule)
|
|
|
+* [postgresql::server::pg_ident_rule](#resource-postgresqlserverpgidentrule)
|
|
|
* [postgresql::server::role](#resource-postgresqlserverrole)
|
|
|
* [postgresql::server::table_grant](#resource-postgresqlservertablegrant)
|
|
|
* [postgresql::server::tablespace](#resource-postgresqlservertablespace)
|
|
@@ -326,6 +327,9 @@ Path to the `psql` command.
|
|
|
####`pg_hba_conf_path`
|
|
|
Path to your `pg\_hba.conf` file.
|
|
|
|
|
|
+####`pg_ident_conf_path`
|
|
|
+Path to your `pg\_ident.conf` file.
|
|
|
+
|
|
|
####`postgresql_conf_path`
|
|
|
Path to your `postgresql.conf` file.
|
|
|
|
|
@@ -434,6 +438,9 @@ Path to the `psql` command.
|
|
|
####`pg_hba_conf_path`
|
|
|
Path to your `pg\_hba.conf` file.
|
|
|
|
|
|
+####`pg_ident_conf_path`
|
|
|
+Path to your `pg\_ident.conf` file.
|
|
|
+
|
|
|
####`postgresql_conf_path`
|
|
|
Path to your `postgresql.conf` file.
|
|
|
|
|
@@ -468,6 +475,8 @@ This value defaults to `false`. Many distros ship with a fairly restrictive fire
|
|
|
####`manage_pg_hba_conf`
|
|
|
This value defaults to `true`. Whether or not manage the pg_hba.conf. If set to `true`, puppet will overwrite this file. If set to `false`, puppet will not modify the file.
|
|
|
|
|
|
+####`manage_pg_ident_conf`
|
|
|
+This value defaults to `true`. Whether or not manage the pg_ident.conf. If set to `true`, puppet will overwrite this file. If set to `false`, puppet will not modify the file.
|
|
|
|
|
|
###Class: postgresql::client
|
|
|
|
|
@@ -667,6 +676,24 @@ This would create a ruleset in `pg_hba.conf` similar to:
|
|
|
# Order: 150
|
|
|
host app app 200.1.2.0/24 md5
|
|
|
|
|
|
+###Resource: postgresql::server::pg\_ident\_rule
|
|
|
+This defined type allows you to create user name maps for `pg_ident.conf`. For more details see the [PostgreSQL documentation](http://www.postgresql.org/docs/9.4/static/auth-username-maps.html).
|
|
|
+
|
|
|
+For example:
|
|
|
+
|
|
|
+ postgresql::server::pg_ident_rule{ 'Map the SSL certificate of the backup server as a replication user':
|
|
|
+ map_name => 'sslrepli',
|
|
|
+ system_username => 'repli1.example.com',
|
|
|
+ database_username => 'replication',
|
|
|
+ }
|
|
|
+
|
|
|
+This would create a user name map in `pg_ident.conf` similar to:
|
|
|
+
|
|
|
+ # Rule Name: Map the SSL certificate of the backup server as a replication user
|
|
|
+ # Description: none
|
|
|
+ # Order: 150
|
|
|
+ sslrepli repli1.example.com replication
|
|
|
+
|
|
|
####`namevar`
|
|
|
A unique identifier or short description for this rule. The namevar doesn't provide any functional usage, but it is stored in the comments of the produced `pg_hba.conf` so the originating resource can be identified.
|
|
|
|