Aaronoftheages
commented
6 months ago Could you reformat this or can you put this into a PR for investigation purposes?
Open grant-veepshosting opened 6 months ago
Aaronoftheages
commented
6 months ago Could you reformat this or can you put this into a PR for investigation purposes?
Use Case
We use Postgresql 16 for PuppetDB, and the class puppet_operational_dashboards::profile::foss_postgres_access only has compatible configuration for legacy Postgres 9.4 and earlier.
Describe the Solution You Would Like
We have changed this config to a parameter as follows, and can now pass in the correct parameter using Hiera. Hiera entry:
puppet_operational_dashboards::profile::foss_postgres_access::auth_option: 'map=puppetdb-telegraf-map clientcert=verify-full'Revised code snippet: class puppet_operational_dashboards::profile::foss_postgres_access ( String $auth_option = 'map=puppetdb-telegraf-map clientcert=1', ... ) { ... postgresql::server::pg_hba_rule { "Allow certificate mapped connections to puppetdb as ${telegraf_user} (ipv4)": type => 'hostssl', database => 'puppetdb', user => $telegraf_user, address => '0.0.0.0/0', auth_method => 'cert', order => 0, auth_option => $auth_option, }postgresql::server::pg_hba_rule { "Allow certificate mapped connections to puppetdb as ${telegraf_user} (ipv6)": type => 'hostssl', database => 'puppetdb', user => $telegraf_user, address => '::0/0', auth_method => 'cert', order => 0, auth_option => $auth_option, } ... } } `
Additional Context
https://stackoverflow.com/questions/36927928/purpose-of-clientcert-1-mean-in-postgresql-configuration