Skip to content

Commit 8724708

Browse files
odyody
committed
Set different clientcert values depending on version
The possible values for the clientcert setting changed between 11 and 14, use get_psql_info to determine setting based on version
1 parent 5ad0f65 commit 8724708

File tree

1 file changed

+10
-4
lines changed

1 file changed

+10
-4
lines changed

plans/subplans/db_populate.pp

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,12 @@
2020
# Retrieve source's PSQL version
2121
$psql_version = run_task('peadm::get_psql_version', $source_target).first.value['version']
2222

23+
# Determine clientcert setting
24+
$clientcert = $psql_version ? {
25+
'14' => 'verify-full',
26+
default => 1
27+
}
28+
2329
# Add the following two lines to /opt/puppetlabs/server/data/postgresql/${psql_version}/data/pg_ident.conf
2430
#
2531
# These lines allow connections from destination by pg_basebackup to replicate
@@ -31,11 +37,11 @@
3137
}
3238
file_line { 'replication-pe-ha-replication-ipv4':
3339
path => "/opt/puppetlabs/server/data/postgresql/${psql_version}/data/pg_hba.conf",
34-
line => 'hostssl replication pe-ha-replication 0.0.0.0/0 cert map=replication-pe-ha-replication-map clientcert=1',
40+
line => "hostssl replication pe-ha-replication 0.0.0.0/0 cert map=replication-pe-ha-replication-map clientcert=${clientcert}",
3541
}
3642
file_line { 'replication-pe-ha-replication-ipv6':
3743
path => "/opt/puppetlabs/server/data/postgresql/${psql_version}/data/pg_hba.conf",
38-
line => 'hostssl replication pe-ha-replication ::/0 cert map=replication-pe-ha-replication-map clientcert=1',
44+
line => "hostssl replication pe-ha-replication ::/0 cert map=replication-pe-ha-replication-map clientcert=${clientcert}",
3945
}
4046
}
4147

@@ -81,12 +87,12 @@
8187
file_line { 'replication-pe-ha-replication-ipv4':
8288
ensure => absent,
8389
path => "/opt/puppetlabs/server/data/postgresql/${psql_version}/data/pg_hba.conf",
84-
line => 'hostssl replication pe-ha-replication 0.0.0.0/0 cert map=replication-pe-ha-replication-map clientcert=1',
90+
line => "hostssl replication pe-ha-replication 0.0.0.0/0 cert map=replication-pe-ha-replication-map clientcert=${clientcert}",
8591
}
8692
file_line { 'replication-pe-ha-replication-ipv6':
8793
ensure => absent,
8894
path => "/opt/puppetlabs/server/data/postgresql/${psql_version}/data/pg_hba.conf",
89-
line => 'hostssl replication pe-ha-replication ::/0 cert map=replication-pe-ha-replication-map clientcert=1',
95+
line => "hostssl replication pe-ha-replication ::/0 cert map=replication-pe-ha-replication-map clientcert=${clientcert}",
9096
}
9197
}
9298

0 commit comments

Comments
 (0)