Ask Your Question

Removal of firewall management from Postgres Module

asked 2014-10-28 09:49:23 -0600

billman gravatar image

In the latest version (4.0) of the puppetlabs/postgresql module, it was mentioned that firewall management was removed from the module. Would someone be able to better clarify what this means?

The reason I'm asking this is that the usage example still contains the following code:

    class { 'postgresql::server':
        ip_mask_deny_postgres_user => '',
        ip_mask_allow_all_users    => '',
        listen_addresses           => '*',
        ipv4acls                   => ['hostssl all johndoe cert'],
        postgres_password          => 'TPSrep0rt!',

This looks like it has firewall type functionality built into it. Are these options still valid?


edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2014-10-29 23:49:47 -0600

cbarbour gravatar image

updated 2014-10-30 01:46:52 -0600

The 4.0 release of puppetlabs/postgresql module removes a server subclass that defines several firewall rules. The postgresql::server::ip_mask_deny_postgres_user and postgresql::server::ip_mask_allow_all_users parameters are still there; they are used when generating pg_hba_rules and aren't dependent on the firewall.

Here is the specific commit you're referring to, incase you want to see exactly what was changed.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2014-10-28 09:49:23 -0600

Seen: 83 times

Last updated: Oct 30 '14