Legacy connection string for Postgres <=9.4, fix for later versions #215
Labels
enhancement
New feature or request
Comments
|
Could you reformat this or can you put this into a PR for investigation purposes? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Use Case
We use Postgresql 16 for PuppetDB, and the class puppet_operational_dashboards::profile::foss_postgres_access only has compatible configuration for legacy Postgres 9.4 and earlier.
Describe the Solution You Would Like
We have changed this config to a parameter as follows, and can now pass in the correct parameter using Hiera.
Hiera entry:
puppet_operational_dashboards::profile::foss_postgres_access::auth_option: 'map=puppetdb-telegraf-map clientcert=verify-full'Revised code snippet:
class puppet_operational_dashboards::profile::foss_postgres_access (
String $auth_option = 'map=puppetdb-telegraf-map clientcert=1',
...
) {
...
postgresql::server::pg_hba_rule { "Allow certificate mapped connections to puppetdb as ${telegraf_user} (ipv4)":
type => 'hostssl',
database => 'puppetdb',
user => $telegraf_user,
address => '0.0.0.0/0',
auth_method => 'cert',
order => 0,
auth_option => $auth_option,
}
postgresql::server::pg_hba_rule { "Allow certificate mapped connections to puppetdb as ${telegraf_user} (ipv6)":
type => 'hostssl',
database => 'puppetdb',
user => $telegraf_user,
address => '::0/0',
auth_method => 'cert',
order => 0,
auth_option => $auth_option,
}
...
}
}
`
Additional Context
https://stackoverflow.com/questions/36927928/purpose-of-clientcert-1-mean-in-postgresql-configuration
The text was updated successfully, but these errors were encountered: