openstack
/
fuel-library
Code Issues Proposed changes

Rebase postgresql to puppetlabs-postgresql-4.0.0 

Rebases to puppetlabs-postgresql commit id:
5d4a543a54df0c9c52a5c7c1f68e5ae51d862947

Older postgresql lacks capability to handle
bindir path changes in postgres 9.0 and newer.

Change-Id: If8265bcdd7144a44b97a9f2e7d72f8a4b263920a
Partial-Bug: #1386118
Related blueprint merge-openstack-puppet-modules
This commit is contained in:
Matthew Mosesohn 2014-10-27 14:13:31 +04:00
parent b972acf770
commit e97c8338c9
131 changed files with 6368 additions and 1461 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
deployment/puppet/postgresql/.gitignore vendored
View File

@ -1,6 +0,0 @@
*.swp
pkg/
.DS_Store
metadata.json
coverage/

24
deployment/puppet/postgresql/.project
View File

@ -1,24 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>postgresql</name>
<comment></comment>
<projects>
<project>firewall</project>
</projects>
<buildSpec>
<buildCommand>
<name>org.cloudsmith.geppetto.pp.dsl.ui.modulefileBuilder</name>
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipse.xtext.ui.shared.xtextBuilder</name>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.cloudsmith.geppetto.pp.dsl.ui.puppetNature</nature>
<nature>org.eclipse.xtext.ui.shared.xtextNature</nature>
</natures>
</projectDescription>

652
deployment/puppet/postgresql/CHANGELOG.md
View File

@ -1,3 +1,655 @@
##2014-09-03 - Supported Release 4.0.0
###Summary
This release removes the uninstall ability from the module, removes the firewall
management, overhauls all of the acceptance testing, as well as adds better
support for SuSE and Fedora.
###Backwards Incompatible changes.
- Uninstall code removal.
- Firewall management for Postgres.
- Set manage_pg_ident_conf to true.
####Uninstallation removal
We rely heavily on the ability to uninstall and reinstall postgres throughout
our testing code, testing features like "can I move from the distribution
packages to the upstream packages through the module" and over time we've
learnt that the uninstall code simply doesn't work a lot of the time. It
leaves traces of postgres behind or fails to remove certain packages on Ubuntu,
and generally causes bits to be left on your system that you didn't expect.
When we then reinstall things fail because it's not a true clean slate, and
this causes us enormous problems during test. We've spent weeks and months
working on these tests and they simply don't hold up well across the full range
of PE platforms.
Due to all these problems we've decided to take a stance on uninstalling in
general. We feel that in 2014 it's completely reasonable and normal to have a
good provisioning pipeline combined with your configuration management and the
"correct" way to uninstall a fully installed service like postgresql is to
simply reprovision the server without it in the first place. As a general rule
this is how I personally like to work and I think is a good practice.
####I'm not OK with this!
We understand that there are environments and situations in which it's not easy
to do that. What if you accidently deployed Postgres on 100,000 nodes? In the
future we're going to take a look at building some example 'profiles' to be
found under examples/ within this module that can uninstall postgres on popular
platforms. These can be modified and used in your specific case to uninstall
postgresql. They will be much more brute force and reliant on deleting entire
directories and require you to do more work up front in specifying where things
are installed but we think it'll prove to be a much cleaner mechanism for this
kind of thing rather than trying to weave it into the main module logic itself.
####Features
- Removal of uninstall.
- Removal of firewall management.
- Tests ported to rspec3.
- Acceptance tests rewritten.
- Add a defined type for creating database schemas.
- Add a pg_ident_rule defined type.
- Set manage_pg_ident_conf to true.
- Manage pg_ident.conf by default.
- Improve selinux support for tablespace.
- Remove deprecation warnings.
- Support changing PGDATA on RedHat.
- Add SLES 11 support.
####Bugfixes
- Link pg_config binary into /usr/bin.
- Fix fedora support by using systemd.
- Initdb should create xlogdir if set.
##2014-08-27 - Supported Release 3.4.3
###Summary
This release fixes Ubuntu 10.04 with Facter 2.2.
####Features
####Bugfixes
- Use a regular expression to match the major OS version on Ubuntu.
##2014-07-31 - Supported Release 3.4.2
###Summary
This release fixes recent Fedora versions.
####Features
####Bugfixes
- Fix Fedora.
##2014-07-15 - Supported Release 3.4.1
###Summary
This release merely updates metadata.json so the module can be uninstalled and
upgraded via the puppet module command.
##2014-04-14 - Supported Release 3.4.0
###Summary
This feature rolls up several important features, the biggest being PostGIS
handling and allowing `port` to be set on postgresql::server in order to
change the port that Postgres listens on. We've added support for RHEL7
and Ubuntu 14.04, as well as allowing you to manage the service via
`service_ensure` finally.
####Features
- Added `perl_package_name` for installing bindings.
- Added `service_ensure` for allowing control of services.
- Added `postgis_version` and postgis class for installing postgis.
- Added `port` for selecting the port Postgres runs on.
- Add support for RHEL7 and Ubuntu 14.04.
- Add `default_db` to postgresql::server::database.
- Widen the selection of unquoted parameters in postgresql_conf{}
- Require the service within postgresql::server::reload for RHEL7.
- Add `inherit` to postgresql::server::role.
####Bugfixes
##2014-03-04 - Supported Release 3.3.3
###Summary
This is a supported release. This release removes a testing symlink that can
cause trouble on systems where /var is on a seperate filesystem from the
modulepath.
####Features
####Bugfixes
####Known Bugs
* SLES is not supported.
##2014-03-04 - Supported Release 3.3.2
###Summary
This is a supported release. It fixes a problem with updating passwords on postgresql.org distributed versions of PostgreSQL.
####Bugfixes
- Correct psql path when setting password on custom versions.
- Documentation updates
- Test updates
####Known Bugs
* SLES is not supported.
##2014-02-12 - Version 3.3.1
####Bugfix:
- Allow dynamic rubygems host
##2014-01-28 - Version 3.3.0
###Summary
This release rolls up a bunch of bugfixes our users have found and fixed for
us over the last few months. This improves things for 9.1 users, and makes
this module usable on FreeBSD.
This release is dedicated to 'bma', who's suffering with Puppet 3.4.1 issues
thanks to Puppet::Util::SUIDManager.run_and_capture.
####Features
- Add lc_ config entry settings
- Can pass template at database creation.
- Add FreeBSD support.
- Add support for customer `xlogdir` parameter.
- Switch tests from rspec-system to beaker. (This isn't really a feature)
####Bugfixes
- Properly fix the deprecated Puppet::Util::SUIDManager.run_and_capture errors.
- Fix NOREPLICATION option for Postgres 9.1
- Wrong parameter name: manage_pg_conf -> manage_pg_hba_conf
- Add $postgresql::server::client_package_name, referred to by install.pp
- Add missing service_provider/service_name descriptions in ::globals.
- Fix several smaller typos/issues throughout.
- Exec['postgresql_initdb'] needs to be done after $datadir exists
- Prevent defined resources from floating in the catalog.
- Fix granting all privileges on a table.
- Add some missing privileges.
- Remove deprecated and unused concat::fragment parameters.
##2013-11-05 - Version 3.2.0
###Summary
Add's support for Ubuntu 13.10 (and 14.04) as well as x, y, z.
####Features
- Add versions for Ubuntu 13.10 and 14.04.
- Use default_database in validate_db_connection instead of a hardcoded
'postgres'
- Add globals/params layering for default_database.
- Allow specification of default database name.
####Bugs
- Fixes to the README.
##2013-10-25 - Version 3.1.0
###Summary
This is a minor feature and bug fix release.
Firstly, the postgresql_psql type now includes a new parameter `search_path` which is equivalent to using `set search_path` which allows you to change the default schema search path.
The default version of Fedora 17 has now been added, so that Fedora 17 users can enjoy the module.
And finally we've extended the capabilities of the defined type postgresql::validate_db_connection so that now it can handle retrying and sleeping between retries. This feature has been monopolized to fix a bug we were seeing with startup race conditions, but it can also be used by remote systems to 'wait' for PostgreSQL to start before their Puppet run continues.
####Features
- Defined $default_version for Fedora 17 (Bret Comnes)
- add search_path attribute to postgresql_psql resource (Jeremy Kitchen)
- (GH-198) Add wait and retry capability to validate_db_connection (Ken Barber)
####Bugs
- enabling defined postgres user password without resetting on every puppet run (jonoterc)
- periods are valid in configuration variables also (Jeremy Kitchen)
- Add zero length string to join() function (Jarl Stefansson)
- add require of install to reload class (cdenneen)
- (GH-198) Fix race condition on postgresql startup (Ken Barber)
- Remove concat::setup for include in preparation for the next concat release (Ken Barber)
##2013-10-14 - Version 3.0.0
Final release of 3.0, enjoy!
##2013-10-14 - Version 3.0.0-rc3
###Summary
Add a parameter to unmanage pg_hba.conf to fix a regression from 2.5, as well
as allowing owner to be passed into x.
####Features
- `manage_pg_hba_conf` parameter added to control pg_hba.conf management.
- `owner` parameter added to server::db.
##2013-10-09 - Version 3.0.0-rc2
###Summary
A few bugfixes have been found since -rc1.
####Fixes
- Special case for $datadir on Amazon
- Fix documentation about username/password for the postgresql_hash function
##2013-10-01 - Version 3.0.0-rc1
###Summary
Version 3 was a major rewrite to fix some internal dependency issues, and to
make the new Public API more clear. As a consequence a lot of things have
changed for version 3 and older revisions that we will try to outline here.
(NOTE: The format of this CHANGELOG differs to normal in an attempt to
explain the scope of changes)
* Server specific objects now moved under `postgresql::server::` namespace:
To restructure server specific elements under the `postgresql::server::`
namespaces the following objects were renamed as such:
`postgresql::database` -> `postgresql::server::database`
`postgresql::database_grant` -> `postgresql::server::database_grant`
`postgresql::db` -> `postgresql::server::db`
`postgresql::grant` -> `postgresql::server::grant`
`postgresql::pg_hba_rule` -> `postgresql::server::pg_hba_rule`
`postgresql::plperl` -> `postgresql::server::plperl`
`postgresql::contrib` -> `postgresql::server::contrib`
`postgresql::role` -> `postgresql::server::role`
`postgresql::table_grant` -> `postgresql::server::table_grant`
`postgresql::tablespace` -> `postgresql::server::tablespace`
* New `postgresql::server::config_entry` resource for managing configuration:
Previously we used the `file_line` resource to modify `postgresql.conf`. This
new revision now adds a new resource named `postgresql::server::config_entry`
for managing this file. For example:
```puppet
postgresql::server::config_entry { 'check_function_bodies':
value => 'off',
}
```
If you were using `file_line` for this purpose, you should change to this new
methodology.
* `postgresql_puppet_extras.conf` has been removed:
Now that we have a methodology for managing `postgresql.conf`, and due to
concerns over the file management methodology using an `exec { 'touch ...': }`
as a way to create an empty file the existing postgresql\_puppet\_extras.conf
file is no longer managed by this module.
If you wish to recreate this methodology yourself, use this pattern:
```puppet
class { 'postgresql::server': }
$extras = "/tmp/include.conf"
file { $extras:
content => 'max_connections = 123',
notify => Class['postgresql::server::service'],
}->
postgresql::server::config_entry { 'include':
value => $extras,
}
```
* All uses of the parameter `charset` changed to `encoding`:
Since PostgreSQL uses the terminology `encoding` not `charset` the parameter
has been made consisent across all classes and resources.
* The `postgresql` base class is no longer how you set globals:
The old global override pattern was less then optimal so it has been fixed,
however we decided to demark this properly by specifying these overrides in
the class `postgresql::global`. Consult the documentation for this class now
to see what options are available.
Also, some parameter elements have been moved between this and the
`postgresql::server` class where it made sense.
* `config_hash` parameter collapsed for the `postgresql::server` class:
Because the `config_hash` was really passing data through to what was in
effect an internal class (`postgresql::config`). And since we don't want this
kind of internal exposure the parameters were collapsed up into the
`postgresql::server` class directly.
* Lots of changes to 'private' or 'undocumented' classes:
If you were using these before, these have changed names. You should only use
what is documented in this README.md, and if you don't have what you need you
should raise a patch to add that feature to a public API. All internal classes
now have a comment at the top indicating them as private to make sure the
message is clear that they are not supported as Public API.
* `pg_hba_conf_defaults` parameter included to turn off default pg\_hba rules:
The defaults should be good enough for most cases (if not raise a bug) but if
you simply need an escape hatch, this setting will turn off the defaults. If
you want to do this, it may affect the rest of the module so make sure you
replace the rules with something that continues operation.
* `postgresql::database_user` has now been removed:
Use `postgresql::server::role` instead.
* `postgresql::psql` resource has now been removed:
Use `postgresql_psql` instead. In the future we may recreate this as a wrapper
to add extra capability, but it will not match the old behaviour.
* `postgresql_default_version` fact has now been removed:
It didn't make sense to have this logic in a fact any more, the logic has been
moved into `postgresql::params`.
* `ripienaar/concat` is no longer used, instead we use `puppetlabs/concat`:
The older concat module is now deprecated and moved into the
`puppetlabs/concat` namespace. Functionality is more or less identical, but
you may need to intervene during the installing of this package - as both use
the same `concat` namespace.
---
##2013-09-09 Release 2.5.0
###Summary
The focus of this release is primarily to capture the fixes done to the
types and providers to make sure refreshonly works properly and to set
the stage for the large scale refactoring work of 3.0.0.
####Features
####Bugfixes
- Use boolean for refreshonly.
- Fix postgresql::plperl documentation.
- Add two missing parameters to config::beforeservice
- Style fixes
##2013-08-01 Release 2.4.1
###Summary
This minor bugfix release solves an idempotency issue when using plain text
passwords for the password_hash parameter for the postgresql::role defined
type. Without this, users would continually see resource changes everytime
your run Puppet.
####Bugfixes
- Alter role call not idempotent with cleartext passwords (Ken Barber)
##2013-07-19 Release 2.4.0
###Summary
This updates adds the ability to change permissions on tables, create template
databases from normal databases, manage PL-Perl's postgres package, and
disable the management of `pg_hba.conf`.
####Features
- Add `postgresql::table_grant` defined resource
- Add `postgresql::plperl` class
- Add `manage_pg_hba_conf` parameter to the `postgresql::config` class
- Add `istemplate` parameter to the `postgresql::database` define
####Bugfixes
- Update `postgresql::role` class to be able to update roles when modified
instead of only on creation.
- Update tests
- Fix documentation of `postgresql::database_grant`
##2.3.0
This feature release includes the following changes:
* Add a new parameter `owner` to the `database` type. This can be used to
grant ownership of a new database to a specific user. (Bruno Harbulot)
* Add support for operating systems other than Debian/RedHat, as long as the
user supplies custom values for all of the required paths, package names, etc.
(Chris Price)
* Improved integration testing (Ken Barber)
##2.2.1
This release fixes a bug whereby one of our shell commands (psql) were not ran from a globally accessible directory. This was causing permission denied errors when the command attempted to change user without changing directory.
Users of previous versions might have seen this error:
Error: Error executing SQL; psql returned 256: 'could not change directory to "/root"
This patch should correct that.
#### Detail Changes
* Set /tmp as default CWD for postgresql_psql
##2.2.0
This feature release introduces a number of new features and bug fixes.
First of all it includes a new class named `postgresql::python` which provides you with a convenient way of install the python Postgresql client libraries.
class { 'postgresql::python':
}
You are now able to use `postgresql::database_user` without having to specify a password_hash, useful for different authentication mechanisms that do not need passwords (ie. cert, local etc.).
We've also provided a lot more advanced custom parameters now for greater control of your Postgresql installation. Consult the class documentation for PuppetDB in the README.
This release in particular has largely been contributed by the community members below, a big thanks to one and all.
#### Detailed Changes
* Add support for psycopg installation (Flaper Fesp and Dan Prince)
* Added default PostgreSQL version for Ubuntu 13.04 (Kamil Szymanski)
* Add ability to create users without a password (Bruno Harbulot)
* Three Puppet 2.6 fixes (Dominic Cleal)
* Add explicit call to concat::setup when creating concat file (Dominic Cleal)
* Fix readme typo (Jordi Boggiano)
* Update postgres_default_version for Ubuntu (Kamil Szymanski)
* Allow to set connection for noew role (Kamil Szymanski)
* Fix pg_hba_rule for postgres local access (Kamil Szymanski)
* Fix versions for travis-ci (Ken Barber)
* Add replication support (Jordi Boggiano)
* Cleaned up and added unit tests (Ken Barber)
* Generalization to provide more flexability in postgresql configuration (Karel Brezina)
* Create dependent directory for sudoers so tests work on Centos 5 (Ken Barber)
* Allow SQL commands to be run against a specific DB (Carlos Villela)
* Drop trailing comma to support Puppet 2.6 (Michael Arnold)
##2.1.1
This release provides a bug fix for RHEL 5 and Centos 5 systems, or specifically systems using PostgreSQL 8.1 or older. On those systems one would have received the error:
Error: Could not start Service[postgresqld]: Execution of /sbin/service postgresql start returned 1:
And the postgresql log entry:
FATAL: unrecognized configuration parameter "include"
This bug is due to a new feature we had added in 2.1.0, whereby the `include` directive in `postgresql.conf` was not compatible. As a work-around we have added checks in our code to make sure systems running PostgreSQL 8.1 or older do not have this directive added.
#### Detailed Changes
2013-01-21 - Ken Barber <ken@bob.sh>
* Only install `include` directive and included file on PostgreSQL >= 8.2
* Add system tests for Centos 5
##2.1.0
This release is primarily a feature release, introducing some new helpful constructs to the module.
For starters, we've added the line `include 'postgresql_conf_extras.conf'` by default so extra parameters not managed by the module can be added by other tooling or by Puppet itself. This provides a useful escape-hatch for managing settings that are not currently managed by the module today.
We've added a new defined resource for managing your tablespace, so you can now create new tablespaces using the syntax:
postgresql::tablespace { 'dbspace':
location => '/srv/dbspace',
}
We've added a locale parameter to the `postgresql` class, to provide a default. Also the parameter has been added to the `postgresql::database` and `postgresql::db` defined resources for changing the locale per database:
postgresql::db { 'mydatabase':
user => 'myuser',
password => 'mypassword',
encoding => 'UTF8',
locale => 'en_NG',
}
There is a new class for installing the necessary packages to provide the PostgreSQL JDBC client jars:
class { 'postgresql::java': }
And we have a brand new defined resource for managing fine-grained rule sets within your pg_hba.conf access lists:
postgresql::pg_hba { 'Open up postgresql for access from 200.1.2.0/24':
type => 'host',
database => 'app',
user => 'app',
address => '200.1.2.0/24',
auth_method => 'md5',
}
Finally, we've also added Travis-CI support and unit tests to help us iterate faster with tests to reduce regression. The current URL for these tests is here: https://travis-ci.org/puppetlabs/puppet-postgresql. Instructions on how to run the unit tests available are provided in the README for the module.
A big thanks to all those listed below who made this feature release possible :-).
#### Detailed Changes
2013-01-18 - Simão Fontes <simaofontes@gmail.com> & Flaper Fesp <flaper87@gmail.com>
* Remove trailing commas from params.pp property definition for Puppet 2.6.0 compatibility
2013-01-18 - Lauren Rother <lauren.rother@puppetlabs.com>
* Updated README.md to conform with best practices template
2013-01-09 - Adrien Thebo <git@somethingsinistral.net>
* Update postgresql_default_version to 9.1 for Debian 7.0
2013-01-28 - Karel Brezina <karel.brezina@gmail.com>
* Add support for tablespaces
2013-01-16 - Chris Price <chris@puppetlabs.com> & Karel Brezina <karel.brezina@gmail.com>
* Provide support for an 'include' config file 'postgresql_conf_extras.conf' that users can modify manually or outside of the module.
2013-01-31 - jv <jeff@jeffvier.com>
* Fix typo in README.pp for postgresql::db example
2013-02-03 - Ken Barber <ken@bob.sh>
* Add unit tests and travis-ci support
2013-02-02 - Ken Barber <ken@bob.sh>
* Add locale parameter support to the 'postgresql' class
2013-01-21 - Michael Arnold <github@razorsedge.org>
* Add a class for install the packages containing the PostgreSQL JDBC jar
2013-02-06 - fhrbek <filip.hbrek@gmail.com>
* Coding style fixes to reduce warnings in puppet-lint and Geppetto
2013-02-10 - Ken Barber <ken@bob.sh>
* Provide new defined resource for managing pg_hba.conf
2013-02-11 - Ken Barber <ken@bob.sh>
* Fix bug with reload of Postgresql on Redhat/Centos
2013-02-15 - Erik Dalén <dalen@spotify.com>
* Fix more style issues to reduce warnings in puppet-lint and Geppetto
2013-02-15 - Erik Dalén <dalen@spotify.com>
* Fix case whereby we were modifying a hash after creation
##2.0.1
Minor bugfix release.
2013-01-16 - Chris Price <chris@puppetlabs.com>
* Fix revoke command in database.pp to support postgres 8.1 (43ded42)
2013-01-15 - Jordi Boggiano <j.boggiano@seld.be>
* Add support for ubuntu 12.10 status (3504405)
##2.0.0
Many thanks to the following people who contributed patches to this
release:
* Adrien Thebo
* Albert Koch
* Andreas Ntaflos
* Brett Porter
* Chris Price
* dharwood
* Etienne Pelletier
* Florin Broasca
* Henrik
* Hunter Haugen
* Jari Bakken
* Jordi Boggiano
* Ken Barber
* nzakaria
* Richard Arends
* Spenser Gilliland
* stormcrow
* William Van Hevelingen
Notable features:
* Add support for versions of postgres other than the system default version
(which varies depending on OS distro). This includes optional support for
automatically managing the package repo for the "official" postgres yum/apt
repos. (Major thanks to Etienne Pelletier <epelletier@maestrodev.com> and
Ken Barber <ken@bob.sh> for their tireless efforts and patience on this
feature set!) For example usage see `tests/official-postgresql-repos.pp`.
* Add some support for Debian Wheezy and Ubuntu Quantal
* Add new `postgres_psql` type with a Ruby provider, to replace the old
exec-based `psql` type. This gives us much more flexibility around
executing SQL statements and controlling their logging / reports output.
* Major refactor of the "spec" tests--which are actually more like
acceptance tests. We now support testing against multiple OS distros
via vagrant, and the framework is in place to allow us to very easily add
more distros. Currently testing against Cent6 and Ubuntu 10.04.
* Fixed a bug that was preventing multiple databases from being owned by the
same user
(9adcd182f820101f5e4891b9f2ff6278dfad495c - Etienne Pelletier <epelletier@maestrodev.com>)
* Add support for ACLs for finer-grained control of user/interface access
(b8389d19ad78b4fb66024897097b4ed7db241930 - dharwood <harwoodd@cat.pdx.edu>)
* Many other bug fixes and improvements!
---
##1.0.0
2012-09-17 - Version 0.3.0 released
2012-09-14 - Chris Price <chris@puppetlabs.com>

234
deployment/puppet/postgresql/CONTRIBUTING.md Normal file
View File

@ -0,0 +1,234 @@
Checklist (and a short version for the impatient)
=================================================
* Commits:
- Make commits of logical units.
- Check for unnecessary whitespace with "git diff --check" before
committing.
- Commit using Unix line endings (check the settings around "crlf" in
git-config(1)).
- Do not check in commented out code or unneeded files.
- The first line of the commit message should be a short
description (50 characters is the soft limit, excluding ticket
number(s)), and should skip the full stop.
- Associate the issue in the message. The first line should include
the issue number in the form "(#XXXX) Rest of message".
- The body should provide a meaningful commit message, which:
- uses the imperative, present tense: "change", not "changed" or
"changes".
- includes motivation for the change, and contrasts its
implementation with the previous behavior.
- Make sure that you have tests for the bug you are fixing, or
feature you are adding.
- Make sure the test suites passes after your commit:
`bundle exec rspec spec/acceptance` More information on [testing](#Testing) below
- When introducing a new feature, make sure it is properly
documented in the README.md
* Submission:
* Pre-requisites:
- Sign the [Contributor License Agreement](https://cla.puppetlabs.com/)
- Make sure you have a [GitHub account](https://github.com/join)
- [Create a ticket](http://projects.puppetlabs.com/projects/modules/issues/new), or [watch the ticket](http://projects.puppetlabs.com/projects/modules/issues) you are patching for.
* Preferred method:
- Fork the repository on GitHub.
- Push your changes to a topic branch in your fork of the
repository. (the format ticket/1234-short_description_of_change is
usually preferred for this project).
- Submit a pull request to the repository in the puppetlabs
organization.
The long version
================
1. Make separate commits for logically separate changes.
Please break your commits down into logically consistent units
which include new or changed tests relevant to the rest of the
change. The goal of doing this is to make the diff easier to
read for whoever is reviewing your code. In general, the easier
your diff is to read, the more likely someone will be happy to
review it and get it into the code base.
If you are going to refactor a piece of code, please do so as a
separate commit from your feature or bug fix changes.
We also really appreciate changes that include tests to make
sure the bug is not re-introduced, and that the feature is not
accidentally broken.
Describe the technical detail of the change(s). If your
description starts to get too long, that is a good sign that you
probably need to split up your commit into more finely grained
pieces.
Commits which plainly describe the things which help
reviewers check the patch and future developers understand the
code are much more likely to be merged in with a minimum of
bike-shedding or requested changes. Ideally, the commit message
would include information, and be in a form suitable for
inclusion in the release notes for the version of Puppet that
includes them.
Please also check that you are not introducing any trailing
whitespace or other "whitespace errors". You can do this by
running "git diff --check" on your changes before you commit.
2. Sign the Contributor License Agreement
Before we can accept your changes, we do need a signed Puppet
Labs Contributor License Agreement (CLA).
You can access the CLA via the [Contributor License Agreement link](https://cla.puppetlabs.com/)
If you have any questions about the CLA, please feel free to
contact Puppet Labs via email at cla-submissions@puppetlabs.com.
3. Sending your patches
To submit your changes via a GitHub pull request, we _highly_
recommend that you have them on a topic branch, instead of
directly on "master".
It makes things much easier to keep track of, especially if
you decide to work on another thing before your first change
is merged in.
GitHub has some pretty good
[general documentation](http://help.github.com/) on using
their site. They also have documentation on
[creating pull requests](http://help.github.com/send-pull-requests/).
In general, after pushing your topic branch up to your
repository on GitHub, you can switch to the branch in the
GitHub UI and click "Pull Request" towards the top of the page
in order to open a pull request.
4. Update the related GitHub issue.
If there is a GitHub issue associated with the change you
submitted, then you should update the ticket to include the
location of your branch, along with any other commentary you
may wish to make.
Testing
=======
Getting Started
---------------
Our puppet modules provide [`Gemfile`](./Gemfile)s which can tell a ruby
package manager such as [bundler](http://bundler.io/) what Ruby packages,
or Gems, are required to build, develop, and test this software.
Please make sure you have [bundler installed](http://bundler.io/#getting-started)
on your system, then use it to install all dependencies needed for this project,
by running
```shell
% bundle install
Fetching gem metadata from https://rubygems.org/........
Fetching gem metadata from https://rubygems.org/..
Using rake (10.1.0)
Using builder (3.2.2)
-- 8><-- many more --><8 --
Using rspec-system-puppet (2.2.0)
Using serverspec (0.6.3)
Using rspec-system-serverspec (1.0.0)
Using bundler (1.3.5)
Your bundle is complete!
Use `bundle show [gemname]` to see where a bundled gem is installed.
```
NOTE some systems may require you to run this command with sudo.
If you already have those gems installed, make sure they are up-to-date:
```shell
% bundle update
```
With all dependencies in place and up-to-date we can now run the tests:
```shell
% rake spec
```
This will execute all the [rspec tests](http://rspec-puppet.com/) tests
under [spec/defines](./spec/defines), [spec/classes](./spec/classes),
and so on. rspec tests may have the same kind of dependencies as the
module they are testing. While the module defines in its [Modulefile](./Modulefile),
rspec tests define them in [.fixtures.yml](./fixtures.yml).
Some puppet modules also come with [beaker](https://github.com/puppetlabs/beaker)
tests. These tests spin up a virtual machine under
[VirtualBox](https://www.virtualbox.org/)) with, controlling it with
[Vagrant](http://www.vagrantup.com/) to actually simulate scripted test
scenarios. In order to run these, you will need both of those tools
installed on your system.
You can run them by issuing the following command
```shell
% rake spec_clean
% rspec spec/acceptance
```
This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml),
install puppet, copy this module and install its dependencies per [spec/spec_helper_acceptance.rb](./spec/spec_helper_acceptance.rb)
and then run all the tests under [spec/acceptance](./spec/acceptance).
Writing Tests
-------------
XXX getting started writing tests.
If you have commit access to the repository
===========================================
Even if you have commit access to the repository, you will still need to
go through the process above, and have someone else review and merge
in your changes. The rule is that all changes must be reviewed by a
developer on the project (that did not write the code) to ensure that
all changes go through a code review process.
Having someone other than the author of the topic branch recorded as
performing the merge is the record that they performed the code
review.
Additional Resources
====================
* [Getting additional help](http://projects.puppetlabs.com/projects/puppet/wiki/Getting_Help)
* [Writing tests](http://projects.puppetlabs.com/projects/puppet/wiki/Development_Writing_Tests)
* [Patchwork](https://patchwork.puppetlabs.com)
* [Contributor License Agreement](https://projects.puppetlabs.com/contributor_licenses/sign)
* [General GitHub documentation](http://help.github.com/)
* [GitHub pull request documentation](http://help.github.com/send-pull-requests/)

27
deployment/puppet/postgresql/Gemfile Normal file
View File

@ -0,0 +1,27 @@
source ENV['GEM_SOURCE'] || "https://rubygems.org"
group :development, :test do
gem 'rake', :require => false
gem 'rspec-puppet', :require => false
gem 'puppetlabs_spec_helper', :require => false
gem 'serverspec', :require => false
gem 'puppet-lint', :require => false
gem 'beaker', :require => false
gem 'beaker-rspec', :require => false
gem 'pry', :require => false
gem 'simplecov', :require => false
end
if facterversion = ENV['FACTER_GEM_VERSION']
gem 'facter', facterversion, :require => false
else
gem 'facter', :require => false
end
if puppetversion = ENV['PUPPET_GEM_VERSION']
gem 'puppet', puppetversion, :require => false
else
gem 'puppet', :require => false
end
# vim:ft=ruby

2
deployment/puppet/postgresql/LICENSE
View File

@ -187,7 +187,7 @@
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Copyright 2013 Puppet Labs
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

10
deployment/puppet/postgresql/Modulefile
View File

@ -1,10 +0,0 @@
name 'inkling-postgresql'
version '0.3.0'
author 'Inkling'
license 'Apache'
project_page 'https://github.com/inkling/puppet-postgresql'
source 'git://github.com/inkling/puppet-postgresql.git'
summary 'PostgreSQL defined resource types'
description 'PostgreSQL defined resource types'
dependency 'puppetlabs/stdlib', '>=2.4.0'

14
deployment/puppet/postgresql/NOTICE Normal file
View File

@ -0,0 +1,14 @@
Puppetlabs postgresql module
Copyright 2012 Inkling Systems Inc
Copyright 2012-2013 Puppet Labs Inc
Copyright 2012-2013 Camptocamp SA.
This product includes software developed by:
The Puppet Labs Inc (http://www.puppetlabs.com/).
This product includes also software developed by:
Camptocamp SA (http://www.camptocamp.com/)
This product includes also software developed by:
Inkling Systems Inc (https://www.inkling.com/)

1059
deployment/puppet/postgresql/README.md
View File

File diff suppressed because it is too large Load Diff

10
deployment/puppet/postgresql/Rakefile Normal file
View File

@ -0,0 +1,10 @@
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-lint/tasks/puppet-lint'
PuppetLint.configuration.fail_on_warnings
PuppetLint.configuration.send('disable_80chars')
PuppetLint.configuration.send('disable_class_inherits_from_params_class')
PuppetLint.configuration.send('disable_class_parameter_defaults')
PuppetLint.configuration.send('disable_documentation')
PuppetLint.configuration.send('disable_single_quote_string_with_variables')
PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"]

105
deployment/puppet/postgresql/checksums.json Normal file
View File

@ -0,0 +1,105 @@
{
"CHANGELOG.md": "ea6738ad1f9e633dc4cf1101e289e974",
"CONTRIBUTING.md": "d911815dd7d0d90b90bb35382a6e3298",
"Gemfile": "31d67830f694c2af4c709d46c513bbc7",
"LICENSE": "746fe83ebbf8970af0a9ea13962293e9",
"NOTICE": "d8ffc52f00e00877b45d2b77e709f69e",
"README.md": "3077fc2132335540f9c943add9509c97",
"Rakefile": "de8eeacfe1fbbc6a6f4d89adfc98bcaf",
"files/RPM-GPG-KEY-PGDG": "78b5db170d33f80ad5a47863a7476b22",
"files/validate_postgresql_connection.sh": "20301932819f035492a30880f5bf335a",
"lib/puppet/parser/functions/postgresql_acls_to_resources_hash.rb": "d518a7959b950874820a3b0a7a324488",
"lib/puppet/parser/functions/postgresql_escape.rb": "2e136fcd653ab38d831c5b40806d47d1",
"lib/puppet/parser/functions/postgresql_password.rb": "820da02a888ab42357fe9bc2352b1c37",
"lib/puppet/provider/postgresql_conf/parsed.rb": "53cacac5630209bd4a4ea62433fba764",
"lib/puppet/provider/postgresql_psql/ruby.rb": "a3f6495a6e89bc02872a38fdef0afca8",
"lib/puppet/type/postgresql_conf.rb": "4f333138a3689f9768e7fe4bc3cde9fd",
"lib/puppet/type/postgresql_psql.rb": "e2e1339f5ea40a1aaf6ec25cdc966514",
"manifests/client.pp": "40df70575ac00258147fcd0099a5cef8",
"manifests/globals.pp": "718394a496dbfd3ae72b00cb62f27deb",
"manifests/lib/devel.pp": "aae0c25df16515553d115ce2b0171bc2",
"manifests/lib/java.pp": "ed639fd6ba8392cf4239cfe02be6ace5",
"manifests/lib/perl.pp": "5213fb4284f041fe28a22d68119f646d",
"manifests/lib/python.pp": "90736f86301c4c6401ec1180c176b616",
"manifests/params.pp": "642bebc7e9845038b422a9abe67b7009",
"manifests/repo/apt_postgresql_org.pp": "2ccfff0395c8e31989430112c29c4a1a",
"manifests/repo/yum_postgresql_org.pp": "a11eba8a95f88604184a495aeca87b3b",
"manifests/repo.pp": "974a70862512c950a8252d2c89140ed8",
"manifests/server/config.pp": "e4872285ca3ed214818ae00e81f09c0d",
"manifests/server/config_entry.pp": "fc121a375b2660f096ab5962532a1ce5",
"manifests/server/contrib.pp": "a0aafd867ca7c932bee14ebf480bfacd",
"manifests/server/database.pp": "3dd2146949e5f33d1c5b8a409d55580f",
"manifests/server/database_grant.pp": "66e5470bb932b087b540c444ee49941b",
"manifests/server/db.pp": "d38c925be1f0430a877706e7ce28faf1",
"manifests/server/grant.pp": "b2ac20bf9fecb640c7fe6eba603d6e1b",
"manifests/server/initdb.pp": "6532a6b1264cf173f22cf8267a13df6e",
"manifests/server/install.pp": "ddd4000b5cee099a3d0ebed79fd458bb",
"manifests/server/passwd.pp": "6f4fac48687bcc75c7e292d37977402c",
"manifests/server/pg_hba_rule.pp": "2845af83d0d7904d028ebd642d2dd993",
"manifests/server/pg_ident_rule.pp": "0fa70e2d42d17c59f41bd3351d5d96fb",
"manifests/server/plperl.pp": "189c47d04158440874dc136ca2b3fd7a",
"manifests/server/postgis.pp": "6ac7fbd262907bb1303aa29970e908eb",
"manifests/server/reload.pp": "10a2e4ca749b4938cfdafda9d2384c7c",
"manifests/server/role.pp": "54e2decad32ae5913ba736f793787fa2",
"manifests/server/schema.pp": "f51db9b12c8eb3e05c3b04d06feaac9e",
"manifests/server/service.pp": "cd054a4e7a2f1155c57c1c8091d14331",
"manifests/server/table_grant.pp": "7fbf5eafa4e5191b93195b07ef839bf9",
"manifests/server/tablespace.pp": "4f860e343038d7c5ecbd83b54784ef10",
"manifests/server.pp": "6630c0b3551f7c09ce8b4924fb0210ca",
"manifests/validate_db_connection.pp": "f1cfbec5b6bc0e1869db0a23185708d4",
"metadata.json": "c616fc381ec21dac98c8d5de6e85c5a0",
"spec/acceptance/alternative_port_spec.rb": "bb448ce71f022adfd02c8eac3ff3e9ec",
"spec/acceptance/db_spec.rb": "72ddf3a6c94be14eceb187580922d041",
"spec/acceptance/default_parameters_spec.rb": "e90626a6a1a84336b0829521ed89152e",
"spec/acceptance/nodesets/centos-510-x64.yml": "5698f7e61292730c603e03f64fe19359",
"spec/acceptance/nodesets/centos-59-x64.yml": "57eb3e471b9042a8ea40978c467f8151",
"spec/acceptance/nodesets/centos-64-x64-pe.yml": "ec075d95760df3d4702abea1ce0a829b",
"spec/acceptance/nodesets/centos-64-x64.yml": "9cde7b5d2ab6a42366d2344c264d6bdc",
"spec/acceptance/nodesets/centos-65-x64.yml": "3e5c36e6aa5a690229e720f4048bb8af",
"spec/acceptance/nodesets/debian-607-x64.yml": "d566bf76f534e2af7c9a4605316d232c",
"spec/acceptance/nodesets/debian-73-x64.yml": "ba5a75e27644c48ad8f3564fb6d372a7",
"spec/acceptance/nodesets/default.yml": "9cde7b5d2ab6a42366d2344c264d6bdc",
"spec/acceptance/nodesets/ubuntu-server-10044-x64.yml": "75e86400b7889888dc0781c0ae1a1297",
"spec/acceptance/nodesets/ubuntu-server-12042-x64.yml": "d30d73e34cd50b043c7d14e305955269",
"spec/acceptance/nodesets/ubuntu-server-1404-x64.yml": "5f0aed10098ac5b78e4217bb27c7aaf0",
"spec/acceptance/postgresql_psql_spec.rb": "49d18d6a30949658ed615c4d6a977ad4",
"spec/acceptance/server/schema_spec.rb": "988aa84ae180a4508897abf6a7fdb39e",
"spec/spec.opts": "a600ded995d948e393fbe2320ba8e51c",
"spec/spec_helper.rb": "2c3b776fcf7328f372f63550663d05fd",
"spec/spec_helper_acceptance.rb": "4b51b4c8b4db5150a79c4993f493f9a1",
"spec/unit/classes/client_spec.rb": "6f59c2d1ad8d5afad545b7aa4f8f40fd",
"spec/unit/classes/globals_spec.rb": "982e062a944229be31ed0ed61c39747d",
"spec/unit/classes/lib/devel_spec.rb": "88653dbb9beb08865f916f33681283bb",
"spec/unit/classes/lib/java_spec.rb": "2d8bd73fe651e9e62d0bba49abef292c",
"spec/unit/classes/lib/perl_spec.rb": "748a923db31aa42b3ee2fa5ac534d0d6",
"spec/unit/classes/lib/python_spec.rb": "085a1fd6809298d8774b8fd84157908d",
"spec/unit/classes/params_spec.rb": "af9c9224fb32b0e64bf575275167bebf",
"spec/unit/classes/repo_spec.rb": "cd1385198525063f7444fb7ef57b08cc",
"spec/unit/classes/server/contrib_spec.rb": "a0334495869618a6b75858211fec8cc8",
"spec/unit/classes/server/initdb_spec.rb": "ad013b15fc4d6cebb41710a4574c6c86",
"spec/unit/classes/server/plperl_spec.rb": "5fb32ffacadf95aa84646e32017a30f4",
"spec/unit/classes/server/postgis_spec.rb": "3975f38629148de15fd2cd87385f8e2e",
"spec/unit/classes/server_spec.rb": "829f676aad162b2437a10d30c1840b51",
"spec/unit/defines/server/config_entry_spec.rb": "1a7bc49ee464d83783a2b1ac0a24f6a2",
"spec/unit/defines/server/database_grant_spec.rb": "52e7ba3370d10b7c23a7b29fffe1ff33",
"spec/unit/defines/server/database_spec.rb": "122ec7e8b0072377e6b4f6d99cbd92aa",
"spec/unit/defines/server/db_spec.rb": "918342fdfa76c9acf0e455fe4411a42a",
"spec/unit/defines/server/grant_spec.rb": "5e6030fd1c268d88152f206701949122",
"spec/unit/defines/server/pg_hba_rule_spec.rb": "753bd46601b1f5c261ebfebb259b85c0",
"spec/unit/defines/server/pg_ident_rule_spec.rb": "51429e599dbf5ea5a167c8ac86c23ee4",
"spec/unit/defines/server/role_spec.rb": "24fc9508a34a81dcbc19a4a553bf1e9b",
"spec/unit/defines/server/schema_spec.rb": "d42e5fdee9427032df915f599a0f8de2",
"spec/unit/defines/server/table_grant_spec.rb": "21e375467a0635194d0f2e5effdcf22a",
"spec/unit/defines/server/tablespace_spec.rb": "ac4b95389354e2b489547f3a95441b61",
"spec/unit/defines/validate_db_connection_spec.rb": "b4758bd989da37699d550e412bfbeb52",
"spec/unit/functions/postgresql_acls_to_resources_hash_spec.rb": "ba576b0f385aa44fa352df6d5812f4ae",
"spec/unit/functions/postgresql_escape_spec.rb": "ddf2f5498937840f8c55a5ff2d8e9cb1",
"spec/unit/functions/postgresql_password_spec.rb": "8ca30e0a155e27dd3c161cea558a97eb",
"spec/unit/provider/postgresql_conf/parsed_spec.rb": "b83f1991835a3b2e9d279c6dda2204f5",
"spec/unit/puppet/provider/postgresql_psql/ruby_spec.rb": "790f304ac505fed3393e35485f9fff0f",
"spec/unit/puppet/type/postgresql_psql_spec.rb": "394a71e3883e145ca8b588ce7bc2843b",
"spec/unit/type/postgresql_conf_spec.rb": "069ce03012044d4864d7e81b60f022e0",
"templates/pg_hba_rule.conf": "13b46eecdfd359eddff71fa485ef2f54",
"templates/pg_ident_rule.conf": "444c85172fd44262344588e83ebb2515",
"templates/systemd-port-override.erb": "9af958cfc89251d8b32dd27050f58826"
}

30
deployment/puppet/postgresql/files/RPM-GPG-KEY-PGDG Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.7 (GNU/Linux)
mQGiBEeD8koRBACC1VBRsUwGr9gxFFRho9kZpdRUjBJoPhkeOTvp9LzkdAQMFngr
BFi6N0ov1kCX7LLwBmDG+JPR7N+XcH9YR1coSHpLVg+JNy2kFDd4zAyWxJafjZ3a
9zFg9Yx+0va1BJ2t4zVcmKS4aOfbgQ5KwIOWUujalQW5Y+Fw39Gn86qjbwCg5dIo
tkM0l19h2sx50D027pV5aPsD/2c9pfcFTbMhB0CcKS836GH1qY+NCAdUwPs646ee
Ex/k9Uy4qMwhl3HuCGGGa+N6Plyon7V0TzZuRGp/1742dE8IO+I/KLy2L1d1Fxrn
XOTBZd8qe6nBwh12OMcKrsPBVBxn+iSkaG3ULsgOtx+HHLfa1/p22L5+GzGdxizr
peBuA/90cCp+lYcEwdYaRoFVR501yDOTmmzBc1DrsyWP79QMEGzMqa393G0VnqXt
L4pGmunq66Agw2EhPcIt3pDYiCmEt/obdVtSJH6BtmSDB/zYhbE8u3vLP3jfFDa9
KXxgtYj0NvuUVoRmxSKm8jtfmj1L7zoKNz3jl+Ba3L0WxIv4+bRBUG9zdGdyZVNR
TCBSUE0gQnVpbGRpbmcgUHJvamVjdCA8cGdzcWxycG1zLWhhY2tlcnNAcGdmb3Vu
ZHJ5Lm9yZz6IYAQTEQIAIAUCR4PySgIbIwYLCQgHAwIEFQIIAwQWAgMBAh4BAheA
AAoJEB8W0uFELfD4jnkAoMqd6ZwwsgYHZ3hP9vt+DJt1uDW7AKDbRwP8ESKFhwdJ
8m91RPBeJW/tMLkCDQRHg/JKEAgA64+ZXgcERPYfZYo4p+yMTJAAa9aqnE3U4Ni6
ZMB57GPuEy8NfbNya+HiftO8hoozmJdcI6XFyRBCDUVCdZ8SE+PJdOx2FFqZVIu6
dKnr8ykhgLpNNEFDG3boK9UfLj/5lYQ3Y550Iym1QKOgyrJYeAp6sZ+Nx2PavsP3
nMFCSD67BqAbcLCVQN7a2dAUXfEbfXJjPHXTbo1/kxtzE+KCRTLdXEbSEe3nHO04
K/EgTBjeBUOxnciH5RylJ2oGy/v4xr9ed7R1jJtshsDKMdWApwoLlCBJ63jg/4T/
z/OtXmu4AvmWaJxaTl7fPf2GqSqqb6jLCrQAH7AIhXr9V0zPZwADBQgAlpptNQHl
u7euIdIujFwwcxyQGfee6BG+3zaNSEHMVQMuc6bxuvYmgM9r7aki/b0YMfjJBk8v
OJ3Eh1vDH/woJi2iJ13vQ21ot+1JP3fMd6NPR8/qEeDnmVXu7QAtlkmSKI9Rdnjz
FFSUJrQPHnKsH4V4uvAM+njwYD+VFiwlBPTKNeL8cdBb4tPN2cdVJzoAp57wkZAN
VA2tKxNsTJKBi8wukaLWX8+yPHiWCNWItvyB4WCEp/rZKG4A868NM5sZQMAabpLd
l4fTiGu68OYgK9qUPZvhEAL2C1jPDVHPkLm+ZsD+90Pe66w9vB00cxXuHLzm8Pad
GaCXCY8h3xi6VIhJBBgRAgAJBQJHg/JKAhsMAAoJEB8W0uFELfD4K4cAoJ4yug8y
1U0cZEiF5W25HDzMTtaDAKCaM1m3Cbd+AZ0NGWNg/VvIX9MsPA==
=au6K
-----END PGP PUBLIC KEY BLOCK-----

31
deployment/puppet/postgresql/files/validate_postgresql_connection.sh Normal file
View File

@ -0,0 +1,31 @@
#!/usr/bin/env bash
# usage is: validate_db_connection 2 50 psql
SLEEP=$1
TRIES=$2
PSQL=$3
STATE=1
for (( c=1; c<=$TRIES; c++ ))
do
echo $c
if [ $c -gt 1 ]
then
echo 'sleeping'
sleep $SLEEP
fi
/bin/echo "SELECT 1" | $PSQL
STATE=$?
if [ $STATE -eq 0 ]
then
exit 0
fi
done
echo 'Unable to connect to postgresql'
exit 1

76
deployment/puppet/postgresql/lib/puppet/parser/functions/postgresql_acls_to_resources_hash.rb Normal file
View File

@ -0,0 +1,76 @@
module Puppet::Parser::Functions
newfunction(:postgresql_acls_to_resources_hash, :type => :rvalue, :doc => <<-EOS
This internal function translates the ipv(4|6)acls format into a resource
suitable for create_resources. It is not intended to be used outside of the
postgresql internal classes/defined resources.
This function accepts an array of strings that are pg_hba.conf rules. It
will return a hash that can be fed into create_resources to create multiple
individual pg_hba_rule resources.
The second parameter is an identifier that will be included in the namevar
to provide uniqueness. It must be a string.
The third parameter is an order offset, so you can start the order at an
arbitrary starting point.
EOS
) do |args|
func_name = "postgresql_acls_to_resources_hash()"
raise(Puppet::ParseError, "#{func_name}: Wrong number of arguments " +
"given (#{args.size} for 3)") if args.size != 3
acls = args[0]
raise(Puppet::ParseError, "#{func_name}: first argument must be an array") \
unless acls.instance_of? Array
id = args[1]
raise(Puppet::ParseError, "#{func_name}: second argument must be a string") \
unless id.instance_of? String
offset = args[2].to_i
raise(Puppet::ParseError, "#{func_name}: third argument must be a number") \
unless offset.instance_of? Fixnum
resources = {}
acls.each do |acl|
index = acls.index(acl)
parts = acl.split
raise(Puppet::ParseError, "#{func_name}: acl line #{index} does not " +
"have enough parts") unless parts.length >= 4
resource = {
'type' => parts[0],
'database' => parts[1],
'user' => parts[2],
'order' => format('%03d', offset + index),
}
if parts[0] == 'local' then
resource['auth_method'] = parts[3]
if parts.length > 4 then
resource['auth_option'] = parts.last(parts.length - 4).join(" ")
end
else
if parts[4] =~ /^\d/
resource['address'] = parts[3] + ' ' + parts[4]
resource['auth_method'] = parts[5]
if parts.length > 6 then
resource['auth_option'] = parts.last(parts.length - 6).join(" ")
end
else
resource['address'] = parts[3]
resource['auth_method'] = parts[4]
if parts.length > 5 then
resource['auth_option'] = parts.last(parts.length - 5).join(" ")
end
end
end
resources["postgresql class generated rule #{id} #{index}"] = resource
end
resources
end
end

25
deployment/puppet/postgresql/lib/puppet/parser/functions/postgresql_escape.rb Normal file
View File

@ -0,0 +1,25 @@
require 'digest/md5'
module Puppet::Parser::Functions
newfunction(:postgresql_escape, :type => :rvalue, :doc => <<-EOS
Safely escapes a string using $$ using a random tag which should be consistent
EOS
) do |args|
raise(Puppet::ParseError, "postgresql_escape(): Wrong number of arguments " +
"given (#{args.size} for 1)") if args.size != 1
password = args[0]
if password !~ /\$\$/
retval = "$$#{password}$$"
else
escape = Digest::MD5.hexdigest(password)[0..5].gsub(/\d/,'')
until password !~ /#{escape}/
escape = Digest::MD5.hexdigest(escape)[0..5].gsub(/\d/,'')
end
retval = "$#{escape}$#{password}$#{escape}$"
end
retval
end
end

37
deployment/puppet/postgresql/lib/puppet/provider/postgresql_conf/parsed.rb Normal file
View File

@ -0,0 +1,37 @@
require 'puppet/provider/parsedfile'
Puppet::Type.type(:postgresql_conf).provide(
:parsed,
:parent => Puppet::Provider::ParsedFile,
:default_target => '/etc/postgresql.conf',
:filetype => :flat
) do
desc "Set key/values in postgresql.conf."
text_line :comment, :match => /^\s*#/
text_line :blank, :match => /^\s*$/
record_line :parsed,
:fields => %w{name value comment},
:optional => %w{comment},
:match => /^\s*([\w\.]+)\s*=?\s*(.*?)(?:\s*#\s*(.*))?\s*$/,
:to_line => proc { |h|
# simple string and numeric values don't need to be enclosed in quotes
dontneedquote = h[:value].match(/^(\w+)$/)
dontneedequal = h[:name].match(/^(include|include_if_exists)$/i)
str = h[:name].downcase # normalize case
str += dontneedequal ? ' ' : ' = '
str += "'" unless dontneedquote && !dontneedequal
str += h[:value]
str += "'" unless dontneedquote && !dontneedequal
str += " # #{h[:comment]}" unless (h[:comment].nil? or h[:comment] == :absent)
str
},
:post_parse => proc { |h|
h[:name].downcase! # normalize case
h[:value].gsub!(/(^'|'$)/, '') # strip out quotes
}
end

46
deployment/puppet/postgresql/lib/puppet/provider/postgresql_psql/ruby.rb Normal file
View File

@ -0,0 +1,46 @@
Puppet::Type.type(:postgresql_psql).provide(:ruby) do
def run_unless_sql_command(sql)
# for the 'unless' queries, we wrap the user's query in a 'SELECT COUNT',
# which makes it easier to parse and process the output.
run_sql_command('SELECT COUNT(*) FROM (' << sql << ') count')
end
def run_sql_command(sql)
if resource[:search_path]
sql = "set search_path to #{Array(resource[:search_path]).join(',')}; #{sql}"
end
command = [resource[:psql_path]]
command.push("-d", resource[:db]) if resource[:db]
command.push("-p", resource[:port]) if resource[:port]
command.push("-t", "-c", sql)
if resource[:cwd]
Dir.chdir resource[:cwd] do
run_command(command, resource[:psql_user], resource[:psql_group])
end
else
run_command(command, resource[:psql_user], resource[:psql_group])
end
end
private
def run_command(command, user, group)
if Puppet::PUPPETVERSION.to_f < 3.4
Puppet::Util::SUIDManager.run_and_capture(command, user, group)
else
output = Puppet::Util::Execution.execute(command, {
:uid => user,
:gid => group,
:failonfail => false,
:combine => true,
:override_locale => true,
:custom_environment => {}
})
[output, $CHILD_STATUS.dup]
end
end
end

31
deployment/puppet/postgresql/lib/puppet/type/postgresql_conf.rb Normal file
View File

@ -0,0 +1,31 @@
module Puppet
newtype(:postgresql_conf) do
@doc = "This type allows puppet to manage postgresql.conf parameters."
ensurable
newparam(:name) do
desc "The postgresql parameter name to manage."
isnamevar
newvalues(/^[\w\.]+$/)
end
newproperty(:value) do
desc "The value to set for this parameter."
end
newproperty(:target) do
desc "The path to postgresql.conf"
defaultto {
if @resource.class.defaultprovider.ancestors.include?(Puppet::Provider::ParsedFile)
@resource.class.defaultprovider.default_target
else
nil
end
}
end
end
end

101
deployment/puppet/postgresql/lib/puppet/type/postgresql_psql.rb Normal file
View File

@ -0,0 +1,101 @@
Puppet::Type.newtype(:postgresql_psql) do
newparam(:name) do
desc "An arbitrary tag for your own reference; the name of the message."
isnamevar
end
newproperty(:command) do
desc 'The SQL command to execute via psql.'
defaultto { @resource[:name] }
# If needing to run the SQL command, return a fake value that will trigger
# a sync, else return the expected SQL command so no sync takes place
def retrieve
if @resource.should_run_sql
return :notrun
else
return self.should
end
end
def sync
output, status = provider.run_sql_command(value)
self.fail("Error executing SQL; psql returned #{status}: '#{output}'") unless status == 0
end
end
newparam(:unless) do
desc "An optional SQL command to execute prior to the main :command; " +
"this is generally intended to be used for idempotency, to check " +
"for the existence of an object in the database to determine whether " +
"or not the main SQL command needs to be executed at all."
# Return true if a matching row is found
def matches(value)
if Puppet::PUPPETVERSION.to_f < 4
output, status = provider.run_unless_sql_command(value)
else
output = provider.run_unless_sql_command(value)
status = output.exitcode
end
self.fail("Error evaluating 'unless' clause, returned #{status}: '#{output}'") unless status == 0
result_count = output.strip.to_i
self.debug("Found #{result_count} row(s) executing 'unless' clause")
result_count > 0
end
end
newparam(:db) do
desc "The name of the database to execute the SQL command against."
end
newparam(:port) do
desc "The port of the database server to execute the SQL command against."
end
newparam(:search_path) do
desc "The schema search path to use when executing the SQL command"
end
newparam(:psql_path) do
desc "The path to psql executable."
defaultto("psql")
end
newparam(:psql_user) do
desc "The system user account under which the psql command should be executed."
defaultto("postgres")
end
newparam(:psql_group) do
desc "The system user group account under which the psql command should be executed."
defaultto("postgres")
end
newparam(:cwd, :parent => Puppet::Parameter::Path) do
desc "The working directory under which the psql command should be executed."
defaultto("/tmp")
end
newparam(:refreshonly, :boolean => true) do
desc "If 'true', then the SQL will only be executed via a notify/subscribe event."
defaultto(:false)
newvalues(:true, :false)
end
def should_run_sql(refreshing = false)
unless_param = @parameters[:unless]
return false if !unless_param.nil? && !unless_param.value.nil? && unless_param.matches(unless_param.value)
return false if !refreshing && @parameters[:refreshonly].value == :true
true
end
def refresh
self.property(:command).sync if self.should_run_sql(true)
end
end

23
deployment/puppet/postgresql/manifests/client.pp Normal file
View File

@ -0,0 +1,23 @@
# Install client cli tool. See README.md for more details.
class postgresql::client (
$file_ensure = 'file',
$package_name = $postgresql::params::client_package_name,
$package_ensure = 'present'
) inherits postgresql::params {
validate_string($package_name)
package { 'postgresql-client':
ensure => $package_ensure,
name => $package_name,
tag => 'postgresql',
}
file { '/usr/local/bin/validate_postgresql_connection.sh':
ensure => $file_ensure,
source => 'puppet:///modules/postgresql/validate_postgresql_connection.sh',
owner => 0,
group => 0,
mode => '0755',
}
}

64
deployment/puppet/postgresql/manifests/config.pp
View File

@ -1,64 +0,0 @@
# Class: postgresql::config
#
# Parameters:
#
# [*postgres_password*] - postgres db user password.
# [*ip_mask_deny_postgres_user*] - ip mask for denying remote access for postgres user; defaults to '0.0.0.0/0',
# meaning that all TCP access for postgres user is denied.
# [*ip_mask_allow_all_users*] - ip mask for allowing remote access for other users (besides postgres);
# defaults to '127.0.0.1/32', meaning only allow connections from localhost
# [*listen_addresses*] - what IP address(es) to listen on; comma-separated list of addresses; defaults to
# 'localhost', '*' = all
# [*pg_hba_conf_path*] - path to pg_hba.conf file
# [*postgresql_conf_path*] - path to postgresql.conf file
# [*manage_redhat_firewall*] - boolean indicating whether or not the module should open a port in the firewall on
# redhat-based systems; this parameter is likely to change in future versions. Possible
# changes include support for non-RedHat systems and finer-grained control over the
# firewall rule (currently, it simply opens up the postgres port to all TCP connections).
#
#
# Actions:
#
# Requires:
#
# Usage:
#
# class { 'postgresql::config':
# postgres_password => 'postgres',
# ip_mask_allow_all_users => '0.0.0.0/0',
# }
#
class postgresql::config(
$postgres_password = undef,
$ip_mask_deny_postgres_user = $postgresql::params::ip_mask_deny_postgres_user,
$ip_mask_allow_all_users = $postgresql::params::ip_mask_allow_all_users,
$listen_addresses = $postgresql::params::listen_addresses,
$pg_hba_conf_path = $postgresql::params::pg_hba_conf_path,
$postgresql_conf_path = $postgresql::params::postgresql_conf_path,
$manage_redhat_firewall = $postgresql::params::manage_redhat_firewall
) inherits postgresql::params {
# Basically, all this class needs to handle is passing parameters on
# to the "beforeservice" and "afterservice" classes, and ensure
# the proper ordering.
class { "postgresql::config::beforeservice":
ip_mask_deny_postgres_user => $ip_mask_deny_postgres_user,
ip_mask_allow_all_users => $ip_mask_allow_all_users,
listen_addresses => $listen_addresses,
pg_hba_conf_path => $pg_hba_conf_path,
postgresql_conf_path => $postgresql_conf_path,
manage_redhat_firewall => $manage_redhat_firewall,
}
class { "postgresql::config::afterservice":
postgres_password => $postgres_password,
}
Class['postgresql::config'] ->
Class['postgresql::config::beforeservice'] ->
Service['postgresqld'] ->
Class['postgresql::config::afterservice']
}

44
deployment/puppet/postgresql/manifests/config/afterservice.pp
View File

@ -1,44 +0,0 @@
# Class: postgresql::config::afterservice
#
# Parameters:
#
# [*postgres_password*] - postgres db user password.
#
# Actions:
#
# Requires:
#
# Usage:
# This class is not intended to be used directly; it is
# managed by postgresl::config. It contains resources
# that should be handled *after* the postgres service
# has been started up.
#
# class { 'postgresql::config::afterservice':
# postgres_password => 'postgres'
# }
#
class postgresql::config::afterservice(
$postgres_password = undef
) inherits postgresql::params {
if ($postgres_password != undef) {
# NOTE: this password-setting logic relies on the pg_hba.conf being configured
# to allow the postgres system user to connect via psql without specifying
# a password ('ident', 'peer', or 'trust' security). This is the default
# for pg_hba.conf.
exec { 'set_postgres_postgrespw':
# This command works w/no password because we run it as postgres system user
command => "psql -c \"ALTER ROLE postgres PASSWORD '$postgres_password'\"",
user => $postgresql::params::user,
group => $postgresql::params::group,
logoutput => true,
cwd => '/tmp',
# With this command we're passing -h to force TCP authentication, which does require
# a password. We specify the password via the PGPASSWORD environment variable. If
# the password is correct (current), this command will exit with an exit code of 0,
# which will prevent the main command from running.
unless => "env PGPASSWORD=\"$postgres_password\" psql -h localhost -c 'select 1' > /dev/null",
path => '/usr/bin:/usr/local/bin',
}
}
}

85
deployment/puppet/postgresql/manifests/config/beforeservice.pp
View File

@ -1,85 +0,0 @@
# Class: postgresql::config::beforeservice
#
# Parameters:
#
# [*ip_mask_deny_postgres_user*] - ip mask for denying remote access for postgres user; defaults to '0.0.0.0/0',
# meaning that all TCP access for postgres user is denied.
# [*ip_mask_allow_all_users*] - ip mask for allowing remote access for other users (besides postgres);
# defaults to '127.0.0.1/32', meaning only allow connections from localhost
# [*listen_addresses*] - what IP address(es) to listen on; comma-separated list of addresses; defaults to
# 'localhost', '*' = all
# [*pg_hba_conf_path*] - path to pg_hba.conf file
# [*postgresql_conf_path*] - path to postgresql.conf file
# [*manage_redhat_firewall*] - boolean indicating whether or not the module should open a port in the firewall on
# redhat-based systems; this parameter is likely to change in future versions. Possible
# changes include support for non-RedHat systems and finer-grained control over the
# firewall rule (currently, it simply opens up the postgres port to all TCP connections).
#
# Actions:
#
# Requires:
#
# Usage:
# This class is not intended to be used directly; it is
# managed by postgresl::config. It contains resources
# that should be handled *before* the postgres service
# has been started up.
#
# class { 'postgresql::config::before_service':
# ip_mask_allow_all_users => '0.0.0.0/0',
# }
#
class postgresql::config::beforeservice(
$ip_mask_deny_postgres_user = $postgresql::params::ip_mask_deny_postgres_user,
$ip_mask_allow_all_users = $postgresql::params::ip_mask_allow_all_users,
$listen_addresses = $postgresql::params::listen_addresses,
$pg_hba_conf_path = $postgresql::params::pg_hba_conf_path,
$postgresql_conf_path = $postgresql::params::postgresql_conf_path,
$manage_redhat_firewall = $postgresql::params::manage_redhat_firewall
) inherits postgresql::params {
File {
owner => $postgresql::params::user,
group => $postgresql::params::group,
}
# We use a templated version of pg_hba.conf. Our main needs are to
# make sure that md5 authentication can be made available for
# remote hosts.
file { 'pg_hba.conf':
ensure => file,
path => $pg_hba_conf_path,
content => template("postgresql/pg_hba.conf.erb"),
notify => Service['postgresqld'],
}
# We must set a "listen_addresses" line in the postgresql.conf if we
# want to allow any connections from remote hosts.
file_line { 'postgresql.conf':
path => $postgresql_conf_path,
match => '^listen_addresses\s*=.*$',
line => "listen_addresses = '${listen_addresses}'",
notify => Service['postgresqld'],
}
# TODO: is this a reasonable place for this firewall stuff?
# TODO: figure out a way to make this not platform-specific; debian and ubuntu have
# an out-of-the-box firewall configuration that seems trickier to manage
# TODO: get rid of hard-coded port
if ($manage_redhat_firewall and $firewall_supported) {
exec { "persist-firewall":
command => $persist_firewall_command,
refreshonly => true,
}
Firewall {
notify => Exec["persist-firewall"]
}
firewall { '5432 accept - postgres':
port => '5432',
proto => 'tcp',
action => 'accept',
}
}
}

49
deployment/puppet/postgresql/manifests/database.pp
View File

@ -1,49 +0,0 @@
# puppet-postgresql
# For all details and documentation:
# http://github.com/inkling/puppet-postgresql
#
# Copyright 2012- Inkling Systems, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# TODO: in order to match up more closely with the mysql module, this probably
# needs to be moved over to ruby, and add support for ensurable.
define postgresql::database(
$dbname = $title,
$charset = 'UTF8')
{
require postgresql::params
if ($::postgres_default_version != "8.1") {
$locale_option = "--locale=C"
}
$createdb_command = "${postgresql::params::createdb_path} --template=template0 --encoding '$charset' $locale_option '$dbname'"
exec { $createdb_command :
unless => "${postgresql::params::psql_path} --command=\"SELECT datname FROM pg_database WHERE datname=\'$dbname\' \" --pset=tuples_only | grep -q $dbname",
user => 'postgres',
}
# This will prevent users from connecting to the database unless they've been
# granted privileges.
postgresql::psql {"REVOKE CONNECT ON DATABASE $dbname FROM public":
db => 'postgres',
user => 'postgres',
unless => 'SELECT 1 where 1 = 0',
refreshonly => true,
subscribe => Exec[$createdb_command],
}
}

58
deployment/puppet/postgresql/manifests/database_grant.pp
View File

@ -1,58 +0,0 @@
# puppet-postgresql
# For all details and documentation:
# http://github.com/inkling/puppet-postgresql
#
# Copyright 2012- Inkling Systems, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# TODO: in mysql module, the grant resource name might look like this: 'user@host/dbname';
# I think that the API for the resource type should split these up, because it's
# easier / safer to recombine them for mysql than it is to parse them for other
# databases. Also, in the mysql module, the hostname portion of that string
# affects the user's ability to connect from remote hosts. In postgres this is
# managed via pg_hba.conf; not sure if we want to try to reconcile that difference
# in the modules or not.
define postgresql::database_grant(
# TODO: mysql supports an array of privileges here. We should do that if we
# port this to ruby.
$privilege,
$db,
$role,
$psql_db = 'postgres',
$psql_user='postgres'
) {
# TODO: FIXME: only works on databases, due to using has_database_privilege
# TODO: this is a terrible hack; if they pass "ALL" as the desired privilege,
# we need a way to test for it--and has_database_privilege does not recognize
# 'ALL' as a valid privilege name. So we probably need to hard-code a mapping
# between 'ALL' and the list of actual privileges that it entails, and loop
# over them to check them. That sort of thing will probably need to wait until
# we port this over to ruby, so, for now, we're just going to assume that if
# they have "CREATE" privileges on a database, then they have "ALL". (I told
# you that it was terrible!)
$unless_privilege = $privilege ? {
'ALL' => 'CREATE',
default => $privilege,
}
postgresql::psql {"GRANT $privilege ON database $db TO $role":
db => $psql_db,
user => $psql_user,
unless => "SELECT 1 WHERE has_database_privilege('$role', '$db', '$unless_privilege')",
}
}

56
deployment/puppet/postgresql/manifests/database_user.pp
View File

@ -1,56 +0,0 @@
# puppet-postgresql
# For all details and documentation:
# http://github.com/inkling/puppet-postgresql
#
# Copyright 2012- Inkling Systems, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Define: postgresql::database_user
#
# This type creates a postgres database user.
#
# Parameters:
# [*user*] - username to create.
# [*password_hash*] - user's password; this may be clear text, or an md5 hash as returned by the
# "postgresql_password" function in this module.
#
# Actions:
#
# Requires:
#
#
# Sample Usage:
#
# postgresql::database_user { 'frank':
# password_hash => postgresql_password('frank', 'password'),
# }
#
define postgresql::database_user(
$user=$title,
$password_hash,
$db = 'postgres',
$createdb=false,
$superuser=false,
$createrole=false
) {
postgresql::role {$user:
db => $db,
password_hash => $password_hash,
login => true,
createdb => $createdb,
superuser => $superuser,
createrole => $createrole,
}
}

65
deployment/puppet/postgresql/manifests/db.pp
View File

@ -1,65 +0,0 @@
# Define: postgresql::db
#
# This module creates database instances, a user, and grants that user
# privileges to the database.
#
# Since it requires class postgresql::server, we assume to run all commands as the
# postgresql user against the local postgresql server.
#
# TODO: support an array of privileges for "grant"; currently only supports a single
# privilege, which is pretty useless unless that privilege is "ALL"
#
# Parameters:
# [*title*] - postgresql database name.
# [*user*] - username to create and grant access.
# [*password*] - user's password. may be md5-encoded, in the format returned by the "postgresql_password"
# function in this module
# [*charset*] - database charset.
# [*grant*] - privilege to grant user.
#
# Actions:
#
# Requires:
#
# class postgresql::server
#
# Sample Usage:
#
# postgresql::db { 'mydb':
# user => 'my_user',
# password => 'password',
# grant => 'all'
# }
#
define postgresql::db (
$user,
$password,
$charset = 'utf8',
$grant = 'ALL'
) {
postgresql::database { $name:
# TODO: ensure is not yet supported
#ensure => present,
charset => $charset,
#provider => 'postgresql',
require => Class['postgresql::server'],
}
postgresql::database_user { "${user}":
# TODO: ensure is not yet supported
#ensure => present,
password_hash => $password,
#provider => 'postgresql',
require => Postgresql::Database[$name],
}
postgresql::database_grant { "GRANT ${user} - ${grant} - ${name}":
privilege => $grant,
db => $name,
role => $user,
#provider => 'postgresql',
require => Postgresql::Database_user["${user}"],
}
}

118
deployment/puppet/postgresql/manifests/globals.pp Normal file
View File

@ -0,0 +1,118 @@
# Class for setting cross-class global overrides. See README.md for more
# details.
class postgresql::globals (
$client_package_name = undef,
$server_package_name = undef,
$contrib_package_name = undef,
$devel_package_name = undef,
$java_package_name = undef,
$perl_package_name = undef,
$plperl_package_name = undef,
$python_package_name = undef,
$postgis_package_name = undef,
$service_name = undef,
$service_provider = undef,
$service_status = undef,
$default_database = undef,
$initdb_path = undef,
$createdb_path = undef,
$psql_path = undef,
$pg_hba_conf_path = undef,
$pg_ident_conf_path = undef,
$postgresql_conf_path = undef,
$pg_hba_conf_defaults = undef,
$datadir = undef,
$confdir = undef,
$bindir = undef,
$xlogdir = undef,
$user = undef,
$group = undef,
$version = undef,
$postgis_version = undef,
$needs_initdb = undef,
$encoding = undef,
$locale = undef,
$manage_pg_hba_conf = undef,
$manage_pg_ident_conf = undef,
$manage_package_repo = undef
) {
# We are determining this here, because it is needed by the package repo
# class.
$default_version = $::osfamily ? {
/^(RedHat|Linux)/ => $::operatingsystem ? {
'Fedora' => $::operatingsystemrelease ? {
/^(18|19|20)$/ => '9.2',
/^(17)$/ => '9.1',
default => undef,
},
'Amazon' => '9.2',
default => $::operatingsystemrelease ? {
/^7\./ => '9.2',
/^6\./ => '8.4',
/^5\./ => '8.1',
default => undef,
},
},
'Debian' => $::operatingsystem ? {
'Debian' => $::operatingsystemrelease ? {
/^6\./ => '8.4',
/^(wheezy|7\.)/ => '9.1',
/^(jessie|8\.)/ => '9.3',
default => undef,
},
'Ubuntu' => $::operatingsystemrelease ? {
/^(14.04)$/ => '9.3',
/^(11.10|12.04|12.10|13.04|13.10)$/ => '9.1',
/^(10.04|10.10|11.04)$/ => '8.4',
default => undef,
},
default => undef,
},
'Archlinux' => $::operatingsystem ? {
/Archlinux/ => '9.2',
default => '9.2',
},
'FreeBSD' => '93',
'Suse' => $::operatingsystem ? {
'SLES' => '91',
default => undef,
},
default => undef,
}
$globals_version = pick($version, $default_version, 'unknown')
if($globals_version == 'unknown') {
fail('No preferred version defined or automatically detected.')
}
$default_postgis_version = $globals_version ? {
'8.1' => '1.3.6',
'8.4' => '1.5',
'9.0' => '1.5',
'9.1' => '1.5',
'91' => '1.5',
'9.2' => '2.0',
'9.3' => '2.1',
default => undef,
}
$globals_postgis_version = pick($postgis_version, $default_postgis_version)
# Setup of the repo only makes sense globally, so we are doing this here.
if($manage_package_repo) {
# Workaround the lack of RHEL7 repositories for now.
if ! ($::operatingsystem == 'RedHat' and $::operatingsystemrelease =~ /^7/) {
class { 'postgresql::repo':
version => $globals_version
}
}
}
}

24
deployment/puppet/postgresql/manifests/init.pp
View File

@ -1,24 +0,0 @@
# Class: postgresql
#
# This class installs postgresql client software.
#
# Parameters:
# [*client_package_name*] - The name of the postgresql client package.
#
# Actions:
#
# Requires:
#
# Sample Usage:
#
class postgresql (
$package_name = $postgresql::params::client_package_name,
$package_ensure = 'present'
) inherits postgresql::params {
package { 'postgresql_client':
name => $package_name,
ensure => $package_ensure,
}
}

33
deployment/puppet/postgresql/manifests/initdb.pp
View File

@ -1,33 +0,0 @@
# puppet-postgresql
# For all details and documentation:
# http://github.com/inkling/puppet-postgresql
#
# Copyright 2012- Inkling Systems, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
class postgresql::initdb(
$datadir = $postgresql::params::datadir,
$initdb_path = $postgresql::params::initdb_path,
$user = 'postgres',
$group = 'postgres',
$encoding = 'UTF8',
$options=''
) inherits postgresql::params {
exec {"${initdb_path} --encoding '$encoding' --pgdata '$datadir'":
creates => "${datadir}/PG_VERSION",
user => "$user",
group => "$group",
}
}

26
deployment/puppet/postgresql/manifests/lib/devel.pp Normal file
View File

@ -0,0 +1,26 @@
# This class installs postgresql development libraries. See README.md for more
# details.
class postgresql::lib::devel(
$package_name = $postgresql::params::devel_package_name,
$package_ensure = 'present',
$link_pg_config = true
) inherits postgresql::params {
validate_string($package_name)
package { 'postgresql-devel':
ensure => $package_ensure,
name => $package_name,
tag => 'postgresql',
}
if $link_pg_config {
if ( $postgresql::params::bindir != '/usr/bin' and $postgresql::params::bindir != '/usr/local/bin') {
file {'/usr/bin/pg_config':
ensure => link,
target => "${postgresql::params::bindir}/pg_config",
}
}
}
}

16
deployment/puppet/postgresql/manifests/lib/java.pp Normal file
View File

@ -0,0 +1,16 @@
# This class installs the postgresql jdbc connector. See README.md for more
# details.
class postgresql::lib::java (
$package_name = $postgresql::params::java_package_name,
$package_ensure = 'present'
) inherits postgresql::params {
validate_string($package_name)
package { 'postgresql-jdbc':
ensure => $package_ensure,
name => $package_name,
tag => 'postgresql',
}
}

13
deployment/puppet/postgresql/manifests/lib/perl.pp Normal file
View File

@ -0,0 +1,13 @@
# This class installs the perl libs for postgresql. See README.md for more
# details.
class postgresql::lib::perl(
$package_name = $postgresql::params::perl_package_name,
$package_ensure = 'present'
) inherits postgresql::params {
package { 'perl-DBD-Pg':
ensure => $package_ensure,
name => $package_name,
}
}

13
deployment/puppet/postgresql/manifests/lib/python.pp Normal file
View File

@ -0,0 +1,13 @@
# This class installs the python libs for postgresql. See README.md for more
# details.
class postgresql::lib::python(
$package_name = $postgresql::params::python_package_name,
$package_ensure = 'present'
) inherits postgresql::params {
package { 'python-psycopg2':
ensure => $package_ensure,
name => $package_name,
}
}

269
deployment/puppet/postgresql/manifests/params.pp
View File

@ -1,90 +1,215 @@
# Class: postgresql::params
#
# The postgresql configuration settings.
#
# Parameters:
#
# Actions:
#
# Requires:
#
# Sample Usage:
#
class postgresql::params {
$user = 'postgres'
$group = 'postgres'
$ip_mask_deny_postgres_user = '0.0.0.0/0'
$ip_mask_allow_all_users = '127.0.0.1/32'
$listen_addresses = 'localhost'
# TODO: figure out a way to make this not platform-specific
$manage_redhat_firewall = false
# This is a bit hacky, but if the puppet nodes don't have pluginsync enabled,
# they will fail with a not-so-helpful error message. Here we are explicitly
# verifying that the custom fact exists (which implies that pluginsync is
# enabled and succeeded). If not, we fail with a hint that tells the user
# that pluginsync might not be enabled. Ideally this would be handled directly
# in puppet.
if ($::postgres_default_version == undef) {
fail "No value for postgres_default_version facter fact; it's possible that you don't have pluginsync enabled."
}
case $::operatingsystem {
default: {
$service_provider = undef
}
}
# PRIVATE CLASS: do not use directly
class postgresql::params inherits postgresql::globals {
$version = $globals_version
$postgis_version = $globals_postgis_version
$listen_addresses = 'localhost'
$port = 5432
$ip_mask_deny_postgres_user = '0.0.0.0/0'
$ip_mask_allow_all_users = '127.0.0.1/32'
$ipv4acls = []
$ipv6acls = []
$encoding = $encoding
$locale = $locale
$service_ensure = 'running'
$service_enable = true
$service_provider = $service_provider
$manage_pg_hba_conf = pick($manage_pg_hba_conf, true)
$manage_pg_ident_conf = pick($manage_pg_ident_conf, true)
$package_ensure = 'present'
# Amazon Linux's OS Family is 'Linux', operating system 'Amazon'.
case $::osfamily {
'RedHat': {
$service_name = 'postgresql'
$client_package_name = 'postgresql'
$server_package_name = 'postgresql-server'
$needs_initdb = true
$initdb_path = '/usr/bin/initdb'
$createdb_path = '/usr/bin/createdb'
$psql_path = '/usr/bin/psql'
$datadir = '/var/lib/pgsql/data/'
$pg_hba_conf_path = '/var/lib/pgsql/data/pg_hba.conf'
$postgresql_conf_path = '/var/lib/pgsql/data/postgresql.conf'
$firewall_supported = true
$persist_firewall_command = '/sbin/iptables-save > /etc/sysconfig/iptables'
'RedHat', 'Linux': {
$user = pick($user, 'postgres')
$group = pick($group, 'postgres')
$needs_initdb = pick($needs_initdb, true)
$version_parts = split($version, '[.]')
$package_version = "${version_parts[0]}${version_parts[1]}"
if $version == $default_version {
$client_package_name = pick($client_package_name, 'postgresql')
$server_package_name = pick($server_package_name, 'postgresql-server')
$contrib_package_name = pick($contrib_package_name,'postgresql-contrib')
$devel_package_name = pick($devel_package_name, 'postgresql-devel')
$java_package_name = pick($java_package_name, 'postgresql-jdbc')
$plperl_package_name = pick($plperl_package_name, 'postgresql-plperl')
$service_name = pick($service_name, 'postgresql')
$bindir = pick($bindir, '/usr/bin')
$datadir = $::operatingsystem ? {
'Amazon' => pick($datadir, '/var/lib/pgsql9/data'),
default => pick($datadir, '/var/lib/pgsql/data'),
}
$confdir = pick($confdir, $datadir)
} else {
$client_package_name = pick($client_package_name, "postgresql${package_version}")
$server_package_name = pick($server_package_name, "postgresql${package_version}-server")
$contrib_package_name = pick($contrib_package_name,"postgresql${package_version}-contrib")
$devel_package_name = pick($devel_package_name, "postgresql${package_version}-devel")
$java_package_name = pick($java_package_name, "postgresql${package_version}-jdbc")
$plperl_package_name = pick($plperl_package_name, "postgresql${package_version}-plperl")
$service_name = pick($service_name, "postgresql-${version}")
$bindir = pick($bindir, "/usr/pgsql-${version}/bin")
$datadir = $::operatingsystem ? {
'Amazon' => pick($datadir, "/var/lib/pgsql9/${version}/data"),
default => pick($datadir, "/var/lib/pgsql/${version}/data"),
}
$confdir = pick($confdir, $datadir)
}
$psql_path = pick($psql_path, "${bindir}/psql")
$service_status = $service_status
$perl_package_name = pick($perl_package_name, 'perl-DBD-Pg')
$python_package_name = pick($python_package_name, 'python-psycopg2')
$postgis_package_name = pick(
$postgis_package_name,
$::operatingsystemrelease ? {
/5/ => 'postgis',
default => versioncmp($postgis_version, '2') ? {
'-1' => "postgis${package_version}",
default => "postgis2_${package_version}",}
}
)
}
'Archlinux': {
$needs_initdb = pick($needs_initdb, true)
$user = pick($user, 'postgres')
$group = pick($group, 'postgres')
# Archlinux doesn't have a client-package but has a libs package which
# pulls in postgresql server
$client_package_name = pick($client_package_name, 'postgresql')
$server_package_name = pick($server_package_name, 'postgresql-libs')
$java_package_name = pick($java_package_name, 'postgresql-jdbc')
# Archlinux doesn't have develop packages
$devel_package_name = pick($devel_package_name, 'postgresql-devel')
# Archlinux does have postgresql-contrib but it isn't maintained
$contrib_package_name = pick($contrib_package_name,'undef')
# Archlinux postgresql package provides plperl
$plperl_package_name = pick($plperl_package_name, 'undef')
$service_name = pick($service_name, 'postgresql')
$bindir = pick($bindir, '/usr/bin')
$datadir = pick($datadir, '/var/lib/postgres/data')
$confdir = pick($confdir, $datadir)
$psql_path = pick($psql_path, "${bindir}/psql")
$service_status = $service_status
$python_package_name = pick($python_package_name, 'python-psycopg2')
# Archlinux does not have a perl::DBD::Pg package
$perl_package_name = pick($perl_package_name, 'undef')
}
'Debian': {
case $::operatingsystem {
'Debian': {
$service_name = "postgresql"
}
$user = pick($user, 'postgres')
$group = pick($group, 'postgres')
'Ubuntu': {
case $::lsbmajdistrelease {
# thanks, ubuntu
'10': { $service_name = "postgresql-${::postgres_default_version}" }
default: { $service_name = "postgresql" }
}
if $manage_package_repo == true {
$needs_initdb = pick($needs_initdb, true)
$service_name = pick($service_name, 'postgresql')
} else {
$needs_initdb = pick($needs_initdb, false)
$service_name = $::operatingsystem ? {
'Debian' => pick($service_name, 'postgresql'),
'Ubuntu' => $::lsbmajdistrelease ? {
/^10/ => pick($service_name, "postgresql-${version}"),
default => pick($service_name, 'postgresql'),
},
default => undef
}
}
$client_package_name = 'postgresql-client'
$server_package_name = 'postgresql'
$needs_initdb = false
$initdb_path = "/usr/lib/postgresql/${::postgres_default_version}/bin/initdb"
$createdb_path = "/usr/lib/postgresql/${::postgres_default_version}/bin/createdb"
$psql_path = "/usr/lib/postgresql/${::postgres_default_version}/bin/psql"
$datadir = "/var/lib/postgresql/${::postgres_default_version}/main"
$pg_hba_conf_path = "/etc/postgresql/${::postgres_default_version}/main/pg_hba.conf"
$postgresql_conf_path = "/etc/postgresql/${::postgres_default_version}/main/postgresql.conf"
$firewall_supported = false
# TODO: not exactly sure yet what the right thing to do for Debian/Ubuntu is.
#$persist_firewall_command = '/sbin/iptables-save > /etc/iptables/rules.v4'
$client_package_name = pick($client_package_name, "postgresql-client-${version}")
$server_package_name = pick($server_package_name, "postgresql-${version}")
$contrib_package_name = pick($contrib_package_name, "postgresql-contrib-${version}")
$postgis_package_name = pick(
$postgis_package_name,
versioncmp($postgis_version, '2') ? {
'-1' => "postgresql-${version}-postgis",
default => "postgresql-${version}-postgis-${postgis_version}",
}
)
$devel_package_name = pick($devel_package_name, 'libpq-dev')
$java_package_name = pick($java_package_name, 'libpostgresql-jdbc-java')
$perl_package_name = pick($perl_package_name, 'libdbd-pg-perl')
$plperl_package_name = pick($plperl_package_name, "postgresql-plperl-${version}")
$python_package_name = pick($python_package_name, 'python-psycopg2')
$bindir = pick($bindir, "/usr/lib/postgresql/${version}/bin")
$datadir = pick($datadir, "/var/lib/postgresql/${version}/main")
$confdir = pick($confdir, "/etc/postgresql/${version}/main")
$service_status = pick($service_status, "/etc/init.d/${service_name} status | /bin/egrep -q 'Running clusters: .+|online'")
$psql_path = pick($psql_path, "/usr/bin/psql")
}
'FreeBSD': {
$user = pick($user, 'pgsql')
$group = pick($group, 'pgsql')
$client_package_name = pick($client_package_name, "databases/postgresql${version}-client")
$server_package_name = pick($server_package_name, "databases/postgresql${version}-server")
$contrib_package_name = pick($contrib_package_name, "databases/postgresql${version}-contrib")
$devel_package_name = pick($devel_package_name, 'databases/postgresql-libpqxx3')
$java_package_name = pick($java_package_name, 'databases/postgresql-jdbc')
$perl_package_name = pick($plperl_package_name, 'databases/p5-DBD-Pg')
$plperl_package_name = pick($plperl_package_name, "databases/postgresql${version}-plperl")
$python_package_name = pick($python_package_name, 'databases/py-psycopg2')
$service_name = pick($service_name, 'postgresql')
$bindir = pick($bindir, '/usr/local/bin')
$datadir = pick($datadir, '/usr/local/pgsql/data')
$confdir = pick($confdir, $datadir)
$service_status = pick($service_status, "/usr/local/etc/rc.d/${service_name} status")
$psql_path = pick($psql_path, "${bindir}/psql")
$needs_initdb = pick($needs_initdb, true)
}
'Suse': {
$user = pick($user, 'postgres')
$group = pick($group, 'postgres')
$client_package_name = pick($client_package_name, "postgresql${version}")
$server_package_name = pick($server_package_name, "postgresql${version}-server")
$contrib_package_name = pick($contrib_package_name, "postgresql${version}-contrib")
$devel_package_name = pick($devel_package_name, "postgresql${version}-devel")
$java_package_name = pick($java_package_name, undef)
$perl_package_name = pick($plperl_package_name, undef)
$plperl_package_name = pick($plperl_package_name, undef)
$python_package_name = pick($python_package_name, undef)
$service_name = pick($service_name, 'postgresql')
$bindir = pick($bindir, "/usr/lib/postgresql${version}/bin")
$datadir = pick($datadir, '/var/lib/pgsql/data')
$confdir = pick($confdir, $datadir)
$service_status = pick($service_status, "/etc/init.d/${service_name} status")
$psql_path = pick($psql_path, "${bindir}/psql")
$needs_initdb = pick($needs_initdb, true)
}
default: {
fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}, module ${module_name} currently only supports osfamily RedHat and Debian")
$psql_path = pick($psql_path, "${bindir}/psql")
# Since we can't determine defaults on our own, we rely on users setting
# parameters with the postgresql::globals class. Here we are checking
# that the mandatory minimum is set for the module to operate.
$err_prefix = "Module ${module_name} does not provide defaults for osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}; please specify a value for ${module_name}::globals::"
if ($needs_initdb == undef) { fail("${err_prefix}needs_initdb") }
if ($service_name == undef) { fail("${err_prefix}service_name") }
if ($client_package_name == undef) { fail("${err_prefix}client_package_name") }
if ($server_package_name == undef) { fail("${err_prefix}server_package_name") }
if ($bindir == undef) { fail("${err_prefix}bindir") }
if ($datadir == undef) { fail("${err_prefix}datadir") }
if ($confdir == undef) { fail("${err_prefix}confdir") }
}
}
$initdb_path = pick($initdb_path, "${bindir}/initdb")
$createdb_path = pick($createdb_path, "${bindir}/createdb")
$pg_hba_conf_path = pick($pg_hba_conf_path, "${confdir}/pg_hba.conf")
$pg_hba_conf_defaults = pick($pg_hba_conf_defaults, true)
$pg_ident_conf_path = pick($pg_ident_conf_path, "${confdir}/pg_ident.conf")
$postgresql_conf_path = pick($postgresql_conf_path, "${confdir}/postgresql.conf")
$default_database = pick($default_database, 'postgres')
}

49
deployment/puppet/postgresql/manifests/psql.pp
View File

@ -1,49 +0,0 @@
# puppet-postgresql
# For all details and documentation:
# http://github.com/inkling/puppet-postgresql
#
# Copyright 2012- Inkling Systems, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
define postgresql::psql(
$command = $title,
$unless,
$db,
$user = 'postgres',
$refreshonly = false
) {
require postgresql::params
# TODO: FIXME: shellquote does not work, and this regex works for trivial things but not nested escaping.
# Need a lexer, preferably a ruby SQL parser to catch errors at catalog time
# Possibly https://github.com/omghax/sql ?
if ($::postgres_default_version != "8.1") {
$no_password_option = "--no-password"
}
$psql = "${postgresql::params::psql_path} $no_password_option --tuples-only --quiet --dbname $db"
$quoted_command = regsubst($command, '"', '\\"')
$quoted_unless = regsubst($unless, '"', '\\"')
exec {"/bin/echo \"$quoted_command\" | $psql |egrep -v -q '^$'":
cwd => '/tmp',
user => $user,
returns => 1,
unless => "/bin/echo \"$quoted_unless\" | $psql | egrep -v -q '^$'",
refreshonly => $refreshonly,
}
}

21
deployment/puppet/postgresql/manifests/repo.pp Normal file
View File

@ -0,0 +1,21 @@
# PRIVATE CLASS: do not use directly
class postgresql::repo (
$version = undef
) inherits postgresql::params {
case $::osfamily {
'RedHat', 'Linux': {
if $version == undef {
fail("The parameter 'version' for 'postgresql::repo' is undefined. You must always define it when osfamily == Redhat or Linux")
}
class { 'postgresql::repo::yum_postgresql_org': }
}
'Debian': {
class { 'postgresql::repo::apt_postgresql_org': }
}
default: {
fail("Unsupported managed repository for osfamily: ${::osfamily}, operatingsystem: ${::operatingsystem}, module ${module_name} currently only supports managing repos for osfamily RedHat and Debian")
}
}
}

22
deployment/puppet/postgresql/manifests/repo/apt_postgresql_org.pp Normal file
View File

@ -0,0 +1,22 @@
# PRIVATE CLASS: do not use directly
class postgresql::repo::apt_postgresql_org inherits postgresql::repo {
include ::apt
# Here we have tried to replicate the instructions on the PostgreSQL site:
#
# http://www.postgresql.org/download/linux/debian/
#
apt::pin { 'apt.postgresql.org':
originator => 'apt.postgresql.org',
priority => 500,
}->
apt::source { 'apt.postgresql.org':
location => 'http://apt.postgresql.org/pub/repos/apt/',
release => "${::lsbdistcodename}-pgdg",
repos => "main ${version}",
key => 'ACCC4CF8',
key_source => 'https://www.postgresql.org/media/keys/ACCC4CF8.asc',
include_src => false,
}
Apt::Source['apt.postgresql.org']->Package<|tag == 'postgresql'|>
}

29
deployment/puppet/postgresql/manifests/repo/yum_postgresql_org.pp Normal file
View File

@ -0,0 +1,29 @@
# PRIVATE CLASS: do not use directly
class postgresql::repo::yum_postgresql_org inherits postgresql::repo {
$version_parts = split($version, '[.]')
$package_version = "${version_parts[0]}${version_parts[1]}"
$gpg_key_path = "/etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-${package_version}"
file { $gpg_key_path:
source => 'puppet:///modules/postgresql/RPM-GPG-KEY-PGDG',
before => Yumrepo['yum.postgresql.org']
}
if($::operatingsystem == 'Fedora') {
$label1 = 'fedora'
$label2 = $label1
} else {
$label1 = 'redhat'
$label2 = 'rhel'
}
yumrepo { 'yum.postgresql.org':
descr => "PostgreSQL ${version} \$releasever - \$basearch",
baseurl => "http://yum.postgresql.org/${version}/${label1}/${label2}-\$releasever-\$basearch",
enabled => 1,
gpgcheck => 1,
gpgkey => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-${package_version}",
}
Yumrepo['yum.postgresql.org'] -> Package<|tag == 'postgresql'|>
}

40
deployment/puppet/postgresql/manifests/role.pp
View File

@ -1,40 +0,0 @@
# puppet-postgresql
# For all details and documentation:
# http://github.com/inkling/puppet-postgresql
#
# Copyright 2012- Inkling Systems, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
define postgresql::role(
$username=$title,
$password_hash,
$db='postgres',
$login=false,
$createrole=false,
$createdb=false,
$superuser=false
) {
$login_sql = $login ? { true => 'LOGIN' , false => 'NOLOGIN' }
$createrole_sql = $createrole ? { true => 'CREATEROLE', false => 'NOCREATEROLE' }
$createdb_sql = $createdb ? { true => 'CREATEDB' , false => 'NOCREATEDB' }
$superuser_sql = $superuser ? { true => 'SUPERUSER' , false => 'NOSUPERUSER' }
# TODO: FIXME: Will not correct the superuser / createdb / createrole / login status of a role that already exists
postgresql::psql {"CREATE ROLE ${username} ENCRYPTED PASSWORD '${password_hash}' $login_sql $createrole_sql $createdb_sql $superuser_sql":
db => $db,
user => 'postgres',
unless => "SELECT rolname FROM pg_roles WHERE rolname='$username'",
}
}

110
deployment/puppet/postgresql/manifests/server.pp
View File

@ -1,54 +1,70 @@
# Class: postgresql::server
#
# manages the installation of the postgresql server. manages the package and service
#
# Parameters:
# [*package_name*] - name of package
# [*service_name*] - name of service
#
# Actions:
#
# Requires:
#
# Sample Usage:
#
# This installs a PostgreSQL server. See README.md for more details.
class postgresql::server (
$package_name = $postgresql::params::server_package_name,
$package_ensure = 'present',
$service_name = $postgresql::params::service_name,
$service_provider = $postgresql::params::service_provider,
$config_hash = {}
$postgres_password = undef,
$package_name = $postgresql::params::server_package_name,
$client_package_name = $postgresql::params::client_package_name,
$package_ensure = $postgresql::params::package_ensure,
$plperl_package_name = $postgresql::params::plperl_package_name,
$service_ensure = $postgresql::params::service_ensure,
$service_enable = $postgresql::params::service_enable,
$service_name = $postgresql::params::service_name,
$service_provider = $postgresql::params::service_provider,
$service_status = $postgresql::params::service_status,
$default_database = $postgresql::params::default_database,
$listen_addresses = $postgresql::params::listen_addresses,
$port = $postgresql::params::port,
$ip_mask_deny_postgres_user = $postgresql::params::ip_mask_deny_postgres_user,
$ip_mask_allow_all_users = $postgresql::params::ip_mask_allow_all_users,
$ipv4acls = $postgresql::params::ipv4acls,
$ipv6acls = $postgresql::params::ipv6acls,
$initdb_path = $postgresql::params::initdb_path,
$createdb_path = $postgresql::params::createdb_path,
$psql_path = $postgresql::params::psql_path,
$pg_hba_conf_path = $postgresql::params::pg_hba_conf_path,
$pg_ident_conf_path = $postgresql::params::pg_ident_conf_path,
$postgresql_conf_path = $postgresql::params::postgresql_conf_path,
$datadir = $postgresql::params::datadir,
$xlogdir = $postgresql::params::xlogdir,
$pg_hba_conf_defaults = $postgresql::params::pg_hba_conf_defaults,
$user = $postgresql::params::user,
$group = $postgresql::params::group,
$needs_initdb = $postgresql::params::needs_initdb,
$encoding = $postgresql::params::encoding,
$locale = $postgresql::params::locale,
$manage_pg_hba_conf = $postgresql::params::manage_pg_hba_conf,
$manage_pg_ident_conf = $postgresql::params::manage_pg_ident_conf,
#Deprecated
$version = undef,
) inherits postgresql::params {
$pg = 'postgresql::server'
package { 'postgresql-server':
name => $package_name,
ensure => $package_ensure,
if $version != undef {
warning('Passing "version" to postgresql::server is deprecated; please use postgresql::globals instead.')
$_version = $version
} else {
$_version = $postgresql::params::version
}
$config_class = {}
$config_class['postgresql::config'] = $config_hash
create_resources( 'class', $config_class )
Package['postgresql-server'] -> Class['postgresql::config']
if ($needs_initdb) {
include postgresql::initdb
Class['postgresql::initdb'] -> Class['postgresql::config']
Class['postgresql::initdb'] -> Service['postgresqld']
}
service { 'postgresqld':
name => $service_name,
ensure => running,
enable => true,
require => Package['postgresql-server'],
provider => $service_provider,
}
Package<| title == 'postgresql-server'|> ~> Service<| title == 'postgresqld'|>
if !defined(Service['postgresqld']) {
notify{ "Module ${module_name} cannot notify service postgresqld on package update": }
}
# Reload has its own ordering, specified by other defines
class { "${pg}::reload": require => Class["${pg}::install"] }
anchor { "${pg}::start": }->
class { "${pg}::install": }->
class { "${pg}::initdb": }->
class { "${pg}::config": }->
class { "${pg}::service": }->
class { "${pg}::passwd": }->
anchor { "${pg}::end": }
}

123
deployment/puppet/postgresql/manifests/server/config.pp Normal file
View File

@ -0,0 +1,123 @@
# PRIVATE CLASS: do not call directly
class postgresql::server::config {
$ip_mask_deny_postgres_user = $postgresql::server::ip_mask_deny_postgres_user
$ip_mask_allow_all_users = $postgresql::server::ip_mask_allow_all_users
$listen_addresses = $postgresql::server::listen_addresses
$port = $postgresql::server::port
$ipv4acls = $postgresql::server::ipv4acls
$ipv6acls = $postgresql::server::ipv6acls
$pg_hba_conf_path = $postgresql::server::pg_hba_conf_path
$pg_ident_conf_path = $postgresql::server::pg_ident_conf_path
$postgresql_conf_path = $postgresql::server::postgresql_conf_path
$pg_hba_conf_defaults = $postgresql::server::pg_hba_conf_defaults
$user = $postgresql::server::user
$group = $postgresql::server::group
$version = $postgresql::server::_version
$manage_pg_hba_conf = $postgresql::server::manage_pg_hba_conf
$manage_pg_ident_conf = $postgresql::server::manage_pg_ident_conf
if ($manage_pg_hba_conf == true) {
# Prepare the main pg_hba file
concat { $pg_hba_conf_path:
owner => $user,
group => $group,
mode => '0640',
warn => true,
notify => Class['postgresql::server::reload'],
}
if $pg_hba_conf_defaults {
Postgresql::Server::Pg_hba_rule {
database => 'all',
user => 'all',
}
# Lets setup the base rules
$local_auth_option = $version ? {
'8.1' => 'sameuser',
default => undef,
}
postgresql::server::pg_hba_rule { 'local access as postgres user':
type => 'local',
user => $user,
auth_method => 'ident',
auth_option => $local_auth_option,
order => '001',
}
postgresql::server::pg_hba_rule { 'local access to database with same name':
type => 'local',
auth_method => 'ident',
auth_option => $local_auth_option,
order => '002',
}
postgresql::server::pg_hba_rule { 'allow localhost TCP access to postgresql user':
type => 'host',
user => $user,
address => '127.0.0.1/32',
auth_method => 'md5',
order => '003',
}
postgresql::server::pg_hba_rule { 'deny access to postgresql user':
type => 'host',
user => $user,
address => $ip_mask_deny_postgres_user,
auth_method => 'reject',
order => '004',
}
# ipv4acls are passed as an array of rule strings, here we transform
# them into a resources hash, and pass the result to create_resources
$ipv4acl_resources = postgresql_acls_to_resources_hash($ipv4acls,
'ipv4acls', 10)
create_resources('postgresql::server::pg_hba_rule', $ipv4acl_resources)
postgresql::server::pg_hba_rule { 'allow access to all users':
type => 'host',
address => $ip_mask_allow_all_users,
auth_method => 'md5',
order => '100',
}
postgresql::server::pg_hba_rule { 'allow access to ipv6 localhost':
type => 'host',
address => '::1/128',
auth_method => 'md5',
order => '101',
}
# ipv6acls are passed as an array of rule strings, here we transform
# them into a resources hash, and pass the result to create_resources
$ipv6acl_resources = postgresql_acls_to_resources_hash($ipv6acls,
'ipv6acls', 102)
create_resources('postgresql::server::pg_hba_rule', $ipv6acl_resources)
}
}
# We must set a "listen_addresses" line in the postgresql.conf if we
# want to allow any connections from remote hosts.
postgresql::server::config_entry { 'listen_addresses':
value => $listen_addresses,
}
postgresql::server::config_entry { 'port':
value => $port,
}
# RedHat-based systems hardcode some PG* variables in the init script, and need to be overriden
# in /etc/sysconfig/pgsql/postgresql. Create a blank file so we can manage it with augeas later.
if ($::osfamily == 'RedHat') and ($::operatingsystemrelease !~ /^7/) and ($::operatingsystem != 'Fedora') {
file { '/etc/sysconfig/pgsql/postgresql':
ensure => present,
replace => false,
}
}
if ($manage_pg_ident_conf == true) {
concat { $pg_ident_conf_path:
owner => $user,
group => $group,
force => true, # do not crash if there is no pg_ident_rules
mode => '0640',
warn => true,
notify => Class['postgresql::server::reload'],
}
}
}

107
deployment/puppet/postgresql/manifests/server/config_entry.pp Normal file
View File

@ -0,0 +1,107 @@
# Manage a postgresql.conf entry. See README.md for more details.
define postgresql::server::config_entry (
$ensure = 'present',
$value = undef,
$path = false
) {
$postgresql_conf_path = $postgresql::server::postgresql_conf_path
$target = $path ? {
false => $postgresql_conf_path,
default => $path,
}
Exec {
logoutput => 'on_failure',
}
case $name {
/data_directory|hba_file|ident_file|include|listen_addresses|port|max_connections|superuser_reserved_connections|unix_socket_directory|unix_socket_group|unix_socket_permissions|bonjour|bonjour_name|ssl|ssl_ciphers|shared_buffers|max_prepared_transactions|max_files_per_process|shared_preload_libraries|wal_level|wal_buffers|archive_mode|max_wal_senders|hot_standby|logging_collector|silent_mode|track_activity_query_size|autovacuum_max_workers|autovacuum_freeze_max_age|max_locks_per_transaction|max_pred_locks_per_transaction|restart_after_crash|lc_messages|lc_monetary|lc_numeric|lc_time/: {
Postgresql_conf {
notify => Class['postgresql::server::service'],
before => Class['postgresql::server::reload'],
}
}
default: {
Postgresql_conf {
notify => Class['postgresql::server::reload'],
}
}
}
# We have to handle ports in a weird and special way. On early Debian and
# Ubuntu we have to ensure we stop the service completely. On Redhat we
# either have to create a systemd override for the port or update the
# sysconfig file.
if $::operatingsystem == 'Debian' or $::operatingsystem == 'Ubuntu' {
if $::operatingsystemrelease =~ /^6/ or $::operatingsystemrelease =~ /^10\.04/ {
if $name == 'port' {
exec { 'postgresql_stop':
command => "service ${::postgresql::server::service_name} stop",
onlyif => "service ${::postgresql::server::service_name} status",
unless => "grep 'port = ${value}' ${::postgresql::server::postgresql_conf_path}",
path => '/usr/sbin:/sbin:/bin:/usr/bin:/usr/local/bin',
before => Postgresql_conf[$name],
}
}
}
}
if $::osfamily == 'RedHat' {
if $::operatingsystemrelease =~ /^7/ or $::operatingsystem == 'Fedora' {
if $name == 'port' {
file { 'systemd-port-override':
ensure => present,
path => '/etc/systemd/system/postgresql.service',
owner => root,
group => root,
content => template('postgresql/systemd-port-override.erb'),
notify => [ Exec['restart-systemd'], Class['postgresql::server::service'] ],
before => Class['postgresql::server::reload'],
}
exec { 'restart-systemd':
command => 'systemctl daemon-reload',
refreshonly => true,
path => '/bin:/usr/bin:/usr/local/bin'
}
}
} else {
if $name == 'port' {
# We need to force postgresql to stop before updating the port
# because puppet becomes confused and is unable to manage the
# service appropriately.
exec { 'postgresql_stop':
command => "service ${::postgresql::server::service_name} stop",
onlyif => "service ${::postgresql::server::service_name} status",
unless => "grep 'PGPORT=${value}' /etc/sysconfig/pgsql/postgresql",
path => '/sbin:/bin:/usr/bin:/usr/local/bin',
require => File['/etc/sysconfig/pgsql/postgresql'],
} ->
augeas { 'override PGPORT in /etc/sysconfig/pgsql/postgresql':
lens => 'Shellvars.lns',
incl => '/etc/sysconfig/pgsql/*',
context => '/files/etc/sysconfig/pgsql/postgresql',
changes => "set PGPORT ${value}",
require => File['/etc/sysconfig/pgsql/postgresql'],
notify => Class['postgresql::server::service'],
before => Class['postgresql::server::reload'],
}
}
}
}
case $ensure {
/present|absent/: {
postgresql_conf { $name:
ensure => $ensure,
target => $target,
value => $value,
require => Class['postgresql::server::initdb'],
}
}
default: {
fail("Unknown value for ensure '${ensure}'.")
}
}
}

19
deployment/puppet/postgresql/manifests/server/contrib.pp Normal file
View File

@ -0,0 +1,19 @@
# Install the contrib postgresql packaging. See README.md for more details.
class postgresql::server::contrib (
$package_name = $postgresql::params::contrib_package_name,
$package_ensure = 'present'
) inherits postgresql::params {
validate_string($package_name)
package { 'postgresql-contrib':
ensure => $package_ensure,
name => $package_name,
tag => 'postgresql',
}
anchor { 'postgresql::server::contrib::start': }->
Class['postgresql::server::install']->
Package['postgresql-contrib']->
Class['postgresql::server::service']->
anchor { 'postgresql::server::contrib::end': }
}

83
deployment/puppet/postgresql/manifests/server/database.pp Normal file
View File

@ -0,0 +1,83 @@
# Define for creating a database. See README.md for more details.
define postgresql::server::database(
$dbname = $title,
$owner = $postgresql::server::user,
$tablespace = undef,
$template = 'template0',
$encoding = $postgresql::server::encoding,
$locale = $postgresql::server::locale,
$istemplate = false
) {
$createdb_path = $postgresql::server::createdb_path
$user = $postgresql::server::user
$group = $postgresql::server::group
$psql_path = $postgresql::server::psql_path
$port = $postgresql::server::port
$version = $postgresql::server::_version
$default_db = $postgresql::server::default_database
# Set the defaults for the postgresql_psql resource
Postgresql_psql {
psql_user => $user,
psql_group => $group,
psql_path => $psql_path,
port => $port,
}
# Optionally set the locale switch. Older versions of createdb may not accept
# --locale, so if the parameter is undefined its safer not to pass it.
if ($version != '8.1') {
$locale_option = $locale ? {
undef => '',
default => "--locale=${locale} ",
}
$public_revoke_privilege = 'CONNECT'
} else {
$locale_option = ''
$public_revoke_privilege = 'ALL'
}
$encoding_option = $encoding ? {
undef => '',
default => "--encoding '${encoding}' ",
}
$tablespace_option = $tablespace ? {
undef => '',
default => "--tablespace='${tablespace}' ",
}
$createdb_command = "${createdb_path} --port='${port}' --owner='${owner}' --template=${template} ${encoding_option}${locale_option}${tablespace_option} '${dbname}'"
postgresql_psql { "Check for existence of db '${dbname}'":
command => 'SELECT 1',
unless => "SELECT datname FROM pg_database WHERE datname='${dbname}'",
db => $default_db,
port => $port,
require => Class['postgresql::server::service']
}~>
exec { $createdb_command :
refreshonly => true,
user => $user,
logoutput => on_failure,
}~>
# This will prevent users from connecting to the database unless they've been
# granted privileges.
postgresql_psql {"REVOKE ${public_revoke_privilege} ON DATABASE \"${dbname}\" FROM public":
db => $default_db,
port => $port,
refreshonly => true,
}
Exec [ $createdb_command ]->
postgresql_psql {"UPDATE pg_database SET datistemplate = ${istemplate} WHERE datname = '${dbname}'":
unless => "SELECT datname FROM pg_database WHERE datname = '${dbname}' AND datistemplate = ${istemplate}",
db => $default_db,
}
# Build up dependencies on tablespace
if($tablespace != undef and defined(Postgresql::Server::Tablespace[$tablespace])) {
Postgresql::Server::Tablespace[$tablespace]->Exec[$createdb_command]
}
}

18
deployment/puppet/postgresql/manifests/server/database_grant.pp Normal file
View File

@ -0,0 +1,18 @@
# Manage a database grant. See README.md for more details.
define postgresql::server::database_grant(
$privilege,
$db,
$role,
$psql_db = undef,
$psql_user = undef
) {
postgresql::server::grant { "database:${name}":
role => $role,
db => $db,
privilege => $privilege,
object_type => 'DATABASE',
object_name => $db,
psql_db => $psql_db,
psql_user => $psql_user,
}
}

44
deployment/puppet/postgresql/manifests/server/db.pp Normal file
View File

@ -0,0 +1,44 @@
# Define for conveniently creating a role, database and assigning the correct
# permissions. See README.md for more details.
define postgresql::server::db (
$user,
$password,
$dbname = $title,
$encoding = $postgresql::server::encoding,
$locale = $postgresql::server::locale,
$grant = 'ALL',
$tablespace = undef,
$template = 'template0',
$istemplate = false,
$owner = undef
) {
if ! defined(Postgresql::Server::Database[$dbname]) {
postgresql::server::database { $dbname:
encoding => $encoding,
tablespace => $tablespace,
template => $template,
locale => $locale,
istemplate => $istemplate,
owner => $owner,
}
}
if ! defined(Postgresql::Server::Role[$user]) {
postgresql::server::role { $user:
password_hash => $password,
}
}
if ! defined(Postgresql::Server::Database_grant["GRANT ${user} - ${grant} - ${dbname}"]) {
postgresql::server::database_grant { "GRANT ${user} - ${grant} - ${dbname}":
privilege => $grant,
db => $dbname,
role => $user,
} -> Postgresql::Validate_db_connection<| database_name == $dbname |>
}
if($tablespace != undef and defined(Postgresql::Server::Tablespace[$tablespace])) {
Postgresql::Server::Tablespace[$tablespace]->Postgresql::Server::Database[$name]
}
}

87
deployment/puppet/postgresql/manifests/server/grant.pp Normal file
View File

@ -0,0 +1,87 @@
# Define for granting permissions to roles. See README.md for more details.
define postgresql::server::grant (
$role,
$db,
$privilege = undef,
$object_type = 'database',
$object_name = $db,
$psql_db = $postgresql::server::default_database,
$psql_user = $postgresql::server::user,
$port = $postgresql::server::port
) {
$group = $postgresql::server::group
$psql_path = $postgresql::server::psql_path
## Munge the input values
$_object_type = upcase($object_type)
$_privilege = upcase($privilege)
## Validate that the object type is known
validate_string($_object_type,
#'COLUMN',
'DATABASE',
#'FOREIGN SERVER',
#'FOREIGN DATA WRAPPER',
#'FUNCTION',
#'PROCEDURAL LANGUAGE',
#'SCHEMA',
#'SEQUENCE',
'TABLE',
#'TABLESPACE',
#'VIEW',
)
## Validate that the object type's privilege is acceptable
# TODO: this is a terrible hack; if they pass "ALL" as the desired privilege,
# we need a way to test for it--and has_database_privilege does not
# recognize 'ALL' as a valid privilege name. So we probably need to
# hard-code a mapping between 'ALL' and the list of actual privileges that
# it entails, and loop over them to check them. That sort of thing will
# probably need to wait until we port this over to ruby, so, for now, we're
# just going to assume that if they have "CREATE" privileges on a database,
# then they have "ALL". (I told you that it was terrible!)
case $_object_type {
'DATABASE': {
$unless_privilege = $_privilege ? {
'ALL' => 'CREATE',
default => $_privilege,
}
validate_string($unless_privilege,'CREATE','CONNECT','TEMPORARY','TEMP',
'ALL','ALL PRIVILEGES')
$unless_function = 'has_database_privilege'
$on_db = $psql_db
}
'TABLE': {
$unless_privilege = $_privilege ? {
'ALL' => 'INSERT',
default => $_privilege,
}
validate_string($unless_privilege,'SELECT','INSERT','UPDATE','DELETE',
'TRUNCATE','REFERENCES','TRIGGER','ALL','ALL PRIVILEGES')
$unless_function = 'has_table_privilege'
$on_db = $db
}
default: {
fail("Missing privilege validation for object type ${_object_type}")
}
}
$grant_cmd = "GRANT ${_privilege} ON ${_object_type} \"${object_name}\" TO \"${role}\""
postgresql_psql { $grant_cmd:
db => $on_db,
port => $port,
psql_user => $psql_user,
psql_group => $group,
psql_path => $psql_path,
unless => "SELECT 1 WHERE ${unless_function}('${role}', '${object_name}', '${unless_privilege}')",
require => Class['postgresql::server']
}
if($role != undef and defined(Postgresql::Server::Role[$role])) {
Postgresql::Server::Role[$role]->Postgresql_psql[$grant_cmd]
}
if($db != undef and defined(Postgresql::Server::Database[$db])) {
Postgresql::Server::Database[$db]->Postgresql_psql[$grant_cmd]
}
}

66
deployment/puppet/postgresql/manifests/server/initdb.pp Normal file
View File

@ -0,0 +1,66 @@
# PRIVATE CLASS: do not call directly
class postgresql::server::initdb {
$needs_initdb = $postgresql::server::needs_initdb
$initdb_path = $postgresql::server::initdb_path
$datadir = $postgresql::server::datadir
$xlogdir = $postgresql::server::xlogdir
$encoding = $postgresql::server::encoding
$locale = $postgresql::server::locale
$group = $postgresql::server::group
$user = $postgresql::server::user
# Make sure the data directory exists, and has the correct permissions.
file { $datadir:
ensure => directory,
owner => $user,
group => $group,
mode => '0700',
}
if($xlogdir) {
# Make sure the xlog directory exists, and has the correct permissions.
file { $xlogdir:
ensure => directory,
owner => $user,
group => $group,
mode => '0700',
}
}
if($needs_initdb) {
# Build up the initdb command.
#
# We optionally add the locale switch if specified. Older versions of the
# initdb command don't accept this switch. So if the user didn't pass the
# parameter, lets not pass the switch at all.
$ic_base = "${initdb_path} --encoding '${encoding}' --pgdata '${datadir}'"
$ic_xlog = $xlogdir ? {
undef => $ic_base,
default => "${ic_base} --xlogdir '${xlogdir}'"
}
# The xlogdir need to be present before initdb runs.
# If xlogdir is default it's created by package installer
if($xlogdir) {
$require_before_initdb = [$datadir, $xlogdir]
} else {
$require_before_initdb = [$datadir]
}
$initdb_command = $locale ? {
undef => $ic_xlog,
default => "${ic_xlog} --locale '${locale}'"
}
# This runs the initdb command, we use the existance of the PG_VERSION
# file to ensure we don't keep running this command.
exec { 'postgresql_initdb':
command => $initdb_command,
creates => "${datadir}/PG_VERSION",
user => $user,
group => $group,
logoutput => on_failure,
require => File[$require_before_initdb],
}
}
}

23
deployment/puppet/postgresql/manifests/server/install.pp Normal file
View File

@ -0,0 +1,23 @@
# PRIVATE CLASS: do not call directly
class postgresql::server::install {
$package_ensure = $postgresql::server::package_ensure
$package_name = $postgresql::server::package_name
$client_package_name = $postgresql::server::client_package_name
$_package_ensure = $package_ensure ? {
true => 'present',
false => 'purged',
'absent' => 'purged',
default => $package_ensure,
}
package { 'postgresql-server':
ensure => $_package_ensure,
name => $package_name,
# This is searched for to create relationships with the package repos, be
# careful about its removal
tag => 'postgresql',
}
}

32
deployment/puppet/postgresql/manifests/server/passwd.pp Normal file
View File

@ -0,0 +1,32 @@
# PRIVATE CLASS: do not call directly
class postgresql::server::passwd {
$postgres_password = $postgresql::server::postgres_password
$user = $postgresql::server::user
$group = $postgresql::server::group
$psql_path = $postgresql::server::psql_path
if ($postgres_password != undef) {
# NOTE: this password-setting logic relies on the pg_hba.conf being
# configured to allow the postgres system user to connect via psql
# without specifying a password ('ident' or 'trust' security). This is
# the default for pg_hba.conf.
$escaped = postgresql_escape($postgres_password)
$env = "env PGPASSWORD='${postgres_password}'"
exec { 'set_postgres_postgrespw':
# This command works w/no password because we run it as postgres system
# user
command => "${psql_path} -c 'ALTER ROLE \"${user}\" PASSWORD ${escaped}'",
user => $user,
group => $group,
logoutput => true,
cwd => '/tmp',
# With this command we're passing -h to force TCP authentication, which
# does require a password. We specify the password via the PGPASSWORD
# environment variable. If the password is correct (current), this
# command will exit with an exit code of 0, which will prevent the main
# command from running.
unless => "${env} ${psql_path} -h localhost -c 'select 1' > /dev/null",
path => '/usr/bin:/usr/local/bin:/bin',
}
}
}

52
deployment/puppet/postgresql/manifests/server/pg_hba_rule.pp Normal file
View File

@ -0,0 +1,52 @@
# This resource manages an individual rule that applies to the file defined in
# $target. See README.md for more details.
define postgresql::server::pg_hba_rule(
$type,
$database,
$user,
$auth_method,
$address = undef,
$description = 'none',
$auth_option = undef,
$order = '150',
# Needed for testing primarily, support for multiple files is not really
# working.
$target = $postgresql::server::pg_hba_conf_path
) {
if $postgresql::server::manage_pg_hba_conf == false {
fail('postgresql::server::manage_pg_hba_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests')
} else {
validate_re($type, '^(local|host|hostssl|hostnossl)$',
"The type you specified [${type}] must be one of: local, host, hostssl, hostnosssl")
if($type =~ /^host/ and $address == undef) {
fail('You must specify an address property when type is host based')
}
$allowed_auth_methods = $postgresql::server::_version ? {
'9.3' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
'9.2' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
'9.1' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
'9.0' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'radius', 'cert', 'pam'],
'8.4' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'cert', 'pam'],
'8.3' => ['trust', 'reject', 'md5', 'sha1', 'crypt', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'pam'],
'8.2' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'ldap', 'pam'],
'8.1' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'pam'],
default => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'crypt']
}
$auth_method_regex = join(['^(', join($allowed_auth_methods, '|'), ')$'],'')
validate_re($auth_method, $auth_method_regex,
join(["The auth_method you specified [${auth_method}] must be one of: ", join($allowed_auth_methods, ', ')],''))
# Create a rule fragment
$fragname = "pg_hba_rule_${name}"
concat::fragment { $fragname:
target => $target,
content => template('postgresql/pg_hba_rule.conf'),
order => $order,
}
}
}

27
deployment/puppet/postgresql/manifests/server/pg_ident_rule.pp Normal file
View File

@ -0,0 +1,27 @@
# This resource manages an individual rule that applies to the file defined in
# $target. See README.md for more details.
define postgresql::server::pg_ident_rule(
$map_name,
$system_username,
$database_username,
$description = 'none',
$order = '150',
# Needed for testing primarily, support for multiple files is not really
# working.
$target = $postgresql::server::pg_ident_conf_path
) {
if $postgresql::server::manage_pg_ident_conf == false {
fail('postgresql::server::manage_pg_ident_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests')
} else {
# Create a rule fragment
$fragname = "pg_ident_rule_${name}"
concat::fragment { $fragname:
target => $target,
content => template('postgresql/pg_ident_rule.conf'),
order => $order,
}
}
}

19
deployment/puppet/postgresql/manifests/server/plperl.pp Normal file
View File

@ -0,0 +1,19 @@
# This class installs the PL/Perl procedural language for postgresql. See
# README.md for more details.
class postgresql::server::plperl(
$package_ensure = 'present',
$package_name = $postgresql::server::plperl_package_name
) {
package { 'postgresql-plperl':
ensure => $package_ensure,
name => $package_name,
tag => 'postgresql',
}
anchor { 'postgresql::server::plperl::start': }->
Class['postgresql::server::install']->
Package['postgresql-plperl']->
Class['postgresql::server::service']->
anchor { 'postgresql::server::plperl::end': }
}

24
deployment/puppet/postgresql/manifests/server/postgis.pp Normal file
View File

@ -0,0 +1,24 @@
# Install the postgis postgresql packaging. See README.md for more details.
class postgresql::server::postgis (
$package_name = $postgresql::params::postgis_package_name,
$package_ensure = 'present'
) inherits postgresql::params {
validate_string($package_name)
package { 'postgresql-postgis':
ensure => $package_ensure,
name => $package_name,
tag => 'postgresql',
}
anchor { 'postgresql::server::postgis::start': }->
Class['postgresql::server::install']->
Package['postgresql-postgis']->
Class['postgresql::server::service']->
anchor { 'postgresql::server::postgis::end': }
if $postgresql::globals::manage_package_repo {
Class['postgresql::repo'] ->
Package['postgresql-postgis']
}
}

13
deployment/puppet/postgresql/manifests/server/reload.pp Normal file
View File

@ -0,0 +1,13 @@
# PRIVATE CLASS: do not use directly
class postgresql::server::reload {
$service_name = $postgresql::server::service_name
$service_status = $postgresql::server::service_status
exec { 'postgresql_reload':
path => '/usr/bin:/usr/sbin:/bin:/sbin',
command => "service ${service_name} reload",
onlyif => $service_status,
refreshonly => true,
require => Class['postgresql::server::service'],
}
}

93
deployment/puppet/postgresql/manifests/server/role.pp Normal file
View File

@ -0,0 +1,93 @@
# Define for creating a database role. See README.md for more information
define postgresql::server::role(
$password_hash = false,
$createdb = false,
$createrole = false,
$db = $postgresql::server::default_database,
$port = $postgresql::server::port,
$login = true,
$inherit = true,
$superuser = false,
$replication = false,
$connection_limit = '-1',
$username = $title
) {
$psql_user = $postgresql::server::user
$psql_group = $postgresql::server::group
$psql_path = $postgresql::server::psql_path
$version = $postgresql::server::_version
$login_sql = $login ? { true => 'LOGIN', default => 'NOLOGIN' }
$inherit_sql = $inherit ? { true => 'INHERIT', default => 'NOINHERIT' }
$createrole_sql = $createrole ? { true => 'CREATEROLE', default => 'NOCREATEROLE' }
$createdb_sql = $createdb ? { true => 'CREATEDB', default => 'NOCREATEDB' }
$superuser_sql = $superuser ? { true => 'SUPERUSER', default => 'NOSUPERUSER' }
$replication_sql = $replication ? { true => 'REPLICATION', default => '' }
if ($password_hash != false) {
$password_sql = "ENCRYPTED PASSWORD '${password_hash}'"
} else {
$password_sql = ''
}
Postgresql_psql {
db => $db,
port => $port,
psql_user => $psql_user,
psql_group => $psql_group,
psql_path => $psql_path,
require => [ Postgresql_psql["CREATE ROLE \"${username}\" ${password_sql} ${login_sql} ${createrole_sql} ${createdb_sql} ${superuser_sql} ${replication_sql} CONNECTION LIMIT ${connection_limit}"], Class['postgresql::server'] ],
}
postgresql_psql {"CREATE ROLE \"${username}\" ${password_sql} ${login_sql} ${createrole_sql} ${createdb_sql} ${superuser_sql} ${replication_sql} CONNECTION LIMIT ${connection_limit}":
unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}'",
require => Class['Postgresql::Server'],
}
postgresql_psql {"ALTER ROLE \"${username}\" ${superuser_sql}":
unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolsuper=${superuser}",
}
postgresql_psql {"ALTER ROLE \"${username}\" ${createdb_sql}":
unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolcreatedb=${createdb}",
}
postgresql_psql {"ALTER ROLE \"${username}\" ${createrole_sql}":
unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolcreaterole=${createrole}",
}
postgresql_psql {"ALTER ROLE \"${username}\" ${login_sql}":
unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolcanlogin=${login}",
}
postgresql_psql {"ALTER ROLE \"${username}\" ${inherit_sql}":
unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolinherit=${inherit}",
}
if(versioncmp($version, '9.1') >= 0) {
if $replication_sql == '' {
postgresql_psql {"ALTER ROLE \"${username}\" NOREPLICATION":
unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolreplication=${replication}",
}
} else {
postgresql_psql {"ALTER ROLE \"${username}\" ${replication_sql}":
unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolreplication=${replication}",
}
}
}
postgresql_psql {"ALTER ROLE \"${username}\" CONNECTION LIMIT ${connection_limit}":
unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolconnlimit=${connection_limit}",
}
if $password_hash {
if($password_hash =~ /^md5.+/) {
$pwd_hash_sql = $password_hash
} else {
$pwd_md5 = md5("${password_hash}${username}")
$pwd_hash_sql = "md5${pwd_md5}"
}
postgresql_psql {"ALTER ROLE \"${username}\" ${password_sql}":
unless => "SELECT usename FROM pg_shadow WHERE usename='${username}' and passwd='${pwd_hash_sql}'",
}
}
}

39
deployment/puppet/postgresql/manifests/server/schema.pp Normal file
View File

@ -0,0 +1,39 @@
# This defined types creates database schemas. See README.md for more details.
define postgresql::server::schema(
$db,
$owner = undef,
$schema = $title,
) {
$user = $postgresql::server::user
$group = $postgresql::server::group
$port = $postgresql::server::port
$psql_path = $postgresql::server::psql_path
$version = $postgresql::server::_version
Postgresql_psql {
db => $db,
psql_user => $user,
psql_group => $group,
psql_path => $psql_path,
port => $port,
}
$schema_title = "Create Schema '${schema}'"
$authorization = $owner? {
undef => '',
default => "AUTHORIZATION \"${owner}\"",
}
$schema_command = "CREATE SCHEMA \"${schema}\" ${authorization}"
$unless = "SELECT nspname FROM pg_namespace WHERE nspname='${schema}'"
postgresql_psql { $schema_title:
command => $schema_command,
unless => $unless,
require => Class['postgresql::server'],
}
if($owner != undef and defined(Postgresql::Server::Role[$owner])) {
Postgresql::Server::Role[$owner]->Postgresql_psql[$schema_title]
}
}

42
deployment/puppet/postgresql/manifests/server/service.pp Normal file
View File

@ -0,0 +1,42 @@
# PRIVATE CLASS: do not call directly
class postgresql::server::service {
$service_ensure = $postgresql::server::service_ensure
$service_enable = $postgresql::server::service_enable
$service_name = $postgresql::server::service_name
$service_provider = $postgresql::server::service_provider
$service_status = $postgresql::server::service_status
$user = $postgresql::server::user
$port = $postgresql::server::port
$default_database = $postgresql::server::default_database
anchor { 'postgresql::server::service::begin': }
service { 'postgresqld':
ensure => $service_ensure,
enable => $service_enable,
name => $service_name,
provider => $service_provider,
hasstatus => true,
status => $service_status,
}
if $service_ensure == 'running' {
# This blocks the class before continuing if chained correctly, making
# sure the service really is 'up' before continuing.
#
# Without it, we may continue doing more work before the database is
# prepared leading to a nasty race condition.
postgresql::validate_db_connection { 'validate_service_is_running':
run_as => $user,
database_name => $default_database,
database_port => $port,
sleep => 1,
tries => 60,
create_db_first => false,
require => Service['postgresqld'],
before => Anchor['postgresql::server::service::end']
}
}
anchor { 'postgresql::server::service::end': }
}

22
deployment/puppet/postgresql/manifests/server/table_grant.pp Normal file
View File

@ -0,0 +1,22 @@
# This resource wraps the grant resource to manage table grants specifically.
# See README.md for more details.
define postgresql::server::table_grant(
$privilege,
$table,
$db,
$role,
$port = $postgresql::server::port,
$psql_db = undef,
$psql_user = undef
) {
postgresql::server::grant { "table:${name}":
role => $role,
db => $db,
port => $port,
privilege => $privilege,
object_type => 'TABLE',
object_name => $table,
psql_db => $psql_db,
psql_user => $psql_user,
}
}

47
deployment/puppet/postgresql/manifests/server/tablespace.pp Normal file
View File

@ -0,0 +1,47 @@
# This module creates tablespace. See README.md for more details.
define postgresql::server::tablespace(
$location,
$owner = undef,
$spcname = $title
) {
$user = $postgresql::server::user
$group = $postgresql::server::group
$port = $postgresql::server::port
$psql_path = $postgresql::server::psql_path
Postgresql_psql {
psql_user => $user,
psql_group => $group,
psql_path => $psql_path,
port => $port,
}
if ($owner == undef) {
$owner_section = ''
} else {
$owner_section = "OWNER \"${owner}\""
}
$create_tablespace_command = "CREATE TABLESPACE \"${spcname}\" ${owner_section} LOCATION '${location}'"
file { $location:
ensure => directory,
owner => $user,
group => $group,
mode => '0700',
seluser => 'system_u',
selrole => 'object_r',
seltype => 'postgresql_db_t',
}
$create_ts = "Create tablespace '${spcname}'"
postgresql_psql { "Create tablespace '${spcname}'":
command => $create_tablespace_command,
unless => "SELECT spcname FROM pg_tablespace WHERE spcname='${spcname}'",
require => [Class['postgresql::server'], File[$location]],
}
if($owner != undef and defined(Postgresql::Server::Role[$owner])) {
Postgresql::Server::Role[$owner]->Postgresql_psql[$create_ts]
}
}

146
deployment/puppet/postgresql/manifests/validate_db_connection.pp
View File

@ -1,95 +1,75 @@
# Define: postgresql::validate_db_connection
#
# This type validates that a successful postgres connection can be established
# between the node on which this resource is run and a specified postgres
# instance (host/port/user/password/database name).
#
# Parameters:
# [*database_host*] - the hostname or IP address of the machine where the
# postgres server should be running.
# [*database_port*] - the port on which postgres server should be
# listening (defaults to 5432).
# [*database_username*] - the postgres username
# [*database_password*] - the postgres user's password
# [*database_name*] - the database name that the connection should be
# established against
# [*client_package_name*] - (optional) the name of the postgres client package
# that provides the psql tool, if you aren't using
# the default system package.
#
# NOTE: to some degree this type assumes that you've created the corresponding
# postgres database instance that you are validating by using the
# `postgresql::db` or `postgresql::database` type provided by this module
# elsewhere in your manifests.
#
# Actions:
#
# Attempts to establish a connection to the specified postgres database. If
# a connection cannot be established, the resource will fail; this allows you
# to use it as a dependency for other resources that would be negatively
# impacted if they were applied without the postgres connection being available.
#
# Requires:
#
# `psql` commandline tool (will automatically install the system's postgres
# client package if it is not already installed.)
#
# Sample Usage:
#
# postgresql::validate_db_connection { 'validate my postgres connection':
# database_host => 'my.postgres.host',
# database_username => 'mydbuser',
# database_password => 'mydbpassword',
# database_name => 'mydbname',
# }
#
# See README.md for more details.
define postgresql::validate_db_connection(
$database_host,
$database_port = 5432,
$database_username,
$database_password,
$database_name,
$client_package_name = "",
$database_host = undef,
$database_name = undef,
$database_password = undef,
$database_username = undef,
$database_port = undef,
$run_as = undef,
$sleep = 2,
$tries = 10,
$create_db_first = true
) {
include postgresql::params
require postgresql::client
include postgresql::params
# This is a bit messy, but we need to use the correct client package name
# from the params class if the user did not explicitly provide one.
if (! $client_package_name) {
$package_name = $postgresql::params::client_package_name
} else {
$package_name = $client_package_name
}
$psql_path = $postgresql::params::psql_path
# Make sure the postgres client package is installed; we need it for
# `psql`.
package { 'postgresql-client':
name => $package_name,
ensure => present,
}
$cmd_init = "${psql_path} --tuples-only --quiet "
$cmd_host = $database_host ? {
undef => '',
default => "-h ${database_host} ",
}
$cmd_user = $database_username ? {
undef => '',
default => "-U ${database_username} ",
}
$cmd_port = $database_port ? {
undef => '',
default => "-p ${database_port} ",
}
$cmd_dbname = $database_name ? {
undef => "--dbname ${postgresql::params::default_database} ",
default => "--dbname ${database_name} ",
}
$env = $database_password ? {
undef => undef,
default => "PGPASSWORD=${database_password}",
}
$cmd = join([$cmd_init, $cmd_host, $cmd_user, $cmd_port, $cmd_dbname])
$validate_cmd = "/usr/local/bin/validate_postgresql_connection.sh ${sleep} ${tries} '${cmd}'"
# TODO: port to ruby
$psql = "${postgresql::params::psql_path} --tuples-only --quiet -h $database_host -U $database_username -p $database_port --dbname $database_name"
# This is more of a safety valve, we add a little extra to compensate for the
# time it takes to run each psql command.
$timeout = (($sleep + 2) * $tries)
$exec_name = "validate postgres connection for $database_host/$database_name"
exec {$exec_name:
command => "/bin/echo \"SELECT 1\" | $psql",
cwd => '/tmp',
environment => "PGPASSWORD=$database_password",
logoutput => 'on_failure',
require => Package['postgresql-client'],
}
$exec_name = "validate postgres connection for ${database_host}/${database_name}"
exec { $exec_name:
command => "echo 'Unable to connect to defined database using: ${cmd}' && false",
unless => $validate_cmd,
cwd => '/tmp',
environment => $env,
logoutput => 'on_failure',
user => $run_as,
path => '/bin:/usr/bin:/usr/local/bin',
timeout => $timeout,
require => Package['postgresql-client'],
}
# This is a little bit of puppet magic. What we want to do here is make
# sure that if the validation and the database instance creation are being
# applied on the same machine, then the database resource is applied *before*
# the validation resource. Otherwise, the validation is guaranteed to fail
# on the first run.
#
# We accomplish this by using Puppet's resource collection syntax to search
# for the Database resource in our current catalog; if it exists, the
# appropriate relationship is created here.
Database<|title == $database_name|> -> Exec[$exec_name]
# This is a little bit of puppet magic. What we want to do here is make
# sure that if the validation and the database instance creation are being
# applied on the same machine, then the database resource is applied *before*
# the validation resource. Otherwise, the validation is guaranteed to fail
# on the first run.
#
# We accomplish this by using Puppet's resource collection syntax to search
# for the Database resource in our current catalog; if it exists, the
# appropriate relationship is created here.
if($create_db_first) {
Postgresql::Server::Database<|title == $database_name|> -> Exec[$exec_name]
}
}

46
deployment/puppet/postgresql/spec/Vagrantfile vendored
View File

@ -1,46 +0,0 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# puppet-postgresql
# For all details and documentation:
# http://github.com/inkling/puppet-postgresql
#
# Copyright 2012- Inkling Systems, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
Vagrant::Config.run do |config|
# Test on 64 bit lucid
config.vm.box = "lucid64"
config.vm.box_url = "http://files.vagrantup.com/lucid64.box"
# Resolve DNS via NAT
config.vm.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
# Share the stdlib module
# TODO: it would be better to install this via the puppet module tool
config.vm.share_folder "puppetlabs-stdlib-module", "/usr/share/puppet/modules/stdlib", "../../puppetlabs-stdlib"
# Share the postgressql module
config.vm.share_folder "puppet-postgresql-module", "/usr/share/puppet/modules/postgresql", ".."
# Share the module of test classes
config.vm.share_folder "puppet-postgresql-tests", "/usr/share/puppet/modules/postgresql_tests", "."
# Provision with a base puppet config just so we don't have to repeat the puppet user/group
config.vm.provision :puppet do |puppet|
puppet.manifests_path = "."
puppet.manifest_file = "base.pp"
end
end

28
deployment/puppet/postgresql/spec/acceptance/alternative_port_spec.rb Normal file
View File

@ -0,0 +1,28 @@
require 'spec_helper_acceptance'
# These tests ensure that postgres can change itself to an alternative port
# properly.
describe 'postgres::server', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
it 'on an alternative port' do
pp = <<-EOS
class { 'postgresql::server': port => '5433' }
EOS
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
end
describe port(5433) do
it { is_expected.to be_listening }
end
it 'can connect with psql' do
psql('-p 5433 --command="\l" postgres', 'postgres') do |r|
expect(r.stdout).to match(/List of databases/)
end
end
end

35
deployment/puppet/postgresql/spec/acceptance/db_spec.rb Normal file
View File

@ -0,0 +1,35 @@
require 'spec_helper_acceptance'
describe 'postgresql::server::db', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
it 'creates a database' do
begin
tmpdir = default.tmpdir('postgresql')
pp = <<-EOS
class { 'postgresql::server': }
postgresql::server::tablespace { 'postgresql_test_db':
location => '#{tmpdir}',
} ->
postgresql::server::db { 'postgresql_test_db':
user => 'test',
password => 'test1',
tablespace => 'postgresql_test_db',
}
EOS
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
psql('--command="select datname from pg_database" postgresql_test_db') do |r|
expect(r.stdout).to match(/postgresql_test_db/)
expect(r.stderr).to eq('')
end
psql('--command="SELECT 1 FROM pg_roles WHERE rolname=\'test\'"') do |r|
expect(r.stdout).to match(/\(1 row\)/)
end
ensure
psql('--command="drop database postgresql_test_db" postgres')
psql('--command="DROP USER test"')
end
end
end

28
deployment/puppet/postgresql/spec/acceptance/default_parameters_spec.rb Normal file
View File

@ -0,0 +1,28 @@
require 'spec_helper_acceptance'
# These tests are designed to ensure that the module, when ran with defaults,
# sets up everything correctly and allows us to connect to Postgres.
describe 'postgres::server', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
it 'with defaults' do
pp = <<-EOS
class { 'postgresql::server': }
EOS
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
end
describe port(5432) do
it { is_expected.to be_listening }
end
it 'can connect with psql' do
psql('--command="\l" postgres', 'postgres') do |r|
expect(r.stdout).to match(/List of databases/)
end
end
end

10
deployment/puppet/postgresql/spec/acceptance/nodesets/centos-510-x64.yml Normal file
View File

@ -0,0 +1,10 @@
HOSTS:
centos-510-x64:
roles:
- master
platform: el-5-x86_64
box : centos-510-x64-virtualbox-nocm
box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-510-x64-virtualbox-nocm.box
hypervisor : vagrant
CONFIG:
type: git

10
deployment/puppet/postgresql/spec/acceptance/nodesets/centos-59-x64.yml Normal file
View File

@ -0,0 +1,10 @@
HOSTS:
centos-59-x64:
roles:
- master
platform: el-5-x86_64
box : centos-59-x64-vbox4210-nocm
box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210-nocm.box
hypervisor : vagrant
CONFIG:
type: git

12
deployment/puppet/postgresql/spec/acceptance/nodesets/centos-64-x64-pe.yml Normal file
View File

@ -0,0 +1,12 @@
HOSTS:
centos-64-x64:
roles:
- master
- database
- dashboard
platform: el-6-x86_64
box : centos-64-x64-vbox4210-nocm
box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box
hypervisor : vagrant
CONFIG:
type: pe

10
deployment/puppet/postgresql/spec/acceptance/nodesets/centos-64-x64.yml Normal file
View File

@ -0,0 +1,10 @@
HOSTS:
centos-64-x64:
roles:
- master
platform: el-6-x86_64
box : centos-64-x64-vbox4210-nocm
box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box
hypervisor : vagrant
CONFIG:
type: git

10
deployment/puppet/postgresql/spec/acceptance/nodesets/centos-65-x64.yml Normal file
View File

@ -0,0 +1,10 @@
HOSTS:
centos-65-x64:
roles:
- master
platform: el-6-x86_64
box : centos-65-x64-vbox436-nocm
box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-65-x64-virtualbox-nocm.box
hypervisor : vagrant
CONFIG:
type: foss

10
deployment/puppet/postgresql/spec/acceptance/nodesets/debian-607-x64.yml Normal file
View File

@ -0,0 +1,10 @@
HOSTS:
debian-607-x64:
roles:
- master
platform: debian-6-amd64
box : debian-607-x64-vbox4210-nocm
box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-607-x64-vbox4210-nocm.box
hypervisor : vagrant
CONFIG:
type: git

10
deployment/puppet/postgresql/spec/acceptance/nodesets/debian-73-x64.yml Normal file
View File

@ -0,0 +1,10 @@
HOSTS:
debian-73-x64:
roles:
- master
platform: debian-7-amd64
box : debian-73-x64-virtualbox-nocm
box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-73-x64-virtualbox-nocm.box
hypervisor : vagrant
CONFIG:
type: git

10
deployment/puppet/postgresql/spec/acceptance/nodesets/default.yml Normal file
View File

@ -0,0 +1,10 @@
HOSTS:
centos-64-x64:
roles:
- master
platform: el-6-x86_64
box : centos-64-x64-vbox4210-nocm
box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box
hypervisor : vagrant
CONFIG:
type: git

10
deployment/puppet/postgresql/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml Normal file
View File

@ -0,0 +1,10 @@
HOSTS:
ubuntu-server-10044-x64:
roles:
- master
platform: ubuntu-10.04-amd64
box : ubuntu-server-10044-x64-vbox4210-nocm
box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-10044-x64-vbox4210-nocm.box
hypervisor : vagrant
CONFIG:
type: foss

10
deployment/puppet/postgresql/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml Normal file
View File

@ -0,0 +1,10 @@
HOSTS:
ubuntu-server-12042-x64:
roles:
- master
platform: ubuntu-12.04-amd64
box : ubuntu-server-12042-x64-vbox4210-nocm
box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-12042-x64-vbox4210-nocm.box
hypervisor : vagrant
CONFIG:
type: foss

11
deployment/puppet/postgresql/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml Normal file
View File

@ -0,0 +1,11 @@
HOSTS:
ubuntu-server-1404-x64:
roles:
- master
platform: ubuntu-14.04-amd64
box : puppetlabs/ubuntu-14.04-64-nocm
box_url : https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm
hypervisor : vagrant
CONFIG:
log_level : debug
type: git

116
deployment/puppet/postgresql/spec/acceptance/postgresql_psql_spec.rb Normal file
View File

@ -0,0 +1,116 @@
require 'spec_helper_acceptance'
describe 'postgresql_psql', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
it 'should always run SQL' do
pp = <<-EOS
class { 'postgresql::server': } ->
postgresql_psql { 'foobar':
db => 'postgres',
psql_user => 'postgres',
command => 'select 1',
}
EOS
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :expect_changes => true)
end
it 'should run some SQL when the unless query returns no rows' do
pp = <<-EOS
class { 'postgresql::server': } ->
postgresql_psql { 'foobar':
db => 'postgres',
psql_user => 'postgres',
command => 'select 1',
unless => 'select 1 where 1=2',
}
EOS
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :expect_changes => true)
end
it 'should not run SQL when the unless query returns rows' do
pp = <<-EOS
class { 'postgresql::server': } ->
postgresql_psql { 'foobar':
db => 'postgres',
psql_user => 'postgres',
command => 'select * from pg_database limit 1',
unless => 'select 1 where 1=1',
}
EOS
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
end
it 'should not run SQL when refreshed and the unless query returns rows' do
pp = <<-EOS
class { 'postgresql::server': } ->
notify { 'trigger': } ~>
postgresql_psql { 'foobar':
db => 'postgres',
psql_user => 'postgres',
command => 'invalid sql statement',
unless => 'select 1 where 1=1',
}
EOS
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :expect_changes => true)
end
context 'with refreshonly' do
it 'should not run SQL when the unless query returns no rows' do
pp = <<-EOS
class { 'postgresql::server': } ->
postgresql_psql { 'foobar':
db => 'postgres',
psql_user => 'postgres',
command => 'select 1',
unless => 'select 1 where 1=2',
refreshonly => true,
}
EOS
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
end
it 'should run SQL when refreshed and the unless query returns no rows' do
pp = <<-EOS.unindent
class { 'postgresql::server': } ->
notify { 'trigger': } ~>
postgresql_psql { 'foobar':
db => 'postgres',
psql_user => 'postgres',
command => 'select 1',
unless => 'select 1 where 1=2',
refreshonly => true,
}
EOS
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :expect_changes => true)
end
it 'should not run SQL when refreshed and the unless query returns rows' do
pp = <<-EOS.unindent
class { 'postgresql::server': } ->
notify { 'trigger': } ~>
postgresql_psql { 'foobar':
db => 'postgres',
psql_user => 'postgres',
command => 'invalid sql query',
unless => 'select 1 where 1=1',
refreshonly => true,
}
EOS
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :expect_changes => true)
end
end
end

56
deployment/puppet/postgresql/spec/acceptance/server/schema_spec.rb Normal file
View File

@ -0,0 +1,56 @@
require 'spec_helper_acceptance'
describe 'postgresql::server::schema:', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
it 'should create a schema for a user' do
begin
pp = <<-EOS.unindent
$db = 'schema_test'
$user = 'psql_schema_tester'
$password = 'psql_schema_pw'
class { 'postgresql::server': }
# Since we are not testing pg_hba or any of that, make a local user for ident auth
user { $user:
ensure => present,
}
postgresql::server::role { $user:
password_hash => postgresql_password($user, $password),
}
postgresql::server::database { $db:
owner => $user,
require => Postgresql::Server::Role[$user],
}
# Create a rule for the user
postgresql::server::pg_hba_rule { "allow ${user}":
type => 'local',
database => $db,
user => $user,
auth_method => 'ident',
order => 1,
}
postgresql::server::schema { $user:
db => $db,
owner => $user,
require => Postgresql::Server::Database[$db],
}
EOS
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
## Check that the user can create a table in the database
psql('--command="create table psql_schema_tester.foo (foo int)" schema_test', 'psql_schema_tester') do |r|
expect(r.stdout).to match(/CREATE TABLE/)
expect(r.stderr).to eq('')
end
ensure
psql('--command="drop table psql_schema_tester.foo" schema_test', 'psql_schema_tester')
end
end
end

34
deployment/puppet/postgresql/spec/base.pp
View File

@ -1,34 +0,0 @@
# puppet-postgresql
# For all details and documentation:
# http://github.com/inkling/puppet-postgresql
#
# Copyright 2012- Inkling Systems, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
group {'puppet':
ensure => present,
}
user {'puppet':
ensure => present,
gid => 'puppet',
}
file {'/etc/sudoers.d/puppet_postgresql_tests':
ensure => file,
content => 'vagrant ALL=(ALL) ALL',
mode => '0440',
owner => root,
group => root,
}

27
deployment/puppet/postgresql/spec/manifests/test_db.pp
View File

@ -1,27 +0,0 @@
# puppet-postgresql
# For all details and documentation:
# http://github.com/inkling/puppet-postgresql
#
# Copyright 2012- Inkling Systems, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
class postgresql_tests::test_db($db) {
include postgresql::server
postgresql::db { $db:
user => $db,
password => $db,
}
}

45
deployment/puppet/postgresql/spec/manifests/test_grant_create.pp
View File

@ -1,45 +0,0 @@
# puppet-postgresql
# For all details and documentation:
# http://github.com/inkling/puppet-postgresql
#
# Copyright 2012- Inkling Systems, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
class postgresql_tests::test_grant_create($user, $password, $db) {
include postgresql::server
# Since we are not testing pg_hba or any of that, make a local user for ident auth
user { $user:
ensure => present,
}
postgresql::database_user { $user:
password_hash => postgresql_password($user, $password),
require => [ Class['postgresql::server'],
User[$user] ],
}
postgresql::database { $db:
require => Class['postgresql::server'],
}
postgresql::database_grant { "grant create test":
privilege => 'CREATE',
db => $db,
role => $user,
require => [ Postgresql::Database[$db],
Postgresql::Database_user[$user] ],
}
}

26
deployment/puppet/postgresql/spec/manifests/test_initdb.pp
View File

@ -1,26 +0,0 @@
# puppet-postgresql
# For all details and documentation:
# http://github.com/inkling/puppet-postgresql
#
# Copyright 2012- Inkling Systems, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
class postgresql_tests::test_initdb {
include postgresql::server
class { "postgresql::initdb":
require => Class['postgresql::server']
}
}

30
deployment/puppet/postgresql/spec/manifests/test_psql.pp
View File

@ -1,30 +0,0 @@
# puppet-postgresql
# For all details and documentation:
# http://github.com/inkling/puppet-postgresql
#
# Copyright 2012- Inkling Systems, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
class postgresql_tests::test_psql($command = $title, $unless) {
include postgresql::server
postgresql::psql { $title:
db => 'postgres',
user => 'postgres',
command => $command,
unless => $unless,
require => Class['postgresql::server'],
}
}

33
deployment/puppet/postgresql/spec/manifests/test_user.pp
View File

@ -1,33 +0,0 @@
# puppet-postgresql
# For all details and documentation:
# http://github.com/inkling/puppet-postgresql
#
# Copyright 2012- Inkling Systems, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
class postgresql_tests::test_user($user, $password) {
include postgresql::server
# Since we are not testing pg_hba or any of that, make a local user for ident auth
user { $user:
ensure => present,
}
postgresql::database_user { $user:
password_hash => postgresql_password($user, $password),
require => [ Class['postgresql::server'],
User[$user] ],
}
}

152
deployment/puppet/postgresql/spec/postgresql_spec.rb
View File

@ -1,152 +0,0 @@
# puppet-postgresql
# For all details and documentation:
# http://github.com/inkling/puppet-postgresql
#
# Copyright 2012- Inkling Systems, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
require 'logger'
require 'vagrant'
# VM-based tests for postgresql::* defined resource types.
#
# The general structure is:
#
# - Roll back the VM
# - Apply a minimal puppet config for the type and fail only on crashes
# - Apply it again and fail if there were any new changes reported
# - Check the state of the system
describe "postgresql" do
def sudo_and_log(*args)
@logger.debug("Running command: '#{args[0]}'")
@env.primary_vm.channel.sudo(args[0]) do |ch, data|
@logger.debug(data)
end
end
before(:all) do
@logger = Logger.new(STDOUT)
@logger.level = Logger::DEBUG # TODO: get from environment or rspec?
vagrant_dir = File.dirname(__FILE__)
@env = Vagrant::Environment::new(:cwd => vagrant_dir)
# Sahara ignores :cwd so we have to chdir for now, see https://github.com/jedi4ever/sahara/issues/9
Dir.chdir(vagrant_dir)
# @env.cli("destroy") # Takes too long
@env.cli("up")
# We are not testing the "package" resource type, so pull stuff in in advance
sudo_and_log('apt-get update')
sudo_and_log('apt-get install --yes --download-only postgresql-8.4')
@env.cli("sandbox", "on")
end
after(:each) do
@env.cli("sandbox", "rollback")
end
describe 'postgresql::initdb' do
it "should idempotently create a working --pgdata directory so postgres can run" do
@logger.info("starting")
# A bare-minimum class to initdb the specified dir
test_class = 'class {"postgresql_tests::test_initdb": }'
# Run once to check for crashes
sudo_and_log("puppet apply -e '#{test_class}'")
# Run again to check for idempotence via --detailed-exitcodes
sudo_and_log("puppet apply --detailed-exitcodes -e '#{test_class}'")
sudo_and_log("service postgresql-8.4 restart")
# Connect to it and list the databases
sudo_and_log('sudo -n -u postgres /usr/lib/postgresql/8.4/bin/psql --list --tuples-only')
end
end
describe 'postgresql::db' do
it 'should idempotently create a db that we can connect to' do
# A bare-minimum class to add a DB to postgres, which will be running due to ubuntu
test_class = 'class {"postgresql_tests::test_db": db => "postgresql_test_db" }'
# Run once to check for crashes
sudo_and_log("puppet apply -e '#{test_class}'")
# Run again to check for idempotence
sudo_and_log("puppet apply --detailed-exitcodes -e '#{test_class}'")
# Check that the database name is present
sudo_and_log('sudo -u postgres psql postgresql_test_db --command="select datname from pg_database limit 1"')
end
end
describe 'postgresql::psql' do
it 'should run some SQL when the unless query returns no rows' do
test_class = 'class {"postgresql_tests::test_psql": command => "SELECT \'foo\'", unless => "SELECT 1 WHERE 1=2" }'
# Run once to get all packages set up
sudo_and_log("puppet apply -e '#{test_class}'")
# Check for exit code 2
sudo_and_log("puppet apply --detailed-exitcodes -e '#{test_class}' ; [ $? == 2 ]")
end
it 'should not run SQL when the unless query returns rows' do
test_class = 'class {"postgresql_tests::test_psql": command => "SELECT * FROM pg_datbase limit 1", unless => "SELECT 1 WHERE 1=1" }'
# Run once to get all packages set up
sudo_and_log("puppet apply -e '#{test_class}'")
# Check for exit code 0
sudo_and_log("puppet apply --detailed-exitcodes -e '#{test_class}'")
end
end
describe 'postgresql::user' do
it 'should idempotently create a user who can log in' do
test_class = 'class {"postgresql_tests::test_user": user => "postgresql_test_user", password => "postgresql_test_password" }'
# Run once to check for crashes
sudo_and_log("puppet apply -e '#{test_class}'")
# Run again to check for idempotence
sudo_and_log("puppet apply --detailed-exitcodes -e '#{test_class}'")
# Check that the user can log in
sudo_and_log('sudo -u postgresql_test_user psql --command="select datname from pg_database limit 1" postgres')
end
end
describe 'postgresql::grant' do
it 'should grant access so a user can create in a database' do
test_class = 'class {"postgresql_tests::test_grant_create": db => "postgres", user => "psql_grant_tester", password => "psql_grant_pw" }'
# Run once to check for crashes
sudo_and_log("puppet apply -e '#{test_class}'")
# Run again to check for idempotence
sudo_and_log("puppet apply --detailed-exitcodes -e '#{test_class}'")
# Check that the user can select from the table in
sudo_and_log('sudo -u psql_grant_tester psql --command="create table foo (foo int)" postgres')
end
end
end

6
deployment/puppet/postgresql/spec/spec.opts Normal file
View File

@ -0,0 +1,6 @@
--format
s
--colour
--loadby
mtime
--backtrace

31
deployment/puppet/postgresql/spec/spec_helper.rb Normal file
View File

@ -0,0 +1,31 @@
require 'puppetlabs_spec_helper/module_spec_helper'
RSpec.configure do |c|
c.mock_with :rspec do |mock|
mock.syntax = [:expect, :should]
end
c.include PuppetlabsSpec::Files
c.before :each do
# Store any environment variables away to be restored later
@old_env = {}
ENV.each_key {|k| @old_env[k] = ENV[k]}
if ENV['STRICT_VARIABLES'] == 'yes'
Puppet.settings[:strict_variables]=true
end
end
c.after :each do
PuppetlabsSpec::Files.cleanup
end
end
# Convenience helper for returning parameters for a type from the
# catalogue.
def param(type, title, param)
param_value(catalogue, type, title, param)
end
# With rspec-puppet v2.0 this allows coverage checks.
#at_exit { RSpec::Puppet::Coverage.report! }

108
deployment/puppet/postgresql/spec/spec_helper_acceptance.rb Normal file
View File

@ -0,0 +1,108 @@
require 'beaker-rspec/spec_helper'
require 'beaker-rspec/helpers/serverspec'
class String
# Provide ability to remove indentation from strings, for the purpose of
# left justifying heredoc blocks.
def unindent
gsub(/^#{scan(/^\s*/).min_by{|l|l.length}}/, "")
end
end
def shellescape(str)
str = str.to_s
# An empty argument will be skipped, so return empty quotes.
return "''" if str.empty?
str = str.dup
# Treat multibyte characters as is. It is caller's responsibility
# to encode the string in the right encoding for the shell
# environment.
str.gsub!(/([^A-Za-z0-9_\-.,:\/@\n])/, "\\\\\\1")
# A LF cannot be escaped with a backslash because a backslash + LF
# combo is regarded as line continuation and simply ignored.
str.gsub!(/\n/, "'\n'")
return str
end
def psql(psql_cmd, user = 'postgres', exit_codes = [0,1], &block)
psql = "psql #{psql_cmd}"
shell("su #{shellescape(user)} -c #{shellescape(psql)}", :acceptable_exit_codes => exit_codes, &block)
end
unless ENV['RS_PROVISION'] == 'no' or ENV['BEAKER_provision'] == 'no'
# This will install the latest available package on el and deb based
# systems fail on windows and osx, and install via gem on other *nixes
foss_opts = { :default_action => 'gem_install' }
if default.is_pe?; then install_pe; else install_puppet( foss_opts ); end
hosts.each do |host|
shell("mkdir -p #{host['distmoduledir']}")
if ! host.is_pe?
# Augeas is only used in one place, for Redhat.
if fact('osfamily') == 'RedHat'
install_package host, 'ruby-devel'
#install_package host, 'augeas-devel'
#install_package host, 'ruby-augeas'
end
end
end
end
UNSUPPORTED_PLATFORMS = ['AIX','windows','Solaris','Suse']
RSpec.configure do |c|
# Project root
proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
# Readable test descriptions
c.formatter = :documentation
# Configure all nodes in nodeset
c.before :suite do
# Install module and dependencies
puppet_module_install(:source => proj_root, :module_name => 'postgresql')
# Set up selinux if appropriate.
if fact('osfamily') == 'RedHat' && fact('selinux') == 'true'
pp = <<-EOS
if $::osfamily == 'RedHat' and $::selinux == 'true' {
$semanage_package = $::operatingsystemmajrelease ? {
'5' => 'policycoreutils',
default => 'policycoreutils-python',
}
package { $semanage_package: ensure => installed }
exec { 'set_postgres':
command => 'semanage port -a -t postgresql_port_t -p tcp 5433',
path => '/bin:/usr/bin/:/sbin:/usr/sbin',
subscribe => Package[$semanage_package],
}
}
EOS
apply_manifest_on(agents, pp, :catch_failures => false)
end
hosts.each do |host|
on host, "/bin/touch #{default['puppetpath']}/hiera.yaml"
on host, 'chmod 755 /root'
if fact('osfamily') == 'Debian'
on host, "echo \"en_US ISO-8859-1\nen_NG.UTF-8 UTF-8\nen_US.UTF-8 UTF-8\n\" > /etc/locale.gen"
on host, '/usr/sbin/locale-gen'
on host, '/usr/sbin/update-locale'
end
on host, puppet('module','install','puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] }
on host, puppet('module','install','puppetlabs-apt'), { :acceptable_exit_codes => [0,1] }
on host, puppet('module','install','--force','puppetlabs-concat'), { :acceptable_exit_codes => [0,1] }
end
end
end

36
deployment/puppet/postgresql/spec/unit/classes/client_spec.rb Normal file
View File

@ -0,0 +1,36 @@
require 'spec_helper'
describe 'postgresql::client', :type => :class do
let :facts do
{
:osfamily => 'Debian',
:operatingsystem => 'Debian',
:operatingsystemrelease => '6.0',
}
end
describe 'with parameters' do
let :params do
{
:package_ensure => 'absent',
:package_name => 'mypackage',
}
end
it 'should modify package' do
is_expected.to contain_package("postgresql-client").with({
:ensure => 'absent',
:name => 'mypackage',
:tag => 'postgresql',
})
end
end
describe 'with no parameters' do
it 'should create package with postgresql tag' do
is_expected.to contain_package('postgresql-client').with({
:tag => 'postgresql',
})
end
end
end

30
deployment/puppet/postgresql/spec/unit/classes/globals_spec.rb Normal file
View File

@ -0,0 +1,30 @@
require 'spec_helper'
describe 'postgresql::globals', :type => :class do
let :facts do
{
:osfamily => 'Debian',
:operatingsystem => 'Debian',
:operatingsystemrelease => '6.0',
:lsbdistid => 'Debian',
:lsbdistcodename => 'squeeze',
}
end
describe 'with no parameters' do
it 'should work' do
is_expected.to contain_class("postgresql::globals")
end
end
describe 'manage_package_repo => true' do
let(:params) do
{
:manage_package_repo => true,
}
end
it 'should pull in class postgresql::repo' do
is_expected.to contain_class("postgresql::repo")
end
end
end

54
deployment/puppet/postgresql/spec/unit/classes/lib/devel_spec.rb Normal file
View File

@ -0,0 +1,54 @@
require 'spec_helper'
describe 'postgresql::lib::devel', :type => :class do
let :facts do
{
:osfamily => 'Debian',
:operatingsystem => 'Debian',
:operatingsystemrelease => '6.0',
}
end
it { is_expected.to contain_class("postgresql::lib::devel") }
describe 'link pg_config to /usr/bin' do
it { should contain_file('/usr/bin/pg_config') \
.with_ensure('link') \
.with_target('/usr/lib/postgresql/8.4/bin/pg_config')
}
end
describe 'disable link_pg_config' do
let(:params) {{
:link_pg_config => false,
}}
it { should_not contain_file('/usr/bin/pg_config') }
end
describe 'should not link pg_config on RedHat with default version' do
let(:facts) {{
:osfamily => 'RedHat',
:operatingsystem => 'CentOS',
:operatingsystemrelease => '6.3',
:operatingsystemmajrelease => '6',
}}
it { should_not contain_file('/usr/bin/pg_config') }
end
describe 'link pg_config on RedHat with non-default version' do
let(:facts) {{
:osfamily => 'RedHat',
:operatingsystem => 'CentOS',
:operatingsystemrelease => '6.3',
:operatingsystemmajrelease => '6',
}}
let :pre_condition do
"class { '::postgresql::globals': version => '9.3' }"
end
it { should contain_file('/usr/bin/pg_config') \
.with_ensure('link') \
.with_target('/usr/pgsql-9.3/bin/pg_config')
}
end
end

43
deployment/puppet/postgresql/spec/unit/classes/lib/java_spec.rb Normal file
View File

@ -0,0 +1,43 @@
require 'spec_helper'
describe 'postgresql::lib::java', :type => :class do
describe 'on a debian based os' do
let :facts do {
:osfamily => 'Debian',
:operatingsystem => 'Debian',
:operatingsystemrelease => '6.0',
}
end
it { is_expected.to contain_package('postgresql-jdbc').with(
:name => 'libpostgresql-jdbc-java',
:ensure => 'present',
:tag => 'postgresql'
)}
end
describe 'on a redhat based os' do
let :facts do {
:osfamily => 'RedHat',
:operatingsystem => 'RedHat',
:operatingsystemrelease => '6.4',
}
end
it { is_expected.to contain_package('postgresql-jdbc').with(
:name => 'postgresql-jdbc',
:ensure => 'present',
:tag => 'postgresql'
)}
describe 'when parameters are supplied' do
let :params do
{:package_ensure => 'latest', :package_name => 'somepackage'}
end
it { is_expected.to contain_package('postgresql-jdbc').with(
:name => 'somepackage',
:ensure => 'latest',
:tag => 'postgresql'
)}
end
end
end

31
deployment/puppet/postgresql/spec/unit/classes/lib/perl_spec.rb Normal file
View File

@ -0,0 +1,31 @@
require 'spec_helper'
describe 'postgresql::lib::perl', :type => :class do
describe 'on a redhat based os' do
let :facts do {
:osfamily => 'RedHat',
:operatingsystem => 'RedHat',
:operatingsystemrelease => '6.4',
}
end
it { is_expected.to contain_package('perl-DBD-Pg').with(
:name => 'perl-DBD-Pg',
:ensure => 'present'
)}
end
describe 'on a debian based os' do
let :facts do {
:osfamily => 'Debian',
:operatingsystem => 'Debian',
:operatingsystemrelease => '6.0',
}
end
it { is_expected.to contain_package('perl-DBD-Pg').with(
:name => 'libdbd-pg-perl',
:ensure => 'present'
)}
end
end

31
deployment/puppet/postgresql/spec/unit/classes/lib/python_spec.rb Normal file
View File

@ -0,0 +1,31 @@
require 'spec_helper'
describe 'postgresql::lib::python', :type => :class do
describe 'on a redhat based os' do
let :facts do {
:osfamily => 'RedHat',
:operatingsystem => 'RedHat',
:operatingsystemrelease => '6.4',
}
end
it { is_expected.to contain_package('python-psycopg2').with(
:name => 'python-psycopg2',
:ensure => 'present'
)}
end
describe 'on a debian based os' do
let :facts do {
:osfamily => 'Debian',
:operatingsystem => 'Debian',
:operatingsystemrelease => '6.0',
}
end
it { is_expected.to contain_package('python-psycopg2').with(
:name => 'python-psycopg2',
:ensure => 'present'
)}
end
end

12
deployment/puppet/postgresql/spec/unit/classes/params_spec.rb Normal file
View File

@ -0,0 +1,12 @@
require 'spec_helper'
describe 'postgresql::params', :type => :class do
let :facts do
{
:osfamily => 'Debian',
:operatingsystem => 'Debian',
:operatingsystemrelease => '6.0',
}
end
it { is_expected.to contain_class("postgresql::params") }
end

19
deployment/puppet/postgresql/spec/unit/classes/repo_spec.rb Normal file
View File

@ -0,0 +1,19 @@
require 'spec_helper'
describe 'postgresql::repo', :type => :class do
let :facts do
{
:osfamily => 'Debian',
:operatingsystem => 'Debian',
:operatingsystemrelease => '6.0',
:lsbdistid => 'Debian',
:lsbdistcodename => 'squeeze',
}
end
describe 'with no parameters' do
it 'should instantiate apt_postgresql_org class' do
is_expected.to contain_class('postgresql::repo::apt_postgresql_org')
end
end
end

44
deployment/puppet/postgresql/spec/unit/classes/server/contrib_spec.rb Normal file
View File

@ -0,0 +1,44 @@
require 'spec_helper'
describe 'postgresql::server::contrib', :type => :class do
let :pre_condition do
"class { 'postgresql::server': }"
end
let :facts do
{
:osfamily => 'Debian',
:operatingsystem => 'Debian',
:operatingsystemrelease => '6.0',
:kernel => 'Linux',
:concat_basedir => tmpfilename('contrib'),
:id => 'root',
:path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
}
end
describe 'with parameters' do
let(:params) do
{
:package_name => 'mypackage',
:package_ensure => 'absent',
}
end
it 'should create package with correct params' do
is_expected.to contain_package('postgresql-contrib').with({
:ensure => 'absent',
:name => 'mypackage',
:tag => 'postgresql',
})
end
end
describe 'with no parameters' do
it 'should create package with postgresql tag' do
is_expected.to contain_package('postgresql-contrib').with({
:tag => 'postgresql',
})
end
end
end

36
deployment/puppet/postgresql/spec/unit/classes/server/initdb_spec.rb Normal file
View File

@ -0,0 +1,36 @@
require 'spec_helper'
describe 'postgresql::server::initdb', :type => :class do
let (:pre_condition) do
"include postgresql::server"
end
describe 'on RedHat' do
let :facts do
{
:osfamily => 'RedHat',
:operatingsystem => 'CentOS',
:operatingsystemrelease => '6.0',
:concat_basedir => tmpfilename('server'),
:kernel => 'Linux',
:id => 'root',
:path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
}
end
it { is_expected.to contain_file('/var/lib/pgsql/data').with_ensure('directory') }
end
describe 'on Amazon' do
let :facts do
{
:osfamily => 'RedHat',
:operatingsystem => 'Amazon',
:operatingsystemrelease => '1.0',
:concat_basedir => tmpfilename('server'),
:kernel => 'Linux',
:id => 'root',
:path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
}
end
it { is_expected.to contain_file('/var/lib/pgsql9/data').with_ensure('directory') }
end
end

47
deployment/puppet/postgresql/spec/unit/classes/server/plperl_spec.rb Normal file
View File

@ -0,0 +1,47 @@
require 'spec_helper'
describe 'postgresql::server::plperl', :type => :class do
let :facts do
{
:osfamily => 'Debian',
:operatingsystem => 'Debian',
:operatingsystemrelease => '6.0',
:kernel => 'Linux',
:concat_basedir => tmpfilename('plperl'),
:id => 'root',
:path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
}
end
let :pre_condition do
"class { 'postgresql::server': }"
end
describe 'with no parameters' do
it { is_expected.to contain_class("postgresql::server::plperl") }
it 'should create package' do
is_expected.to contain_package('postgresql-plperl').with({
:ensure => 'present',
:tag => 'postgresql',
})
end
end
describe 'with parameters' do
let :params do
{
:package_ensure => 'absent',
:package_name => 'mypackage',
}
end
it { is_expected.to contain_class("postgresql::server::plperl") }
it 'should create package with correct params' do
is_expected.to contain_package('postgresql-plperl').with({
:ensure => 'absent',
:name => 'mypackage',
:tag => 'postgresql',
})
end
end
end

Some files were not shown because too many files have changed in this diff Show More