Rebase postgresql to puppetlabs-postgresql-4.0.0
Rebases to puppetlabs-postgresql commit id: 5d4a543a54df0c9c52a5c7c1f68e5ae51d862947 Older postgresql lacks capability to handle bindir path changes in postgres 9.0 and newer. Change-Id: If8265bcdd7144a44b97a9f2e7d72f8a4b263920a Partial-Bug: #1386118 Related blueprint merge-openstack-puppet-modules
This commit is contained in:
parent
b972acf770
commit
e97c8338c9
|
@ -1,6 +0,0 @@
|
|||
*.swp
|
||||
pkg/
|
||||
.DS_Store
|
||||
metadata.json
|
||||
coverage/
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<projectDescription>
|
||||
<name>postgresql</name>
|
||||
<comment></comment>
|
||||
<projects>
|
||||
<project>firewall</project>
|
||||
</projects>
|
||||
<buildSpec>
|
||||
<buildCommand>
|
||||
<name>org.cloudsmith.geppetto.pp.dsl.ui.modulefileBuilder</name>
|
||||
<arguments>
|
||||
</arguments>
|
||||
</buildCommand>
|
||||
<buildCommand>
|
||||
<name>org.eclipse.xtext.ui.shared.xtextBuilder</name>
|
||||
<arguments>
|
||||
</arguments>
|
||||
</buildCommand>
|
||||
</buildSpec>
|
||||
<natures>
|
||||
<nature>org.cloudsmith.geppetto.pp.dsl.ui.puppetNature</nature>
|
||||
<nature>org.eclipse.xtext.ui.shared.xtextNature</nature>
|
||||
</natures>
|
||||
</projectDescription>
|
|
@ -1,3 +1,655 @@
|
|||
##2014-09-03 - Supported Release 4.0.0
|
||||
###Summary
|
||||
|
||||
This release removes the uninstall ability from the module, removes the firewall
|
||||
management, overhauls all of the acceptance testing, as well as adds better
|
||||
support for SuSE and Fedora.
|
||||
|
||||
###Backwards Incompatible changes.
|
||||
|
||||
- Uninstall code removal.
|
||||
- Firewall management for Postgres.
|
||||
- Set manage_pg_ident_conf to true.
|
||||
|
||||
####Uninstallation removal
|
||||
|
||||
We rely heavily on the ability to uninstall and reinstall postgres throughout
|
||||
our testing code, testing features like "can I move from the distribution
|
||||
packages to the upstream packages through the module" and over time we've
|
||||
learnt that the uninstall code simply doesn't work a lot of the time. It
|
||||
leaves traces of postgres behind or fails to remove certain packages on Ubuntu,
|
||||
and generally causes bits to be left on your system that you didn't expect.
|
||||
|
||||
When we then reinstall things fail because it's not a true clean slate, and
|
||||
this causes us enormous problems during test. We've spent weeks and months
|
||||
working on these tests and they simply don't hold up well across the full range
|
||||
of PE platforms.
|
||||
|
||||
Due to all these problems we've decided to take a stance on uninstalling in
|
||||
general. We feel that in 2014 it's completely reasonable and normal to have a
|
||||
good provisioning pipeline combined with your configuration management and the
|
||||
"correct" way to uninstall a fully installed service like postgresql is to
|
||||
simply reprovision the server without it in the first place. As a general rule
|
||||
this is how I personally like to work and I think is a good practice.
|
||||
|
||||
####I'm not OK with this!
|
||||
|
||||
We understand that there are environments and situations in which it's not easy
|
||||
to do that. What if you accidently deployed Postgres on 100,000 nodes? In the
|
||||
future we're going to take a look at building some example 'profiles' to be
|
||||
found under examples/ within this module that can uninstall postgres on popular
|
||||
platforms. These can be modified and used in your specific case to uninstall
|
||||
postgresql. They will be much more brute force and reliant on deleting entire
|
||||
directories and require you to do more work up front in specifying where things
|
||||
are installed but we think it'll prove to be a much cleaner mechanism for this
|
||||
kind of thing rather than trying to weave it into the main module logic itself.
|
||||
|
||||
####Features
|
||||
- Removal of uninstall.
|
||||
- Removal of firewall management.
|
||||
- Tests ported to rspec3.
|
||||
- Acceptance tests rewritten.
|
||||
- Add a defined type for creating database schemas.
|
||||
- Add a pg_ident_rule defined type.
|
||||
- Set manage_pg_ident_conf to true.
|
||||
- Manage pg_ident.conf by default.
|
||||
- Improve selinux support for tablespace.
|
||||
- Remove deprecation warnings.
|
||||
- Support changing PGDATA on RedHat.
|
||||
- Add SLES 11 support.
|
||||
|
||||
####Bugfixes
|
||||
- Link pg_config binary into /usr/bin.
|
||||
- Fix fedora support by using systemd.
|
||||
- Initdb should create xlogdir if set.
|
||||
|
||||
##2014-08-27 - Supported Release 3.4.3
|
||||
###Summary
|
||||
|
||||
This release fixes Ubuntu 10.04 with Facter 2.2.
|
||||
|
||||
####Features
|
||||
####Bugfixes
|
||||
- Use a regular expression to match the major OS version on Ubuntu.
|
||||
|
||||
##2014-07-31 - Supported Release 3.4.2
|
||||
###Summary
|
||||
|
||||
This release fixes recent Fedora versions.
|
||||
|
||||
####Features
|
||||
####Bugfixes
|
||||
- Fix Fedora.
|
||||
|
||||
##2014-07-15 - Supported Release 3.4.1
|
||||
###Summary
|
||||
|
||||
This release merely updates metadata.json so the module can be uninstalled and
|
||||
upgraded via the puppet module command.
|
||||
|
||||
##2014-04-14 - Supported Release 3.4.0
|
||||
###Summary
|
||||
|
||||
This feature rolls up several important features, the biggest being PostGIS
|
||||
handling and allowing `port` to be set on postgresql::server in order to
|
||||
change the port that Postgres listens on. We've added support for RHEL7
|
||||
and Ubuntu 14.04, as well as allowing you to manage the service via
|
||||
`service_ensure` finally.
|
||||
|
||||
####Features
|
||||
- Added `perl_package_name` for installing bindings.
|
||||
- Added `service_ensure` for allowing control of services.
|
||||
- Added `postgis_version` and postgis class for installing postgis.
|
||||
- Added `port` for selecting the port Postgres runs on.
|
||||
- Add support for RHEL7 and Ubuntu 14.04.
|
||||
- Add `default_db` to postgresql::server::database.
|
||||
- Widen the selection of unquoted parameters in postgresql_conf{}
|
||||
- Require the service within postgresql::server::reload for RHEL7.
|
||||
- Add `inherit` to postgresql::server::role.
|
||||
|
||||
####Bugfixes
|
||||
|
||||
##2014-03-04 - Supported Release 3.3.3
|
||||
###Summary
|
||||
|
||||
This is a supported release. This release removes a testing symlink that can
|
||||
cause trouble on systems where /var is on a seperate filesystem from the
|
||||
modulepath.
|
||||
|
||||
####Features
|
||||
####Bugfixes
|
||||
####Known Bugs
|
||||
* SLES is not supported.
|
||||
|
||||
##2014-03-04 - Supported Release 3.3.2
|
||||
###Summary
|
||||
This is a supported release. It fixes a problem with updating passwords on postgresql.org distributed versions of PostgreSQL.
|
||||
|
||||
####Bugfixes
|
||||
- Correct psql path when setting password on custom versions.
|
||||
- Documentation updates
|
||||
- Test updates
|
||||
|
||||
####Known Bugs
|
||||
* SLES is not supported.
|
||||
|
||||
|
||||
##2014-02-12 - Version 3.3.1
|
||||
####Bugfix:
|
||||
- Allow dynamic rubygems host
|
||||
|
||||
|
||||
##2014-01-28 - Version 3.3.0
|
||||
|
||||
###Summary
|
||||
|
||||
This release rolls up a bunch of bugfixes our users have found and fixed for
|
||||
us over the last few months. This improves things for 9.1 users, and makes
|
||||
this module usable on FreeBSD.
|
||||
|
||||
This release is dedicated to 'bma', who's suffering with Puppet 3.4.1 issues
|
||||
thanks to Puppet::Util::SUIDManager.run_and_capture.
|
||||
|
||||
####Features
|
||||
- Add lc_ config entry settings
|
||||
- Can pass template at database creation.
|
||||
- Add FreeBSD support.
|
||||
- Add support for customer `xlogdir` parameter.
|
||||
- Switch tests from rspec-system to beaker. (This isn't really a feature)
|
||||
|
||||
####Bugfixes
|
||||
- Properly fix the deprecated Puppet::Util::SUIDManager.run_and_capture errors.
|
||||
- Fix NOREPLICATION option for Postgres 9.1
|
||||
- Wrong parameter name: manage_pg_conf -> manage_pg_hba_conf
|
||||
- Add $postgresql::server::client_package_name, referred to by install.pp
|
||||
- Add missing service_provider/service_name descriptions in ::globals.
|
||||
- Fix several smaller typos/issues throughout.
|
||||
- Exec['postgresql_initdb'] needs to be done after $datadir exists
|
||||
- Prevent defined resources from floating in the catalog.
|
||||
- Fix granting all privileges on a table.
|
||||
- Add some missing privileges.
|
||||
- Remove deprecated and unused concat::fragment parameters.
|
||||
|
||||
|
||||
##2013-11-05 - Version 3.2.0
|
||||
|
||||
###Summary
|
||||
|
||||
Add's support for Ubuntu 13.10 (and 14.04) as well as x, y, z.
|
||||
|
||||
####Features
|
||||
- Add versions for Ubuntu 13.10 and 14.04.
|
||||
- Use default_database in validate_db_connection instead of a hardcoded
|
||||
'postgres'
|
||||
- Add globals/params layering for default_database.
|
||||
- Allow specification of default database name.
|
||||
|
||||
####Bugs
|
||||
- Fixes to the README.
|
||||
|
||||
|
||||
##2013-10-25 - Version 3.1.0
|
||||
|
||||
###Summary
|
||||
|
||||
This is a minor feature and bug fix release.
|
||||
|
||||
Firstly, the postgresql_psql type now includes a new parameter `search_path` which is equivalent to using `set search_path` which allows you to change the default schema search path.
|
||||
|
||||
The default version of Fedora 17 has now been added, so that Fedora 17 users can enjoy the module.
|
||||
|
||||
And finally we've extended the capabilities of the defined type postgresql::validate_db_connection so that now it can handle retrying and sleeping between retries. This feature has been monopolized to fix a bug we were seeing with startup race conditions, but it can also be used by remote systems to 'wait' for PostgreSQL to start before their Puppet run continues.
|
||||
|
||||
####Features
|
||||
- Defined $default_version for Fedora 17 (Bret Comnes)
|
||||
- add search_path attribute to postgresql_psql resource (Jeremy Kitchen)
|
||||
- (GH-198) Add wait and retry capability to validate_db_connection (Ken Barber)
|
||||
|
||||
####Bugs
|
||||
- enabling defined postgres user password without resetting on every puppet run (jonoterc)
|
||||
- periods are valid in configuration variables also (Jeremy Kitchen)
|
||||
- Add zero length string to join() function (Jarl Stefansson)
|
||||
- add require of install to reload class (cdenneen)
|
||||
- (GH-198) Fix race condition on postgresql startup (Ken Barber)
|
||||
- Remove concat::setup for include in preparation for the next concat release (Ken Barber)
|
||||
|
||||
|
||||
##2013-10-14 - Version 3.0.0
|
||||
|
||||
Final release of 3.0, enjoy!
|
||||
|
||||
|
||||
##2013-10-14 - Version 3.0.0-rc3
|
||||
|
||||
###Summary
|
||||
|
||||
Add a parameter to unmanage pg_hba.conf to fix a regression from 2.5, as well
|
||||
as allowing owner to be passed into x.
|
||||
|
||||
####Features
|
||||
- `manage_pg_hba_conf` parameter added to control pg_hba.conf management.
|
||||
- `owner` parameter added to server::db.
|
||||
|
||||
|
||||
##2013-10-09 - Version 3.0.0-rc2
|
||||
|
||||
###Summary
|
||||
|
||||
A few bugfixes have been found since -rc1.
|
||||
|
||||
####Fixes
|
||||
- Special case for $datadir on Amazon
|
||||
- Fix documentation about username/password for the postgresql_hash function
|
||||
|
||||
|
||||
##2013-10-01 - Version 3.0.0-rc1
|
||||
|
||||
###Summary
|
||||
|
||||
Version 3 was a major rewrite to fix some internal dependency issues, and to
|
||||
make the new Public API more clear. As a consequence a lot of things have
|
||||
changed for version 3 and older revisions that we will try to outline here.
|
||||
|
||||
(NOTE: The format of this CHANGELOG differs to normal in an attempt to
|
||||
explain the scope of changes)
|
||||
|
||||
* Server specific objects now moved under `postgresql::server::` namespace:
|
||||
|
||||
To restructure server specific elements under the `postgresql::server::`
|
||||
namespaces the following objects were renamed as such:
|
||||
|
||||
`postgresql::database` -> `postgresql::server::database`
|
||||
`postgresql::database_grant` -> `postgresql::server::database_grant`
|
||||
`postgresql::db` -> `postgresql::server::db`
|
||||
`postgresql::grant` -> `postgresql::server::grant`
|
||||
`postgresql::pg_hba_rule` -> `postgresql::server::pg_hba_rule`
|
||||
`postgresql::plperl` -> `postgresql::server::plperl`
|
||||
`postgresql::contrib` -> `postgresql::server::contrib`
|
||||
`postgresql::role` -> `postgresql::server::role`
|
||||
`postgresql::table_grant` -> `postgresql::server::table_grant`
|
||||
`postgresql::tablespace` -> `postgresql::server::tablespace`
|
||||
|
||||
* New `postgresql::server::config_entry` resource for managing configuration:
|
||||
|
||||
Previously we used the `file_line` resource to modify `postgresql.conf`. This
|
||||
new revision now adds a new resource named `postgresql::server::config_entry`
|
||||
for managing this file. For example:
|
||||
|
||||
```puppet
|
||||
postgresql::server::config_entry { 'check_function_bodies':
|
||||
value => 'off',
|
||||
}
|
||||
```
|
||||
|
||||
If you were using `file_line` for this purpose, you should change to this new
|
||||
methodology.
|
||||
|
||||
* `postgresql_puppet_extras.conf` has been removed:
|
||||
|
||||
Now that we have a methodology for managing `postgresql.conf`, and due to
|
||||
concerns over the file management methodology using an `exec { 'touch ...': }`
|
||||
as a way to create an empty file the existing postgresql\_puppet\_extras.conf
|
||||
file is no longer managed by this module.
|
||||
|
||||
If you wish to recreate this methodology yourself, use this pattern:
|
||||
|
||||
```puppet
|
||||
class { 'postgresql::server': }
|
||||
|
||||
$extras = "/tmp/include.conf"
|
||||
|
||||
file { $extras:
|
||||
content => 'max_connections = 123',
|
||||
notify => Class['postgresql::server::service'],
|
||||
}->
|
||||
postgresql::server::config_entry { 'include':
|
||||
value => $extras,
|
||||
}
|
||||
```
|
||||
|
||||
* All uses of the parameter `charset` changed to `encoding`:
|
||||
|
||||
Since PostgreSQL uses the terminology `encoding` not `charset` the parameter
|
||||
has been made consisent across all classes and resources.
|
||||
|
||||
* The `postgresql` base class is no longer how you set globals:
|
||||
|
||||
The old global override pattern was less then optimal so it has been fixed,
|
||||
however we decided to demark this properly by specifying these overrides in
|
||||
the class `postgresql::global`. Consult the documentation for this class now
|
||||
to see what options are available.
|
||||
|
||||
Also, some parameter elements have been moved between this and the
|
||||
`postgresql::server` class where it made sense.
|
||||
|
||||
* `config_hash` parameter collapsed for the `postgresql::server` class:
|
||||
|
||||
Because the `config_hash` was really passing data through to what was in
|
||||
effect an internal class (`postgresql::config`). And since we don't want this
|
||||
kind of internal exposure the parameters were collapsed up into the
|
||||
`postgresql::server` class directly.
|
||||
|
||||
* Lots of changes to 'private' or 'undocumented' classes:
|
||||
|
||||
If you were using these before, these have changed names. You should only use
|
||||
what is documented in this README.md, and if you don't have what you need you
|
||||
should raise a patch to add that feature to a public API. All internal classes
|
||||
now have a comment at the top indicating them as private to make sure the
|
||||
message is clear that they are not supported as Public API.
|
||||
|
||||
* `pg_hba_conf_defaults` parameter included to turn off default pg\_hba rules:
|
||||
|
||||
The defaults should be good enough for most cases (if not raise a bug) but if
|
||||
you simply need an escape hatch, this setting will turn off the defaults. If
|
||||
you want to do this, it may affect the rest of the module so make sure you
|
||||
replace the rules with something that continues operation.
|
||||
|
||||
* `postgresql::database_user` has now been removed:
|
||||
|
||||
Use `postgresql::server::role` instead.
|
||||
|
||||
* `postgresql::psql` resource has now been removed:
|
||||
|
||||
Use `postgresql_psql` instead. In the future we may recreate this as a wrapper
|
||||
to add extra capability, but it will not match the old behaviour.
|
||||
|
||||
* `postgresql_default_version` fact has now been removed:
|
||||
|
||||
It didn't make sense to have this logic in a fact any more, the logic has been
|
||||
moved into `postgresql::params`.
|
||||
|
||||
* `ripienaar/concat` is no longer used, instead we use `puppetlabs/concat`:
|
||||
|
||||
The older concat module is now deprecated and moved into the
|
||||
`puppetlabs/concat` namespace. Functionality is more or less identical, but
|
||||
you may need to intervene during the installing of this package - as both use
|
||||
the same `concat` namespace.
|
||||
|
||||
---
|
||||
##2013-09-09 Release 2.5.0
|
||||
|
||||
###Summary
|
||||
|
||||
The focus of this release is primarily to capture the fixes done to the
|
||||
types and providers to make sure refreshonly works properly and to set
|
||||
the stage for the large scale refactoring work of 3.0.0.
|
||||
|
||||
####Features
|
||||
|
||||
|
||||
####Bugfixes
|
||||
- Use boolean for refreshonly.
|
||||
- Fix postgresql::plperl documentation.
|
||||
- Add two missing parameters to config::beforeservice
|
||||
- Style fixes
|
||||
|
||||
|
||||
##2013-08-01 Release 2.4.1
|
||||
|
||||
###Summary
|
||||
|
||||
This minor bugfix release solves an idempotency issue when using plain text
|
||||
passwords for the password_hash parameter for the postgresql::role defined
|
||||
type. Without this, users would continually see resource changes everytime
|
||||
your run Puppet.
|
||||
|
||||
####Bugfixes
|
||||
- Alter role call not idempotent with cleartext passwords (Ken Barber)
|
||||
|
||||
|
||||
##2013-07-19 Release 2.4.0
|
||||
|
||||
###Summary
|
||||
|
||||
This updates adds the ability to change permissions on tables, create template
|
||||
databases from normal databases, manage PL-Perl's postgres package, and
|
||||
disable the management of `pg_hba.conf`.
|
||||
|
||||
####Features
|
||||
- Add `postgresql::table_grant` defined resource
|
||||
- Add `postgresql::plperl` class
|
||||
- Add `manage_pg_hba_conf` parameter to the `postgresql::config` class
|
||||
- Add `istemplate` parameter to the `postgresql::database` define
|
||||
|
||||
####Bugfixes
|
||||
- Update `postgresql::role` class to be able to update roles when modified
|
||||
instead of only on creation.
|
||||
- Update tests
|
||||
- Fix documentation of `postgresql::database_grant`
|
||||
|
||||
|
||||
##2.3.0
|
||||
|
||||
This feature release includes the following changes:
|
||||
|
||||
* Add a new parameter `owner` to the `database` type. This can be used to
|
||||
grant ownership of a new database to a specific user. (Bruno Harbulot)
|
||||
* Add support for operating systems other than Debian/RedHat, as long as the
|
||||
user supplies custom values for all of the required paths, package names, etc.
|
||||
(Chris Price)
|
||||
* Improved integration testing (Ken Barber)
|
||||
|
||||
|
||||
##2.2.1
|
||||
|
||||
This release fixes a bug whereby one of our shell commands (psql) were not ran from a globally accessible directory. This was causing permission denied errors when the command attempted to change user without changing directory.
|
||||
|
||||
Users of previous versions might have seen this error:
|
||||
|
||||
Error: Error executing SQL; psql returned 256: 'could not change directory to "/root"
|
||||
|
||||
This patch should correct that.
|
||||
|
||||
#### Detail Changes
|
||||
|
||||
* Set /tmp as default CWD for postgresql_psql
|
||||
|
||||
|
||||
##2.2.0
|
||||
|
||||
This feature release introduces a number of new features and bug fixes.
|
||||
|
||||
First of all it includes a new class named `postgresql::python` which provides you with a convenient way of install the python Postgresql client libraries.
|
||||
|
||||
class { 'postgresql::python':
|
||||
}
|
||||
|
||||
You are now able to use `postgresql::database_user` without having to specify a password_hash, useful for different authentication mechanisms that do not need passwords (ie. cert, local etc.).
|
||||
|
||||
We've also provided a lot more advanced custom parameters now for greater control of your Postgresql installation. Consult the class documentation for PuppetDB in the README.
|
||||
|
||||
This release in particular has largely been contributed by the community members below, a big thanks to one and all.
|
||||
|
||||
#### Detailed Changes
|
||||
|
||||
* Add support for psycopg installation (Flaper Fesp and Dan Prince)
|
||||
* Added default PostgreSQL version for Ubuntu 13.04 (Kamil Szymanski)
|
||||
* Add ability to create users without a password (Bruno Harbulot)
|
||||
* Three Puppet 2.6 fixes (Dominic Cleal)
|
||||
* Add explicit call to concat::setup when creating concat file (Dominic Cleal)
|
||||
* Fix readme typo (Jordi Boggiano)
|
||||
* Update postgres_default_version for Ubuntu (Kamil Szymanski)
|
||||
* Allow to set connection for noew role (Kamil Szymanski)
|
||||
* Fix pg_hba_rule for postgres local access (Kamil Szymanski)
|
||||
* Fix versions for travis-ci (Ken Barber)
|
||||
* Add replication support (Jordi Boggiano)
|
||||
* Cleaned up and added unit tests (Ken Barber)
|
||||
* Generalization to provide more flexability in postgresql configuration (Karel Brezina)
|
||||
* Create dependent directory for sudoers so tests work on Centos 5 (Ken Barber)
|
||||
* Allow SQL commands to be run against a specific DB (Carlos Villela)
|
||||
* Drop trailing comma to support Puppet 2.6 (Michael Arnold)
|
||||
|
||||
|
||||
##2.1.1
|
||||
|
||||
|
||||
This release provides a bug fix for RHEL 5 and Centos 5 systems, or specifically systems using PostgreSQL 8.1 or older. On those systems one would have received the error:
|
||||
|
||||
Error: Could not start Service[postgresqld]: Execution of ‘/sbin/service postgresql start’ returned 1:
|
||||
|
||||
And the postgresql log entry:
|
||||
|
||||
FATAL: unrecognized configuration parameter "include"
|
||||
|
||||
This bug is due to a new feature we had added in 2.1.0, whereby the `include` directive in `postgresql.conf` was not compatible. As a work-around we have added checks in our code to make sure systems running PostgreSQL 8.1 or older do not have this directive added.
|
||||
|
||||
#### Detailed Changes
|
||||
|
||||
2013-01-21 - Ken Barber <ken@bob.sh>
|
||||
* Only install `include` directive and included file on PostgreSQL >= 8.2
|
||||
* Add system tests for Centos 5
|
||||
|
||||
|
||||
##2.1.0
|
||||
|
||||
This release is primarily a feature release, introducing some new helpful constructs to the module.
|
||||
|
||||
For starters, we've added the line `include 'postgresql_conf_extras.conf'` by default so extra parameters not managed by the module can be added by other tooling or by Puppet itself. This provides a useful escape-hatch for managing settings that are not currently managed by the module today.
|
||||
|
||||
We've added a new defined resource for managing your tablespace, so you can now create new tablespaces using the syntax:
|
||||
|
||||
postgresql::tablespace { 'dbspace':
|
||||
location => '/srv/dbspace',
|
||||
}
|
||||
|
||||
We've added a locale parameter to the `postgresql` class, to provide a default. Also the parameter has been added to the `postgresql::database` and `postgresql::db` defined resources for changing the locale per database:
|
||||
|
||||
postgresql::db { 'mydatabase':
|
||||
user => 'myuser',
|
||||
password => 'mypassword',
|
||||
encoding => 'UTF8',
|
||||
locale => 'en_NG',
|
||||
}
|
||||
|
||||
There is a new class for installing the necessary packages to provide the PostgreSQL JDBC client jars:
|
||||
|
||||
class { 'postgresql::java': }
|
||||
|
||||
And we have a brand new defined resource for managing fine-grained rule sets within your pg_hba.conf access lists:
|
||||
|
||||
postgresql::pg_hba { 'Open up postgresql for access from 200.1.2.0/24':
|
||||
type => 'host',
|
||||
database => 'app',
|
||||
user => 'app',
|
||||
address => '200.1.2.0/24',
|
||||
auth_method => 'md5',
|
||||
}
|
||||
|
||||
Finally, we've also added Travis-CI support and unit tests to help us iterate faster with tests to reduce regression. The current URL for these tests is here: https://travis-ci.org/puppetlabs/puppet-postgresql. Instructions on how to run the unit tests available are provided in the README for the module.
|
||||
|
||||
A big thanks to all those listed below who made this feature release possible :-).
|
||||
|
||||
#### Detailed Changes
|
||||
|
||||
2013-01-18 - Simão Fontes <simaofontes@gmail.com> & Flaper Fesp <flaper87@gmail.com>
|
||||
* Remove trailing commas from params.pp property definition for Puppet 2.6.0 compatibility
|
||||
|
||||
2013-01-18 - Lauren Rother <lauren.rother@puppetlabs.com>
|
||||
* Updated README.md to conform with best practices template
|
||||
|
||||
2013-01-09 - Adrien Thebo <git@somethingsinistral.net>
|
||||
* Update postgresql_default_version to 9.1 for Debian 7.0
|
||||
|
||||
2013-01-28 - Karel Brezina <karel.brezina@gmail.com>
|
||||
* Add support for tablespaces
|
||||
|
||||
2013-01-16 - Chris Price <chris@puppetlabs.com> & Karel Brezina <karel.brezina@gmail.com>
|
||||
* Provide support for an 'include' config file 'postgresql_conf_extras.conf' that users can modify manually or outside of the module.
|
||||
|
||||
2013-01-31 - jv <jeff@jeffvier.com>
|
||||
* Fix typo in README.pp for postgresql::db example
|
||||
|
||||
2013-02-03 - Ken Barber <ken@bob.sh>
|
||||
* Add unit tests and travis-ci support
|
||||
|
||||
2013-02-02 - Ken Barber <ken@bob.sh>
|
||||
* Add locale parameter support to the 'postgresql' class
|
||||
|
||||
2013-01-21 - Michael Arnold <github@razorsedge.org>
|
||||
* Add a class for install the packages containing the PostgreSQL JDBC jar
|
||||
|
||||
2013-02-06 - fhrbek <filip.hbrek@gmail.com>
|
||||
* Coding style fixes to reduce warnings in puppet-lint and Geppetto
|
||||
|
||||
2013-02-10 - Ken Barber <ken@bob.sh>
|
||||
* Provide new defined resource for managing pg_hba.conf
|
||||
|
||||
2013-02-11 - Ken Barber <ken@bob.sh>
|
||||
* Fix bug with reload of Postgresql on Redhat/Centos
|
||||
|
||||
2013-02-15 - Erik Dalén <dalen@spotify.com>
|
||||
* Fix more style issues to reduce warnings in puppet-lint and Geppetto
|
||||
|
||||
2013-02-15 - Erik Dalén <dalen@spotify.com>
|
||||
* Fix case whereby we were modifying a hash after creation
|
||||
|
||||
|
||||
##2.0.1
|
||||
|
||||
Minor bugfix release.
|
||||
|
||||
2013-01-16 - Chris Price <chris@puppetlabs.com>
|
||||
* Fix revoke command in database.pp to support postgres 8.1 (43ded42)
|
||||
|
||||
2013-01-15 - Jordi Boggiano <j.boggiano@seld.be>
|
||||
* Add support for ubuntu 12.10 status (3504405)
|
||||
|
||||
##2.0.0
|
||||
|
||||
Many thanks to the following people who contributed patches to this
|
||||
release:
|
||||
|
||||
* Adrien Thebo
|
||||
* Albert Koch
|
||||
* Andreas Ntaflos
|
||||
* Brett Porter
|
||||
* Chris Price
|
||||
* dharwood
|
||||
* Etienne Pelletier
|
||||
* Florin Broasca
|
||||
* Henrik
|
||||
* Hunter Haugen
|
||||
* Jari Bakken
|
||||
* Jordi Boggiano
|
||||
* Ken Barber
|
||||
* nzakaria
|
||||
* Richard Arends
|
||||
* Spenser Gilliland
|
||||
* stormcrow
|
||||
* William Van Hevelingen
|
||||
|
||||
Notable features:
|
||||
|
||||
* Add support for versions of postgres other than the system default version
|
||||
(which varies depending on OS distro). This includes optional support for
|
||||
automatically managing the package repo for the "official" postgres yum/apt
|
||||
repos. (Major thanks to Etienne Pelletier <epelletier@maestrodev.com> and
|
||||
Ken Barber <ken@bob.sh> for their tireless efforts and patience on this
|
||||
feature set!) For example usage see `tests/official-postgresql-repos.pp`.
|
||||
|
||||
* Add some support for Debian Wheezy and Ubuntu Quantal
|
||||
|
||||
* Add new `postgres_psql` type with a Ruby provider, to replace the old
|
||||
exec-based `psql` type. This gives us much more flexibility around
|
||||
executing SQL statements and controlling their logging / reports output.
|
||||
|
||||
* Major refactor of the "spec" tests--which are actually more like
|
||||
acceptance tests. We now support testing against multiple OS distros
|
||||
via vagrant, and the framework is in place to allow us to very easily add
|
||||
more distros. Currently testing against Cent6 and Ubuntu 10.04.
|
||||
|
||||
* Fixed a bug that was preventing multiple databases from being owned by the
|
||||
same user
|
||||
(9adcd182f820101f5e4891b9f2ff6278dfad495c - Etienne Pelletier <epelletier@maestrodev.com>)
|
||||
|
||||
* Add support for ACLs for finer-grained control of user/interface access
|
||||
(b8389d19ad78b4fb66024897097b4ed7db241930 - dharwood <harwoodd@cat.pdx.edu>)
|
||||
|
||||
* Many other bug fixes and improvements!
|
||||
|
||||
---
|
||||
##1.0.0
|
||||
|
||||
2012-09-17 - Version 0.3.0 released
|
||||
|
||||
2012-09-14 - Chris Price <chris@puppetlabs.com>
|
||||
|
|
|
@ -0,0 +1,234 @@
|
|||
Checklist (and a short version for the impatient)
|
||||
=================================================
|
||||
|
||||
* Commits:
|
||||
|
||||
- Make commits of logical units.
|
||||
|
||||
- Check for unnecessary whitespace with "git diff --check" before
|
||||
committing.
|
||||
|
||||
- Commit using Unix line endings (check the settings around "crlf" in
|
||||
git-config(1)).
|
||||
|
||||
- Do not check in commented out code or unneeded files.
|
||||
|
||||
- The first line of the commit message should be a short
|
||||
description (50 characters is the soft limit, excluding ticket
|
||||
number(s)), and should skip the full stop.
|
||||
|
||||
- Associate the issue in the message. The first line should include
|
||||
the issue number in the form "(#XXXX) Rest of message".
|
||||
|
||||
- The body should provide a meaningful commit message, which:
|
||||
|
||||
- uses the imperative, present tense: "change", not "changed" or
|
||||
"changes".
|
||||
|
||||
- includes motivation for the change, and contrasts its
|
||||
implementation with the previous behavior.
|
||||
|
||||
- Make sure that you have tests for the bug you are fixing, or
|
||||
feature you are adding.
|
||||
|
||||
- Make sure the test suites passes after your commit:
|
||||
`bundle exec rspec spec/acceptance` More information on [testing](#Testing) below
|
||||
|
||||
- When introducing a new feature, make sure it is properly
|
||||
documented in the README.md
|
||||
|
||||
* Submission:
|
||||
|
||||
* Pre-requisites:
|
||||
|
||||
- Sign the [Contributor License Agreement](https://cla.puppetlabs.com/)
|
||||
|
||||
- Make sure you have a [GitHub account](https://github.com/join)
|
||||
|
||||
- [Create a ticket](http://projects.puppetlabs.com/projects/modules/issues/new), or [watch the ticket](http://projects.puppetlabs.com/projects/modules/issues) you are patching for.
|
||||
|
||||
* Preferred method:
|
||||
|
||||
- Fork the repository on GitHub.
|
||||
|
||||
- Push your changes to a topic branch in your fork of the
|
||||
repository. (the format ticket/1234-short_description_of_change is
|
||||
usually preferred for this project).
|
||||
|
||||
- Submit a pull request to the repository in the puppetlabs
|
||||
organization.
|
||||
|
||||
The long version
|
||||
================
|
||||
|
||||
1. Make separate commits for logically separate changes.
|
||||
|
||||
Please break your commits down into logically consistent units
|
||||
which include new or changed tests relevant to the rest of the
|
||||
change. The goal of doing this is to make the diff easier to
|
||||
read for whoever is reviewing your code. In general, the easier
|
||||
your diff is to read, the more likely someone will be happy to
|
||||
review it and get it into the code base.
|
||||
|
||||
If you are going to refactor a piece of code, please do so as a
|
||||
separate commit from your feature or bug fix changes.
|
||||
|
||||
We also really appreciate changes that include tests to make
|
||||
sure the bug is not re-introduced, and that the feature is not
|
||||
accidentally broken.
|
||||
|
||||
Describe the technical detail of the change(s). If your
|
||||
description starts to get too long, that is a good sign that you
|
||||
probably need to split up your commit into more finely grained
|
||||
pieces.
|
||||
|
||||
Commits which plainly describe the things which help
|
||||
reviewers check the patch and future developers understand the
|
||||
code are much more likely to be merged in with a minimum of
|
||||
bike-shedding or requested changes. Ideally, the commit message
|
||||
would include information, and be in a form suitable for
|
||||
inclusion in the release notes for the version of Puppet that
|
||||
includes them.
|
||||
|
||||
Please also check that you are not introducing any trailing
|
||||
whitespace or other "whitespace errors". You can do this by
|
||||
running "git diff --check" on your changes before you commit.
|
||||
|
||||
2. Sign the Contributor License Agreement
|
||||
|
||||
Before we can accept your changes, we do need a signed Puppet
|
||||
Labs Contributor License Agreement (CLA).
|
||||
|
||||
You can access the CLA via the [Contributor License Agreement link](https://cla.puppetlabs.com/)
|
||||
|
||||
If you have any questions about the CLA, please feel free to
|
||||
contact Puppet Labs via email at cla-submissions@puppetlabs.com.
|
||||
|
||||
3. Sending your patches
|
||||
|
||||
To submit your changes via a GitHub pull request, we _highly_
|
||||
recommend that you have them on a topic branch, instead of
|
||||
directly on "master".
|
||||
It makes things much easier to keep track of, especially if
|
||||
you decide to work on another thing before your first change
|
||||
is merged in.
|
||||
|
||||
GitHub has some pretty good
|
||||
[general documentation](http://help.github.com/) on using
|
||||
their site. They also have documentation on
|
||||
[creating pull requests](http://help.github.com/send-pull-requests/).
|
||||
|
||||
In general, after pushing your topic branch up to your
|
||||
repository on GitHub, you can switch to the branch in the
|
||||
GitHub UI and click "Pull Request" towards the top of the page
|
||||
in order to open a pull request.
|
||||
|
||||
|
||||
4. Update the related GitHub issue.
|
||||
|
||||
If there is a GitHub issue associated with the change you
|
||||
submitted, then you should update the ticket to include the
|
||||
location of your branch, along with any other commentary you
|
||||
may wish to make.
|
||||
|
||||
Testing
|
||||
=======
|
||||
|
||||
Getting Started
|
||||
---------------
|
||||
|
||||
Our puppet modules provide [`Gemfile`](./Gemfile)s which can tell a ruby
|
||||
package manager such as [bundler](http://bundler.io/) what Ruby packages,
|
||||
or Gems, are required to build, develop, and test this software.
|
||||
|
||||
Please make sure you have [bundler installed](http://bundler.io/#getting-started)
|
||||
on your system, then use it to install all dependencies needed for this project,
|
||||
by running
|
||||
|
||||
```shell
|
||||
% bundle install
|
||||
Fetching gem metadata from https://rubygems.org/........
|
||||
Fetching gem metadata from https://rubygems.org/..
|
||||
Using rake (10.1.0)
|
||||
Using builder (3.2.2)
|
||||
-- 8><-- many more --><8 --
|
||||
Using rspec-system-puppet (2.2.0)
|
||||
Using serverspec (0.6.3)
|
||||
Using rspec-system-serverspec (1.0.0)
|
||||
Using bundler (1.3.5)
|
||||
Your bundle is complete!
|
||||
Use `bundle show [gemname]` to see where a bundled gem is installed.
|
||||
```
|
||||
|
||||
NOTE some systems may require you to run this command with sudo.
|
||||
|
||||
If you already have those gems installed, make sure they are up-to-date:
|
||||
|
||||
```shell
|
||||
% bundle update
|
||||
```
|
||||
|
||||
With all dependencies in place and up-to-date we can now run the tests:
|
||||
|
||||
```shell
|
||||
% rake spec
|
||||
```
|
||||
|
||||
This will execute all the [rspec tests](http://rspec-puppet.com/) tests
|
||||
under [spec/defines](./spec/defines), [spec/classes](./spec/classes),
|
||||
and so on. rspec tests may have the same kind of dependencies as the
|
||||
module they are testing. While the module defines in its [Modulefile](./Modulefile),
|
||||
rspec tests define them in [.fixtures.yml](./fixtures.yml).
|
||||
|
||||
Some puppet modules also come with [beaker](https://github.com/puppetlabs/beaker)
|
||||
tests. These tests spin up a virtual machine under
|
||||
[VirtualBox](https://www.virtualbox.org/)) with, controlling it with
|
||||
[Vagrant](http://www.vagrantup.com/) to actually simulate scripted test
|
||||
scenarios. In order to run these, you will need both of those tools
|
||||
installed on your system.
|
||||
|
||||
You can run them by issuing the following command
|
||||
|
||||
```shell
|
||||
% rake spec_clean
|
||||
% rspec spec/acceptance
|
||||
```
|
||||
|
||||
This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml),
|
||||
install puppet, copy this module and install its dependencies per [spec/spec_helper_acceptance.rb](./spec/spec_helper_acceptance.rb)
|
||||
and then run all the tests under [spec/acceptance](./spec/acceptance).
|
||||
|
||||
Writing Tests
|
||||
-------------
|
||||
|
||||
XXX getting started writing tests.
|
||||
|
||||
If you have commit access to the repository
|
||||
===========================================
|
||||
|
||||
Even if you have commit access to the repository, you will still need to
|
||||
go through the process above, and have someone else review and merge
|
||||
in your changes. The rule is that all changes must be reviewed by a
|
||||
developer on the project (that did not write the code) to ensure that
|
||||
all changes go through a code review process.
|
||||
|
||||
Having someone other than the author of the topic branch recorded as
|
||||
performing the merge is the record that they performed the code
|
||||
review.
|
||||
|
||||
|
||||
Additional Resources
|
||||
====================
|
||||
|
||||
* [Getting additional help](http://projects.puppetlabs.com/projects/puppet/wiki/Getting_Help)
|
||||
|
||||
* [Writing tests](http://projects.puppetlabs.com/projects/puppet/wiki/Development_Writing_Tests)
|
||||
|
||||
* [Patchwork](https://patchwork.puppetlabs.com)
|
||||
|
||||
* [Contributor License Agreement](https://projects.puppetlabs.com/contributor_licenses/sign)
|
||||
|
||||
* [General GitHub documentation](http://help.github.com/)
|
||||
|
||||
* [GitHub pull request documentation](http://help.github.com/send-pull-requests/)
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
source ENV['GEM_SOURCE'] || "https://rubygems.org"
|
||||
|
||||
group :development, :test do
|
||||
gem 'rake', :require => false
|
||||
gem 'rspec-puppet', :require => false
|
||||
gem 'puppetlabs_spec_helper', :require => false
|
||||
gem 'serverspec', :require => false
|
||||
gem 'puppet-lint', :require => false
|
||||
gem 'beaker', :require => false
|
||||
gem 'beaker-rspec', :require => false
|
||||
gem 'pry', :require => false
|
||||
gem 'simplecov', :require => false
|
||||
end
|
||||
|
||||
if facterversion = ENV['FACTER_GEM_VERSION']
|
||||
gem 'facter', facterversion, :require => false
|
||||
else
|
||||
gem 'facter', :require => false
|
||||
end
|
||||
|
||||
if puppetversion = ENV['PUPPET_GEM_VERSION']
|
||||
gem 'puppet', puppetversion, :require => false
|
||||
else
|
||||
gem 'puppet', :require => false
|
||||
end
|
||||
|
||||
# vim:ft=ruby
|
|
@ -187,7 +187,7 @@
|
|||
same "printed page" as the copyright notice for easier
|
||||
identification within third-party archives.
|
||||
|
||||
Copyright [yyyy] [name of copyright owner]
|
||||
Copyright 2013 Puppet Labs
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
|
|
|
@ -1,10 +0,0 @@
|
|||
name 'inkling-postgresql'
|
||||
version '0.3.0'
|
||||
|
||||
author 'Inkling'
|
||||
license 'Apache'
|
||||
project_page 'https://github.com/inkling/puppet-postgresql'
|
||||
source 'git://github.com/inkling/puppet-postgresql.git'
|
||||
summary 'PostgreSQL defined resource types'
|
||||
description 'PostgreSQL defined resource types'
|
||||
dependency 'puppetlabs/stdlib', '>=2.4.0'
|
|
@ -0,0 +1,14 @@
|
|||
Puppetlabs postgresql module
|
||||
|
||||
Copyright 2012 Inkling Systems Inc
|
||||
Copyright 2012-2013 Puppet Labs Inc
|
||||
Copyright 2012-2013 Camptocamp SA.
|
||||
|
||||
This product includes software developed by:
|
||||
The Puppet Labs Inc (http://www.puppetlabs.com/).
|
||||
|
||||
This product includes also software developed by:
|
||||
Camptocamp SA (http://www.camptocamp.com/)
|
||||
|
||||
This product includes also software developed by:
|
||||
Inkling Systems Inc (https://www.inkling.com/)
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,10 @@
|
|||
require 'puppetlabs_spec_helper/rake_tasks'
|
||||
require 'puppet-lint/tasks/puppet-lint'
|
||||
|
||||
PuppetLint.configuration.fail_on_warnings
|
||||
PuppetLint.configuration.send('disable_80chars')
|
||||
PuppetLint.configuration.send('disable_class_inherits_from_params_class')
|
||||
PuppetLint.configuration.send('disable_class_parameter_defaults')
|
||||
PuppetLint.configuration.send('disable_documentation')
|
||||
PuppetLint.configuration.send('disable_single_quote_string_with_variables')
|
||||
PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"]
|
|
@ -0,0 +1,105 @@
|
|||
{
|
||||
"CHANGELOG.md": "ea6738ad1f9e633dc4cf1101e289e974",
|
||||
"CONTRIBUTING.md": "d911815dd7d0d90b90bb35382a6e3298",
|
||||
"Gemfile": "31d67830f694c2af4c709d46c513bbc7",
|
||||
"LICENSE": "746fe83ebbf8970af0a9ea13962293e9",
|
||||
"NOTICE": "d8ffc52f00e00877b45d2b77e709f69e",
|
||||
"README.md": "3077fc2132335540f9c943add9509c97",
|
||||
"Rakefile": "de8eeacfe1fbbc6a6f4d89adfc98bcaf",
|
||||
"files/RPM-GPG-KEY-PGDG": "78b5db170d33f80ad5a47863a7476b22",
|
||||
"files/validate_postgresql_connection.sh": "20301932819f035492a30880f5bf335a",
|
||||
"lib/puppet/parser/functions/postgresql_acls_to_resources_hash.rb": "d518a7959b950874820a3b0a7a324488",
|
||||
"lib/puppet/parser/functions/postgresql_escape.rb": "2e136fcd653ab38d831c5b40806d47d1",
|
||||
"lib/puppet/parser/functions/postgresql_password.rb": "820da02a888ab42357fe9bc2352b1c37",
|
||||
"lib/puppet/provider/postgresql_conf/parsed.rb": "53cacac5630209bd4a4ea62433fba764",
|
||||
"lib/puppet/provider/postgresql_psql/ruby.rb": "a3f6495a6e89bc02872a38fdef0afca8",
|
||||
"lib/puppet/type/postgresql_conf.rb": "4f333138a3689f9768e7fe4bc3cde9fd",
|
||||
"lib/puppet/type/postgresql_psql.rb": "e2e1339f5ea40a1aaf6ec25cdc966514",
|
||||
"manifests/client.pp": "40df70575ac00258147fcd0099a5cef8",
|
||||
"manifests/globals.pp": "718394a496dbfd3ae72b00cb62f27deb",
|
||||
"manifests/lib/devel.pp": "aae0c25df16515553d115ce2b0171bc2",
|
||||
"manifests/lib/java.pp": "ed639fd6ba8392cf4239cfe02be6ace5",
|
||||
"manifests/lib/perl.pp": "5213fb4284f041fe28a22d68119f646d",
|
||||
"manifests/lib/python.pp": "90736f86301c4c6401ec1180c176b616",
|
||||
"manifests/params.pp": "642bebc7e9845038b422a9abe67b7009",
|
||||
"manifests/repo/apt_postgresql_org.pp": "2ccfff0395c8e31989430112c29c4a1a",
|
||||
"manifests/repo/yum_postgresql_org.pp": "a11eba8a95f88604184a495aeca87b3b",
|
||||
"manifests/repo.pp": "974a70862512c950a8252d2c89140ed8",
|
||||
"manifests/server/config.pp": "e4872285ca3ed214818ae00e81f09c0d",
|
||||
"manifests/server/config_entry.pp": "fc121a375b2660f096ab5962532a1ce5",
|
||||
"manifests/server/contrib.pp": "a0aafd867ca7c932bee14ebf480bfacd",
|
||||
"manifests/server/database.pp": "3dd2146949e5f33d1c5b8a409d55580f",
|
||||
"manifests/server/database_grant.pp": "66e5470bb932b087b540c444ee49941b",
|
||||
"manifests/server/db.pp": "d38c925be1f0430a877706e7ce28faf1",
|
||||
"manifests/server/grant.pp": "b2ac20bf9fecb640c7fe6eba603d6e1b",
|
||||
"manifests/server/initdb.pp": "6532a6b1264cf173f22cf8267a13df6e",
|
||||
"manifests/server/install.pp": "ddd4000b5cee099a3d0ebed79fd458bb",
|
||||
"manifests/server/passwd.pp": "6f4fac48687bcc75c7e292d37977402c",
|
||||
"manifests/server/pg_hba_rule.pp": "2845af83d0d7904d028ebd642d2dd993",
|
||||
"manifests/server/pg_ident_rule.pp": "0fa70e2d42d17c59f41bd3351d5d96fb",
|
||||
"manifests/server/plperl.pp": "189c47d04158440874dc136ca2b3fd7a",
|
||||
"manifests/server/postgis.pp": "6ac7fbd262907bb1303aa29970e908eb",
|
||||
"manifests/server/reload.pp": "10a2e4ca749b4938cfdafda9d2384c7c",
|
||||
"manifests/server/role.pp": "54e2decad32ae5913ba736f793787fa2",
|
||||
"manifests/server/schema.pp": "f51db9b12c8eb3e05c3b04d06feaac9e",
|
||||
"manifests/server/service.pp": "cd054a4e7a2f1155c57c1c8091d14331",
|
||||
"manifests/server/table_grant.pp": "7fbf5eafa4e5191b93195b07ef839bf9",
|
||||
"manifests/server/tablespace.pp": "4f860e343038d7c5ecbd83b54784ef10",
|
||||
"manifests/server.pp": "6630c0b3551f7c09ce8b4924fb0210ca",
|
||||
"manifests/validate_db_connection.pp": "f1cfbec5b6bc0e1869db0a23185708d4",
|
||||
"metadata.json": "c616fc381ec21dac98c8d5de6e85c5a0",
|
||||
"spec/acceptance/alternative_port_spec.rb": "bb448ce71f022adfd02c8eac3ff3e9ec",
|
||||
"spec/acceptance/db_spec.rb": "72ddf3a6c94be14eceb187580922d041",
|
||||
"spec/acceptance/default_parameters_spec.rb": "e90626a6a1a84336b0829521ed89152e",
|
||||
"spec/acceptance/nodesets/centos-510-x64.yml": "5698f7e61292730c603e03f64fe19359",
|
||||
"spec/acceptance/nodesets/centos-59-x64.yml": "57eb3e471b9042a8ea40978c467f8151",
|
||||
"spec/acceptance/nodesets/centos-64-x64-pe.yml": "ec075d95760df3d4702abea1ce0a829b",
|
||||
"spec/acceptance/nodesets/centos-64-x64.yml": "9cde7b5d2ab6a42366d2344c264d6bdc",
|
||||
"spec/acceptance/nodesets/centos-65-x64.yml": "3e5c36e6aa5a690229e720f4048bb8af",
|
||||
"spec/acceptance/nodesets/debian-607-x64.yml": "d566bf76f534e2af7c9a4605316d232c",
|
||||
"spec/acceptance/nodesets/debian-73-x64.yml": "ba5a75e27644c48ad8f3564fb6d372a7",
|
||||
"spec/acceptance/nodesets/default.yml": "9cde7b5d2ab6a42366d2344c264d6bdc",
|
||||
"spec/acceptance/nodesets/ubuntu-server-10044-x64.yml": "75e86400b7889888dc0781c0ae1a1297",
|
||||
"spec/acceptance/nodesets/ubuntu-server-12042-x64.yml": "d30d73e34cd50b043c7d14e305955269",
|
||||
"spec/acceptance/nodesets/ubuntu-server-1404-x64.yml": "5f0aed10098ac5b78e4217bb27c7aaf0",
|
||||
"spec/acceptance/postgresql_psql_spec.rb": "49d18d6a30949658ed615c4d6a977ad4",
|
||||
"spec/acceptance/server/schema_spec.rb": "988aa84ae180a4508897abf6a7fdb39e",
|
||||
"spec/spec.opts": "a600ded995d948e393fbe2320ba8e51c",
|
||||
"spec/spec_helper.rb": "2c3b776fcf7328f372f63550663d05fd",
|
||||
"spec/spec_helper_acceptance.rb": "4b51b4c8b4db5150a79c4993f493f9a1",
|
||||
"spec/unit/classes/client_spec.rb": "6f59c2d1ad8d5afad545b7aa4f8f40fd",
|
||||
"spec/unit/classes/globals_spec.rb": "982e062a944229be31ed0ed61c39747d",
|
||||
"spec/unit/classes/lib/devel_spec.rb": "88653dbb9beb08865f916f33681283bb",
|
||||
"spec/unit/classes/lib/java_spec.rb": "2d8bd73fe651e9e62d0bba49abef292c",
|
||||
"spec/unit/classes/lib/perl_spec.rb": "748a923db31aa42b3ee2fa5ac534d0d6",
|
||||
"spec/unit/classes/lib/python_spec.rb": "085a1fd6809298d8774b8fd84157908d",
|
||||
"spec/unit/classes/params_spec.rb": "af9c9224fb32b0e64bf575275167bebf",
|
||||
"spec/unit/classes/repo_spec.rb": "cd1385198525063f7444fb7ef57b08cc",
|
||||
"spec/unit/classes/server/contrib_spec.rb": "a0334495869618a6b75858211fec8cc8",
|
||||
"spec/unit/classes/server/initdb_spec.rb": "ad013b15fc4d6cebb41710a4574c6c86",
|
||||
"spec/unit/classes/server/plperl_spec.rb": "5fb32ffacadf95aa84646e32017a30f4",
|
||||
"spec/unit/classes/server/postgis_spec.rb": "3975f38629148de15fd2cd87385f8e2e",
|
||||
"spec/unit/classes/server_spec.rb": "829f676aad162b2437a10d30c1840b51",
|
||||
"spec/unit/defines/server/config_entry_spec.rb": "1a7bc49ee464d83783a2b1ac0a24f6a2",
|
||||
"spec/unit/defines/server/database_grant_spec.rb": "52e7ba3370d10b7c23a7b29fffe1ff33",
|
||||
"spec/unit/defines/server/database_spec.rb": "122ec7e8b0072377e6b4f6d99cbd92aa",
|
||||
"spec/unit/defines/server/db_spec.rb": "918342fdfa76c9acf0e455fe4411a42a",
|
||||
"spec/unit/defines/server/grant_spec.rb": "5e6030fd1c268d88152f206701949122",
|
||||
"spec/unit/defines/server/pg_hba_rule_spec.rb": "753bd46601b1f5c261ebfebb259b85c0",
|
||||
"spec/unit/defines/server/pg_ident_rule_spec.rb": "51429e599dbf5ea5a167c8ac86c23ee4",
|
||||
"spec/unit/defines/server/role_spec.rb": "24fc9508a34a81dcbc19a4a553bf1e9b",
|
||||
"spec/unit/defines/server/schema_spec.rb": "d42e5fdee9427032df915f599a0f8de2",
|
||||
"spec/unit/defines/server/table_grant_spec.rb": "21e375467a0635194d0f2e5effdcf22a",
|
||||
"spec/unit/defines/server/tablespace_spec.rb": "ac4b95389354e2b489547f3a95441b61",
|
||||
"spec/unit/defines/validate_db_connection_spec.rb": "b4758bd989da37699d550e412bfbeb52",
|
||||
"spec/unit/functions/postgresql_acls_to_resources_hash_spec.rb": "ba576b0f385aa44fa352df6d5812f4ae",
|
||||
"spec/unit/functions/postgresql_escape_spec.rb": "ddf2f5498937840f8c55a5ff2d8e9cb1",
|
||||
"spec/unit/functions/postgresql_password_spec.rb": "8ca30e0a155e27dd3c161cea558a97eb",
|
||||
"spec/unit/provider/postgresql_conf/parsed_spec.rb": "b83f1991835a3b2e9d279c6dda2204f5",
|
||||
"spec/unit/puppet/provider/postgresql_psql/ruby_spec.rb": "790f304ac505fed3393e35485f9fff0f",
|
||||
"spec/unit/puppet/type/postgresql_psql_spec.rb": "394a71e3883e145ca8b588ce7bc2843b",
|
||||
"spec/unit/type/postgresql_conf_spec.rb": "069ce03012044d4864d7e81b60f022e0",
|
||||
"templates/pg_hba_rule.conf": "13b46eecdfd359eddff71fa485ef2f54",
|
||||
"templates/pg_ident_rule.conf": "444c85172fd44262344588e83ebb2515",
|
||||
"templates/systemd-port-override.erb": "9af958cfc89251d8b32dd27050f58826"
|
||||
}
|
|
@ -0,0 +1,30 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v1.4.7 (GNU/Linux)
|
||||
|
||||
mQGiBEeD8koRBACC1VBRsUwGr9gxFFRho9kZpdRUjBJoPhkeOTvp9LzkdAQMFngr
|
||||
BFi6N0ov1kCX7LLwBmDG+JPR7N+XcH9YR1coSHpLVg+JNy2kFDd4zAyWxJafjZ3a
|
||||
9zFg9Yx+0va1BJ2t4zVcmKS4aOfbgQ5KwIOWUujalQW5Y+Fw39Gn86qjbwCg5dIo
|
||||
tkM0l19h2sx50D027pV5aPsD/2c9pfcFTbMhB0CcKS836GH1qY+NCAdUwPs646ee
|
||||
Ex/k9Uy4qMwhl3HuCGGGa+N6Plyon7V0TzZuRGp/1742dE8IO+I/KLy2L1d1Fxrn
|
||||
XOTBZd8qe6nBwh12OMcKrsPBVBxn+iSkaG3ULsgOtx+HHLfa1/p22L5+GzGdxizr
|
||||
peBuA/90cCp+lYcEwdYaRoFVR501yDOTmmzBc1DrsyWP79QMEGzMqa393G0VnqXt
|
||||
L4pGmunq66Agw2EhPcIt3pDYiCmEt/obdVtSJH6BtmSDB/zYhbE8u3vLP3jfFDa9
|
||||
KXxgtYj0NvuUVoRmxSKm8jtfmj1L7zoKNz3jl+Ba3L0WxIv4+bRBUG9zdGdyZVNR
|
||||
TCBSUE0gQnVpbGRpbmcgUHJvamVjdCA8cGdzcWxycG1zLWhhY2tlcnNAcGdmb3Vu
|
||||
ZHJ5Lm9yZz6IYAQTEQIAIAUCR4PySgIbIwYLCQgHAwIEFQIIAwQWAgMBAh4BAheA
|
||||
AAoJEB8W0uFELfD4jnkAoMqd6ZwwsgYHZ3hP9vt+DJt1uDW7AKDbRwP8ESKFhwdJ
|
||||
8m91RPBeJW/tMLkCDQRHg/JKEAgA64+ZXgcERPYfZYo4p+yMTJAAa9aqnE3U4Ni6
|
||||
ZMB57GPuEy8NfbNya+HiftO8hoozmJdcI6XFyRBCDUVCdZ8SE+PJdOx2FFqZVIu6
|
||||
dKnr8ykhgLpNNEFDG3boK9UfLj/5lYQ3Y550Iym1QKOgyrJYeAp6sZ+Nx2PavsP3
|
||||
nMFCSD67BqAbcLCVQN7a2dAUXfEbfXJjPHXTbo1/kxtzE+KCRTLdXEbSEe3nHO04
|
||||
K/EgTBjeBUOxnciH5RylJ2oGy/v4xr9ed7R1jJtshsDKMdWApwoLlCBJ63jg/4T/
|
||||
z/OtXmu4AvmWaJxaTl7fPf2GqSqqb6jLCrQAH7AIhXr9V0zPZwADBQgAlpptNQHl
|
||||
u7euIdIujFwwcxyQGfee6BG+3zaNSEHMVQMuc6bxuvYmgM9r7aki/b0YMfjJBk8v
|
||||
OJ3Eh1vDH/woJi2iJ13vQ21ot+1JP3fMd6NPR8/qEeDnmVXu7QAtlkmSKI9Rdnjz
|
||||
FFSUJrQPHnKsH4V4uvAM+njwYD+VFiwlBPTKNeL8cdBb4tPN2cdVJzoAp57wkZAN
|
||||
VA2tKxNsTJKBi8wukaLWX8+yPHiWCNWItvyB4WCEp/rZKG4A868NM5sZQMAabpLd
|
||||
l4fTiGu68OYgK9qUPZvhEAL2C1jPDVHPkLm+ZsD+90Pe66w9vB00cxXuHLzm8Pad
|
||||
GaCXCY8h3xi6VIhJBBgRAgAJBQJHg/JKAhsMAAoJEB8W0uFELfD4K4cAoJ4yug8y
|
||||
1U0cZEiF5W25HDzMTtaDAKCaM1m3Cbd+AZ0NGWNg/VvIX9MsPA==
|
||||
=au6K
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
@ -0,0 +1,31 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
# usage is: validate_db_connection 2 50 psql
|
||||
|
||||
SLEEP=$1
|
||||
TRIES=$2
|
||||
PSQL=$3
|
||||
|
||||
STATE=1
|
||||
|
||||
for (( c=1; c<=$TRIES; c++ ))
|
||||
do
|
||||
echo $c
|
||||
if [ $c -gt 1 ]
|
||||
then
|
||||
echo 'sleeping'
|
||||
sleep $SLEEP
|
||||
fi
|
||||
|
||||
/bin/echo "SELECT 1" | $PSQL
|
||||
STATE=$?
|
||||
|
||||
if [ $STATE -eq 0 ]
|
||||
then
|
||||
exit 0
|
||||
fi
|
||||
done
|
||||
|
||||
echo 'Unable to connect to postgresql'
|
||||
|
||||
exit 1
|
|
@ -0,0 +1,76 @@
|
|||
module Puppet::Parser::Functions
|
||||
newfunction(:postgresql_acls_to_resources_hash, :type => :rvalue, :doc => <<-EOS
|
||||
This internal function translates the ipv(4|6)acls format into a resource
|
||||
suitable for create_resources. It is not intended to be used outside of the
|
||||
postgresql internal classes/defined resources.
|
||||
|
||||
This function accepts an array of strings that are pg_hba.conf rules. It
|
||||
will return a hash that can be fed into create_resources to create multiple
|
||||
individual pg_hba_rule resources.
|
||||
|
||||
The second parameter is an identifier that will be included in the namevar
|
||||
to provide uniqueness. It must be a string.
|
||||
|
||||
The third parameter is an order offset, so you can start the order at an
|
||||
arbitrary starting point.
|
||||
EOS
|
||||
) do |args|
|
||||
func_name = "postgresql_acls_to_resources_hash()"
|
||||
|
||||
raise(Puppet::ParseError, "#{func_name}: Wrong number of arguments " +
|
||||
"given (#{args.size} for 3)") if args.size != 3
|
||||
|
||||
acls = args[0]
|
||||
raise(Puppet::ParseError, "#{func_name}: first argument must be an array") \
|
||||
unless acls.instance_of? Array
|
||||
|
||||
id = args[1]
|
||||
raise(Puppet::ParseError, "#{func_name}: second argument must be a string") \
|
||||
unless id.instance_of? String
|
||||
|
||||
offset = args[2].to_i
|
||||
raise(Puppet::ParseError, "#{func_name}: third argument must be a number") \
|
||||
unless offset.instance_of? Fixnum
|
||||
|
||||
resources = {}
|
||||
acls.each do |acl|
|
||||
index = acls.index(acl)
|
||||
|
||||
parts = acl.split
|
||||
|
||||
raise(Puppet::ParseError, "#{func_name}: acl line #{index} does not " +
|
||||
"have enough parts") unless parts.length >= 4
|
||||
|
||||
resource = {
|
||||
'type' => parts[0],
|
||||
'database' => parts[1],
|
||||
'user' => parts[2],
|
||||
'order' => format('%03d', offset + index),
|
||||
}
|
||||
if parts[0] == 'local' then
|
||||
resource['auth_method'] = parts[3]
|
||||
if parts.length > 4 then
|
||||
resource['auth_option'] = parts.last(parts.length - 4).join(" ")
|
||||
end
|
||||
else
|
||||
if parts[4] =~ /^\d/
|
||||
resource['address'] = parts[3] + ' ' + parts[4]
|
||||
resource['auth_method'] = parts[5]
|
||||
|
||||
if parts.length > 6 then
|
||||
resource['auth_option'] = parts.last(parts.length - 6).join(" ")
|
||||
end
|
||||
else
|
||||
resource['address'] = parts[3]
|
||||
resource['auth_method'] = parts[4]
|
||||
|
||||
if parts.length > 5 then
|
||||
resource['auth_option'] = parts.last(parts.length - 5).join(" ")
|
||||
end
|
||||
end
|
||||
end
|
||||
resources["postgresql class generated rule #{id} #{index}"] = resource
|
||||
end
|
||||
resources
|
||||
end
|
||||
end
|
|
@ -0,0 +1,25 @@
|
|||
require 'digest/md5'
|
||||
|
||||
module Puppet::Parser::Functions
|
||||
newfunction(:postgresql_escape, :type => :rvalue, :doc => <<-EOS
|
||||
Safely escapes a string using $$ using a random tag which should be consistent
|
||||
EOS
|
||||
) do |args|
|
||||
|
||||
raise(Puppet::ParseError, "postgresql_escape(): Wrong number of arguments " +
|
||||
"given (#{args.size} for 1)") if args.size != 1
|
||||
|
||||
password = args[0]
|
||||
|
||||
if password !~ /\$\$/
|
||||
retval = "$$#{password}$$"
|
||||
else
|
||||
escape = Digest::MD5.hexdigest(password)[0..5].gsub(/\d/,'')
|
||||
until password !~ /#{escape}/
|
||||
escape = Digest::MD5.hexdigest(escape)[0..5].gsub(/\d/,'')
|
||||
end
|
||||
retval = "$#{escape}$#{password}$#{escape}$"
|
||||
end
|
||||
retval
|
||||
end
|
||||
end
|
|
@ -0,0 +1,37 @@
|
|||
require 'puppet/provider/parsedfile'
|
||||
|
||||
Puppet::Type.type(:postgresql_conf).provide(
|
||||
:parsed,
|
||||
:parent => Puppet::Provider::ParsedFile,
|
||||
:default_target => '/etc/postgresql.conf',
|
||||
:filetype => :flat
|
||||
) do
|
||||
desc "Set key/values in postgresql.conf."
|
||||
|
||||
text_line :comment, :match => /^\s*#/
|
||||
text_line :blank, :match => /^\s*$/
|
||||
|
||||
record_line :parsed,
|
||||
:fields => %w{name value comment},
|
||||
:optional => %w{comment},
|
||||
:match => /^\s*([\w\.]+)\s*=?\s*(.*?)(?:\s*#\s*(.*))?\s*$/,
|
||||
:to_line => proc { |h|
|
||||
|
||||
# simple string and numeric values don't need to be enclosed in quotes
|
||||
dontneedquote = h[:value].match(/^(\w+)$/)
|
||||
dontneedequal = h[:name].match(/^(include|include_if_exists)$/i)
|
||||
|
||||
str = h[:name].downcase # normalize case
|
||||
str += dontneedequal ? ' ' : ' = '
|
||||
str += "'" unless dontneedquote && !dontneedequal
|
||||
str += h[:value]
|
||||
str += "'" unless dontneedquote && !dontneedequal
|
||||
str += " # #{h[:comment]}" unless (h[:comment].nil? or h[:comment] == :absent)
|
||||
str
|
||||
},
|
||||
:post_parse => proc { |h|
|
||||
h[:name].downcase! # normalize case
|
||||
h[:value].gsub!(/(^'|'$)/, '') # strip out quotes
|
||||
}
|
||||
|
||||
end
|
|
@ -0,0 +1,46 @@
|
|||
Puppet::Type.type(:postgresql_psql).provide(:ruby) do
|
||||
|
||||
def run_unless_sql_command(sql)
|
||||
# for the 'unless' queries, we wrap the user's query in a 'SELECT COUNT',
|
||||
# which makes it easier to parse and process the output.
|
||||
run_sql_command('SELECT COUNT(*) FROM (' << sql << ') count')
|
||||
end
|
||||
|
||||
def run_sql_command(sql)
|
||||
if resource[:search_path]
|
||||
sql = "set search_path to #{Array(resource[:search_path]).join(',')}; #{sql}"
|
||||
end
|
||||
|
||||
command = [resource[:psql_path]]
|
||||
command.push("-d", resource[:db]) if resource[:db]
|
||||
command.push("-p", resource[:port]) if resource[:port]
|
||||
command.push("-t", "-c", sql)
|
||||
|
||||
if resource[:cwd]
|
||||
Dir.chdir resource[:cwd] do
|
||||
run_command(command, resource[:psql_user], resource[:psql_group])
|
||||
end
|
||||
else
|
||||
run_command(command, resource[:psql_user], resource[:psql_group])
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def run_command(command, user, group)
|
||||
if Puppet::PUPPETVERSION.to_f < 3.4
|
||||
Puppet::Util::SUIDManager.run_and_capture(command, user, group)
|
||||
else
|
||||
output = Puppet::Util::Execution.execute(command, {
|
||||
:uid => user,
|
||||
:gid => group,
|
||||
:failonfail => false,
|
||||
:combine => true,
|
||||
:override_locale => true,
|
||||
:custom_environment => {}
|
||||
})
|
||||
[output, $CHILD_STATUS.dup]
|
||||
end
|
||||
end
|
||||
|
||||
end
|
|
@ -0,0 +1,31 @@
|
|||
module Puppet
|
||||
newtype(:postgresql_conf) do
|
||||
|
||||
@doc = "This type allows puppet to manage postgresql.conf parameters."
|
||||
|
||||
ensurable
|
||||
|
||||
newparam(:name) do
|
||||
desc "The postgresql parameter name to manage."
|
||||
isnamevar
|
||||
|
||||
newvalues(/^[\w\.]+$/)
|
||||
end
|
||||
|
||||
newproperty(:value) do
|
||||
desc "The value to set for this parameter."
|
||||
end
|
||||
|
||||
newproperty(:target) do
|
||||
desc "The path to postgresql.conf"
|
||||
defaultto {
|
||||
if @resource.class.defaultprovider.ancestors.include?(Puppet::Provider::ParsedFile)
|
||||
@resource.class.defaultprovider.default_target
|
||||
else
|
||||
nil
|
||||
end
|
||||
}
|
||||
end
|
||||
|
||||
end
|
||||
end
|
|
@ -0,0 +1,101 @@
|
|||
Puppet::Type.newtype(:postgresql_psql) do
|
||||
|
||||
newparam(:name) do
|
||||
desc "An arbitrary tag for your own reference; the name of the message."
|
||||
isnamevar
|
||||
end
|
||||
|
||||
newproperty(:command) do
|
||||
desc 'The SQL command to execute via psql.'
|
||||
|
||||
defaultto { @resource[:name] }
|
||||
|
||||
# If needing to run the SQL command, return a fake value that will trigger
|
||||
# a sync, else return the expected SQL command so no sync takes place
|
||||
def retrieve
|
||||
if @resource.should_run_sql
|
||||
return :notrun
|
||||
else
|
||||
return self.should
|
||||
end
|
||||
end
|
||||
|
||||
def sync
|
||||
output, status = provider.run_sql_command(value)
|
||||
self.fail("Error executing SQL; psql returned #{status}: '#{output}'") unless status == 0
|
||||
end
|
||||
end
|
||||
|
||||
newparam(:unless) do
|
||||
desc "An optional SQL command to execute prior to the main :command; " +
|
||||
"this is generally intended to be used for idempotency, to check " +
|
||||
"for the existence of an object in the database to determine whether " +
|
||||
"or not the main SQL command needs to be executed at all."
|
||||
|
||||
# Return true if a matching row is found
|
||||
def matches(value)
|
||||
if Puppet::PUPPETVERSION.to_f < 4
|
||||
output, status = provider.run_unless_sql_command(value)
|
||||
else
|
||||
output = provider.run_unless_sql_command(value)
|
||||
status = output.exitcode
|
||||
end
|
||||
self.fail("Error evaluating 'unless' clause, returned #{status}: '#{output}'") unless status == 0
|
||||
|
||||
result_count = output.strip.to_i
|
||||
self.debug("Found #{result_count} row(s) executing 'unless' clause")
|
||||
result_count > 0
|
||||
end
|
||||
end
|
||||
|
||||
newparam(:db) do
|
||||
desc "The name of the database to execute the SQL command against."
|
||||
end
|
||||
|
||||
newparam(:port) do
|
||||
desc "The port of the database server to execute the SQL command against."
|
||||
end
|
||||
|
||||
newparam(:search_path) do
|
||||
desc "The schema search path to use when executing the SQL command"
|
||||
end
|
||||
|
||||
newparam(:psql_path) do
|
||||
desc "The path to psql executable."
|
||||
defaultto("psql")
|
||||
end
|
||||
|
||||
newparam(:psql_user) do
|
||||
desc "The system user account under which the psql command should be executed."
|
||||
defaultto("postgres")
|
||||
end
|
||||
|
||||
newparam(:psql_group) do
|
||||
desc "The system user group account under which the psql command should be executed."
|
||||
defaultto("postgres")
|
||||
end
|
||||
|
||||
newparam(:cwd, :parent => Puppet::Parameter::Path) do
|
||||
desc "The working directory under which the psql command should be executed."
|
||||
defaultto("/tmp")
|
||||
end
|
||||
|
||||
newparam(:refreshonly, :boolean => true) do
|
||||
desc "If 'true', then the SQL will only be executed via a notify/subscribe event."
|
||||
|
||||
defaultto(:false)
|
||||
newvalues(:true, :false)
|
||||
end
|
||||
|
||||
def should_run_sql(refreshing = false)
|
||||
unless_param = @parameters[:unless]
|
||||
return false if !unless_param.nil? && !unless_param.value.nil? && unless_param.matches(unless_param.value)
|
||||
return false if !refreshing && @parameters[:refreshonly].value == :true
|
||||
true
|
||||
end
|
||||
|
||||
def refresh
|
||||
self.property(:command).sync if self.should_run_sql(true)
|
||||
end
|
||||
|
||||
end
|
|
@ -0,0 +1,23 @@
|
|||
# Install client cli tool. See README.md for more details.
|
||||
class postgresql::client (
|
||||
$file_ensure = 'file',
|
||||
$package_name = $postgresql::params::client_package_name,
|
||||
$package_ensure = 'present'
|
||||
) inherits postgresql::params {
|
||||
validate_string($package_name)
|
||||
|
||||
package { 'postgresql-client':
|
||||
ensure => $package_ensure,
|
||||
name => $package_name,
|
||||
tag => 'postgresql',
|
||||
}
|
||||
|
||||
file { '/usr/local/bin/validate_postgresql_connection.sh':
|
||||
ensure => $file_ensure,
|
||||
source => 'puppet:///modules/postgresql/validate_postgresql_connection.sh',
|
||||
owner => 0,
|
||||
group => 0,
|
||||
mode => '0755',
|
||||
}
|
||||
|
||||
}
|
|
@ -1,64 +0,0 @@
|
|||
# Class: postgresql::config
|
||||
#
|
||||
# Parameters:
|
||||
#
|
||||
# [*postgres_password*] - postgres db user password.
|
||||
# [*ip_mask_deny_postgres_user*] - ip mask for denying remote access for postgres user; defaults to '0.0.0.0/0',
|
||||
# meaning that all TCP access for postgres user is denied.
|
||||
# [*ip_mask_allow_all_users*] - ip mask for allowing remote access for other users (besides postgres);
|
||||
# defaults to '127.0.0.1/32', meaning only allow connections from localhost
|
||||
# [*listen_addresses*] - what IP address(es) to listen on; comma-separated list of addresses; defaults to
|
||||
# 'localhost', '*' = all
|
||||
# [*pg_hba_conf_path*] - path to pg_hba.conf file
|
||||
# [*postgresql_conf_path*] - path to postgresql.conf file
|
||||
# [*manage_redhat_firewall*] - boolean indicating whether or not the module should open a port in the firewall on
|
||||
# redhat-based systems; this parameter is likely to change in future versions. Possible
|
||||
# changes include support for non-RedHat systems and finer-grained control over the
|
||||
# firewall rule (currently, it simply opens up the postgres port to all TCP connections).
|
||||
#
|
||||
#
|
||||
# Actions:
|
||||
#
|
||||
# Requires:
|
||||
#
|
||||
# Usage:
|
||||
#
|
||||
# class { 'postgresql::config':
|
||||
# postgres_password => 'postgres',
|
||||
# ip_mask_allow_all_users => '0.0.0.0/0',
|
||||
# }
|
||||
#
|
||||
class postgresql::config(
|
||||
$postgres_password = undef,
|
||||
$ip_mask_deny_postgres_user = $postgresql::params::ip_mask_deny_postgres_user,
|
||||
$ip_mask_allow_all_users = $postgresql::params::ip_mask_allow_all_users,
|
||||
$listen_addresses = $postgresql::params::listen_addresses,
|
||||
$pg_hba_conf_path = $postgresql::params::pg_hba_conf_path,
|
||||
$postgresql_conf_path = $postgresql::params::postgresql_conf_path,
|
||||
$manage_redhat_firewall = $postgresql::params::manage_redhat_firewall
|
||||
) inherits postgresql::params {
|
||||
|
||||
# Basically, all this class needs to handle is passing parameters on
|
||||
# to the "beforeservice" and "afterservice" classes, and ensure
|
||||
# the proper ordering.
|
||||
|
||||
class { "postgresql::config::beforeservice":
|
||||
ip_mask_deny_postgres_user => $ip_mask_deny_postgres_user,
|
||||
ip_mask_allow_all_users => $ip_mask_allow_all_users,
|
||||
listen_addresses => $listen_addresses,
|
||||
pg_hba_conf_path => $pg_hba_conf_path,
|
||||
postgresql_conf_path => $postgresql_conf_path,
|
||||
manage_redhat_firewall => $manage_redhat_firewall,
|
||||
}
|
||||
|
||||
class { "postgresql::config::afterservice":
|
||||
postgres_password => $postgres_password,
|
||||
}
|
||||
|
||||
Class['postgresql::config'] ->
|
||||
Class['postgresql::config::beforeservice'] ->
|
||||
Service['postgresqld'] ->
|
||||
Class['postgresql::config::afterservice']
|
||||
|
||||
|
||||
}
|
|
@ -1,44 +0,0 @@
|
|||
# Class: postgresql::config::afterservice
|
||||
#
|
||||
# Parameters:
|
||||
#
|
||||
# [*postgres_password*] - postgres db user password.
|
||||
#
|
||||
# Actions:
|
||||
#
|
||||
# Requires:
|
||||
#
|
||||
# Usage:
|
||||
# This class is not intended to be used directly; it is
|
||||
# managed by postgresl::config. It contains resources
|
||||
# that should be handled *after* the postgres service
|
||||
# has been started up.
|
||||
#
|
||||
# class { 'postgresql::config::afterservice':
|
||||
# postgres_password => 'postgres'
|
||||
# }
|
||||
#
|
||||
class postgresql::config::afterservice(
|
||||
$postgres_password = undef
|
||||
) inherits postgresql::params {
|
||||
if ($postgres_password != undef) {
|
||||
# NOTE: this password-setting logic relies on the pg_hba.conf being configured
|
||||
# to allow the postgres system user to connect via psql without specifying
|
||||
# a password ('ident', 'peer', or 'trust' security). This is the default
|
||||
# for pg_hba.conf.
|
||||
exec { 'set_postgres_postgrespw':
|
||||
# This command works w/no password because we run it as postgres system user
|
||||
command => "psql -c \"ALTER ROLE postgres PASSWORD '$postgres_password'\"",
|
||||
user => $postgresql::params::user,
|
||||
group => $postgresql::params::group,
|
||||
logoutput => true,
|
||||
cwd => '/tmp',
|
||||
# With this command we're passing -h to force TCP authentication, which does require
|
||||
# a password. We specify the password via the PGPASSWORD environment variable. If
|
||||
# the password is correct (current), this command will exit with an exit code of 0,
|
||||
# which will prevent the main command from running.
|
||||
unless => "env PGPASSWORD=\"$postgres_password\" psql -h localhost -c 'select 1' > /dev/null",
|
||||
path => '/usr/bin:/usr/local/bin',
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,85 +0,0 @@
|
|||
# Class: postgresql::config::beforeservice
|
||||
#
|
||||
# Parameters:
|
||||
#
|
||||
# [*ip_mask_deny_postgres_user*] - ip mask for denying remote access for postgres user; defaults to '0.0.0.0/0',
|
||||
# meaning that all TCP access for postgres user is denied.
|
||||
# [*ip_mask_allow_all_users*] - ip mask for allowing remote access for other users (besides postgres);
|
||||
# defaults to '127.0.0.1/32', meaning only allow connections from localhost
|
||||
# [*listen_addresses*] - what IP address(es) to listen on; comma-separated list of addresses; defaults to
|
||||
# 'localhost', '*' = all
|
||||
# [*pg_hba_conf_path*] - path to pg_hba.conf file
|
||||
# [*postgresql_conf_path*] - path to postgresql.conf file
|
||||
# [*manage_redhat_firewall*] - boolean indicating whether or not the module should open a port in the firewall on
|
||||
# redhat-based systems; this parameter is likely to change in future versions. Possible
|
||||
# changes include support for non-RedHat systems and finer-grained control over the
|
||||
# firewall rule (currently, it simply opens up the postgres port to all TCP connections).
|
||||
#
|
||||
# Actions:
|
||||
#
|
||||
# Requires:
|
||||
#
|
||||
# Usage:
|
||||
# This class is not intended to be used directly; it is
|
||||
# managed by postgresl::config. It contains resources
|
||||
# that should be handled *before* the postgres service
|
||||
# has been started up.
|
||||
#
|
||||
# class { 'postgresql::config::before_service':
|
||||
# ip_mask_allow_all_users => '0.0.0.0/0',
|
||||
# }
|
||||
#
|
||||
class postgresql::config::beforeservice(
|
||||
$ip_mask_deny_postgres_user = $postgresql::params::ip_mask_deny_postgres_user,
|
||||
$ip_mask_allow_all_users = $postgresql::params::ip_mask_allow_all_users,
|
||||
$listen_addresses = $postgresql::params::listen_addresses,
|
||||
$pg_hba_conf_path = $postgresql::params::pg_hba_conf_path,
|
||||
$postgresql_conf_path = $postgresql::params::postgresql_conf_path,
|
||||
$manage_redhat_firewall = $postgresql::params::manage_redhat_firewall
|
||||
) inherits postgresql::params {
|
||||
|
||||
File {
|
||||
owner => $postgresql::params::user,
|
||||
group => $postgresql::params::group,
|
||||
}
|
||||
|
||||
# We use a templated version of pg_hba.conf. Our main needs are to
|
||||
# make sure that md5 authentication can be made available for
|
||||
# remote hosts.
|
||||
file { 'pg_hba.conf':
|
||||
ensure => file,
|
||||
path => $pg_hba_conf_path,
|
||||
content => template("postgresql/pg_hba.conf.erb"),
|
||||
notify => Service['postgresqld'],
|
||||
}
|
||||
|
||||
# We must set a "listen_addresses" line in the postgresql.conf if we
|
||||
# want to allow any connections from remote hosts.
|
||||
file_line { 'postgresql.conf':
|
||||
path => $postgresql_conf_path,
|
||||
match => '^listen_addresses\s*=.*$',
|
||||
line => "listen_addresses = '${listen_addresses}'",
|
||||
notify => Service['postgresqld'],
|
||||
}
|
||||
|
||||
# TODO: is this a reasonable place for this firewall stuff?
|
||||
# TODO: figure out a way to make this not platform-specific; debian and ubuntu have
|
||||
# an out-of-the-box firewall configuration that seems trickier to manage
|
||||
# TODO: get rid of hard-coded port
|
||||
if ($manage_redhat_firewall and $firewall_supported) {
|
||||
exec { "persist-firewall":
|
||||
command => $persist_firewall_command,
|
||||
refreshonly => true,
|
||||
}
|
||||
|
||||
Firewall {
|
||||
notify => Exec["persist-firewall"]
|
||||
}
|
||||
|
||||
firewall { '5432 accept - postgres':
|
||||
port => '5432',
|
||||
proto => 'tcp',
|
||||
action => 'accept',
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,49 +0,0 @@
|
|||
# puppet-postgresql
|
||||
# For all details and documentation:
|
||||
# http://github.com/inkling/puppet-postgresql
|
||||
#
|
||||
# Copyright 2012- Inkling Systems, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# TODO: in order to match up more closely with the mysql module, this probably
|
||||
# needs to be moved over to ruby, and add support for ensurable.
|
||||
|
||||
define postgresql::database(
|
||||
$dbname = $title,
|
||||
$charset = 'UTF8')
|
||||
{
|
||||
require postgresql::params
|
||||
|
||||
if ($::postgres_default_version != "8.1") {
|
||||
$locale_option = "--locale=C"
|
||||
}
|
||||
|
||||
$createdb_command = "${postgresql::params::createdb_path} --template=template0 --encoding '$charset' $locale_option '$dbname'"
|
||||
|
||||
exec { $createdb_command :
|
||||
unless => "${postgresql::params::psql_path} --command=\"SELECT datname FROM pg_database WHERE datname=\'$dbname\' \" --pset=tuples_only | grep -q $dbname",
|
||||
user => 'postgres',
|
||||
}
|
||||
|
||||
# This will prevent users from connecting to the database unless they've been
|
||||
# granted privileges.
|
||||
postgresql::psql {"REVOKE CONNECT ON DATABASE $dbname FROM public":
|
||||
db => 'postgres',
|
||||
user => 'postgres',
|
||||
unless => 'SELECT 1 where 1 = 0',
|
||||
refreshonly => true,
|
||||
subscribe => Exec[$createdb_command],
|
||||
}
|
||||
|
||||
}
|
|
@ -1,58 +0,0 @@
|
|||
# puppet-postgresql
|
||||
# For all details and documentation:
|
||||
# http://github.com/inkling/puppet-postgresql
|
||||
#
|
||||
# Copyright 2012- Inkling Systems, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# TODO: in mysql module, the grant resource name might look like this: 'user@host/dbname';
|
||||
# I think that the API for the resource type should split these up, because it's
|
||||
# easier / safer to recombine them for mysql than it is to parse them for other
|
||||
# databases. Also, in the mysql module, the hostname portion of that string
|
||||
# affects the user's ability to connect from remote hosts. In postgres this is
|
||||
# managed via pg_hba.conf; not sure if we want to try to reconcile that difference
|
||||
# in the modules or not.
|
||||
|
||||
define postgresql::database_grant(
|
||||
# TODO: mysql supports an array of privileges here. We should do that if we
|
||||
# port this to ruby.
|
||||
$privilege,
|
||||
$db,
|
||||
$role,
|
||||
$psql_db = 'postgres',
|
||||
$psql_user='postgres'
|
||||
) {
|
||||
|
||||
# TODO: FIXME: only works on databases, due to using has_database_privilege
|
||||
|
||||
# TODO: this is a terrible hack; if they pass "ALL" as the desired privilege,
|
||||
# we need a way to test for it--and has_database_privilege does not recognize
|
||||
# 'ALL' as a valid privilege name. So we probably need to hard-code a mapping
|
||||
# between 'ALL' and the list of actual privileges that it entails, and loop
|
||||
# over them to check them. That sort of thing will probably need to wait until
|
||||
# we port this over to ruby, so, for now, we're just going to assume that if
|
||||
# they have "CREATE" privileges on a database, then they have "ALL". (I told
|
||||
# you that it was terrible!)
|
||||
$unless_privilege = $privilege ? {
|
||||
'ALL' => 'CREATE',
|
||||
default => $privilege,
|
||||
}
|
||||
|
||||
postgresql::psql {"GRANT $privilege ON database $db TO $role":
|
||||
db => $psql_db,
|
||||
user => $psql_user,
|
||||
unless => "SELECT 1 WHERE has_database_privilege('$role', '$db', '$unless_privilege')",
|
||||
}
|
||||
}
|
||||
|
|
@ -1,56 +0,0 @@
|
|||
# puppet-postgresql
|
||||
# For all details and documentation:
|
||||
# http://github.com/inkling/puppet-postgresql
|
||||
#
|
||||
# Copyright 2012- Inkling Systems, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# Define: postgresql::database_user
|
||||
#
|
||||
# This type creates a postgres database user.
|
||||
#
|
||||
# Parameters:
|
||||
# [*user*] - username to create.
|
||||
# [*password_hash*] - user's password; this may be clear text, or an md5 hash as returned by the
|
||||
# "postgresql_password" function in this module.
|
||||
#
|
||||
# Actions:
|
||||
#
|
||||
# Requires:
|
||||
#
|
||||
#
|
||||
# Sample Usage:
|
||||
#
|
||||
# postgresql::database_user { 'frank':
|
||||
# password_hash => postgresql_password('frank', 'password'),
|
||||
# }
|
||||
#
|
||||
|
||||
define postgresql::database_user(
|
||||
$user=$title,
|
||||
$password_hash,
|
||||
$db = 'postgres',
|
||||
$createdb=false,
|
||||
$superuser=false,
|
||||
$createrole=false
|
||||
) {
|
||||
postgresql::role {$user:
|
||||
db => $db,
|
||||
password_hash => $password_hash,
|
||||
login => true,
|
||||
createdb => $createdb,
|
||||
superuser => $superuser,
|
||||
createrole => $createrole,
|
||||
}
|
||||
}
|
|
@ -1,65 +0,0 @@
|
|||
# Define: postgresql::db
|
||||
#
|
||||
# This module creates database instances, a user, and grants that user
|
||||
# privileges to the database.
|
||||
#
|
||||
# Since it requires class postgresql::server, we assume to run all commands as the
|
||||
# postgresql user against the local postgresql server.
|
||||
#
|
||||
# TODO: support an array of privileges for "grant"; currently only supports a single
|
||||
# privilege, which is pretty useless unless that privilege is "ALL"
|
||||
#
|
||||
# Parameters:
|
||||
# [*title*] - postgresql database name.
|
||||
# [*user*] - username to create and grant access.
|
||||
# [*password*] - user's password. may be md5-encoded, in the format returned by the "postgresql_password"
|
||||
# function in this module
|
||||
# [*charset*] - database charset.
|
||||
# [*grant*] - privilege to grant user.
|
||||
#
|
||||
# Actions:
|
||||
#
|
||||
# Requires:
|
||||
#
|
||||
# class postgresql::server
|
||||
#
|
||||
# Sample Usage:
|
||||
#
|
||||
# postgresql::db { 'mydb':
|
||||
# user => 'my_user',
|
||||
# password => 'password',
|
||||
# grant => 'all'
|
||||
# }
|
||||
#
|
||||
define postgresql::db (
|
||||
$user,
|
||||
$password,
|
||||
$charset = 'utf8',
|
||||
$grant = 'ALL'
|
||||
) {
|
||||
|
||||
postgresql::database { $name:
|
||||
# TODO: ensure is not yet supported
|
||||
#ensure => present,
|
||||
charset => $charset,
|
||||
#provider => 'postgresql',
|
||||
require => Class['postgresql::server'],
|
||||
}
|
||||
|
||||
postgresql::database_user { "${user}":
|
||||
# TODO: ensure is not yet supported
|
||||
#ensure => present,
|
||||
password_hash => $password,
|
||||
#provider => 'postgresql',
|
||||
require => Postgresql::Database[$name],
|
||||
}
|
||||
|
||||
postgresql::database_grant { "GRANT ${user} - ${grant} - ${name}":
|
||||
privilege => $grant,
|
||||
db => $name,
|
||||
role => $user,
|
||||
#provider => 'postgresql',
|
||||
require => Postgresql::Database_user["${user}"],
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,118 @@
|
|||
# Class for setting cross-class global overrides. See README.md for more
|
||||
# details.
|
||||
class postgresql::globals (
|
||||
$client_package_name = undef,
|
||||
$server_package_name = undef,
|
||||
$contrib_package_name = undef,
|
||||
$devel_package_name = undef,
|
||||
$java_package_name = undef,
|
||||
$perl_package_name = undef,
|
||||
$plperl_package_name = undef,
|
||||
$python_package_name = undef,
|
||||
$postgis_package_name = undef,
|
||||
|
||||
$service_name = undef,
|
||||
$service_provider = undef,
|
||||
$service_status = undef,
|
||||
$default_database = undef,
|
||||
|
||||
$initdb_path = undef,
|
||||
$createdb_path = undef,
|
||||
$psql_path = undef,
|
||||
$pg_hba_conf_path = undef,
|
||||
$pg_ident_conf_path = undef,
|
||||
$postgresql_conf_path = undef,
|
||||
|
||||
$pg_hba_conf_defaults = undef,
|
||||
|
||||
$datadir = undef,
|
||||
$confdir = undef,
|
||||
$bindir = undef,
|
||||
$xlogdir = undef,
|
||||
|
||||
$user = undef,
|
||||
$group = undef,
|
||||
|
||||
$version = undef,
|
||||
$postgis_version = undef,
|
||||
|
||||
$needs_initdb = undef,
|
||||
|
||||
$encoding = undef,
|
||||
$locale = undef,
|
||||
|
||||
$manage_pg_hba_conf = undef,
|
||||
$manage_pg_ident_conf = undef,
|
||||
|
||||
$manage_package_repo = undef
|
||||
) {
|
||||
# We are determining this here, because it is needed by the package repo
|
||||
# class.
|
||||
$default_version = $::osfamily ? {
|
||||
/^(RedHat|Linux)/ => $::operatingsystem ? {
|
||||
'Fedora' => $::operatingsystemrelease ? {
|
||||
/^(18|19|20)$/ => '9.2',
|
||||
/^(17)$/ => '9.1',
|
||||
default => undef,
|
||||
},
|
||||
'Amazon' => '9.2',
|
||||
default => $::operatingsystemrelease ? {
|
||||
/^7\./ => '9.2',
|
||||
/^6\./ => '8.4',
|
||||
/^5\./ => '8.1',
|
||||
default => undef,
|
||||
},
|
||||
},
|
||||
'Debian' => $::operatingsystem ? {
|
||||
'Debian' => $::operatingsystemrelease ? {
|
||||
/^6\./ => '8.4',
|
||||
/^(wheezy|7\.)/ => '9.1',
|
||||
/^(jessie|8\.)/ => '9.3',
|
||||
default => undef,
|
||||
},
|
||||
'Ubuntu' => $::operatingsystemrelease ? {
|
||||
/^(14.04)$/ => '9.3',
|
||||
/^(11.10|12.04|12.10|13.04|13.10)$/ => '9.1',
|
||||
/^(10.04|10.10|11.04)$/ => '8.4',
|
||||
default => undef,
|
||||
},
|
||||
default => undef,
|
||||
},
|
||||
'Archlinux' => $::operatingsystem ? {
|
||||
/Archlinux/ => '9.2',
|
||||
default => '9.2',
|
||||
},
|
||||
'FreeBSD' => '93',
|
||||
'Suse' => $::operatingsystem ? {
|
||||
'SLES' => '91',
|
||||
default => undef,
|
||||
},
|
||||
default => undef,
|
||||
}
|
||||
$globals_version = pick($version, $default_version, 'unknown')
|
||||
if($globals_version == 'unknown') {
|
||||
fail('No preferred version defined or automatically detected.')
|
||||
}
|
||||
|
||||
$default_postgis_version = $globals_version ? {
|
||||
'8.1' => '1.3.6',
|
||||
'8.4' => '1.5',
|
||||
'9.0' => '1.5',
|
||||
'9.1' => '1.5',
|
||||
'91' => '1.5',
|
||||
'9.2' => '2.0',
|
||||
'9.3' => '2.1',
|
||||
default => undef,
|
||||
}
|
||||
$globals_postgis_version = pick($postgis_version, $default_postgis_version)
|
||||
|
||||
# Setup of the repo only makes sense globally, so we are doing this here.
|
||||
if($manage_package_repo) {
|
||||
# Workaround the lack of RHEL7 repositories for now.
|
||||
if ! ($::operatingsystem == 'RedHat' and $::operatingsystemrelease =~ /^7/) {
|
||||
class { 'postgresql::repo':
|
||||
version => $globals_version
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,24 +0,0 @@
|
|||
# Class: postgresql
|
||||
#
|
||||
# This class installs postgresql client software.
|
||||
#
|
||||
# Parameters:
|
||||
# [*client_package_name*] - The name of the postgresql client package.
|
||||
#
|
||||
# Actions:
|
||||
#
|
||||
# Requires:
|
||||
#
|
||||
# Sample Usage:
|
||||
#
|
||||
class postgresql (
|
||||
$package_name = $postgresql::params::client_package_name,
|
||||
$package_ensure = 'present'
|
||||
) inherits postgresql::params {
|
||||
|
||||
package { 'postgresql_client':
|
||||
name => $package_name,
|
||||
ensure => $package_ensure,
|
||||
}
|
||||
|
||||
}
|
|
@ -1,33 +0,0 @@
|
|||
# puppet-postgresql
|
||||
# For all details and documentation:
|
||||
# http://github.com/inkling/puppet-postgresql
|
||||
#
|
||||
# Copyright 2012- Inkling Systems, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
class postgresql::initdb(
|
||||
$datadir = $postgresql::params::datadir,
|
||||
$initdb_path = $postgresql::params::initdb_path,
|
||||
$user = 'postgres',
|
||||
$group = 'postgres',
|
||||
$encoding = 'UTF8',
|
||||
$options=''
|
||||
) inherits postgresql::params {
|
||||
|
||||
exec {"${initdb_path} --encoding '$encoding' --pgdata '$datadir'":
|
||||
creates => "${datadir}/PG_VERSION",
|
||||
user => "$user",
|
||||
group => "$group",
|
||||
}
|
||||
}
|
|
@ -0,0 +1,26 @@
|
|||
# This class installs postgresql development libraries. See README.md for more
|
||||
# details.
|
||||
class postgresql::lib::devel(
|
||||
$package_name = $postgresql::params::devel_package_name,
|
||||
$package_ensure = 'present',
|
||||
$link_pg_config = true
|
||||
) inherits postgresql::params {
|
||||
|
||||
validate_string($package_name)
|
||||
|
||||
package { 'postgresql-devel':
|
||||
ensure => $package_ensure,
|
||||
name => $package_name,
|
||||
tag => 'postgresql',
|
||||
}
|
||||
|
||||
if $link_pg_config {
|
||||
if ( $postgresql::params::bindir != '/usr/bin' and $postgresql::params::bindir != '/usr/local/bin') {
|
||||
file {'/usr/bin/pg_config':
|
||||
ensure => link,
|
||||
target => "${postgresql::params::bindir}/pg_config",
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,16 @@
|
|||
# This class installs the postgresql jdbc connector. See README.md for more
|
||||
# details.
|
||||
class postgresql::lib::java (
|
||||
$package_name = $postgresql::params::java_package_name,
|
||||
$package_ensure = 'present'
|
||||
) inherits postgresql::params {
|
||||
|
||||
validate_string($package_name)
|
||||
|
||||
package { 'postgresql-jdbc':
|
||||
ensure => $package_ensure,
|
||||
name => $package_name,
|
||||
tag => 'postgresql',
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
# This class installs the perl libs for postgresql. See README.md for more
|
||||
# details.
|
||||
class postgresql::lib::perl(
|
||||
$package_name = $postgresql::params::perl_package_name,
|
||||
$package_ensure = 'present'
|
||||
) inherits postgresql::params {
|
||||
|
||||
package { 'perl-DBD-Pg':
|
||||
ensure => $package_ensure,
|
||||
name => $package_name,
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
# This class installs the python libs for postgresql. See README.md for more
|
||||
# details.
|
||||
class postgresql::lib::python(
|
||||
$package_name = $postgresql::params::python_package_name,
|
||||
$package_ensure = 'present'
|
||||
) inherits postgresql::params {
|
||||
|
||||
package { 'python-psycopg2':
|
||||
ensure => $package_ensure,
|
||||
name => $package_name,
|
||||
}
|
||||
|
||||
}
|
|
@ -1,90 +1,215 @@
|
|||
# Class: postgresql::params
|
||||
#
|
||||
# The postgresql configuration settings.
|
||||
#
|
||||
# Parameters:
|
||||
#
|
||||
# Actions:
|
||||
#
|
||||
# Requires:
|
||||
#
|
||||
# Sample Usage:
|
||||
#
|
||||
class postgresql::params {
|
||||
$user = 'postgres'
|
||||
$group = 'postgres'
|
||||
$ip_mask_deny_postgres_user = '0.0.0.0/0'
|
||||
$ip_mask_allow_all_users = '127.0.0.1/32'
|
||||
$listen_addresses = 'localhost'
|
||||
# TODO: figure out a way to make this not platform-specific
|
||||
$manage_redhat_firewall = false
|
||||
|
||||
# This is a bit hacky, but if the puppet nodes don't have pluginsync enabled,
|
||||
# they will fail with a not-so-helpful error message. Here we are explicitly
|
||||
# verifying that the custom fact exists (which implies that pluginsync is
|
||||
# enabled and succeeded). If not, we fail with a hint that tells the user
|
||||
# that pluginsync might not be enabled. Ideally this would be handled directly
|
||||
# in puppet.
|
||||
if ($::postgres_default_version == undef) {
|
||||
fail "No value for postgres_default_version facter fact; it's possible that you don't have pluginsync enabled."
|
||||
}
|
||||
|
||||
case $::operatingsystem {
|
||||
default: {
|
||||
$service_provider = undef
|
||||
}
|
||||
}
|
||||
# PRIVATE CLASS: do not use directly
|
||||
class postgresql::params inherits postgresql::globals {
|
||||
$version = $globals_version
|
||||
$postgis_version = $globals_postgis_version
|
||||
$listen_addresses = 'localhost'
|
||||
$port = 5432
|
||||
$ip_mask_deny_postgres_user = '0.0.0.0/0'
|
||||
$ip_mask_allow_all_users = '127.0.0.1/32'
|
||||
$ipv4acls = []
|
||||
$ipv6acls = []
|
||||
$encoding = $encoding
|
||||
$locale = $locale
|
||||
$service_ensure = 'running'
|
||||
$service_enable = true
|
||||
$service_provider = $service_provider
|
||||
$manage_pg_hba_conf = pick($manage_pg_hba_conf, true)
|
||||
$manage_pg_ident_conf = pick($manage_pg_ident_conf, true)
|
||||
$package_ensure = 'present'
|
||||
|
||||
# Amazon Linux's OS Family is 'Linux', operating system 'Amazon'.
|
||||
case $::osfamily {
|
||||
'RedHat': {
|
||||
$service_name = 'postgresql'
|
||||
$client_package_name = 'postgresql'
|
||||
$server_package_name = 'postgresql-server'
|
||||
$needs_initdb = true
|
||||
$initdb_path = '/usr/bin/initdb'
|
||||
$createdb_path = '/usr/bin/createdb'
|
||||
$psql_path = '/usr/bin/psql'
|
||||
$datadir = '/var/lib/pgsql/data/'
|
||||
$pg_hba_conf_path = '/var/lib/pgsql/data/pg_hba.conf'
|
||||
$postgresql_conf_path = '/var/lib/pgsql/data/postgresql.conf'
|
||||
$firewall_supported = true
|
||||
$persist_firewall_command = '/sbin/iptables-save > /etc/sysconfig/iptables'
|
||||
'RedHat', 'Linux': {
|
||||
$user = pick($user, 'postgres')
|
||||
$group = pick($group, 'postgres')
|
||||
$needs_initdb = pick($needs_initdb, true)
|
||||
$version_parts = split($version, '[.]')
|
||||
$package_version = "${version_parts[0]}${version_parts[1]}"
|
||||
|
||||
if $version == $default_version {
|
||||
$client_package_name = pick($client_package_name, 'postgresql')
|
||||
$server_package_name = pick($server_package_name, 'postgresql-server')
|
||||
$contrib_package_name = pick($contrib_package_name,'postgresql-contrib')
|
||||
$devel_package_name = pick($devel_package_name, 'postgresql-devel')
|
||||
$java_package_name = pick($java_package_name, 'postgresql-jdbc')
|
||||
$plperl_package_name = pick($plperl_package_name, 'postgresql-plperl')
|
||||
$service_name = pick($service_name, 'postgresql')
|
||||
$bindir = pick($bindir, '/usr/bin')
|
||||
$datadir = $::operatingsystem ? {
|
||||
'Amazon' => pick($datadir, '/var/lib/pgsql9/data'),
|
||||
default => pick($datadir, '/var/lib/pgsql/data'),
|
||||
}
|
||||
$confdir = pick($confdir, $datadir)
|
||||
} else {
|
||||
$client_package_name = pick($client_package_name, "postgresql${package_version}")
|
||||
$server_package_name = pick($server_package_name, "postgresql${package_version}-server")
|
||||
$contrib_package_name = pick($contrib_package_name,"postgresql${package_version}-contrib")
|
||||
$devel_package_name = pick($devel_package_name, "postgresql${package_version}-devel")
|
||||
$java_package_name = pick($java_package_name, "postgresql${package_version}-jdbc")
|
||||
$plperl_package_name = pick($plperl_package_name, "postgresql${package_version}-plperl")
|
||||
$service_name = pick($service_name, "postgresql-${version}")
|
||||
$bindir = pick($bindir, "/usr/pgsql-${version}/bin")
|
||||
$datadir = $::operatingsystem ? {
|
||||
'Amazon' => pick($datadir, "/var/lib/pgsql9/${version}/data"),
|
||||
default => pick($datadir, "/var/lib/pgsql/${version}/data"),
|
||||
}
|
||||
$confdir = pick($confdir, $datadir)
|
||||
}
|
||||
$psql_path = pick($psql_path, "${bindir}/psql")
|
||||
|
||||
$service_status = $service_status
|
||||
$perl_package_name = pick($perl_package_name, 'perl-DBD-Pg')
|
||||
$python_package_name = pick($python_package_name, 'python-psycopg2')
|
||||
|
||||
$postgis_package_name = pick(
|
||||
$postgis_package_name,
|
||||
$::operatingsystemrelease ? {
|
||||
/5/ => 'postgis',
|
||||
default => versioncmp($postgis_version, '2') ? {
|
||||
'-1' => "postgis${package_version}",
|
||||
default => "postgis2_${package_version}",}
|
||||
}
|
||||
)
|
||||
}
|
||||
|
||||
'Archlinux': {
|
||||
$needs_initdb = pick($needs_initdb, true)
|
||||
$user = pick($user, 'postgres')
|
||||
$group = pick($group, 'postgres')
|
||||
|
||||
# Archlinux doesn't have a client-package but has a libs package which
|
||||
# pulls in postgresql server
|
||||
$client_package_name = pick($client_package_name, 'postgresql')
|
||||
$server_package_name = pick($server_package_name, 'postgresql-libs')
|
||||
$java_package_name = pick($java_package_name, 'postgresql-jdbc')
|
||||
# Archlinux doesn't have develop packages
|
||||
$devel_package_name = pick($devel_package_name, 'postgresql-devel')
|
||||
# Archlinux does have postgresql-contrib but it isn't maintained
|
||||
$contrib_package_name = pick($contrib_package_name,'undef')
|
||||
# Archlinux postgresql package provides plperl
|
||||
$plperl_package_name = pick($plperl_package_name, 'undef')
|
||||
$service_name = pick($service_name, 'postgresql')
|
||||
$bindir = pick($bindir, '/usr/bin')
|
||||
$datadir = pick($datadir, '/var/lib/postgres/data')
|
||||
$confdir = pick($confdir, $datadir)
|
||||
$psql_path = pick($psql_path, "${bindir}/psql")
|
||||
|
||||
$service_status = $service_status
|
||||
$python_package_name = pick($python_package_name, 'python-psycopg2')
|
||||
# Archlinux does not have a perl::DBD::Pg package
|
||||
$perl_package_name = pick($perl_package_name, 'undef')
|
||||
}
|
||||
|
||||
'Debian': {
|
||||
case $::operatingsystem {
|
||||
'Debian': {
|
||||
$service_name = "postgresql"
|
||||
}
|
||||
$user = pick($user, 'postgres')
|
||||
$group = pick($group, 'postgres')
|
||||
|
||||
'Ubuntu': {
|
||||
case $::lsbmajdistrelease {
|
||||
# thanks, ubuntu
|
||||
'10': { $service_name = "postgresql-${::postgres_default_version}" }
|
||||
default: { $service_name = "postgresql" }
|
||||
}
|
||||
if $manage_package_repo == true {
|
||||
$needs_initdb = pick($needs_initdb, true)
|
||||
$service_name = pick($service_name, 'postgresql')
|
||||
} else {
|
||||
$needs_initdb = pick($needs_initdb, false)
|
||||
$service_name = $::operatingsystem ? {
|
||||
'Debian' => pick($service_name, 'postgresql'),
|
||||
'Ubuntu' => $::lsbmajdistrelease ? {
|
||||
/^10/ => pick($service_name, "postgresql-${version}"),
|
||||
default => pick($service_name, 'postgresql'),
|
||||
},
|
||||
default => undef
|
||||
}
|
||||
}
|
||||
|
||||
$client_package_name = 'postgresql-client'
|
||||
$server_package_name = 'postgresql'
|
||||
$needs_initdb = false
|
||||
$initdb_path = "/usr/lib/postgresql/${::postgres_default_version}/bin/initdb"
|
||||
$createdb_path = "/usr/lib/postgresql/${::postgres_default_version}/bin/createdb"
|
||||
$psql_path = "/usr/lib/postgresql/${::postgres_default_version}/bin/psql"
|
||||
$datadir = "/var/lib/postgresql/${::postgres_default_version}/main"
|
||||
$pg_hba_conf_path = "/etc/postgresql/${::postgres_default_version}/main/pg_hba.conf"
|
||||
$postgresql_conf_path = "/etc/postgresql/${::postgres_default_version}/main/postgresql.conf"
|
||||
$firewall_supported = false
|
||||
# TODO: not exactly sure yet what the right thing to do for Debian/Ubuntu is.
|
||||
#$persist_firewall_command = '/sbin/iptables-save > /etc/iptables/rules.v4'
|
||||
$client_package_name = pick($client_package_name, "postgresql-client-${version}")
|
||||
$server_package_name = pick($server_package_name, "postgresql-${version}")
|
||||
$contrib_package_name = pick($contrib_package_name, "postgresql-contrib-${version}")
|
||||
$postgis_package_name = pick(
|
||||
$postgis_package_name,
|
||||
versioncmp($postgis_version, '2') ? {
|
||||
'-1' => "postgresql-${version}-postgis",
|
||||
default => "postgresql-${version}-postgis-${postgis_version}",
|
||||
}
|
||||
)
|
||||
$devel_package_name = pick($devel_package_name, 'libpq-dev')
|
||||
$java_package_name = pick($java_package_name, 'libpostgresql-jdbc-java')
|
||||
$perl_package_name = pick($perl_package_name, 'libdbd-pg-perl')
|
||||
$plperl_package_name = pick($plperl_package_name, "postgresql-plperl-${version}")
|
||||
$python_package_name = pick($python_package_name, 'python-psycopg2')
|
||||
|
||||
$bindir = pick($bindir, "/usr/lib/postgresql/${version}/bin")
|
||||
$datadir = pick($datadir, "/var/lib/postgresql/${version}/main")
|
||||
$confdir = pick($confdir, "/etc/postgresql/${version}/main")
|
||||
$service_status = pick($service_status, "/etc/init.d/${service_name} status | /bin/egrep -q 'Running clusters: .+|online'")
|
||||
$psql_path = pick($psql_path, "/usr/bin/psql")
|
||||
}
|
||||
|
||||
'FreeBSD': {
|
||||
$user = pick($user, 'pgsql')
|
||||
$group = pick($group, 'pgsql')
|
||||
|
||||
$client_package_name = pick($client_package_name, "databases/postgresql${version}-client")
|
||||
$server_package_name = pick($server_package_name, "databases/postgresql${version}-server")
|
||||
$contrib_package_name = pick($contrib_package_name, "databases/postgresql${version}-contrib")
|
||||
$devel_package_name = pick($devel_package_name, 'databases/postgresql-libpqxx3')
|
||||
$java_package_name = pick($java_package_name, 'databases/postgresql-jdbc')
|
||||
$perl_package_name = pick($plperl_package_name, 'databases/p5-DBD-Pg')
|
||||
$plperl_package_name = pick($plperl_package_name, "databases/postgresql${version}-plperl")
|
||||
$python_package_name = pick($python_package_name, 'databases/py-psycopg2')
|
||||
|
||||
$service_name = pick($service_name, 'postgresql')
|
||||
$bindir = pick($bindir, '/usr/local/bin')
|
||||
$datadir = pick($datadir, '/usr/local/pgsql/data')
|
||||
$confdir = pick($confdir, $datadir)
|
||||
$service_status = pick($service_status, "/usr/local/etc/rc.d/${service_name} status")
|
||||
$psql_path = pick($psql_path, "${bindir}/psql")
|
||||
|
||||
$needs_initdb = pick($needs_initdb, true)
|
||||
}
|
||||
|
||||
'Suse': {
|
||||
$user = pick($user, 'postgres')
|
||||
$group = pick($group, 'postgres')
|
||||
|
||||
$client_package_name = pick($client_package_name, "postgresql${version}")
|
||||
$server_package_name = pick($server_package_name, "postgresql${version}-server")
|
||||
$contrib_package_name = pick($contrib_package_name, "postgresql${version}-contrib")
|
||||
$devel_package_name = pick($devel_package_name, "postgresql${version}-devel")
|
||||
$java_package_name = pick($java_package_name, undef)
|
||||
$perl_package_name = pick($plperl_package_name, undef)
|
||||
$plperl_package_name = pick($plperl_package_name, undef)
|
||||
$python_package_name = pick($python_package_name, undef)
|
||||
|
||||
$service_name = pick($service_name, 'postgresql')
|
||||
$bindir = pick($bindir, "/usr/lib/postgresql${version}/bin")
|
||||
$datadir = pick($datadir, '/var/lib/pgsql/data')
|
||||
$confdir = pick($confdir, $datadir)
|
||||
$service_status = pick($service_status, "/etc/init.d/${service_name} status")
|
||||
$psql_path = pick($psql_path, "${bindir}/psql")
|
||||
|
||||
$needs_initdb = pick($needs_initdb, true)
|
||||
}
|
||||
|
||||
default: {
|
||||
fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}, module ${module_name} currently only supports osfamily RedHat and Debian")
|
||||
$psql_path = pick($psql_path, "${bindir}/psql")
|
||||
|
||||
# Since we can't determine defaults on our own, we rely on users setting
|
||||
# parameters with the postgresql::globals class. Here we are checking
|
||||
# that the mandatory minimum is set for the module to operate.
|
||||
$err_prefix = "Module ${module_name} does not provide defaults for osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}; please specify a value for ${module_name}::globals::"
|
||||
if ($needs_initdb == undef) { fail("${err_prefix}needs_initdb") }
|
||||
if ($service_name == undef) { fail("${err_prefix}service_name") }
|
||||
if ($client_package_name == undef) { fail("${err_prefix}client_package_name") }
|
||||
if ($server_package_name == undef) { fail("${err_prefix}server_package_name") }
|
||||
if ($bindir == undef) { fail("${err_prefix}bindir") }
|
||||
if ($datadir == undef) { fail("${err_prefix}datadir") }
|
||||
if ($confdir == undef) { fail("${err_prefix}confdir") }
|
||||
}
|
||||
}
|
||||
|
||||
$initdb_path = pick($initdb_path, "${bindir}/initdb")
|
||||
$createdb_path = pick($createdb_path, "${bindir}/createdb")
|
||||
$pg_hba_conf_path = pick($pg_hba_conf_path, "${confdir}/pg_hba.conf")
|
||||
$pg_hba_conf_defaults = pick($pg_hba_conf_defaults, true)
|
||||
$pg_ident_conf_path = pick($pg_ident_conf_path, "${confdir}/pg_ident.conf")
|
||||
$postgresql_conf_path = pick($postgresql_conf_path, "${confdir}/postgresql.conf")
|
||||
$default_database = pick($default_database, 'postgres')
|
||||
}
|
||||
|
|
|
@ -1,49 +0,0 @@
|
|||
# puppet-postgresql
|
||||
# For all details and documentation:
|
||||
# http://github.com/inkling/puppet-postgresql
|
||||
#
|
||||
# Copyright 2012- Inkling Systems, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
define postgresql::psql(
|
||||
$command = $title,
|
||||
$unless,
|
||||
$db,
|
||||
$user = 'postgres',
|
||||
$refreshonly = false
|
||||
) {
|
||||
|
||||
require postgresql::params
|
||||
|
||||
# TODO: FIXME: shellquote does not work, and this regex works for trivial things but not nested escaping.
|
||||
# Need a lexer, preferably a ruby SQL parser to catch errors at catalog time
|
||||
# Possibly https://github.com/omghax/sql ?
|
||||
|
||||
if ($::postgres_default_version != "8.1") {
|
||||
$no_password_option = "--no-password"
|
||||
}
|
||||
|
||||
$psql = "${postgresql::params::psql_path} $no_password_option --tuples-only --quiet --dbname $db"
|
||||
$quoted_command = regsubst($command, '"', '\\"')
|
||||
$quoted_unless = regsubst($unless, '"', '\\"')
|
||||
|
||||
exec {"/bin/echo \"$quoted_command\" | $psql |egrep -v -q '^$'":
|
||||
cwd => '/tmp',
|
||||
user => $user,
|
||||
returns => 1,
|
||||
unless => "/bin/echo \"$quoted_unless\" | $psql | egrep -v -q '^$'",
|
||||
refreshonly => $refreshonly,
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
# PRIVATE CLASS: do not use directly
|
||||
class postgresql::repo (
|
||||
$version = undef
|
||||
) inherits postgresql::params {
|
||||
case $::osfamily {
|
||||
'RedHat', 'Linux': {
|
||||
if $version == undef {
|
||||
fail("The parameter 'version' for 'postgresql::repo' is undefined. You must always define it when osfamily == Redhat or Linux")
|
||||
}
|
||||
class { 'postgresql::repo::yum_postgresql_org': }
|
||||
}
|
||||
|
||||
'Debian': {
|
||||
class { 'postgresql::repo::apt_postgresql_org': }
|
||||
}
|
||||
|
||||
default: {
|
||||
fail("Unsupported managed repository for osfamily: ${::osfamily}, operatingsystem: ${::operatingsystem}, module ${module_name} currently only supports managing repos for osfamily RedHat and Debian")
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,22 @@
|
|||
# PRIVATE CLASS: do not use directly
|
||||
class postgresql::repo::apt_postgresql_org inherits postgresql::repo {
|
||||
include ::apt
|
||||
# Here we have tried to replicate the instructions on the PostgreSQL site:
|
||||
#
|
||||
# http://www.postgresql.org/download/linux/debian/
|
||||
#
|
||||
apt::pin { 'apt.postgresql.org':
|
||||
originator => 'apt.postgresql.org',
|
||||
priority => 500,
|
||||
}->
|
||||
apt::source { 'apt.postgresql.org':
|
||||
location => 'http://apt.postgresql.org/pub/repos/apt/',
|
||||
release => "${::lsbdistcodename}-pgdg",
|
||||
repos => "main ${version}",
|
||||
key => 'ACCC4CF8',
|
||||
key_source => 'https://www.postgresql.org/media/keys/ACCC4CF8.asc',
|
||||
include_src => false,
|
||||
}
|
||||
|
||||
Apt::Source['apt.postgresql.org']->Package<|tag == 'postgresql'|>
|
||||
}
|
|
@ -0,0 +1,29 @@
|
|||
# PRIVATE CLASS: do not use directly
|
||||
class postgresql::repo::yum_postgresql_org inherits postgresql::repo {
|
||||
$version_parts = split($version, '[.]')
|
||||
$package_version = "${version_parts[0]}${version_parts[1]}"
|
||||
$gpg_key_path = "/etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-${package_version}"
|
||||
|
||||
file { $gpg_key_path:
|
||||
source => 'puppet:///modules/postgresql/RPM-GPG-KEY-PGDG',
|
||||
before => Yumrepo['yum.postgresql.org']
|
||||
}
|
||||
|
||||
if($::operatingsystem == 'Fedora') {
|
||||
$label1 = 'fedora'
|
||||
$label2 = $label1
|
||||
} else {
|
||||
$label1 = 'redhat'
|
||||
$label2 = 'rhel'
|
||||
}
|
||||
|
||||
yumrepo { 'yum.postgresql.org':
|
||||
descr => "PostgreSQL ${version} \$releasever - \$basearch",
|
||||
baseurl => "http://yum.postgresql.org/${version}/${label1}/${label2}-\$releasever-\$basearch",
|
||||
enabled => 1,
|
||||
gpgcheck => 1,
|
||||
gpgkey => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-${package_version}",
|
||||
}
|
||||
|
||||
Yumrepo['yum.postgresql.org'] -> Package<|tag == 'postgresql'|>
|
||||
}
|
|
@ -1,40 +0,0 @@
|
|||
# puppet-postgresql
|
||||
# For all details and documentation:
|
||||
# http://github.com/inkling/puppet-postgresql
|
||||
#
|
||||
# Copyright 2012- Inkling Systems, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
define postgresql::role(
|
||||
$username=$title,
|
||||
$password_hash,
|
||||
$db='postgres',
|
||||
$login=false,
|
||||
$createrole=false,
|
||||
$createdb=false,
|
||||
$superuser=false
|
||||
) {
|
||||
|
||||
$login_sql = $login ? { true => 'LOGIN' , false => 'NOLOGIN' }
|
||||
$createrole_sql = $createrole ? { true => 'CREATEROLE', false => 'NOCREATEROLE' }
|
||||
$createdb_sql = $createdb ? { true => 'CREATEDB' , false => 'NOCREATEDB' }
|
||||
$superuser_sql = $superuser ? { true => 'SUPERUSER' , false => 'NOSUPERUSER' }
|
||||
|
||||
# TODO: FIXME: Will not correct the superuser / createdb / createrole / login status of a role that already exists
|
||||
postgresql::psql {"CREATE ROLE ${username} ENCRYPTED PASSWORD '${password_hash}' $login_sql $createrole_sql $createdb_sql $superuser_sql":
|
||||
db => $db,
|
||||
user => 'postgres',
|
||||
unless => "SELECT rolname FROM pg_roles WHERE rolname='$username'",
|
||||
}
|
||||
}
|
|
@ -1,54 +1,70 @@
|
|||
# Class: postgresql::server
|
||||
#
|
||||
# manages the installation of the postgresql server. manages the package and service
|
||||
#
|
||||
# Parameters:
|
||||
# [*package_name*] - name of package
|
||||
# [*service_name*] - name of service
|
||||
#
|
||||
# Actions:
|
||||
#
|
||||
# Requires:
|
||||
#
|
||||
# Sample Usage:
|
||||
#
|
||||
# This installs a PostgreSQL server. See README.md for more details.
|
||||
class postgresql::server (
|
||||
$package_name = $postgresql::params::server_package_name,
|
||||
$package_ensure = 'present',
|
||||
$service_name = $postgresql::params::service_name,
|
||||
$service_provider = $postgresql::params::service_provider,
|
||||
$config_hash = {}
|
||||
$postgres_password = undef,
|
||||
|
||||
$package_name = $postgresql::params::server_package_name,
|
||||
$client_package_name = $postgresql::params::client_package_name,
|
||||
$package_ensure = $postgresql::params::package_ensure,
|
||||
|
||||
$plperl_package_name = $postgresql::params::plperl_package_name,
|
||||
|
||||
$service_ensure = $postgresql::params::service_ensure,
|
||||
$service_enable = $postgresql::params::service_enable,
|
||||
$service_name = $postgresql::params::service_name,
|
||||
$service_provider = $postgresql::params::service_provider,
|
||||
$service_status = $postgresql::params::service_status,
|
||||
$default_database = $postgresql::params::default_database,
|
||||
|
||||
$listen_addresses = $postgresql::params::listen_addresses,
|
||||
$port = $postgresql::params::port,
|
||||
$ip_mask_deny_postgres_user = $postgresql::params::ip_mask_deny_postgres_user,
|
||||
$ip_mask_allow_all_users = $postgresql::params::ip_mask_allow_all_users,
|
||||
$ipv4acls = $postgresql::params::ipv4acls,
|
||||
$ipv6acls = $postgresql::params::ipv6acls,
|
||||
|
||||
$initdb_path = $postgresql::params::initdb_path,
|
||||
$createdb_path = $postgresql::params::createdb_path,
|
||||
$psql_path = $postgresql::params::psql_path,
|
||||
$pg_hba_conf_path = $postgresql::params::pg_hba_conf_path,
|
||||
$pg_ident_conf_path = $postgresql::params::pg_ident_conf_path,
|
||||
$postgresql_conf_path = $postgresql::params::postgresql_conf_path,
|
||||
|
||||
$datadir = $postgresql::params::datadir,
|
||||
$xlogdir = $postgresql::params::xlogdir,
|
||||
|
||||
$pg_hba_conf_defaults = $postgresql::params::pg_hba_conf_defaults,
|
||||
|
||||
$user = $postgresql::params::user,
|
||||
$group = $postgresql::params::group,
|
||||
|
||||
$needs_initdb = $postgresql::params::needs_initdb,
|
||||
|
||||
$encoding = $postgresql::params::encoding,
|
||||
$locale = $postgresql::params::locale,
|
||||
|
||||
$manage_pg_hba_conf = $postgresql::params::manage_pg_hba_conf,
|
||||
$manage_pg_ident_conf = $postgresql::params::manage_pg_ident_conf,
|
||||
|
||||
#Deprecated
|
||||
$version = undef,
|
||||
) inherits postgresql::params {
|
||||
$pg = 'postgresql::server'
|
||||
|
||||
package { 'postgresql-server':
|
||||
name => $package_name,
|
||||
ensure => $package_ensure,
|
||||
if $version != undef {
|
||||
warning('Passing "version" to postgresql::server is deprecated; please use postgresql::globals instead.')
|
||||
$_version = $version
|
||||
} else {
|
||||
$_version = $postgresql::params::version
|
||||
}
|
||||
|
||||
$config_class = {}
|
||||
$config_class['postgresql::config'] = $config_hash
|
||||
|
||||
create_resources( 'class', $config_class )
|
||||
|
||||
Package['postgresql-server'] -> Class['postgresql::config']
|
||||
|
||||
if ($needs_initdb) {
|
||||
include postgresql::initdb
|
||||
|
||||
Class['postgresql::initdb'] -> Class['postgresql::config']
|
||||
Class['postgresql::initdb'] -> Service['postgresqld']
|
||||
}
|
||||
|
||||
service { 'postgresqld':
|
||||
name => $service_name,
|
||||
ensure => running,
|
||||
enable => true,
|
||||
require => Package['postgresql-server'],
|
||||
provider => $service_provider,
|
||||
}
|
||||
Package<| title == 'postgresql-server'|> ~> Service<| title == 'postgresqld'|>
|
||||
if !defined(Service['postgresqld']) {
|
||||
notify{ "Module ${module_name} cannot notify service postgresqld on package update": }
|
||||
}
|
||||
# Reload has its own ordering, specified by other defines
|
||||
class { "${pg}::reload": require => Class["${pg}::install"] }
|
||||
|
||||
anchor { "${pg}::start": }->
|
||||
class { "${pg}::install": }->
|
||||
class { "${pg}::initdb": }->
|
||||
class { "${pg}::config": }->
|
||||
class { "${pg}::service": }->
|
||||
class { "${pg}::passwd": }->
|
||||
anchor { "${pg}::end": }
|
||||
}
|
||||
|
|
|
@ -0,0 +1,123 @@
|
|||
# PRIVATE CLASS: do not call directly
|
||||
class postgresql::server::config {
|
||||
$ip_mask_deny_postgres_user = $postgresql::server::ip_mask_deny_postgres_user
|
||||
$ip_mask_allow_all_users = $postgresql::server::ip_mask_allow_all_users
|
||||
$listen_addresses = $postgresql::server::listen_addresses
|
||||
$port = $postgresql::server::port
|
||||
$ipv4acls = $postgresql::server::ipv4acls
|
||||
$ipv6acls = $postgresql::server::ipv6acls
|
||||
$pg_hba_conf_path = $postgresql::server::pg_hba_conf_path
|
||||
$pg_ident_conf_path = $postgresql::server::pg_ident_conf_path
|
||||
$postgresql_conf_path = $postgresql::server::postgresql_conf_path
|
||||
$pg_hba_conf_defaults = $postgresql::server::pg_hba_conf_defaults
|
||||
$user = $postgresql::server::user
|
||||
$group = $postgresql::server::group
|
||||
$version = $postgresql::server::_version
|
||||
$manage_pg_hba_conf = $postgresql::server::manage_pg_hba_conf
|
||||
$manage_pg_ident_conf = $postgresql::server::manage_pg_ident_conf
|
||||
|
||||
if ($manage_pg_hba_conf == true) {
|
||||
# Prepare the main pg_hba file
|
||||
concat { $pg_hba_conf_path:
|
||||
owner => $user,
|
||||
group => $group,
|
||||
mode => '0640',
|
||||
warn => true,
|
||||
notify => Class['postgresql::server::reload'],
|
||||
}
|
||||
|
||||
if $pg_hba_conf_defaults {
|
||||
Postgresql::Server::Pg_hba_rule {
|
||||
database => 'all',
|
||||
user => 'all',
|
||||
}
|
||||
|
||||
# Lets setup the base rules
|
||||
$local_auth_option = $version ? {
|
||||
'8.1' => 'sameuser',
|
||||
default => undef,
|
||||
}
|
||||
postgresql::server::pg_hba_rule { 'local access as postgres user':
|
||||
type => 'local',
|
||||
user => $user,
|
||||
auth_method => 'ident',
|
||||
auth_option => $local_auth_option,
|
||||
order => '001',
|
||||
}
|
||||
postgresql::server::pg_hba_rule { 'local access to database with same name':
|
||||
type => 'local',
|
||||
auth_method => 'ident',
|
||||
auth_option => $local_auth_option,
|
||||
order => '002',
|
||||
}
|
||||
postgresql::server::pg_hba_rule { 'allow localhost TCP access to postgresql user':
|
||||
type => 'host',
|
||||
user => $user,
|
||||
address => '127.0.0.1/32',
|
||||
auth_method => 'md5',
|
||||
order => '003',
|
||||
}
|
||||
postgresql::server::pg_hba_rule { 'deny access to postgresql user':
|
||||
type => 'host',
|
||||
user => $user,
|
||||
address => $ip_mask_deny_postgres_user,
|
||||
auth_method => 'reject',
|
||||
order => '004',
|
||||
}
|
||||
|
||||
# ipv4acls are passed as an array of rule strings, here we transform
|
||||
# them into a resources hash, and pass the result to create_resources
|
||||
$ipv4acl_resources = postgresql_acls_to_resources_hash($ipv4acls,
|
||||
'ipv4acls', 10)
|
||||
create_resources('postgresql::server::pg_hba_rule', $ipv4acl_resources)
|
||||
|
||||
postgresql::server::pg_hba_rule { 'allow access to all users':
|
||||
type => 'host',
|
||||
address => $ip_mask_allow_all_users,
|
||||
auth_method => 'md5',
|
||||
order => '100',
|
||||
}
|
||||
postgresql::server::pg_hba_rule { 'allow access to ipv6 localhost':
|
||||
type => 'host',
|
||||
address => '::1/128',
|
||||
auth_method => 'md5',
|
||||
order => '101',
|
||||
}
|
||||
|
||||
# ipv6acls are passed as an array of rule strings, here we transform
|
||||
# them into a resources hash, and pass the result to create_resources
|
||||
$ipv6acl_resources = postgresql_acls_to_resources_hash($ipv6acls,
|
||||
'ipv6acls', 102)
|
||||
create_resources('postgresql::server::pg_hba_rule', $ipv6acl_resources)
|
||||
}
|
||||
}
|
||||
|
||||
# We must set a "listen_addresses" line in the postgresql.conf if we
|
||||
# want to allow any connections from remote hosts.
|
||||
postgresql::server::config_entry { 'listen_addresses':
|
||||
value => $listen_addresses,
|
||||
}
|
||||
postgresql::server::config_entry { 'port':
|
||||
value => $port,
|
||||
}
|
||||
|
||||
# RedHat-based systems hardcode some PG* variables in the init script, and need to be overriden
|
||||
# in /etc/sysconfig/pgsql/postgresql. Create a blank file so we can manage it with augeas later.
|
||||
if ($::osfamily == 'RedHat') and ($::operatingsystemrelease !~ /^7/) and ($::operatingsystem != 'Fedora') {
|
||||
file { '/etc/sysconfig/pgsql/postgresql':
|
||||
ensure => present,
|
||||
replace => false,
|
||||
}
|
||||
}
|
||||
|
||||
if ($manage_pg_ident_conf == true) {
|
||||
concat { $pg_ident_conf_path:
|
||||
owner => $user,
|
||||
group => $group,
|
||||
force => true, # do not crash if there is no pg_ident_rules
|
||||
mode => '0640',
|
||||
warn => true,
|
||||
notify => Class['postgresql::server::reload'],
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,107 @@
|
|||
# Manage a postgresql.conf entry. See README.md for more details.
|
||||
define postgresql::server::config_entry (
|
||||
$ensure = 'present',
|
||||
$value = undef,
|
||||
$path = false
|
||||
) {
|
||||
$postgresql_conf_path = $postgresql::server::postgresql_conf_path
|
||||
|
||||
$target = $path ? {
|
||||
false => $postgresql_conf_path,
|
||||
default => $path,
|
||||
}
|
||||
|
||||
Exec {
|
||||
logoutput => 'on_failure',
|
||||
}
|
||||
|
||||
case $name {
|
||||
/data_directory|hba_file|ident_file|include|listen_addresses|port|max_connections|superuser_reserved_connections|unix_socket_directory|unix_socket_group|unix_socket_permissions|bonjour|bonjour_name|ssl|ssl_ciphers|shared_buffers|max_prepared_transactions|max_files_per_process|shared_preload_libraries|wal_level|wal_buffers|archive_mode|max_wal_senders|hot_standby|logging_collector|silent_mode|track_activity_query_size|autovacuum_max_workers|autovacuum_freeze_max_age|max_locks_per_transaction|max_pred_locks_per_transaction|restart_after_crash|lc_messages|lc_monetary|lc_numeric|lc_time/: {
|
||||
Postgresql_conf {
|
||||
notify => Class['postgresql::server::service'],
|
||||
before => Class['postgresql::server::reload'],
|
||||
}
|
||||
}
|
||||
|
||||
default: {
|
||||
Postgresql_conf {
|
||||
notify => Class['postgresql::server::reload'],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# We have to handle ports in a weird and special way. On early Debian and
|
||||
# Ubuntu we have to ensure we stop the service completely. On Redhat we
|
||||
# either have to create a systemd override for the port or update the
|
||||
# sysconfig file.
|
||||
if $::operatingsystem == 'Debian' or $::operatingsystem == 'Ubuntu' {
|
||||
if $::operatingsystemrelease =~ /^6/ or $::operatingsystemrelease =~ /^10\.04/ {
|
||||
if $name == 'port' {
|
||||
exec { 'postgresql_stop':
|
||||
command => "service ${::postgresql::server::service_name} stop",
|
||||
onlyif => "service ${::postgresql::server::service_name} status",
|
||||
unless => "grep 'port = ${value}' ${::postgresql::server::postgresql_conf_path}",
|
||||
path => '/usr/sbin:/sbin:/bin:/usr/bin:/usr/local/bin',
|
||||
before => Postgresql_conf[$name],
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if $::osfamily == 'RedHat' {
|
||||
if $::operatingsystemrelease =~ /^7/ or $::operatingsystem == 'Fedora' {
|
||||
if $name == 'port' {
|
||||
file { 'systemd-port-override':
|
||||
ensure => present,
|
||||
path => '/etc/systemd/system/postgresql.service',
|
||||
owner => root,
|
||||
group => root,
|
||||
content => template('postgresql/systemd-port-override.erb'),
|
||||
notify => [ Exec['restart-systemd'], Class['postgresql::server::service'] ],
|
||||
before => Class['postgresql::server::reload'],
|
||||
}
|
||||
exec { 'restart-systemd':
|
||||
command => 'systemctl daemon-reload',
|
||||
refreshonly => true,
|
||||
path => '/bin:/usr/bin:/usr/local/bin'
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if $name == 'port' {
|
||||
# We need to force postgresql to stop before updating the port
|
||||
# because puppet becomes confused and is unable to manage the
|
||||
# service appropriately.
|
||||
exec { 'postgresql_stop':
|
||||
command => "service ${::postgresql::server::service_name} stop",
|
||||
onlyif => "service ${::postgresql::server::service_name} status",
|
||||
unless => "grep 'PGPORT=${value}' /etc/sysconfig/pgsql/postgresql",
|
||||
path => '/sbin:/bin:/usr/bin:/usr/local/bin',
|
||||
require => File['/etc/sysconfig/pgsql/postgresql'],
|
||||
} ->
|
||||
augeas { 'override PGPORT in /etc/sysconfig/pgsql/postgresql':
|
||||
lens => 'Shellvars.lns',
|
||||
incl => '/etc/sysconfig/pgsql/*',
|
||||
context => '/files/etc/sysconfig/pgsql/postgresql',
|
||||
changes => "set PGPORT ${value}",
|
||||
require => File['/etc/sysconfig/pgsql/postgresql'],
|
||||
notify => Class['postgresql::server::service'],
|
||||
before => Class['postgresql::server::reload'],
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
case $ensure {
|
||||
/present|absent/: {
|
||||
postgresql_conf { $name:
|
||||
ensure => $ensure,
|
||||
target => $target,
|
||||
value => $value,
|
||||
require => Class['postgresql::server::initdb'],
|
||||
}
|
||||
}
|
||||
|
||||
default: {
|
||||
fail("Unknown value for ensure '${ensure}'.")
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,19 @@
|
|||
# Install the contrib postgresql packaging. See README.md for more details.
|
||||
class postgresql::server::contrib (
|
||||
$package_name = $postgresql::params::contrib_package_name,
|
||||
$package_ensure = 'present'
|
||||
) inherits postgresql::params {
|
||||
validate_string($package_name)
|
||||
|
||||
package { 'postgresql-contrib':
|
||||
ensure => $package_ensure,
|
||||
name => $package_name,
|
||||
tag => 'postgresql',
|
||||
}
|
||||
|
||||
anchor { 'postgresql::server::contrib::start': }->
|
||||
Class['postgresql::server::install']->
|
||||
Package['postgresql-contrib']->
|
||||
Class['postgresql::server::service']->
|
||||
anchor { 'postgresql::server::contrib::end': }
|
||||
}
|
|
@ -0,0 +1,83 @@
|
|||
# Define for creating a database. See README.md for more details.
|
||||
define postgresql::server::database(
|
||||
$dbname = $title,
|
||||
$owner = $postgresql::server::user,
|
||||
$tablespace = undef,
|
||||
$template = 'template0',
|
||||
$encoding = $postgresql::server::encoding,
|
||||
$locale = $postgresql::server::locale,
|
||||
$istemplate = false
|
||||
) {
|
||||
$createdb_path = $postgresql::server::createdb_path
|
||||
$user = $postgresql::server::user
|
||||
$group = $postgresql::server::group
|
||||
$psql_path = $postgresql::server::psql_path
|
||||
$port = $postgresql::server::port
|
||||
$version = $postgresql::server::_version
|
||||
$default_db = $postgresql::server::default_database
|
||||
|
||||
# Set the defaults for the postgresql_psql resource
|
||||
Postgresql_psql {
|
||||
psql_user => $user,
|
||||
psql_group => $group,
|
||||
psql_path => $psql_path,
|
||||
port => $port,
|
||||
}
|
||||
|
||||
# Optionally set the locale switch. Older versions of createdb may not accept
|
||||
# --locale, so if the parameter is undefined its safer not to pass it.
|
||||
if ($version != '8.1') {
|
||||
$locale_option = $locale ? {
|
||||
undef => '',
|
||||
default => "--locale=${locale} ",
|
||||
}
|
||||
$public_revoke_privilege = 'CONNECT'
|
||||
} else {
|
||||
$locale_option = ''
|
||||
$public_revoke_privilege = 'ALL'
|
||||
}
|
||||
|
||||
$encoding_option = $encoding ? {
|
||||
undef => '',
|
||||
default => "--encoding '${encoding}' ",
|
||||
}
|
||||
|
||||
$tablespace_option = $tablespace ? {
|
||||
undef => '',
|
||||
default => "--tablespace='${tablespace}' ",
|
||||
}
|
||||
|
||||
$createdb_command = "${createdb_path} --port='${port}' --owner='${owner}' --template=${template} ${encoding_option}${locale_option}${tablespace_option} '${dbname}'"
|
||||
|
||||
postgresql_psql { "Check for existence of db '${dbname}'":
|
||||
command => 'SELECT 1',
|
||||
unless => "SELECT datname FROM pg_database WHERE datname='${dbname}'",
|
||||
db => $default_db,
|
||||
port => $port,
|
||||
require => Class['postgresql::server::service']
|
||||
}~>
|
||||
exec { $createdb_command :
|
||||
refreshonly => true,
|
||||
user => $user,
|
||||
logoutput => on_failure,
|
||||
}~>
|
||||
|
||||
# This will prevent users from connecting to the database unless they've been
|
||||
# granted privileges.
|
||||
postgresql_psql {"REVOKE ${public_revoke_privilege} ON DATABASE \"${dbname}\" FROM public":
|
||||
db => $default_db,
|
||||
port => $port,
|
||||
refreshonly => true,
|
||||
}
|
||||
|
||||
Exec [ $createdb_command ]->
|
||||
postgresql_psql {"UPDATE pg_database SET datistemplate = ${istemplate} WHERE datname = '${dbname}'":
|
||||
unless => "SELECT datname FROM pg_database WHERE datname = '${dbname}' AND datistemplate = ${istemplate}",
|
||||
db => $default_db,
|
||||
}
|
||||
|
||||
# Build up dependencies on tablespace
|
||||
if($tablespace != undef and defined(Postgresql::Server::Tablespace[$tablespace])) {
|
||||
Postgresql::Server::Tablespace[$tablespace]->Exec[$createdb_command]
|
||||
}
|
||||
}
|
|
@ -0,0 +1,18 @@
|
|||
# Manage a database grant. See README.md for more details.
|
||||
define postgresql::server::database_grant(
|
||||
$privilege,
|
||||
$db,
|
||||
$role,
|
||||
$psql_db = undef,
|
||||
$psql_user = undef
|
||||
) {
|
||||
postgresql::server::grant { "database:${name}":
|
||||
role => $role,
|
||||
db => $db,
|
||||
privilege => $privilege,
|
||||
object_type => 'DATABASE',
|
||||
object_name => $db,
|
||||
psql_db => $psql_db,
|
||||
psql_user => $psql_user,
|
||||
}
|
||||
}
|
|
@ -0,0 +1,44 @@
|
|||
# Define for conveniently creating a role, database and assigning the correct
|
||||
# permissions. See README.md for more details.
|
||||
define postgresql::server::db (
|
||||
$user,
|
||||
$password,
|
||||
$dbname = $title,
|
||||
$encoding = $postgresql::server::encoding,
|
||||
$locale = $postgresql::server::locale,
|
||||
$grant = 'ALL',
|
||||
$tablespace = undef,
|
||||
$template = 'template0',
|
||||
$istemplate = false,
|
||||
$owner = undef
|
||||
) {
|
||||
|
||||
if ! defined(Postgresql::Server::Database[$dbname]) {
|
||||
postgresql::server::database { $dbname:
|
||||
encoding => $encoding,
|
||||
tablespace => $tablespace,
|
||||
template => $template,
|
||||
locale => $locale,
|
||||
istemplate => $istemplate,
|
||||
owner => $owner,
|
||||
}
|
||||
}
|
||||
|
||||
if ! defined(Postgresql::Server::Role[$user]) {
|
||||
postgresql::server::role { $user:
|
||||
password_hash => $password,
|
||||
}
|
||||
}
|
||||
|
||||
if ! defined(Postgresql::Server::Database_grant["GRANT ${user} - ${grant} - ${dbname}"]) {
|
||||
postgresql::server::database_grant { "GRANT ${user} - ${grant} - ${dbname}":
|
||||
privilege => $grant,
|
||||
db => $dbname,
|
||||
role => $user,
|
||||
} -> Postgresql::Validate_db_connection<| database_name == $dbname |>
|
||||
}
|
||||
|
||||
if($tablespace != undef and defined(Postgresql::Server::Tablespace[$tablespace])) {
|
||||
Postgresql::Server::Tablespace[$tablespace]->Postgresql::Server::Database[$name]
|
||||
}
|
||||
}
|
|
@ -0,0 +1,87 @@
|
|||
# Define for granting permissions to roles. See README.md for more details.
|
||||
define postgresql::server::grant (
|
||||
$role,
|
||||
$db,
|
||||
$privilege = undef,
|
||||
$object_type = 'database',
|
||||
$object_name = $db,
|
||||
$psql_db = $postgresql::server::default_database,
|
||||
$psql_user = $postgresql::server::user,
|
||||
$port = $postgresql::server::port
|
||||
) {
|
||||
$group = $postgresql::server::group
|
||||
$psql_path = $postgresql::server::psql_path
|
||||
|
||||
## Munge the input values
|
||||
$_object_type = upcase($object_type)
|
||||
$_privilege = upcase($privilege)
|
||||
|
||||
## Validate that the object type is known
|
||||
validate_string($_object_type,
|
||||
#'COLUMN',
|
||||
'DATABASE',
|
||||
#'FOREIGN SERVER',
|
||||
#'FOREIGN DATA WRAPPER',
|
||||
#'FUNCTION',
|
||||
#'PROCEDURAL LANGUAGE',
|
||||
#'SCHEMA',
|
||||
#'SEQUENCE',
|
||||
'TABLE',
|
||||
#'TABLESPACE',
|
||||
#'VIEW',
|
||||
)
|
||||
|
||||
## Validate that the object type's privilege is acceptable
|
||||
# TODO: this is a terrible hack; if they pass "ALL" as the desired privilege,
|
||||
# we need a way to test for it--and has_database_privilege does not
|
||||
# recognize 'ALL' as a valid privilege name. So we probably need to
|
||||
# hard-code a mapping between 'ALL' and the list of actual privileges that
|
||||
# it entails, and loop over them to check them. That sort of thing will
|
||||
# probably need to wait until we port this over to ruby, so, for now, we're
|
||||
# just going to assume that if they have "CREATE" privileges on a database,
|
||||
# then they have "ALL". (I told you that it was terrible!)
|
||||
case $_object_type {
|
||||
'DATABASE': {
|
||||
$unless_privilege = $_privilege ? {
|
||||
'ALL' => 'CREATE',
|
||||
default => $_privilege,
|
||||
}
|
||||
validate_string($unless_privilege,'CREATE','CONNECT','TEMPORARY','TEMP',
|
||||
'ALL','ALL PRIVILEGES')
|
||||
$unless_function = 'has_database_privilege'
|
||||
$on_db = $psql_db
|
||||
}
|
||||
'TABLE': {
|
||||
$unless_privilege = $_privilege ? {
|
||||
'ALL' => 'INSERT',
|
||||
default => $_privilege,
|
||||
}
|
||||
validate_string($unless_privilege,'SELECT','INSERT','UPDATE','DELETE',
|
||||
'TRUNCATE','REFERENCES','TRIGGER','ALL','ALL PRIVILEGES')
|
||||
$unless_function = 'has_table_privilege'
|
||||
$on_db = $db
|
||||
}
|
||||
default: {
|
||||
fail("Missing privilege validation for object type ${_object_type}")
|
||||
}
|
||||
}
|
||||
|
||||
$grant_cmd = "GRANT ${_privilege} ON ${_object_type} \"${object_name}\" TO \"${role}\""
|
||||
postgresql_psql { $grant_cmd:
|
||||
db => $on_db,
|
||||
port => $port,
|
||||
psql_user => $psql_user,
|
||||
psql_group => $group,
|
||||
psql_path => $psql_path,
|
||||
unless => "SELECT 1 WHERE ${unless_function}('${role}', '${object_name}', '${unless_privilege}')",
|
||||
require => Class['postgresql::server']
|
||||
}
|
||||
|
||||
if($role != undef and defined(Postgresql::Server::Role[$role])) {
|
||||
Postgresql::Server::Role[$role]->Postgresql_psql[$grant_cmd]
|
||||
}
|
||||
|
||||
if($db != undef and defined(Postgresql::Server::Database[$db])) {
|
||||
Postgresql::Server::Database[$db]->Postgresql_psql[$grant_cmd]
|
||||
}
|
||||
}
|
|
@ -0,0 +1,66 @@
|
|||
# PRIVATE CLASS: do not call directly
|
||||
class postgresql::server::initdb {
|
||||
$needs_initdb = $postgresql::server::needs_initdb
|
||||
$initdb_path = $postgresql::server::initdb_path
|
||||
$datadir = $postgresql::server::datadir
|
||||
$xlogdir = $postgresql::server::xlogdir
|
||||
$encoding = $postgresql::server::encoding
|
||||
$locale = $postgresql::server::locale
|
||||
$group = $postgresql::server::group
|
||||
$user = $postgresql::server::user
|
||||
|
||||
# Make sure the data directory exists, and has the correct permissions.
|
||||
file { $datadir:
|
||||
ensure => directory,
|
||||
owner => $user,
|
||||
group => $group,
|
||||
mode => '0700',
|
||||
}
|
||||
|
||||
if($xlogdir) {
|
||||
# Make sure the xlog directory exists, and has the correct permissions.
|
||||
file { $xlogdir:
|
||||
ensure => directory,
|
||||
owner => $user,
|
||||
group => $group,
|
||||
mode => '0700',
|
||||
}
|
||||
}
|
||||
|
||||
if($needs_initdb) {
|
||||
# Build up the initdb command.
|
||||
#
|
||||
# We optionally add the locale switch if specified. Older versions of the
|
||||
# initdb command don't accept this switch. So if the user didn't pass the
|
||||
# parameter, lets not pass the switch at all.
|
||||
$ic_base = "${initdb_path} --encoding '${encoding}' --pgdata '${datadir}'"
|
||||
$ic_xlog = $xlogdir ? {
|
||||
undef => $ic_base,
|
||||
default => "${ic_base} --xlogdir '${xlogdir}'"
|
||||
}
|
||||
|
||||
# The xlogdir need to be present before initdb runs.
|
||||
# If xlogdir is default it's created by package installer
|
||||
if($xlogdir) {
|
||||
$require_before_initdb = [$datadir, $xlogdir]
|
||||
} else {
|
||||
$require_before_initdb = [$datadir]
|
||||
}
|
||||
|
||||
$initdb_command = $locale ? {
|
||||
undef => $ic_xlog,
|
||||
default => "${ic_xlog} --locale '${locale}'"
|
||||
}
|
||||
|
||||
# This runs the initdb command, we use the existance of the PG_VERSION
|
||||
# file to ensure we don't keep running this command.
|
||||
exec { 'postgresql_initdb':
|
||||
command => $initdb_command,
|
||||
creates => "${datadir}/PG_VERSION",
|
||||
user => $user,
|
||||
group => $group,
|
||||
logoutput => on_failure,
|
||||
require => File[$require_before_initdb],
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,23 @@
|
|||
# PRIVATE CLASS: do not call directly
|
||||
class postgresql::server::install {
|
||||
$package_ensure = $postgresql::server::package_ensure
|
||||
$package_name = $postgresql::server::package_name
|
||||
$client_package_name = $postgresql::server::client_package_name
|
||||
|
||||
$_package_ensure = $package_ensure ? {
|
||||
true => 'present',
|
||||
false => 'purged',
|
||||
'absent' => 'purged',
|
||||
default => $package_ensure,
|
||||
}
|
||||
|
||||
package { 'postgresql-server':
|
||||
ensure => $_package_ensure,
|
||||
name => $package_name,
|
||||
|
||||
# This is searched for to create relationships with the package repos, be
|
||||
# careful about its removal
|
||||
tag => 'postgresql',
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,32 @@
|
|||
# PRIVATE CLASS: do not call directly
|
||||
class postgresql::server::passwd {
|
||||
$postgres_password = $postgresql::server::postgres_password
|
||||
$user = $postgresql::server::user
|
||||
$group = $postgresql::server::group
|
||||
$psql_path = $postgresql::server::psql_path
|
||||
|
||||
if ($postgres_password != undef) {
|
||||
# NOTE: this password-setting logic relies on the pg_hba.conf being
|
||||
# configured to allow the postgres system user to connect via psql
|
||||
# without specifying a password ('ident' or 'trust' security). This is
|
||||
# the default for pg_hba.conf.
|
||||
$escaped = postgresql_escape($postgres_password)
|
||||
$env = "env PGPASSWORD='${postgres_password}'"
|
||||
exec { 'set_postgres_postgrespw':
|
||||
# This command works w/no password because we run it as postgres system
|
||||
# user
|
||||
command => "${psql_path} -c 'ALTER ROLE \"${user}\" PASSWORD ${escaped}'",
|
||||
user => $user,
|
||||
group => $group,
|
||||
logoutput => true,
|
||||
cwd => '/tmp',
|
||||
# With this command we're passing -h to force TCP authentication, which
|
||||
# does require a password. We specify the password via the PGPASSWORD
|
||||
# environment variable. If the password is correct (current), this
|
||||
# command will exit with an exit code of 0, which will prevent the main
|
||||
# command from running.
|
||||
unless => "${env} ${psql_path} -h localhost -c 'select 1' > /dev/null",
|
||||
path => '/usr/bin:/usr/local/bin:/bin',
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,52 @@
|
|||
# This resource manages an individual rule that applies to the file defined in
|
||||
# $target. See README.md for more details.
|
||||
define postgresql::server::pg_hba_rule(
|
||||
$type,
|
||||
$database,
|
||||
$user,
|
||||
$auth_method,
|
||||
$address = undef,
|
||||
$description = 'none',
|
||||
$auth_option = undef,
|
||||
$order = '150',
|
||||
|
||||
# Needed for testing primarily, support for multiple files is not really
|
||||
# working.
|
||||
$target = $postgresql::server::pg_hba_conf_path
|
||||
) {
|
||||
|
||||
if $postgresql::server::manage_pg_hba_conf == false {
|
||||
fail('postgresql::server::manage_pg_hba_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests')
|
||||
} else {
|
||||
validate_re($type, '^(local|host|hostssl|hostnossl)$',
|
||||
"The type you specified [${type}] must be one of: local, host, hostssl, hostnosssl")
|
||||
|
||||
if($type =~ /^host/ and $address == undef) {
|
||||
fail('You must specify an address property when type is host based')
|
||||
}
|
||||
|
||||
$allowed_auth_methods = $postgresql::server::_version ? {
|
||||
'9.3' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
|
||||
'9.2' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
|
||||
'9.1' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
|
||||
'9.0' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'radius', 'cert', 'pam'],
|
||||
'8.4' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'cert', 'pam'],
|
||||
'8.3' => ['trust', 'reject', 'md5', 'sha1', 'crypt', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'pam'],
|
||||
'8.2' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'ldap', 'pam'],
|
||||
'8.1' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'pam'],
|
||||
default => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'crypt']
|
||||
}
|
||||
|
||||
$auth_method_regex = join(['^(', join($allowed_auth_methods, '|'), ')$'],'')
|
||||
validate_re($auth_method, $auth_method_regex,
|
||||
join(["The auth_method you specified [${auth_method}] must be one of: ", join($allowed_auth_methods, ', ')],''))
|
||||
|
||||
# Create a rule fragment
|
||||
$fragname = "pg_hba_rule_${name}"
|
||||
concat::fragment { $fragname:
|
||||
target => $target,
|
||||
content => template('postgresql/pg_hba_rule.conf'),
|
||||
order => $order,
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,27 @@
|
|||
# This resource manages an individual rule that applies to the file defined in
|
||||
# $target. See README.md for more details.
|
||||
define postgresql::server::pg_ident_rule(
|
||||
$map_name,
|
||||
$system_username,
|
||||
$database_username,
|
||||
$description = 'none',
|
||||
$order = '150',
|
||||
|
||||
# Needed for testing primarily, support for multiple files is not really
|
||||
# working.
|
||||
$target = $postgresql::server::pg_ident_conf_path
|
||||
) {
|
||||
|
||||
if $postgresql::server::manage_pg_ident_conf == false {
|
||||
fail('postgresql::server::manage_pg_ident_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests')
|
||||
} else {
|
||||
|
||||
# Create a rule fragment
|
||||
$fragname = "pg_ident_rule_${name}"
|
||||
concat::fragment { $fragname:
|
||||
target => $target,
|
||||
content => template('postgresql/pg_ident_rule.conf'),
|
||||
order => $order,
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,19 @@
|
|||
# This class installs the PL/Perl procedural language for postgresql. See
|
||||
# README.md for more details.
|
||||
class postgresql::server::plperl(
|
||||
$package_ensure = 'present',
|
||||
$package_name = $postgresql::server::plperl_package_name
|
||||
) {
|
||||
package { 'postgresql-plperl':
|
||||
ensure => $package_ensure,
|
||||
name => $package_name,
|
||||
tag => 'postgresql',
|
||||
}
|
||||
|
||||
anchor { 'postgresql::server::plperl::start': }->
|
||||
Class['postgresql::server::install']->
|
||||
Package['postgresql-plperl']->
|
||||
Class['postgresql::server::service']->
|
||||
anchor { 'postgresql::server::plperl::end': }
|
||||
|
||||
}
|
|
@ -0,0 +1,24 @@
|
|||
# Install the postgis postgresql packaging. See README.md for more details.
|
||||
class postgresql::server::postgis (
|
||||
$package_name = $postgresql::params::postgis_package_name,
|
||||
$package_ensure = 'present'
|
||||
) inherits postgresql::params {
|
||||
validate_string($package_name)
|
||||
|
||||
package { 'postgresql-postgis':
|
||||
ensure => $package_ensure,
|
||||
name => $package_name,
|
||||
tag => 'postgresql',
|
||||
}
|
||||
|
||||
anchor { 'postgresql::server::postgis::start': }->
|
||||
Class['postgresql::server::install']->
|
||||
Package['postgresql-postgis']->
|
||||
Class['postgresql::server::service']->
|
||||
anchor { 'postgresql::server::postgis::end': }
|
||||
|
||||
if $postgresql::globals::manage_package_repo {
|
||||
Class['postgresql::repo'] ->
|
||||
Package['postgresql-postgis']
|
||||
}
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
# PRIVATE CLASS: do not use directly
|
||||
class postgresql::server::reload {
|
||||
$service_name = $postgresql::server::service_name
|
||||
$service_status = $postgresql::server::service_status
|
||||
|
||||
exec { 'postgresql_reload':
|
||||
path => '/usr/bin:/usr/sbin:/bin:/sbin',
|
||||
command => "service ${service_name} reload",
|
||||
onlyif => $service_status,
|
||||
refreshonly => true,
|
||||
require => Class['postgresql::server::service'],
|
||||
}
|
||||
}
|
|
@ -0,0 +1,93 @@
|
|||
# Define for creating a database role. See README.md for more information
|
||||
define postgresql::server::role(
|
||||
$password_hash = false,
|
||||
$createdb = false,
|
||||
$createrole = false,
|
||||
$db = $postgresql::server::default_database,
|
||||
$port = $postgresql::server::port,
|
||||
$login = true,
|
||||
$inherit = true,
|
||||
$superuser = false,
|
||||
$replication = false,
|
||||
$connection_limit = '-1',
|
||||
$username = $title
|
||||
) {
|
||||
$psql_user = $postgresql::server::user
|
||||
$psql_group = $postgresql::server::group
|
||||
$psql_path = $postgresql::server::psql_path
|
||||
$version = $postgresql::server::_version
|
||||
|
||||
$login_sql = $login ? { true => 'LOGIN', default => 'NOLOGIN' }
|
||||
$inherit_sql = $inherit ? { true => 'INHERIT', default => 'NOINHERIT' }
|
||||
$createrole_sql = $createrole ? { true => 'CREATEROLE', default => 'NOCREATEROLE' }
|
||||
$createdb_sql = $createdb ? { true => 'CREATEDB', default => 'NOCREATEDB' }
|
||||
$superuser_sql = $superuser ? { true => 'SUPERUSER', default => 'NOSUPERUSER' }
|
||||
$replication_sql = $replication ? { true => 'REPLICATION', default => '' }
|
||||
if ($password_hash != false) {
|
||||
$password_sql = "ENCRYPTED PASSWORD '${password_hash}'"
|
||||
} else {
|
||||
$password_sql = ''
|
||||
}
|
||||
|
||||
Postgresql_psql {
|
||||
db => $db,
|
||||
port => $port,
|
||||
psql_user => $psql_user,
|
||||
psql_group => $psql_group,
|
||||
psql_path => $psql_path,
|
||||
require => [ Postgresql_psql["CREATE ROLE \"${username}\" ${password_sql} ${login_sql} ${createrole_sql} ${createdb_sql} ${superuser_sql} ${replication_sql} CONNECTION LIMIT ${connection_limit}"], Class['postgresql::server'] ],
|
||||
}
|
||||
|
||||
postgresql_psql {"CREATE ROLE \"${username}\" ${password_sql} ${login_sql} ${createrole_sql} ${createdb_sql} ${superuser_sql} ${replication_sql} CONNECTION LIMIT ${connection_limit}":
|
||||
unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}'",
|
||||
require => Class['Postgresql::Server'],
|
||||
}
|
||||
|
||||
postgresql_psql {"ALTER ROLE \"${username}\" ${superuser_sql}":
|
||||
unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolsuper=${superuser}",
|
||||
}
|
||||
|
||||
postgresql_psql {"ALTER ROLE \"${username}\" ${createdb_sql}":
|
||||
unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolcreatedb=${createdb}",
|
||||
}
|
||||
|
||||
postgresql_psql {"ALTER ROLE \"${username}\" ${createrole_sql}":
|
||||
unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolcreaterole=${createrole}",
|
||||
}
|
||||
|
||||
postgresql_psql {"ALTER ROLE \"${username}\" ${login_sql}":
|
||||
unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolcanlogin=${login}",
|
||||
}
|
||||
|
||||
postgresql_psql {"ALTER ROLE \"${username}\" ${inherit_sql}":
|
||||
unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolinherit=${inherit}",
|
||||
}
|
||||
|
||||
if(versioncmp($version, '9.1') >= 0) {
|
||||
if $replication_sql == '' {
|
||||
postgresql_psql {"ALTER ROLE \"${username}\" NOREPLICATION":
|
||||
unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolreplication=${replication}",
|
||||
}
|
||||
} else {
|
||||
postgresql_psql {"ALTER ROLE \"${username}\" ${replication_sql}":
|
||||
unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolreplication=${replication}",
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
postgresql_psql {"ALTER ROLE \"${username}\" CONNECTION LIMIT ${connection_limit}":
|
||||
unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolconnlimit=${connection_limit}",
|
||||
}
|
||||
|
||||
if $password_hash {
|
||||
if($password_hash =~ /^md5.+/) {
|
||||
$pwd_hash_sql = $password_hash
|
||||
} else {
|
||||
$pwd_md5 = md5("${password_hash}${username}")
|
||||
$pwd_hash_sql = "md5${pwd_md5}"
|
||||
}
|
||||
postgresql_psql {"ALTER ROLE \"${username}\" ${password_sql}":
|
||||
unless => "SELECT usename FROM pg_shadow WHERE usename='${username}' and passwd='${pwd_hash_sql}'",
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,39 @@
|
|||
# This defined types creates database schemas. See README.md for more details.
|
||||
define postgresql::server::schema(
|
||||
$db,
|
||||
$owner = undef,
|
||||
$schema = $title,
|
||||
) {
|
||||
$user = $postgresql::server::user
|
||||
$group = $postgresql::server::group
|
||||
$port = $postgresql::server::port
|
||||
$psql_path = $postgresql::server::psql_path
|
||||
$version = $postgresql::server::_version
|
||||
|
||||
Postgresql_psql {
|
||||
db => $db,
|
||||
psql_user => $user,
|
||||
psql_group => $group,
|
||||
psql_path => $psql_path,
|
||||
port => $port,
|
||||
}
|
||||
|
||||
$schema_title = "Create Schema '${schema}'"
|
||||
$authorization = $owner? {
|
||||
undef => '',
|
||||
default => "AUTHORIZATION \"${owner}\"",
|
||||
}
|
||||
|
||||
$schema_command = "CREATE SCHEMA \"${schema}\" ${authorization}"
|
||||
$unless = "SELECT nspname FROM pg_namespace WHERE nspname='${schema}'"
|
||||
|
||||
postgresql_psql { $schema_title:
|
||||
command => $schema_command,
|
||||
unless => $unless,
|
||||
require => Class['postgresql::server'],
|
||||
}
|
||||
|
||||
if($owner != undef and defined(Postgresql::Server::Role[$owner])) {
|
||||
Postgresql::Server::Role[$owner]->Postgresql_psql[$schema_title]
|
||||
}
|
||||
}
|
|
@ -0,0 +1,42 @@
|
|||
# PRIVATE CLASS: do not call directly
|
||||
class postgresql::server::service {
|
||||
$service_ensure = $postgresql::server::service_ensure
|
||||
$service_enable = $postgresql::server::service_enable
|
||||
$service_name = $postgresql::server::service_name
|
||||
$service_provider = $postgresql::server::service_provider
|
||||
$service_status = $postgresql::server::service_status
|
||||
$user = $postgresql::server::user
|
||||
$port = $postgresql::server::port
|
||||
$default_database = $postgresql::server::default_database
|
||||
|
||||
anchor { 'postgresql::server::service::begin': }
|
||||
|
||||
service { 'postgresqld':
|
||||
ensure => $service_ensure,
|
||||
enable => $service_enable,
|
||||
name => $service_name,
|
||||
provider => $service_provider,
|
||||
hasstatus => true,
|
||||
status => $service_status,
|
||||
}
|
||||
|
||||
if $service_ensure == 'running' {
|
||||
# This blocks the class before continuing if chained correctly, making
|
||||
# sure the service really is 'up' before continuing.
|
||||
#
|
||||
# Without it, we may continue doing more work before the database is
|
||||
# prepared leading to a nasty race condition.
|
||||
postgresql::validate_db_connection { 'validate_service_is_running':
|
||||
run_as => $user,
|
||||
database_name => $default_database,
|
||||
database_port => $port,
|
||||
sleep => 1,
|
||||
tries => 60,
|
||||
create_db_first => false,
|
||||
require => Service['postgresqld'],
|
||||
before => Anchor['postgresql::server::service::end']
|
||||
}
|
||||
}
|
||||
|
||||
anchor { 'postgresql::server::service::end': }
|
||||
}
|
|
@ -0,0 +1,22 @@
|
|||
# This resource wraps the grant resource to manage table grants specifically.
|
||||
# See README.md for more details.
|
||||
define postgresql::server::table_grant(
|
||||
$privilege,
|
||||
$table,
|
||||
$db,
|
||||
$role,
|
||||
$port = $postgresql::server::port,
|
||||
$psql_db = undef,
|
||||
$psql_user = undef
|
||||
) {
|
||||
postgresql::server::grant { "table:${name}":
|
||||
role => $role,
|
||||
db => $db,
|
||||
port => $port,
|
||||
privilege => $privilege,
|
||||
object_type => 'TABLE',
|
||||
object_name => $table,
|
||||
psql_db => $psql_db,
|
||||
psql_user => $psql_user,
|
||||
}
|
||||
}
|
|
@ -0,0 +1,47 @@
|
|||
# This module creates tablespace. See README.md for more details.
|
||||
define postgresql::server::tablespace(
|
||||
$location,
|
||||
$owner = undef,
|
||||
$spcname = $title
|
||||
) {
|
||||
$user = $postgresql::server::user
|
||||
$group = $postgresql::server::group
|
||||
$port = $postgresql::server::port
|
||||
$psql_path = $postgresql::server::psql_path
|
||||
|
||||
Postgresql_psql {
|
||||
psql_user => $user,
|
||||
psql_group => $group,
|
||||
psql_path => $psql_path,
|
||||
port => $port,
|
||||
}
|
||||
|
||||
if ($owner == undef) {
|
||||
$owner_section = ''
|
||||
} else {
|
||||
$owner_section = "OWNER \"${owner}\""
|
||||
}
|
||||
|
||||
$create_tablespace_command = "CREATE TABLESPACE \"${spcname}\" ${owner_section} LOCATION '${location}'"
|
||||
|
||||
file { $location:
|
||||
ensure => directory,
|
||||
owner => $user,
|
||||
group => $group,
|
||||
mode => '0700',
|
||||
seluser => 'system_u',
|
||||
selrole => 'object_r',
|
||||
seltype => 'postgresql_db_t',
|
||||
}
|
||||
|
||||
$create_ts = "Create tablespace '${spcname}'"
|
||||
postgresql_psql { "Create tablespace '${spcname}'":
|
||||
command => $create_tablespace_command,
|
||||
unless => "SELECT spcname FROM pg_tablespace WHERE spcname='${spcname}'",
|
||||
require => [Class['postgresql::server'], File[$location]],
|
||||
}
|
||||
|
||||
if($owner != undef and defined(Postgresql::Server::Role[$owner])) {
|
||||
Postgresql::Server::Role[$owner]->Postgresql_psql[$create_ts]
|
||||
}
|
||||
}
|
|
@ -1,95 +1,75 @@
|
|||
# Define: postgresql::validate_db_connection
|
||||
#
|
||||
# This type validates that a successful postgres connection can be established
|
||||
# between the node on which this resource is run and a specified postgres
|
||||
# instance (host/port/user/password/database name).
|
||||
#
|
||||
# Parameters:
|
||||
# [*database_host*] - the hostname or IP address of the machine where the
|
||||
# postgres server should be running.
|
||||
# [*database_port*] - the port on which postgres server should be
|
||||
# listening (defaults to 5432).
|
||||
# [*database_username*] - the postgres username
|
||||
# [*database_password*] - the postgres user's password
|
||||
# [*database_name*] - the database name that the connection should be
|
||||
# established against
|
||||
# [*client_package_name*] - (optional) the name of the postgres client package
|
||||
# that provides the psql tool, if you aren't using
|
||||
# the default system package.
|
||||
#
|
||||
# NOTE: to some degree this type assumes that you've created the corresponding
|
||||
# postgres database instance that you are validating by using the
|
||||
# `postgresql::db` or `postgresql::database` type provided by this module
|
||||
# elsewhere in your manifests.
|
||||
#
|
||||
# Actions:
|
||||
#
|
||||
# Attempts to establish a connection to the specified postgres database. If
|
||||
# a connection cannot be established, the resource will fail; this allows you
|
||||
# to use it as a dependency for other resources that would be negatively
|
||||
# impacted if they were applied without the postgres connection being available.
|
||||
#
|
||||
# Requires:
|
||||
#
|
||||
# `psql` commandline tool (will automatically install the system's postgres
|
||||
# client package if it is not already installed.)
|
||||
#
|
||||
# Sample Usage:
|
||||
#
|
||||
# postgresql::validate_db_connection { 'validate my postgres connection':
|
||||
# database_host => 'my.postgres.host',
|
||||
# database_username => 'mydbuser',
|
||||
# database_password => 'mydbpassword',
|
||||
# database_name => 'mydbname',
|
||||
# }
|
||||
#
|
||||
|
||||
# See README.md for more details.
|
||||
define postgresql::validate_db_connection(
|
||||
$database_host,
|
||||
$database_port = 5432,
|
||||
$database_username,
|
||||
$database_password,
|
||||
$database_name,
|
||||
$client_package_name = "",
|
||||
$database_host = undef,
|
||||
$database_name = undef,
|
||||
$database_password = undef,
|
||||
$database_username = undef,
|
||||
$database_port = undef,
|
||||
$run_as = undef,
|
||||
$sleep = 2,
|
||||
$tries = 10,
|
||||
$create_db_first = true
|
||||
) {
|
||||
include postgresql::params
|
||||
require postgresql::client
|
||||
include postgresql::params
|
||||
|
||||
# This is a bit messy, but we need to use the correct client package name
|
||||
# from the params class if the user did not explicitly provide one.
|
||||
if (! $client_package_name) {
|
||||
$package_name = $postgresql::params::client_package_name
|
||||
} else {
|
||||
$package_name = $client_package_name
|
||||
}
|
||||
$psql_path = $postgresql::params::psql_path
|
||||
|
||||
# Make sure the postgres client package is installed; we need it for
|
||||
# `psql`.
|
||||
package { 'postgresql-client':
|
||||
name => $package_name,
|
||||
ensure => present,
|
||||
}
|
||||
$cmd_init = "${psql_path} --tuples-only --quiet "
|
||||
$cmd_host = $database_host ? {
|
||||
undef => '',
|
||||
default => "-h ${database_host} ",
|
||||
}
|
||||
$cmd_user = $database_username ? {
|
||||
undef => '',
|
||||
default => "-U ${database_username} ",
|
||||
}
|
||||
$cmd_port = $database_port ? {
|
||||
undef => '',
|
||||
default => "-p ${database_port} ",
|
||||
}
|
||||
$cmd_dbname = $database_name ? {
|
||||
undef => "--dbname ${postgresql::params::default_database} ",
|
||||
default => "--dbname ${database_name} ",
|
||||
}
|
||||
$env = $database_password ? {
|
||||
undef => undef,
|
||||
default => "PGPASSWORD=${database_password}",
|
||||
}
|
||||
$cmd = join([$cmd_init, $cmd_host, $cmd_user, $cmd_port, $cmd_dbname])
|
||||
$validate_cmd = "/usr/local/bin/validate_postgresql_connection.sh ${sleep} ${tries} '${cmd}'"
|
||||
|
||||
# TODO: port to ruby
|
||||
$psql = "${postgresql::params::psql_path} --tuples-only --quiet -h $database_host -U $database_username -p $database_port --dbname $database_name"
|
||||
# This is more of a safety valve, we add a little extra to compensate for the
|
||||
# time it takes to run each psql command.
|
||||
$timeout = (($sleep + 2) * $tries)
|
||||
|
||||
$exec_name = "validate postgres connection for $database_host/$database_name"
|
||||
exec {$exec_name:
|
||||
command => "/bin/echo \"SELECT 1\" | $psql",
|
||||
cwd => '/tmp',
|
||||
environment => "PGPASSWORD=$database_password",
|
||||
logoutput => 'on_failure',
|
||||
require => Package['postgresql-client'],
|
||||
}
|
||||
$exec_name = "validate postgres connection for ${database_host}/${database_name}"
|
||||
exec { $exec_name:
|
||||
command => "echo 'Unable to connect to defined database using: ${cmd}' && false",
|
||||
unless => $validate_cmd,
|
||||
cwd => '/tmp',
|
||||
environment => $env,
|
||||
logoutput => 'on_failure',
|
||||
user => $run_as,
|
||||
path => '/bin:/usr/bin:/usr/local/bin',
|
||||
timeout => $timeout,
|
||||
require => Package['postgresql-client'],
|
||||
}
|
||||
|
||||
# This is a little bit of puppet magic. What we want to do here is make
|
||||
# sure that if the validation and the database instance creation are being
|
||||
# applied on the same machine, then the database resource is applied *before*
|
||||
# the validation resource. Otherwise, the validation is guaranteed to fail
|
||||
# on the first run.
|
||||
#
|
||||
# We accomplish this by using Puppet's resource collection syntax to search
|
||||
# for the Database resource in our current catalog; if it exists, the
|
||||
# appropriate relationship is created here.
|
||||
Database<|title == $database_name|> -> Exec[$exec_name]
|
||||
# This is a little bit of puppet magic. What we want to do here is make
|
||||
# sure that if the validation and the database instance creation are being
|
||||
# applied on the same machine, then the database resource is applied *before*
|
||||
# the validation resource. Otherwise, the validation is guaranteed to fail
|
||||
# on the first run.
|
||||
#
|
||||
# We accomplish this by using Puppet's resource collection syntax to search
|
||||
# for the Database resource in our current catalog; if it exists, the
|
||||
# appropriate relationship is created here.
|
||||
if($create_db_first) {
|
||||
Postgresql::Server::Database<|title == $database_name|> -> Exec[$exec_name]
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,46 +0,0 @@
|
|||
# -*- mode: ruby -*-
|
||||
# vi: set ft=ruby :
|
||||
|
||||
# puppet-postgresql
|
||||
# For all details and documentation:
|
||||
# http://github.com/inkling/puppet-postgresql
|
||||
#
|
||||
# Copyright 2012- Inkling Systems, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
Vagrant::Config.run do |config|
|
||||
|
||||
# Test on 64 bit lucid
|
||||
config.vm.box = "lucid64"
|
||||
config.vm.box_url = "http://files.vagrantup.com/lucid64.box"
|
||||
|
||||
# Resolve DNS via NAT
|
||||
config.vm.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
|
||||
|
||||
# Share the stdlib module
|
||||
# TODO: it would be better to install this via the puppet module tool
|
||||
config.vm.share_folder "puppetlabs-stdlib-module", "/usr/share/puppet/modules/stdlib", "../../puppetlabs-stdlib"
|
||||
|
||||
# Share the postgressql module
|
||||
config.vm.share_folder "puppet-postgresql-module", "/usr/share/puppet/modules/postgresql", ".."
|
||||
|
||||
# Share the module of test classes
|
||||
config.vm.share_folder "puppet-postgresql-tests", "/usr/share/puppet/modules/postgresql_tests", "."
|
||||
|
||||
# Provision with a base puppet config just so we don't have to repeat the puppet user/group
|
||||
config.vm.provision :puppet do |puppet|
|
||||
puppet.manifests_path = "."
|
||||
puppet.manifest_file = "base.pp"
|
||||
end
|
||||
end
|
|
@ -0,0 +1,28 @@
|
|||
require 'spec_helper_acceptance'
|
||||
|
||||
# These tests ensure that postgres can change itself to an alternative port
|
||||
# properly.
|
||||
describe 'postgres::server', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
|
||||
it 'on an alternative port' do
|
||||
pp = <<-EOS
|
||||
class { 'postgresql::server': port => '5433' }
|
||||
EOS
|
||||
|
||||
apply_manifest(pp, :catch_failures => true)
|
||||
apply_manifest(pp, :catch_changes => true)
|
||||
end
|
||||
|
||||
describe port(5433) do
|
||||
it { is_expected.to be_listening }
|
||||
end
|
||||
|
||||
it 'can connect with psql' do
|
||||
psql('-p 5433 --command="\l" postgres', 'postgres') do |r|
|
||||
expect(r.stdout).to match(/List of databases/)
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,35 @@
|
|||
require 'spec_helper_acceptance'
|
||||
|
||||
describe 'postgresql::server::db', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
|
||||
it 'creates a database' do
|
||||
begin
|
||||
tmpdir = default.tmpdir('postgresql')
|
||||
pp = <<-EOS
|
||||
class { 'postgresql::server': }
|
||||
postgresql::server::tablespace { 'postgresql_test_db':
|
||||
location => '#{tmpdir}',
|
||||
} ->
|
||||
postgresql::server::db { 'postgresql_test_db':
|
||||
user => 'test',
|
||||
password => 'test1',
|
||||
tablespace => 'postgresql_test_db',
|
||||
}
|
||||
EOS
|
||||
|
||||
apply_manifest(pp, :catch_failures => true)
|
||||
apply_manifest(pp, :catch_changes => true)
|
||||
|
||||
psql('--command="select datname from pg_database" postgresql_test_db') do |r|
|
||||
expect(r.stdout).to match(/postgresql_test_db/)
|
||||
expect(r.stderr).to eq('')
|
||||
end
|
||||
|
||||
psql('--command="SELECT 1 FROM pg_roles WHERE rolname=\'test\'"') do |r|
|
||||
expect(r.stdout).to match(/\(1 row\)/)
|
||||
end
|
||||
ensure
|
||||
psql('--command="drop database postgresql_test_db" postgres')
|
||||
psql('--command="DROP USER test"')
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,28 @@
|
|||
require 'spec_helper_acceptance'
|
||||
|
||||
# These tests are designed to ensure that the module, when ran with defaults,
|
||||
# sets up everything correctly and allows us to connect to Postgres.
|
||||
describe 'postgres::server', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
|
||||
it 'with defaults' do
|
||||
pp = <<-EOS
|
||||
class { 'postgresql::server': }
|
||||
EOS
|
||||
|
||||
apply_manifest(pp, :catch_failures => true)
|
||||
apply_manifest(pp, :catch_changes => true)
|
||||
end
|
||||
|
||||
describe port(5432) do
|
||||
it { is_expected.to be_listening }
|
||||
end
|
||||
|
||||
it 'can connect with psql' do
|
||||
psql('--command="\l" postgres', 'postgres') do |r|
|
||||
expect(r.stdout).to match(/List of databases/)
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
HOSTS:
|
||||
centos-510-x64:
|
||||
roles:
|
||||
- master
|
||||
platform: el-5-x86_64
|
||||
box : centos-510-x64-virtualbox-nocm
|
||||
box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-510-x64-virtualbox-nocm.box
|
||||
hypervisor : vagrant
|
||||
CONFIG:
|
||||
type: git
|
|
@ -0,0 +1,10 @@
|
|||
HOSTS:
|
||||
centos-59-x64:
|
||||
roles:
|
||||
- master
|
||||
platform: el-5-x86_64
|
||||
box : centos-59-x64-vbox4210-nocm
|
||||
box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210-nocm.box
|
||||
hypervisor : vagrant
|
||||
CONFIG:
|
||||
type: git
|
|
@ -0,0 +1,12 @@
|
|||
HOSTS:
|
||||
centos-64-x64:
|
||||
roles:
|
||||
- master
|
||||
- database
|
||||
- dashboard
|
||||
platform: el-6-x86_64
|
||||
box : centos-64-x64-vbox4210-nocm
|
||||
box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box
|
||||
hypervisor : vagrant
|
||||
CONFIG:
|
||||
type: pe
|
|
@ -0,0 +1,10 @@
|
|||
HOSTS:
|
||||
centos-64-x64:
|
||||
roles:
|
||||
- master
|
||||
platform: el-6-x86_64
|
||||
box : centos-64-x64-vbox4210-nocm
|
||||
box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box
|
||||
hypervisor : vagrant
|
||||
CONFIG:
|
||||
type: git
|
|
@ -0,0 +1,10 @@
|
|||
HOSTS:
|
||||
centos-65-x64:
|
||||
roles:
|
||||
- master
|
||||
platform: el-6-x86_64
|
||||
box : centos-65-x64-vbox436-nocm
|
||||
box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-65-x64-virtualbox-nocm.box
|
||||
hypervisor : vagrant
|
||||
CONFIG:
|
||||
type: foss
|
|
@ -0,0 +1,10 @@
|
|||
HOSTS:
|
||||
debian-607-x64:
|
||||
roles:
|
||||
- master
|
||||
platform: debian-6-amd64
|
||||
box : debian-607-x64-vbox4210-nocm
|
||||
box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-607-x64-vbox4210-nocm.box
|
||||
hypervisor : vagrant
|
||||
CONFIG:
|
||||
type: git
|
|
@ -0,0 +1,10 @@
|
|||
HOSTS:
|
||||
debian-73-x64:
|
||||
roles:
|
||||
- master
|
||||
platform: debian-7-amd64
|
||||
box : debian-73-x64-virtualbox-nocm
|
||||
box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-73-x64-virtualbox-nocm.box
|
||||
hypervisor : vagrant
|
||||
CONFIG:
|
||||
type: git
|
|
@ -0,0 +1,10 @@
|
|||
HOSTS:
|
||||
centos-64-x64:
|
||||
roles:
|
||||
- master
|
||||
platform: el-6-x86_64
|
||||
box : centos-64-x64-vbox4210-nocm
|
||||
box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box
|
||||
hypervisor : vagrant
|
||||
CONFIG:
|
||||
type: git
|
|
@ -0,0 +1,10 @@
|
|||
HOSTS:
|
||||
ubuntu-server-10044-x64:
|
||||
roles:
|
||||
- master
|
||||
platform: ubuntu-10.04-amd64
|
||||
box : ubuntu-server-10044-x64-vbox4210-nocm
|
||||
box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-10044-x64-vbox4210-nocm.box
|
||||
hypervisor : vagrant
|
||||
CONFIG:
|
||||
type: foss
|
|
@ -0,0 +1,10 @@
|
|||
HOSTS:
|
||||
ubuntu-server-12042-x64:
|
||||
roles:
|
||||
- master
|
||||
platform: ubuntu-12.04-amd64
|
||||
box : ubuntu-server-12042-x64-vbox4210-nocm
|
||||
box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-12042-x64-vbox4210-nocm.box
|
||||
hypervisor : vagrant
|
||||
CONFIG:
|
||||
type: foss
|
|
@ -0,0 +1,11 @@
|
|||
HOSTS:
|
||||
ubuntu-server-1404-x64:
|
||||
roles:
|
||||
- master
|
||||
platform: ubuntu-14.04-amd64
|
||||
box : puppetlabs/ubuntu-14.04-64-nocm
|
||||
box_url : https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm
|
||||
hypervisor : vagrant
|
||||
CONFIG:
|
||||
log_level : debug
|
||||
type: git
|
|
@ -0,0 +1,116 @@
|
|||
require 'spec_helper_acceptance'
|
||||
|
||||
describe 'postgresql_psql', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
|
||||
|
||||
it 'should always run SQL' do
|
||||
pp = <<-EOS
|
||||
class { 'postgresql::server': } ->
|
||||
postgresql_psql { 'foobar':
|
||||
db => 'postgres',
|
||||
psql_user => 'postgres',
|
||||
command => 'select 1',
|
||||
}
|
||||
EOS
|
||||
|
||||
apply_manifest(pp, :catch_failures => true)
|
||||
apply_manifest(pp, :expect_changes => true)
|
||||
end
|
||||
|
||||
it 'should run some SQL when the unless query returns no rows' do
|
||||
pp = <<-EOS
|
||||
class { 'postgresql::server': } ->
|
||||
postgresql_psql { 'foobar':
|
||||
db => 'postgres',
|
||||
psql_user => 'postgres',
|
||||
command => 'select 1',
|
||||
unless => 'select 1 where 1=2',
|
||||
}
|
||||
EOS
|
||||
|
||||
apply_manifest(pp, :catch_failures => true)
|
||||
apply_manifest(pp, :expect_changes => true)
|
||||
end
|
||||
|
||||
it 'should not run SQL when the unless query returns rows' do
|
||||
pp = <<-EOS
|
||||
class { 'postgresql::server': } ->
|
||||
postgresql_psql { 'foobar':
|
||||
db => 'postgres',
|
||||
psql_user => 'postgres',
|
||||
command => 'select * from pg_database limit 1',
|
||||
unless => 'select 1 where 1=1',
|
||||
}
|
||||
EOS
|
||||
|
||||
apply_manifest(pp, :catch_failures => true)
|
||||
apply_manifest(pp, :catch_changes => true)
|
||||
end
|
||||
|
||||
it 'should not run SQL when refreshed and the unless query returns rows' do
|
||||
pp = <<-EOS
|
||||
class { 'postgresql::server': } ->
|
||||
notify { 'trigger': } ~>
|
||||
postgresql_psql { 'foobar':
|
||||
db => 'postgres',
|
||||
psql_user => 'postgres',
|
||||
command => 'invalid sql statement',
|
||||
unless => 'select 1 where 1=1',
|
||||
}
|
||||
EOS
|
||||
|
||||
apply_manifest(pp, :catch_failures => true)
|
||||
apply_manifest(pp, :expect_changes => true)
|
||||
end
|
||||
|
||||
context 'with refreshonly' do
|
||||
it 'should not run SQL when the unless query returns no rows' do
|
||||
pp = <<-EOS
|
||||
class { 'postgresql::server': } ->
|
||||
postgresql_psql { 'foobar':
|
||||
db => 'postgres',
|
||||
psql_user => 'postgres',
|
||||
command => 'select 1',
|
||||
unless => 'select 1 where 1=2',
|
||||
refreshonly => true,
|
||||
}
|
||||
EOS
|
||||
|
||||
apply_manifest(pp, :catch_failures => true)
|
||||
apply_manifest(pp, :catch_changes => true)
|
||||
end
|
||||
|
||||
it 'should run SQL when refreshed and the unless query returns no rows' do
|
||||
pp = <<-EOS.unindent
|
||||
class { 'postgresql::server': } ->
|
||||
notify { 'trigger': } ~>
|
||||
postgresql_psql { 'foobar':
|
||||
db => 'postgres',
|
||||
psql_user => 'postgres',
|
||||
command => 'select 1',
|
||||
unless => 'select 1 where 1=2',
|
||||
refreshonly => true,
|
||||
}
|
||||
EOS
|
||||
|
||||
apply_manifest(pp, :catch_failures => true)
|
||||
apply_manifest(pp, :expect_changes => true)
|
||||
end
|
||||
|
||||
it 'should not run SQL when refreshed and the unless query returns rows' do
|
||||
pp = <<-EOS.unindent
|
||||
class { 'postgresql::server': } ->
|
||||
notify { 'trigger': } ~>
|
||||
postgresql_psql { 'foobar':
|
||||
db => 'postgres',
|
||||
psql_user => 'postgres',
|
||||
command => 'invalid sql query',
|
||||
unless => 'select 1 where 1=1',
|
||||
refreshonly => true,
|
||||
}
|
||||
EOS
|
||||
|
||||
apply_manifest(pp, :catch_failures => true)
|
||||
apply_manifest(pp, :expect_changes => true)
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,56 @@
|
|||
require 'spec_helper_acceptance'
|
||||
|
||||
describe 'postgresql::server::schema:', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
|
||||
it 'should create a schema for a user' do
|
||||
begin
|
||||
pp = <<-EOS.unindent
|
||||
$db = 'schema_test'
|
||||
$user = 'psql_schema_tester'
|
||||
$password = 'psql_schema_pw'
|
||||
|
||||
class { 'postgresql::server': }
|
||||
|
||||
# Since we are not testing pg_hba or any of that, make a local user for ident auth
|
||||
user { $user:
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
postgresql::server::role { $user:
|
||||
password_hash => postgresql_password($user, $password),
|
||||
}
|
||||
|
||||
postgresql::server::database { $db:
|
||||
owner => $user,
|
||||
require => Postgresql::Server::Role[$user],
|
||||
}
|
||||
|
||||
# Create a rule for the user
|
||||
postgresql::server::pg_hba_rule { "allow ${user}":
|
||||
type => 'local',
|
||||
database => $db,
|
||||
user => $user,
|
||||
auth_method => 'ident',
|
||||
order => 1,
|
||||
}
|
||||
|
||||
postgresql::server::schema { $user:
|
||||
db => $db,
|
||||
owner => $user,
|
||||
require => Postgresql::Server::Database[$db],
|
||||
}
|
||||
EOS
|
||||
|
||||
apply_manifest(pp, :catch_failures => true)
|
||||
apply_manifest(pp, :catch_changes => true)
|
||||
|
||||
## Check that the user can create a table in the database
|
||||
psql('--command="create table psql_schema_tester.foo (foo int)" schema_test', 'psql_schema_tester') do |r|
|
||||
expect(r.stdout).to match(/CREATE TABLE/)
|
||||
expect(r.stderr).to eq('')
|
||||
end
|
||||
ensure
|
||||
psql('--command="drop table psql_schema_tester.foo" schema_test', 'psql_schema_tester')
|
||||
end
|
||||
end
|
||||
|
||||
end
|
|
@ -1,34 +0,0 @@
|
|||
# puppet-postgresql
|
||||
# For all details and documentation:
|
||||
# http://github.com/inkling/puppet-postgresql
|
||||
#
|
||||
# Copyright 2012- Inkling Systems, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
group {'puppet':
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
user {'puppet':
|
||||
ensure => present,
|
||||
gid => 'puppet',
|
||||
}
|
||||
|
||||
file {'/etc/sudoers.d/puppet_postgresql_tests':
|
||||
ensure => file,
|
||||
content => 'vagrant ALL=(ALL) ALL',
|
||||
mode => '0440',
|
||||
owner => root,
|
||||
group => root,
|
||||
}
|
|
@ -1,27 +0,0 @@
|
|||
# puppet-postgresql
|
||||
# For all details and documentation:
|
||||
# http://github.com/inkling/puppet-postgresql
|
||||
#
|
||||
# Copyright 2012- Inkling Systems, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
class postgresql_tests::test_db($db) {
|
||||
|
||||
include postgresql::server
|
||||
|
||||
postgresql::db { $db:
|
||||
user => $db,
|
||||
password => $db,
|
||||
}
|
||||
}
|
|
@ -1,45 +0,0 @@
|
|||
# puppet-postgresql
|
||||
# For all details and documentation:
|
||||
# http://github.com/inkling/puppet-postgresql
|
||||
#
|
||||
# Copyright 2012- Inkling Systems, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
class postgresql_tests::test_grant_create($user, $password, $db) {
|
||||
|
||||
include postgresql::server
|
||||
|
||||
# Since we are not testing pg_hba or any of that, make a local user for ident auth
|
||||
user { $user:
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
postgresql::database_user { $user:
|
||||
password_hash => postgresql_password($user, $password),
|
||||
require => [ Class['postgresql::server'],
|
||||
User[$user] ],
|
||||
}
|
||||
|
||||
postgresql::database { $db:
|
||||
require => Class['postgresql::server'],
|
||||
}
|
||||
|
||||
postgresql::database_grant { "grant create test":
|
||||
privilege => 'CREATE',
|
||||
db => $db,
|
||||
role => $user,
|
||||
require => [ Postgresql::Database[$db],
|
||||
Postgresql::Database_user[$user] ],
|
||||
}
|
||||
}
|
|
@ -1,26 +0,0 @@
|
|||
# puppet-postgresql
|
||||
# For all details and documentation:
|
||||
# http://github.com/inkling/puppet-postgresql
|
||||
#
|
||||
# Copyright 2012- Inkling Systems, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
class postgresql_tests::test_initdb {
|
||||
|
||||
include postgresql::server
|
||||
|
||||
class { "postgresql::initdb":
|
||||
require => Class['postgresql::server']
|
||||
}
|
||||
}
|
|
@ -1,30 +0,0 @@
|
|||
# puppet-postgresql
|
||||
# For all details and documentation:
|
||||
# http://github.com/inkling/puppet-postgresql
|
||||
#
|
||||
# Copyright 2012- Inkling Systems, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
class postgresql_tests::test_psql($command = $title, $unless) {
|
||||
|
||||
include postgresql::server
|
||||
|
||||
postgresql::psql { $title:
|
||||
db => 'postgres',
|
||||
user => 'postgres',
|
||||
command => $command,
|
||||
unless => $unless,
|
||||
require => Class['postgresql::server'],
|
||||
}
|
||||
}
|
|
@ -1,33 +0,0 @@
|
|||
# puppet-postgresql
|
||||
# For all details and documentation:
|
||||
# http://github.com/inkling/puppet-postgresql
|
||||
#
|
||||
# Copyright 2012- Inkling Systems, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
class postgresql_tests::test_user($user, $password) {
|
||||
|
||||
include postgresql::server
|
||||
|
||||
# Since we are not testing pg_hba or any of that, make a local user for ident auth
|
||||
user { $user:
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
postgresql::database_user { $user:
|
||||
password_hash => postgresql_password($user, $password),
|
||||
require => [ Class['postgresql::server'],
|
||||
User[$user] ],
|
||||
}
|
||||
}
|
|
@ -1,152 +0,0 @@
|
|||
# puppet-postgresql
|
||||
# For all details and documentation:
|
||||
# http://github.com/inkling/puppet-postgresql
|
||||
#
|
||||
# Copyright 2012- Inkling Systems, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
require 'logger'
|
||||
require 'vagrant'
|
||||
|
||||
# VM-based tests for postgresql::* defined resource types.
|
||||
#
|
||||
# The general structure is:
|
||||
#
|
||||
# - Roll back the VM
|
||||
# - Apply a minimal puppet config for the type and fail only on crashes
|
||||
# - Apply it again and fail if there were any new changes reported
|
||||
# - Check the state of the system
|
||||
|
||||
describe "postgresql" do
|
||||
|
||||
def sudo_and_log(*args)
|
||||
@logger.debug("Running command: '#{args[0]}'")
|
||||
@env.primary_vm.channel.sudo(args[0]) do |ch, data|
|
||||
@logger.debug(data)
|
||||
end
|
||||
end
|
||||
|
||||
before(:all) do
|
||||
@logger = Logger.new(STDOUT)
|
||||
@logger.level = Logger::DEBUG # TODO: get from environment or rspec?
|
||||
|
||||
vagrant_dir = File.dirname(__FILE__)
|
||||
@env = Vagrant::Environment::new(:cwd => vagrant_dir)
|
||||
|
||||
# Sahara ignores :cwd so we have to chdir for now, see https://github.com/jedi4ever/sahara/issues/9
|
||||
Dir.chdir(vagrant_dir)
|
||||
|
||||
# @env.cli("destroy") # Takes too long
|
||||
@env.cli("up")
|
||||
|
||||
# We are not testing the "package" resource type, so pull stuff in in advance
|
||||
sudo_and_log('apt-get update')
|
||||
sudo_and_log('apt-get install --yes --download-only postgresql-8.4')
|
||||
@env.cli("sandbox", "on")
|
||||
end
|
||||
|
||||
after(:each) do
|
||||
@env.cli("sandbox", "rollback")
|
||||
end
|
||||
|
||||
describe 'postgresql::initdb' do
|
||||
it "should idempotently create a working --pgdata directory so postgres can run" do
|
||||
@logger.info("starting")
|
||||
|
||||
# A bare-minimum class to initdb the specified dir
|
||||
test_class = 'class {"postgresql_tests::test_initdb": }'
|
||||
|
||||
# Run once to check for crashes
|
||||
sudo_and_log("puppet apply -e '#{test_class}'")
|
||||
|
||||
# Run again to check for idempotence via --detailed-exitcodes
|
||||
sudo_and_log("puppet apply --detailed-exitcodes -e '#{test_class}'")
|
||||
|
||||
sudo_and_log("service postgresql-8.4 restart")
|
||||
|
||||
# Connect to it and list the databases
|
||||
sudo_and_log('sudo -n -u postgres /usr/lib/postgresql/8.4/bin/psql --list --tuples-only')
|
||||
end
|
||||
end
|
||||
|
||||
describe 'postgresql::db' do
|
||||
it 'should idempotently create a db that we can connect to' do
|
||||
|
||||
# A bare-minimum class to add a DB to postgres, which will be running due to ubuntu
|
||||
test_class = 'class {"postgresql_tests::test_db": db => "postgresql_test_db" }'
|
||||
|
||||
# Run once to check for crashes
|
||||
sudo_and_log("puppet apply -e '#{test_class}'")
|
||||
|
||||
# Run again to check for idempotence
|
||||
sudo_and_log("puppet apply --detailed-exitcodes -e '#{test_class}'")
|
||||
|
||||
# Check that the database name is present
|
||||
sudo_and_log('sudo -u postgres psql postgresql_test_db --command="select datname from pg_database limit 1"')
|
||||
end
|
||||
end
|
||||
|
||||
describe 'postgresql::psql' do
|
||||
it 'should run some SQL when the unless query returns no rows' do
|
||||
test_class = 'class {"postgresql_tests::test_psql": command => "SELECT \'foo\'", unless => "SELECT 1 WHERE 1=2" }'
|
||||
|
||||
# Run once to get all packages set up
|
||||
sudo_and_log("puppet apply -e '#{test_class}'")
|
||||
|
||||
# Check for exit code 2
|
||||
sudo_and_log("puppet apply --detailed-exitcodes -e '#{test_class}' ; [ $? == 2 ]")
|
||||
end
|
||||
|
||||
it 'should not run SQL when the unless query returns rows' do
|
||||
test_class = 'class {"postgresql_tests::test_psql": command => "SELECT * FROM pg_datbase limit 1", unless => "SELECT 1 WHERE 1=1" }'
|
||||
|
||||
# Run once to get all packages set up
|
||||
sudo_and_log("puppet apply -e '#{test_class}'")
|
||||
|
||||
# Check for exit code 0
|
||||
sudo_and_log("puppet apply --detailed-exitcodes -e '#{test_class}'")
|
||||
end
|
||||
end
|
||||
|
||||
describe 'postgresql::user' do
|
||||
it 'should idempotently create a user who can log in' do
|
||||
test_class = 'class {"postgresql_tests::test_user": user => "postgresql_test_user", password => "postgresql_test_password" }'
|
||||
|
||||
# Run once to check for crashes
|
||||
sudo_and_log("puppet apply -e '#{test_class}'")
|
||||
|
||||
# Run again to check for idempotence
|
||||
sudo_and_log("puppet apply --detailed-exitcodes -e '#{test_class}'")
|
||||
|
||||
# Check that the user can log in
|
||||
sudo_and_log('sudo -u postgresql_test_user psql --command="select datname from pg_database limit 1" postgres')
|
||||
end
|
||||
end
|
||||
|
||||
describe 'postgresql::grant' do
|
||||
it 'should grant access so a user can create in a database' do
|
||||
test_class = 'class {"postgresql_tests::test_grant_create": db => "postgres", user => "psql_grant_tester", password => "psql_grant_pw" }'
|
||||
|
||||
# Run once to check for crashes
|
||||
sudo_and_log("puppet apply -e '#{test_class}'")
|
||||
|
||||
# Run again to check for idempotence
|
||||
sudo_and_log("puppet apply --detailed-exitcodes -e '#{test_class}'")
|
||||
|
||||
# Check that the user can select from the table in
|
||||
sudo_and_log('sudo -u psql_grant_tester psql --command="create table foo (foo int)" postgres')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
--format
|
||||
s
|
||||
--colour
|
||||
--loadby
|
||||
mtime
|
||||
--backtrace
|
|
@ -0,0 +1,31 @@
|
|||
require 'puppetlabs_spec_helper/module_spec_helper'
|
||||
|
||||
RSpec.configure do |c|
|
||||
c.mock_with :rspec do |mock|
|
||||
mock.syntax = [:expect, :should]
|
||||
end
|
||||
c.include PuppetlabsSpec::Files
|
||||
|
||||
c.before :each do
|
||||
# Store any environment variables away to be restored later
|
||||
@old_env = {}
|
||||
ENV.each_key {|k| @old_env[k] = ENV[k]}
|
||||
|
||||
if ENV['STRICT_VARIABLES'] == 'yes'
|
||||
Puppet.settings[:strict_variables]=true
|
||||
end
|
||||
end
|
||||
|
||||
c.after :each do
|
||||
PuppetlabsSpec::Files.cleanup
|
||||
end
|
||||
end
|
||||
|
||||
# Convenience helper for returning parameters for a type from the
|
||||
# catalogue.
|
||||
def param(type, title, param)
|
||||
param_value(catalogue, type, title, param)
|
||||
end
|
||||
|
||||
# With rspec-puppet v2.0 this allows coverage checks.
|
||||
#at_exit { RSpec::Puppet::Coverage.report! }
|
|
@ -0,0 +1,108 @@
|
|||
require 'beaker-rspec/spec_helper'
|
||||
require 'beaker-rspec/helpers/serverspec'
|
||||
|
||||
class String
|
||||
# Provide ability to remove indentation from strings, for the purpose of
|
||||
# left justifying heredoc blocks.
|
||||
def unindent
|
||||
gsub(/^#{scan(/^\s*/).min_by{|l|l.length}}/, "")
|
||||
end
|
||||
end
|
||||
|
||||
def shellescape(str)
|
||||
str = str.to_s
|
||||
|
||||
# An empty argument will be skipped, so return empty quotes.
|
||||
return "''" if str.empty?
|
||||
|
||||
str = str.dup
|
||||
|
||||
# Treat multibyte characters as is. It is caller's responsibility
|
||||
# to encode the string in the right encoding for the shell
|
||||
# environment.
|
||||
str.gsub!(/([^A-Za-z0-9_\-.,:\/@\n])/, "\\\\\\1")
|
||||
|
||||
# A LF cannot be escaped with a backslash because a backslash + LF
|
||||
# combo is regarded as line continuation and simply ignored.
|
||||
str.gsub!(/\n/, "'\n'")
|
||||
|
||||
return str
|
||||
end
|
||||
|
||||
def psql(psql_cmd, user = 'postgres', exit_codes = [0,1], &block)
|
||||
psql = "psql #{psql_cmd}"
|
||||
shell("su #{shellescape(user)} -c #{shellescape(psql)}", :acceptable_exit_codes => exit_codes, &block)
|
||||
end
|
||||
|
||||
unless ENV['RS_PROVISION'] == 'no' or ENV['BEAKER_provision'] == 'no'
|
||||
# This will install the latest available package on el and deb based
|
||||
# systems fail on windows and osx, and install via gem on other *nixes
|
||||
foss_opts = { :default_action => 'gem_install' }
|
||||
|
||||
if default.is_pe?; then install_pe; else install_puppet( foss_opts ); end
|
||||
|
||||
hosts.each do |host|
|
||||
shell("mkdir -p #{host['distmoduledir']}")
|
||||
if ! host.is_pe?
|
||||
# Augeas is only used in one place, for Redhat.
|
||||
if fact('osfamily') == 'RedHat'
|
||||
install_package host, 'ruby-devel'
|
||||
#install_package host, 'augeas-devel'
|
||||
#install_package host, 'ruby-augeas'
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
UNSUPPORTED_PLATFORMS = ['AIX','windows','Solaris','Suse']
|
||||
|
||||
RSpec.configure do |c|
|
||||
# Project root
|
||||
proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
|
||||
|
||||
# Readable test descriptions
|
||||
c.formatter = :documentation
|
||||
|
||||
# Configure all nodes in nodeset
|
||||
c.before :suite do
|
||||
# Install module and dependencies
|
||||
puppet_module_install(:source => proj_root, :module_name => 'postgresql')
|
||||
|
||||
# Set up selinux if appropriate.
|
||||
if fact('osfamily') == 'RedHat' && fact('selinux') == 'true'
|
||||
pp = <<-EOS
|
||||
if $::osfamily == 'RedHat' and $::selinux == 'true' {
|
||||
$semanage_package = $::operatingsystemmajrelease ? {
|
||||
'5' => 'policycoreutils',
|
||||
default => 'policycoreutils-python',
|
||||
}
|
||||
|
||||
package { $semanage_package: ensure => installed }
|
||||
exec { 'set_postgres':
|
||||
command => 'semanage port -a -t postgresql_port_t -p tcp 5433',
|
||||
path => '/bin:/usr/bin/:/sbin:/usr/sbin',
|
||||
subscribe => Package[$semanage_package],
|
||||
}
|
||||
}
|
||||
EOS
|
||||
|
||||
apply_manifest_on(agents, pp, :catch_failures => false)
|
||||
end
|
||||
|
||||
hosts.each do |host|
|
||||
on host, "/bin/touch #{default['puppetpath']}/hiera.yaml"
|
||||
on host, 'chmod 755 /root'
|
||||
if fact('osfamily') == 'Debian'
|
||||
on host, "echo \"en_US ISO-8859-1\nen_NG.UTF-8 UTF-8\nen_US.UTF-8 UTF-8\n\" > /etc/locale.gen"
|
||||
on host, '/usr/sbin/locale-gen'
|
||||
on host, '/usr/sbin/update-locale'
|
||||
end
|
||||
|
||||
on host, puppet('module','install','puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] }
|
||||
on host, puppet('module','install','puppetlabs-apt'), { :acceptable_exit_codes => [0,1] }
|
||||
on host, puppet('module','install','--force','puppetlabs-concat'), { :acceptable_exit_codes => [0,1] }
|
||||
end
|
||||
|
||||
|
||||
end
|
||||
end
|
|
@ -0,0 +1,36 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe 'postgresql::client', :type => :class do
|
||||
let :facts do
|
||||
{
|
||||
:osfamily => 'Debian',
|
||||
:operatingsystem => 'Debian',
|
||||
:operatingsystemrelease => '6.0',
|
||||
}
|
||||
end
|
||||
|
||||
describe 'with parameters' do
|
||||
let :params do
|
||||
{
|
||||
:package_ensure => 'absent',
|
||||
:package_name => 'mypackage',
|
||||
}
|
||||
end
|
||||
|
||||
it 'should modify package' do
|
||||
is_expected.to contain_package("postgresql-client").with({
|
||||
:ensure => 'absent',
|
||||
:name => 'mypackage',
|
||||
:tag => 'postgresql',
|
||||
})
|
||||
end
|
||||
end
|
||||
|
||||
describe 'with no parameters' do
|
||||
it 'should create package with postgresql tag' do
|
||||
is_expected.to contain_package('postgresql-client').with({
|
||||
:tag => 'postgresql',
|
||||
})
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,30 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe 'postgresql::globals', :type => :class do
|
||||
let :facts do
|
||||
{
|
||||
:osfamily => 'Debian',
|
||||
:operatingsystem => 'Debian',
|
||||
:operatingsystemrelease => '6.0',
|
||||
:lsbdistid => 'Debian',
|
||||
:lsbdistcodename => 'squeeze',
|
||||
}
|
||||
end
|
||||
|
||||
describe 'with no parameters' do
|
||||
it 'should work' do
|
||||
is_expected.to contain_class("postgresql::globals")
|
||||
end
|
||||
end
|
||||
|
||||
describe 'manage_package_repo => true' do
|
||||
let(:params) do
|
||||
{
|
||||
:manage_package_repo => true,
|
||||
}
|
||||
end
|
||||
it 'should pull in class postgresql::repo' do
|
||||
is_expected.to contain_class("postgresql::repo")
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,54 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe 'postgresql::lib::devel', :type => :class do
|
||||
let :facts do
|
||||
{
|
||||
:osfamily => 'Debian',
|
||||
:operatingsystem => 'Debian',
|
||||
:operatingsystemrelease => '6.0',
|
||||
}
|
||||
end
|
||||
it { is_expected.to contain_class("postgresql::lib::devel") }
|
||||
|
||||
describe 'link pg_config to /usr/bin' do
|
||||
it { should contain_file('/usr/bin/pg_config') \
|
||||
.with_ensure('link') \
|
||||
.with_target('/usr/lib/postgresql/8.4/bin/pg_config')
|
||||
}
|
||||
end
|
||||
|
||||
describe 'disable link_pg_config' do
|
||||
let(:params) {{
|
||||
:link_pg_config => false,
|
||||
}}
|
||||
it { should_not contain_file('/usr/bin/pg_config') }
|
||||
end
|
||||
|
||||
describe 'should not link pg_config on RedHat with default version' do
|
||||
let(:facts) {{
|
||||
:osfamily => 'RedHat',
|
||||
:operatingsystem => 'CentOS',
|
||||
:operatingsystemrelease => '6.3',
|
||||
:operatingsystemmajrelease => '6',
|
||||
}}
|
||||
it { should_not contain_file('/usr/bin/pg_config') }
|
||||
end
|
||||
|
||||
describe 'link pg_config on RedHat with non-default version' do
|
||||
let(:facts) {{
|
||||
:osfamily => 'RedHat',
|
||||
:operatingsystem => 'CentOS',
|
||||
:operatingsystemrelease => '6.3',
|
||||
:operatingsystemmajrelease => '6',
|
||||
}}
|
||||
let :pre_condition do
|
||||
"class { '::postgresql::globals': version => '9.3' }"
|
||||
end
|
||||
|
||||
it { should contain_file('/usr/bin/pg_config') \
|
||||
.with_ensure('link') \
|
||||
.with_target('/usr/pgsql-9.3/bin/pg_config')
|
||||
}
|
||||
end
|
||||
|
||||
end
|
|
@ -0,0 +1,43 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe 'postgresql::lib::java', :type => :class do
|
||||
|
||||
describe 'on a debian based os' do
|
||||
let :facts do {
|
||||
:osfamily => 'Debian',
|
||||
:operatingsystem => 'Debian',
|
||||
:operatingsystemrelease => '6.0',
|
||||
}
|
||||
end
|
||||
it { is_expected.to contain_package('postgresql-jdbc').with(
|
||||
:name => 'libpostgresql-jdbc-java',
|
||||
:ensure => 'present',
|
||||
:tag => 'postgresql'
|
||||
)}
|
||||
end
|
||||
|
||||
describe 'on a redhat based os' do
|
||||
let :facts do {
|
||||
:osfamily => 'RedHat',
|
||||
:operatingsystem => 'RedHat',
|
||||
:operatingsystemrelease => '6.4',
|
||||
}
|
||||
end
|
||||
it { is_expected.to contain_package('postgresql-jdbc').with(
|
||||
:name => 'postgresql-jdbc',
|
||||
:ensure => 'present',
|
||||
:tag => 'postgresql'
|
||||
)}
|
||||
describe 'when parameters are supplied' do
|
||||
let :params do
|
||||
{:package_ensure => 'latest', :package_name => 'somepackage'}
|
||||
end
|
||||
it { is_expected.to contain_package('postgresql-jdbc').with(
|
||||
:name => 'somepackage',
|
||||
:ensure => 'latest',
|
||||
:tag => 'postgresql'
|
||||
)}
|
||||
end
|
||||
end
|
||||
|
||||
end
|
|
@ -0,0 +1,31 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe 'postgresql::lib::perl', :type => :class do
|
||||
|
||||
describe 'on a redhat based os' do
|
||||
let :facts do {
|
||||
:osfamily => 'RedHat',
|
||||
:operatingsystem => 'RedHat',
|
||||
:operatingsystemrelease => '6.4',
|
||||
}
|
||||
end
|
||||
it { is_expected.to contain_package('perl-DBD-Pg').with(
|
||||
:name => 'perl-DBD-Pg',
|
||||
:ensure => 'present'
|
||||
)}
|
||||
end
|
||||
|
||||
describe 'on a debian based os' do
|
||||
let :facts do {
|
||||
:osfamily => 'Debian',
|
||||
:operatingsystem => 'Debian',
|
||||
:operatingsystemrelease => '6.0',
|
||||
}
|
||||
end
|
||||
it { is_expected.to contain_package('perl-DBD-Pg').with(
|
||||
:name => 'libdbd-pg-perl',
|
||||
:ensure => 'present'
|
||||
)}
|
||||
end
|
||||
|
||||
end
|
|
@ -0,0 +1,31 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe 'postgresql::lib::python', :type => :class do
|
||||
|
||||
describe 'on a redhat based os' do
|
||||
let :facts do {
|
||||
:osfamily => 'RedHat',
|
||||
:operatingsystem => 'RedHat',
|
||||
:operatingsystemrelease => '6.4',
|
||||
}
|
||||
end
|
||||
it { is_expected.to contain_package('python-psycopg2').with(
|
||||
:name => 'python-psycopg2',
|
||||
:ensure => 'present'
|
||||
)}
|
||||
end
|
||||
|
||||
describe 'on a debian based os' do
|
||||
let :facts do {
|
||||
:osfamily => 'Debian',
|
||||
:operatingsystem => 'Debian',
|
||||
:operatingsystemrelease => '6.0',
|
||||
}
|
||||
end
|
||||
it { is_expected.to contain_package('python-psycopg2').with(
|
||||
:name => 'python-psycopg2',
|
||||
:ensure => 'present'
|
||||
)}
|
||||
end
|
||||
|
||||
end
|
|
@ -0,0 +1,12 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe 'postgresql::params', :type => :class do
|
||||
let :facts do
|
||||
{
|
||||
:osfamily => 'Debian',
|
||||
:operatingsystem => 'Debian',
|
||||
:operatingsystemrelease => '6.0',
|
||||
}
|
||||
end
|
||||
it { is_expected.to contain_class("postgresql::params") }
|
||||
end
|
|
@ -0,0 +1,19 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe 'postgresql::repo', :type => :class do
|
||||
let :facts do
|
||||
{
|
||||
:osfamily => 'Debian',
|
||||
:operatingsystem => 'Debian',
|
||||
:operatingsystemrelease => '6.0',
|
||||
:lsbdistid => 'Debian',
|
||||
:lsbdistcodename => 'squeeze',
|
||||
}
|
||||
end
|
||||
|
||||
describe 'with no parameters' do
|
||||
it 'should instantiate apt_postgresql_org class' do
|
||||
is_expected.to contain_class('postgresql::repo::apt_postgresql_org')
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,44 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe 'postgresql::server::contrib', :type => :class do
|
||||
let :pre_condition do
|
||||
"class { 'postgresql::server': }"
|
||||
end
|
||||
|
||||
let :facts do
|
||||
{
|
||||
:osfamily => 'Debian',
|
||||
:operatingsystem => 'Debian',
|
||||
:operatingsystemrelease => '6.0',
|
||||
:kernel => 'Linux',
|
||||
:concat_basedir => tmpfilename('contrib'),
|
||||
:id => 'root',
|
||||
:path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
|
||||
}
|
||||
end
|
||||
|
||||
describe 'with parameters' do
|
||||
let(:params) do
|
||||
{
|
||||
:package_name => 'mypackage',
|
||||
:package_ensure => 'absent',
|
||||
}
|
||||
end
|
||||
|
||||
it 'should create package with correct params' do
|
||||
is_expected.to contain_package('postgresql-contrib').with({
|
||||
:ensure => 'absent',
|
||||
:name => 'mypackage',
|
||||
:tag => 'postgresql',
|
||||
})
|
||||
end
|
||||
end
|
||||
|
||||
describe 'with no parameters' do
|
||||
it 'should create package with postgresql tag' do
|
||||
is_expected.to contain_package('postgresql-contrib').with({
|
||||
:tag => 'postgresql',
|
||||
})
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,36 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe 'postgresql::server::initdb', :type => :class do
|
||||
let (:pre_condition) do
|
||||
"include postgresql::server"
|
||||
end
|
||||
describe 'on RedHat' do
|
||||
let :facts do
|
||||
{
|
||||
:osfamily => 'RedHat',
|
||||
:operatingsystem => 'CentOS',
|
||||
:operatingsystemrelease => '6.0',
|
||||
:concat_basedir => tmpfilename('server'),
|
||||
:kernel => 'Linux',
|
||||
:id => 'root',
|
||||
:path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
|
||||
}
|
||||
end
|
||||
it { is_expected.to contain_file('/var/lib/pgsql/data').with_ensure('directory') }
|
||||
end
|
||||
describe 'on Amazon' do
|
||||
let :facts do
|
||||
{
|
||||
:osfamily => 'RedHat',
|
||||
:operatingsystem => 'Amazon',
|
||||
:operatingsystemrelease => '1.0',
|
||||
:concat_basedir => tmpfilename('server'),
|
||||
:kernel => 'Linux',
|
||||
:id => 'root',
|
||||
:path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
|
||||
}
|
||||
end
|
||||
it { is_expected.to contain_file('/var/lib/pgsql9/data').with_ensure('directory') }
|
||||
end
|
||||
end
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe 'postgresql::server::plperl', :type => :class do
|
||||
let :facts do
|
||||
{
|
||||
:osfamily => 'Debian',
|
||||
:operatingsystem => 'Debian',
|
||||
:operatingsystemrelease => '6.0',
|
||||
:kernel => 'Linux',
|
||||
:concat_basedir => tmpfilename('plperl'),
|
||||
:id => 'root',
|
||||
:path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
|
||||
}
|
||||
end
|
||||
|
||||
let :pre_condition do
|
||||
"class { 'postgresql::server': }"
|
||||
end
|
||||
|
||||
describe 'with no parameters' do
|
||||
it { is_expected.to contain_class("postgresql::server::plperl") }
|
||||
it 'should create package' do
|
||||
is_expected.to contain_package('postgresql-plperl').with({
|
||||
:ensure => 'present',
|
||||
:tag => 'postgresql',
|
||||
})
|
||||
end
|
||||
end
|
||||
|
||||
describe 'with parameters' do
|
||||
let :params do
|
||||
{
|
||||
:package_ensure => 'absent',
|
||||
:package_name => 'mypackage',
|
||||
}
|
||||
end
|
||||
|
||||
it { is_expected.to contain_class("postgresql::server::plperl") }
|
||||
it 'should create package with correct params' do
|
||||
is_expected.to contain_package('postgresql-plperl').with({
|
||||
:ensure => 'absent',
|
||||
:name => 'mypackage',
|
||||
:tag => 'postgresql',
|
||||
})
|
||||
end
|
||||
end
|
||||
end
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue