Allow configuring hba, listen on all addresses

diff --git a/personal_infra/puppet/modules/postgres/manifests/init.pp b/personal_infra/puppet/modules/postgres/manifests/init.pp
index 5213db621a5ff96c73713fa02b96caf8f6c93a92..40fd572630eeb9ddb1bdc23c90517b8ebe193634 100644 (file)
--- a/personal_infra/puppet/modules/postgres/manifests/init.pp
+++ b/personal_infra/puppet/modules/postgres/manifests/init.pp
@@ -1,4 +1,4 @@
-class postgres {
+class postgres($pg_hba_conf) {
   package {'pgdg-redhat-repo':
     source => 'https://download.postgresql.org/pub/repos/yum/reporpms/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm',
   }
@@ -9,6 +9,16 @@ class postgres {
     creates => '/var/lib/pgsql/15/data/PG_VERSION',
   }
   ->
+  [
+    file {'/var/lib/pgsql/15/data/pg_hba.conf':
+      # template at /usr/pgsql-15/share/pg_hba.conf.sample
+      content => $pg_hba_conf,
+    },
+    exec {'/bin/sed -i "s/#listen_addresses = \'localhost\'/listen_addresses = \'*\'         /" /var/lib/pgsql/15/data/postgresql.conf':
+      unless => '/bin/grep "listen_addresses = \'\\*\'" /var/lib/pgsql/15/data/postgresql.conf',
+    }
+  ]
+  ~>
   service {'postgresql-15':
     ensure => running,
     enable => true,

diff --git a/personal_infra/puppet/site/pg.h1.int.pdp7.net.pp b/personal_infra/puppet/site/pg.h1.int.pdp7.net.pp
index b964548b06c10babc61a88ec7336a3e31e305f9a..944c5c162cd76cba8bee232211f0ac52934922a5 100644 (file)
--- a/personal_infra/puppet/site/pg.h1.int.pdp7.net.pp
+++ b/personal_infra/puppet/site/pg.h1.int.pdp7.net.pp
@@ -1,3 +1,11 @@
 node 'pg.h1.int.pdp7.net' {
-  class {'postgres':}
+  class {'postgres':
+    pg_hba_conf => @(EOT)
+      # TYPE  DATABASE        USER            ADDRESS                   METHOD
+      # "local" is for Unix domain socket connections only
+      local   all             all                                       peer
+      host    k8s_test        k8s_test        k8s-test.h1.int.pdp7.net  trust
+      | EOT
+    ,
+  }
 }