Class[Postgresql::Server::Install] |
required-by |
Class[Postgresql::Server::Reload] |
Stage[main] |
contains |
Class[Postgresql::Server::Reload] |
Postgresql::Server::Role[puppetdb-read] |
contains |
Postgresql_psql[ALTER ROLE "puppetdb-read" CONNECTION LIMIT -1] |
Postgresql_psql[CREATE ROLE puppetdb-read ENCRYPTED PASSWORD ****] |
required-by |
Postgresql_psql[ALTER ROLE "puppetdb-read" CONNECTION LIMIT -1] |
Class[Puppetdb::Database::Postgresql] |
contains |
Postgresql_psql[grant all permissions to puppetdb] |
Postgresql_psql[revoke all access on public schema] |
before |
Postgresql_psql[grant all permissions to puppetdb] |
Class[main] |
contains |
Node[postgres.drivehockey.com] |
Stage[main] |
contains |
Class[main] |
Stage[main] |
contains |
Class[Settings] |
Postgresql::Server::Config_entry[ssl_ca_file] |
contains |
Postgresql_conf[ssl_ca_file] |
Postgresql::Server::Instance::Initdb[main] |
required-by |
Postgresql_conf[ssl_ca_file] |
Postgresql::Server::Config_entry[ssl_key_file] |
contains |
Postgresql_conf[ssl_key_file] |
Postgresql::Server::Instance::Initdb[main] |
required-by |
Postgresql_conf[ssl_key_file] |
Class[Infra::Postgres] |
contains |
Host[puppetdb.drivehockey.com] |
Puppetdb::Database::Postgresql_ssl_rules[Configure postgresql ssl rules for puppetdb] |
contains |
Postgresql::Server::Pg_hba_rule[Allow certificate mapped connections to puppetdb as puppetdb (ipv6)] |
Postgresql::Server::Pg_hba_rule[Allow certificate mapped connections to puppetdb as puppetdb (ipv4)] |
contains |
Concat::Fragment[pg_hba_rule_Allow certificate mapped connections to puppetdb as puppetdb (ipv4)] |
Class[Puppetdb::Database::Ssl_configuration] |
contains |
File[postgres private key] |
Package[postgresql-server] |
required-by |
File[postgres private key] |
Concat::Fragment[pg_hba_rule_Allow certificate mapped connections to puppetdb as puppetdb (ipv4)] |
contains |
Concat_fragment[pg_hba_rule_Allow certificate mapped connections to puppetdb as puppetdb (ipv4)] |
Concat::Fragment[pg_hba_rule_Allow certificate mapped connections to puppetdb as puppetdb-read (ipv4)] |
contains |
Concat_fragment[pg_hba_rule_Allow certificate mapped connections to puppetdb as puppetdb-read (ipv4)] |
Class[Puppetdb::Database::Ssl_configuration] |
contains |
Postgresql::Server::Config_entry[ssl_ca_file] |
File[postgres private key] |
required-by |
Postgresql::Server::Config_entry[ssl_ca_file] |
File[postgres public key] |
required-by |
Postgresql::Server::Config_entry[ssl_ca_file] |
Class[Puppetdb::Database::Ssl_configuration] |
contains |
Postgresql::Server::Config_entry[ssl] |
File[postgres private key] |
required-by |
Postgresql::Server::Config_entry[ssl] |
File[postgres public key] |
required-by |
Postgresql::Server::Config_entry[ssl] |
Postgresql::Server::Database_grant[puppetdb grant connection permission to puppetdb-read] |
contains |
Postgresql::Server::Grant[database:puppetdb grant connection permission to puppetdb-read] |
Class[Postgresql::Server::Initdb] |
contains |
Postgresql::Server::Instance::Initdb[main] |
Postgresql::Server::Instance::Service[main] |
required-by |
Exec[postgresql_reload_main] |
Postgresql::Server::Instance::Reload[main] |
contains |
Exec[postgresql_reload_main] |
Apt::Setting[list-apt.postgresql.org] |
contains |
File[/etc/apt/sources.list.d/apt.postgresql.org.list] |
Stage[main] |
contains |
Class[Infra::Postgres] |
Class[Postgresql::Repo::Apt_postgresql_org] |
contains |
Apt::Pin[apt_postgresql_org] |
Concat::Fragment[pg_hba_rule_Allow certificate mapped connections to puppetdb as puppetdb (ipv6)] |
contains |
Concat_fragment[pg_hba_rule_Allow certificate mapped connections to puppetdb as puppetdb (ipv6)] |
Apt::Keyring[apt.postgresql.org.asc] |
contains |
File[/etc/apt/keyrings] |
Postgresql_psql[CREATE ROLE puppetdb-read ENCRYPTED PASSWORD ****] |
required-by |
Postgresql_psql[ALTER ROLE "puppetdb-read" NOREPLICATION] |
Postgresql::Server::Role[puppetdb-read] |
contains |
Postgresql_psql[ALTER ROLE "puppetdb-read" NOREPLICATION] |
Class[Postgresql::Server::Service] |
before |
Class[Postgresql::Server::Passwd] |
Stage[main] |
contains |
Class[Postgresql::Server::Passwd] |
Class[Postgresql::Server] |
contains |
Class[Postgresql::Server::Passwd] |
Puppetdb::Database::Default_read_grant[puppetdb grant read permission on new objects from puppetdb to puppetdb-read] |
contains |
Postgresql_psql[grant default execute permission for puppetdb-read] |
Puppetdb::Database::Postgresql_ssl_rules[Configure postgresql ssl rules for puppetdb-read] |
contains |
Postgresql::Server::Pg_ident_rule[Map the SSL certificate of the server as a puppetdb-read user] |
Postgresql::Server::Database[puppetdb] |
before |
Postgresql_psql[grant:database:GRANT puppetdb - all - puppetdb] |
Postgresql::Server::Role[puppetdb] |
before |
Postgresql_psql[grant:database:GRANT puppetdb - all - puppetdb] |
Postgresql::Server::Grant[database:GRANT puppetdb - all - puppetdb] |
contains |
Postgresql_psql[grant:database:GRANT puppetdb - all - puppetdb] |
Class[Postgresql::Server::Passwd] |
contains |
Postgresql::Server::Instance::Passwd[main] |
Concat[/etc/postgresql/14/main/pg_ident.conf] |
contains |
Concat_file[/etc/postgresql/14/main/pg_ident.conf] |
Postgresql::Server::Pg_hba_rule[local access to database with same name for instance main] |
contains |
Concat::Fragment[pg_hba_rule_local access to database with same name for instance main] |
Stage[main] |
contains |
Class[Postgresql::Repo::Apt_postgresql_org] |
Postgresql_psql[CREATE ROLE puppetdb ENCRYPTED PASSWORD ****] |
required-by |
Postgresql_psql[ALTER ROLE "puppetdb" NOCREATEDB] |
Postgresql::Server::Role[puppetdb] |
contains |
Postgresql_psql[ALTER ROLE "puppetdb" NOCREATEDB] |
Class[Apt] |
contains |
File[preferences.d] |
Postgresql::Server::Instance::Config[main] |
contains |
Postgresql::Server::Config_entry[listen_addresses_for_instance_main] |
Concat::Fragment[pg_ident_rule_Map the SSL certificate of the server as a puppetdb-read user] |
contains |
Concat_fragment[pg_ident_rule_Map the SSL certificate of the server as a puppetdb-read user] |
Postgresql::Server::Role[puppetdb-read] |
contains |
Postgresql_psql[ALTER ROLE "puppetdb-read" LOGIN] |
Postgresql_psql[CREATE ROLE puppetdb-read ENCRYPTED PASSWORD ****] |
required-by |
Postgresql_psql[ALTER ROLE "puppetdb-read" LOGIN] |
Puppetdb::Database::Postgresql_ssl_rules[Configure postgresql ssl rules for puppetdb] |
contains |
Postgresql::Server::Pg_hba_rule[Allow certificate mapped connections to puppetdb as puppetdb (ipv4)] |
Stage[main] |
contains |
Class[Puppetdb::Globals] |
Concat[/etc/postgresql/14/main/pg_ident.conf] |
contains |
Concat_fragment[/etc/postgresql/14/main/pg_ident.conf_header] |
Postgresql::Server::Extension[pg_trgm] |
contains |
Postgresql_psql[puppetdb: CREATE EXTENSION "pg_trgm"] |
Postgresql::Server::Database[puppetdb] |
required-by |
Postgresql_psql[puppetdb: CREATE EXTENSION "pg_trgm"] |
Postgresql::Server::Pg_ident_rule[Map the SSL certificate of the server as a puppetdb user] |
contains |
Concat::Fragment[pg_ident_rule_Map the SSL certificate of the server as a puppetdb user] |
Class[Postgresql::Server] |
contains |
Class[Postgresql::Server::Install] |
Stage[main] |
contains |
Class[Postgresql::Server::Install] |
Stage[main] |
contains |
Class[Postgresql::Server] |
Postgresql::Server::Instance::Initdb[main] |
contains |
File[/var/lib/postgresql/14/main] |
Concat::Fragment[pg_hba_rule_allow access to all users for instance main] |
contains |
Concat_fragment[pg_hba_rule_allow access to all users for instance main] |
Postgresql::Server::Role[puppetdb-read] |
before |
Postgresql_psql[grant:database:puppetdb grant connection permission to puppetdb-read] |
Postgresql::Server::Database[puppetdb] |
before |
Postgresql_psql[grant:database:puppetdb grant connection permission to puppetdb-read] |
Postgresql::Server::Grant[database:puppetdb grant connection permission to puppetdb-read] |
contains |
Postgresql_psql[grant:database:puppetdb grant connection permission to puppetdb-read] |
Postgresql::Server::Config_entry[listen_addresses_for_instance_main] |
contains |
Postgresql_conf[listen_addresses_for_instance_main] |
Postgresql::Server::Instance::Initdb[main] |
required-by |
Postgresql_conf[listen_addresses_for_instance_main] |
Concat::Fragment[pg_hba_rule_allow access to ipv6 localhost for instance main] |
contains |
Concat_fragment[pg_hba_rule_allow access to ipv6 localhost for instance main] |
Postgresql::Server::Instance::Config[main] |
contains |
Postgresql::Server::Instance::Systemd[main] |
Postgresql::Server::Pg_hba_rule[allow localhost TCP access to postgresql user for instance main] |
contains |
Concat::Fragment[pg_hba_rule_allow localhost TCP access to postgresql user for instance main] |
Postgresql::Server::Instance::Config[main] |
contains |
Postgresql::Server::Pg_hba_rule[local access as postgres user for instance main] |
Concat::Fragment[pg_ident_rule_Map the SSL certificate of the server as a puppetdb user] |
contains |
Concat_fragment[pg_ident_rule_Map the SSL certificate of the server as a puppetdb user] |
Postgresql::Server::Instance::Config[main] |
contains |
Postgresql::Server::Pg_hba_rule[allow access to all users for instance main] |
Stage[main] |
contains |
Class[Apt] |
Puppetdb::Database::Read_grant[puppetdb grant read-only permission on existing objects to puppetdb-read] |
contains |
Postgresql_psql[grant execution permission for puppetdb-read] |
Concat::Fragment[pg_hba_rule_deny access to postgresql user for instance main] |
contains |
Concat_fragment[pg_hba_rule_deny access to postgresql user for instance main] |
Apt::Setting[pref-apt_postgresql_org] |
contains |
File[/etc/apt/preferences.d/apt_postgresql_org.pref] |
Class[Postgresql::Server::Install] |
before |
Class[Postgresql::Server::Initdb] |
Class[Postgresql::Server] |
contains |
Class[Postgresql::Server::Initdb] |
Stage[main] |
contains |
Class[Postgresql::Server::Initdb] |
Class[Puppetdb::Database::Postgresql] |
contains |
Postgresql_psql[revoke all access on public schema] |
Postgresql::Server::Db[puppetdb] |
before |
Postgresql_psql[revoke all access on public schema] |
Postgresql::Server::Pg_hba_rule[allow access to all users for instance main] |
contains |
Concat::Fragment[pg_hba_rule_allow access to all users for instance main] |
Puppetdb::Database::Default_read_grant[puppetdb grant read permission on new objects from puppetdb to puppetdb-read] |
contains |
Postgresql_psql[grant default usage permission for puppetdb-read] |
Stage[main] |
contains |
Class[Postgresql::Params] |
Puppetdb::Database::Postgresql_ssl_rules[Configure postgresql ssl rules for puppetdb] |
contains |
Postgresql::Server::Pg_ident_rule[Map the SSL certificate of the server as a puppetdb user] |
Postgresql::Server::Instance::Config[main] |
contains |
Postgresql::Server::Pg_hba_rule[allow localhost TCP access to postgresql user for instance main] |
Postgresql::Server::Instance::Config[main] |
contains |
Concat[/etc/postgresql/14/main/pg_hba.conf] |
Class[Apt::Update] |
contains |
Exec[apt_update] |
Puppetdb::Database::Read_only_user[puppetdb-read] |
contains |
Postgresql::Server::Database_grant[puppetdb grant connection permission to puppetdb-read] |
Postgresql::Server::Role[puppetdb-read] |
before |
Postgresql::Server::Database_grant[puppetdb grant connection permission to puppetdb-read] |
Class[Puppetdb::Database::Postgresql] |
contains |
Puppetdb::Database::Read_only_user[puppetdb-read] |
Postgresql_psql[grant all permissions to puppetdb] |
before |
Puppetdb::Database::Read_only_user[puppetdb-read] |
Puppetdb::Database::Read_grant[puppetdb grant read-only permission on existing objects to puppetdb-read] |
contains |
Postgresql_psql[grant usage permission for puppetdb-read] |
Postgresql::Server::Instance::Config[main] |
contains |
Postgresql::Server::Pg_hba_rule[local access to database with same name for instance main] |
Postgresql::Server::Instance::Initdb[main] |
required-by |
Postgresql_conf[ssl] |
Postgresql::Server::Config_entry[ssl] |
contains |
Postgresql_conf[ssl] |
Postgresql::Server::Config_entry[password_encryption_for_instance_main] |
contains |
Postgresql_conf[password_encryption_for_instance_main] |
Postgresql::Server::Instance::Initdb[main] |
required-by |
Postgresql_conf[password_encryption_for_instance_main] |
Puppetdb::Database::Read_only_user[puppetdb-read] |
contains |
Postgresql::Server::Role[puppetdb-read] |
Class[Puppetdb::Database::Ssl_configuration] |
contains |
Postgresql::Server::Config_entry[ssl_key_file] |
File[postgres public key] |
required-by |
Postgresql::Server::Config_entry[ssl_key_file] |
File[postgres private key] |
required-by |
Postgresql::Server::Config_entry[ssl_key_file] |
Postgresql::Server::Instance::Config[main] |
contains |
Postgresql::Server::Pg_hba_rule[allow access to ipv6 localhost for instance main] |
Stage[main] |
contains |
Class[Postgresql::Repo] |
Class[Puppetdb::Database::Postgresql] |
contains |
Postgresql::Server::Db[puppetdb] |
Class[Puppetdb::Database::Postgresql] |
contains |
Postgresql::Server::Extension[pg_trgm] |
Postgresql::Server::Db[puppetdb] |
required-by |
Postgresql::Server::Extension[pg_trgm] |
Postgresql::Server::Instance::Config[main] |
contains |
File[/etc/postgresql/14/main/postgresql.conf] |
Postgresql_psql[CREATE ROLE puppetdb ENCRYPTED PASSWORD ****] |
required-by |
Postgresql_psql[ALTER ROLE "puppetdb" NOSUPERUSER] |
Postgresql::Server::Role[puppetdb] |
contains |
Postgresql_psql[ALTER ROLE "puppetdb" NOSUPERUSER] |
Postgresql::Server::Instance::Config[main] |
contains |
Postgresql::Server::Config_entry[password_encryption_for_instance_main] |
Puppetdb::Database::Read_only_user[puppetdb-read] |
contains |
Puppetdb::Database::Read_grant[puppetdb grant read-only permission on existing objects to puppetdb-read] |
Puppetdb::Database::Default_read_grant[puppetdb grant read permission on new objects from puppetdb to puppetdb-read] |
before |
Puppetdb::Database::Read_grant[puppetdb grant read-only permission on existing objects to puppetdb-read] |
Postgresql::Server::Instance::Service[main] |
contains |
Anchor[postgresql::server::service::end::main] |
Postgresql_conn_validator[validate_service_is_running_instance_main] |
before |
Anchor[postgresql::server::service::end::main] |
Puppetdb::Database::Postgresql_ssl_rules[Configure postgresql ssl rules for puppetdb-read] |
contains |
Postgresql::Server::Pg_hba_rule[Allow certificate mapped connections to puppetdb as puppetdb-read (ipv4)] |
Postgresql_psql[CREATE ROLE puppetdb ENCRYPTED PASSWORD ****] |
required-by |
Postgresql_psql[ALTER ROLE "puppetdb" LOGIN] |
Postgresql::Server::Role[puppetdb] |
contains |
Postgresql_psql[ALTER ROLE "puppetdb" LOGIN] |
Stage[main] |
contains |
Class[Puppetdb::Database::Postgresql] |
Class[Postgresql::Repo::Apt_postgresql_org] |
contains |
Apt::Source[apt.postgresql.org] |
Apt::Pin[apt_postgresql_org] |
before |
Apt::Source[apt.postgresql.org] |
Puppetdb::Database::Postgresql_ssl_rules[Configure postgresql ssl rules for puppetdb-read] |
contains |
Postgresql::Server::Pg_hba_rule[Allow certificate mapped connections to puppetdb as puppetdb-read (ipv6)] |
Stage[main] |
contains |
Class[Postgresql::Server::Contrib] |
Class[Apt] |
contains |
Apt::Setting[conf-update-stamp] |
Stage[main] |
contains |
Class[Postgresql::Server::Config] |
Class[Postgresql::Server::Initdb] |
before |
Class[Postgresql::Server::Config] |
Class[Postgresql::Server] |
contains |
Class[Postgresql::Server::Config] |
Postgresql::Server::Pg_hba_rule[allow access to ipv6 localhost for instance main] |
contains |
Concat::Fragment[pg_hba_rule_allow access to ipv6 localhost for instance main] |
Postgresql::Server::Database[puppetdb] |
contains |
Postgresql_psql[REVOKE CONNECT ON DATABASE "puppetdb" FROM public] |
Postgresql_psql[CREATE DATABASE "puppetdb"] |
notifies |
Postgresql_psql[REVOKE CONNECT ON DATABASE "puppetdb" FROM public] |
Apt::Source[apt.postgresql.org] |
contains |
Apt::Setting[list-apt.postgresql.org] |
Apt::Keyring[apt.postgresql.org.asc] |
before |
Apt::Setting[list-apt.postgresql.org] |
Concat::Fragment[pg_hba_rule_local access to database with same name for instance main] |
contains |
Concat_fragment[pg_hba_rule_local access to database with same name for instance main] |
Apt::Keyring[apt.postgresql.org.asc] |
contains |
File[/etc/apt/keyrings/apt.postgresql.org.asc] |
Concat::Fragment[pg_hba_rule_local access as postgres user for instance main] |
contains |
Concat_fragment[pg_hba_rule_local access as postgres user for instance main] |
Class[Apt] |
contains |
File[apt.conf.d] |
Apt::Pin[apt_postgresql_org] |
contains |
Apt::Setting[pref-apt_postgresql_org] |
Postgresql::Server::Db[puppetdb] |
contains |
Postgresql::Server::Role[puppetdb] |
Stage[main] |
contains |
Class[Postgresql::Globals] |
Postgresql::Server::Db[puppetdb] |
contains |
Postgresql::Server::Database_grant[GRANT puppetdb - all - puppetdb] |
Postgresql::Server::Db[puppetdb] |
contains |
Postgresql::Server::Database[puppetdb] |
Postgresql::Server::Role[puppetdb] |
before |
Postgresql::Server::Database[puppetdb] |
Class[Postgresql::Server::Install] |
contains |
Package[postgresql-server] |
Apt::Source[apt.postgresql.org] |
before |
Package[postgresql-server] |
Class[Apt::Update] |
before |
Package[postgresql-server] |
Class[Postgresql::Server::Config] |
contains |
Postgresql::Server::Instance::Config[main] |
Class[Puppetdb::Database::Ssl_configuration] |
contains |
File[postgres public key] |
Package[postgresql-server] |
required-by |
File[postgres public key] |
Postgresql_conf[port_for_instance_main] |
notifies |
Postgresql::Server::Instance::Service[main] |
Class[Postgresql::Server::Service] |
contains |
Postgresql::Server::Instance::Service[main] |
Postgresql_conf[data_directory_for_instance_main] |
notifies |
Postgresql::Server::Instance::Service[main] |
Postgresql_conf[listen_addresses_for_instance_main] |
notifies |
Postgresql::Server::Instance::Service[main] |
Puppetdb::Database::Default_read_grant[puppetdb grant read permission on new objects from puppetdb to puppetdb-read] |
contains |
Postgresql_psql[grant default select permission for puppetdb-read] |
Postgresql::Server::Pg_hba_rule[Allow certificate mapped connections to puppetdb as puppetdb-read (ipv4)] |
contains |
Concat::Fragment[pg_hba_rule_Allow certificate mapped connections to puppetdb as puppetdb-read (ipv4)] |
Concat[/etc/postgresql/14/main/pg_hba.conf] |
contains |
Concat_fragment[/etc/postgresql/14/main/pg_hba.conf_header] |
Service[postgresqld_instance_main] |
required-by |
Postgresql_conn_validator[validate_service_is_running_instance_main] |
Postgresql::Server::Instance::Service[main] |
contains |
Postgresql_conn_validator[validate_service_is_running_instance_main] |
Postgresql::Server::Role[puppetdb] |
contains |
Postgresql_psql[CREATE ROLE puppetdb ENCRYPTED PASSWORD ****] |
Postgresql::Server::Role[puppetdb-read] |
contains |
Postgresql_psql[ALTER ROLE "puppetdb-read" NOSUPERUSER] |
Postgresql_psql[CREATE ROLE puppetdb-read ENCRYPTED PASSWORD ****] |
required-by |
Postgresql_psql[ALTER ROLE "puppetdb-read" NOSUPERUSER] |
Stage[main] |
contains |
Class[Postgresql::Server::Service] |
Class[Postgresql::Server] |
contains |
Class[Postgresql::Server::Service] |
Class[Postgresql::Server::Config] |
before |
Class[Postgresql::Server::Service] |
Postgresql_psql[CREATE ROLE puppetdb ENCRYPTED PASSWORD ****] |
required-by |
Postgresql_psql[ALTER ROLE "puppetdb" NOCREATEROLE] |
Postgresql::Server::Role[puppetdb] |
contains |
Postgresql_psql[ALTER ROLE "puppetdb" NOCREATEROLE] |
Postgresql::Server::Database[puppetdb] |
contains |
Postgresql_psql[UPDATE pg_database SET datistemplate = false WHERE datname = 'puppetdb'] |
Postgresql_psql[CREATE DATABASE "puppetdb"] |
before |
Postgresql_psql[UPDATE pg_database SET datistemplate = false WHERE datname = 'puppetdb'] |
Postgresql::Server::Role[puppetdb] |
contains |
Postgresql_psql[ALTER ROLE "puppetdb" INHERIT] |
Postgresql_psql[CREATE ROLE puppetdb ENCRYPTED PASSWORD ****] |
required-by |
Postgresql_psql[ALTER ROLE "puppetdb" INHERIT] |
Postgresql::Server::Pg_hba_rule[deny access to postgresql user for instance main] |
contains |
Concat::Fragment[pg_hba_rule_deny access to postgresql user for instance main] |
Postgresql::Server::Role[puppetdb-read] |
contains |
Postgresql_psql[CREATE ROLE puppetdb-read ENCRYPTED PASSWORD ****] |
Class[Apt] |
contains |
File[preferences] |
Concat::Fragment[pg_hba_rule_Allow certificate mapped connections to puppetdb as puppetdb-read (ipv6)] |
contains |
Concat_fragment[pg_hba_rule_Allow certificate mapped connections to puppetdb as puppetdb-read (ipv6)] |
Class[Apt] |
contains |
File[sources.list.d] |
Postgresql::Server::Config_entry[port_for_instance_main] |
contains |
Postgresql_conf[port_for_instance_main] |
Postgresql::Server::Instance::Initdb[main] |
required-by |
Postgresql_conf[port_for_instance_main] |
Postgresql::Server::Role[puppetdb] |
contains |
Postgresql_psql[ALTER ROLE "puppetdb" NOREPLICATION] |
Postgresql_psql[CREATE ROLE puppetdb ENCRYPTED PASSWORD ****] |
required-by |
Postgresql_psql[ALTER ROLE "puppetdb" NOREPLICATION] |
Postgresql::Server::Config_entry[data_directory_for_instance_main] |
contains |
Postgresql_conf[data_directory_for_instance_main] |
Postgresql::Server::Instance::Initdb[main] |
required-by |
Postgresql_conf[data_directory_for_instance_main] |
Postgresql::Server::Instance::Service[main] |
required-by |
Postgresql_psql[CREATE DATABASE "puppetdb"] |
Postgresql::Server::Database[puppetdb] |
contains |
Postgresql_psql[CREATE DATABASE "puppetdb"] |
Postgresql::Server::Pg_ident_rule[Map the SSL certificate of the server as a puppetdb-read user] |
contains |
Concat::Fragment[pg_ident_rule_Map the SSL certificate of the server as a puppetdb-read user] |
Postgresql_psql[CREATE ROLE puppetdb-read ENCRYPTED PASSWORD ****] |
required-by |
Postgresql_psql[ALTER ROLE "puppetdb-read" NOCREATEROLE] |
Postgresql::Server::Role[puppetdb-read] |
contains |
Postgresql_psql[ALTER ROLE "puppetdb-read" NOCREATEROLE] |
Postgresql_psql[CREATE ROLE puppetdb ENCRYPTED PASSWORD ****] |
required-by |
Postgresql_psql[ALTER ROLE "puppetdb" CONNECTION LIMIT -1] |
Postgresql::Server::Role[puppetdb] |
contains |
Postgresql_psql[ALTER ROLE "puppetdb" CONNECTION LIMIT -1] |
Class[Apt] |
contains |
File[/etc/apt/auth.conf] |
Postgresql_conf[ssl] |
notifies |
Postgresql::Server::Instance::Reload[main] |
Postgresql_conf[ssl_key_file] |
notifies |
Postgresql::Server::Instance::Reload[main] |
Postgresql_conf[ssl_cert_file] |
notifies |
Postgresql::Server::Instance::Reload[main] |
Postgresql_conf[ssl_ca_file] |
notifies |
Postgresql::Server::Instance::Reload[main] |
Concat[/etc/postgresql/14/main/pg_ident.conf] |
notifies |
Postgresql::Server::Instance::Reload[main] |
Concat[/etc/postgresql/14/main/pg_hba.conf] |
notifies |
Postgresql::Server::Instance::Reload[main] |
Class[Postgresql::Server::Reload] |
contains |
Postgresql::Server::Instance::Reload[main] |
Postgresql_conf[password_encryption_for_instance_main] |
notifies |
Postgresql::Server::Instance::Reload[main] |
Postgresql_psql[CREATE ROLE puppetdb-read ENCRYPTED PASSWORD ****] |
required-by |
Postgresql_psql[ALTER ROLE puppetdb-read ENCRYPTED PASSWORD ****] |
Postgresql::Server::Role[puppetdb-read] |
contains |
Postgresql_psql[ALTER ROLE puppetdb-read ENCRYPTED PASSWORD ****] |
Stage[main] |
contains |
Class[Puppetdb::Params] |
Postgresql::Server::Instance::Config[main] |
contains |
Postgresql::Server::Pg_hba_rule[deny access to postgresql user for instance main] |
Postgresql_psql[CREATE ROLE puppetdb ENCRYPTED PASSWORD ****] |
required-by |
Postgresql_psql[ALTER ROLE puppetdb ENCRYPTED PASSWORD ****] |
Postgresql::Server::Role[puppetdb] |
contains |
Postgresql_psql[ALTER ROLE puppetdb ENCRYPTED PASSWORD ****] |
Concat::Fragment[pg_hba_rule_allow localhost TCP access to postgresql user for instance main] |
contains |
Concat_fragment[pg_hba_rule_allow localhost TCP access to postgresql user for instance main] |
File[apt.conf.d] |
notifies |
Class[Apt::Update] |
File[preferences.d] |
notifies |
Class[Apt::Update] |
File[/etc/apt/apt.conf.d/15update-stamp] |
notifies |
Class[Apt::Update] |
File[sources.list] |
notifies |
Class[Apt::Update] |
File[sources.list.d] |
notifies |
Class[Apt::Update] |
File[preferences] |
notifies |
Class[Apt::Update] |
Stage[main] |
contains |
Class[Apt::Update] |
File[/etc/apt/auth.conf] |
notifies |
Class[Apt::Update] |
File[/etc/apt/sources.list.d/apt.postgresql.org.list] |
notifies |
Class[Apt::Update] |
Class[Apt] |
contains |
File[sources.list] |
Postgresql::Server::Database_grant[puppetdb grant connection permission to puppetdb-read] |
before |
Puppetdb::Database::Default_read_grant[puppetdb grant read permission on new objects from puppetdb to puppetdb-read] |
Puppetdb::Database::Read_only_user[puppetdb-read] |
contains |
Puppetdb::Database::Default_read_grant[puppetdb grant read permission on new objects from puppetdb to puppetdb-read] |
Postgresql::Server::Database_grant[GRANT puppetdb - all - puppetdb] |
contains |
Postgresql::Server::Grant[database:GRANT puppetdb - all - puppetdb] |
Postgresql::Server::Instance::Service[main] |
contains |
Service[postgresqld_instance_main] |
Postgresql::Server::Instance::Service[main] |
contains |
Anchor[postgresql::server::service::begin::main] |
Stage[main] |
contains |
Class[Puppetdb::Database::Ssl_configuration] |
Postgresql::Server::Instance::Config[main] |
contains |
Postgresql::Server::Config_entry[port_for_instance_main] |
Postgresql::Server::Instance::Config[main] |
contains |
Concat[/etc/postgresql/14/main/pg_ident.conf] |
Postgresql::Server::Role[puppetdb-read] |
contains |
Postgresql_psql[ALTER ROLE "puppetdb-read" NOCREATEDB] |
Postgresql_psql[CREATE ROLE puppetdb-read ENCRYPTED PASSWORD ****] |
required-by |
Postgresql_psql[ALTER ROLE "puppetdb-read" NOCREATEDB] |
Class[Puppetdb::Database::Ssl_configuration] |
contains |
Postgresql::Server::Config_entry[ssl_cert_file] |
File[postgres private key] |
required-by |
Postgresql::Server::Config_entry[ssl_cert_file] |
File[postgres public key] |
required-by |
Postgresql::Server::Config_entry[ssl_cert_file] |
Postgresql_psql[CREATE ROLE puppetdb-read ENCRYPTED PASSWORD ****] |
required-by |
Postgresql_psql[ALTER ROLE "puppetdb-read" INHERIT] |
Postgresql::Server::Role[puppetdb-read] |
contains |
Postgresql_psql[ALTER ROLE "puppetdb-read" INHERIT] |
Class[Puppetdb::Database::Ssl_configuration] |
contains |
Puppetdb::Database::Postgresql_ssl_rules[Configure postgresql ssl rules for puppetdb] |
Postgresql::Server::Instance::Initdb[main] |
contains |
Exec[postgresql_initdb_instance_main] |
File[/var/lib/postgresql/14/main] |
required-by |
Exec[postgresql_initdb_instance_main] |
Concat[/etc/postgresql/14/main/pg_hba.conf] |
contains |
Concat_file[/etc/postgresql/14/main/pg_hba.conf] |
Class[Puppetdb::Database::Postgresql] |
contains |
Postgresql_psql[grant puppetdb-read role to puppetdb] |
Puppetdb::Database::Read_only_user[puppetdb-read] |
before |
Postgresql_psql[grant puppetdb-read role to puppetdb] |
Puppetdb::Database::Read_grant[puppetdb grant read-only permission on existing objects to puppetdb-read] |
contains |
Postgresql_psql[grant select permission for puppetdb-read] |
Apt::Source[apt.postgresql.org] |
contains |
Apt::Keyring[apt.postgresql.org.asc] |
Postgresql::Server::Pg_hba_rule[Allow certificate mapped connections to puppetdb as puppetdb (ipv6)] |
contains |
Concat::Fragment[pg_hba_rule_Allow certificate mapped connections to puppetdb as puppetdb (ipv6)] |
Postgresql::Server::Instance::Config[main] |
contains |
Postgresql::Server::Config_entry[data_directory_for_instance_main] |
Postgresql::Server::Config_entry[ssl_cert_file] |
contains |
Postgresql_conf[ssl_cert_file] |
Postgresql::Server::Instance::Initdb[main] |
required-by |
Postgresql_conf[ssl_cert_file] |
Stage[main] |
contains |
Class[Apt::Params] |
Postgresql::Server::Pg_hba_rule[local access as postgres user for instance main] |
contains |
Concat::Fragment[pg_hba_rule_local access as postgres user for instance main] |
Class[Apt] |
contains |
Package[gnupg] |
Postgresql::Server::Pg_hba_rule[Allow certificate mapped connections to puppetdb as puppetdb-read (ipv6)] |
contains |
Concat::Fragment[pg_hba_rule_Allow certificate mapped connections to puppetdb as puppetdb-read (ipv6)] |
Class[Puppetdb::Database::Ssl_configuration] |
contains |
Puppetdb::Database::Postgresql_ssl_rules[Configure postgresql ssl rules for puppetdb-read] |
Apt::Setting[conf-update-stamp] |
contains |
File[/etc/apt/apt.conf.d/15update-stamp] |