freighthop 0.0.6 → 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Puppetfile +1 -0
- data/Puppetfile.lock +3 -0
- data/Vagrantfile +1 -1
- data/bin/fh +2 -78
- data/lib/freighthop/cli/help.rb +69 -0
- data/lib/freighthop/cli/ssh.rb +46 -0
- data/lib/freighthop/cli/vagrant.rb +26 -0
- data/lib/freighthop/cli.rb +40 -0
- data/lib/freighthop/config.rb +4 -0
- data/lib/freighthop/vagrant_env.rb +24 -0
- data/lib/freighthop/version.rb +1 -1
- data/lib/freighthop.rb +7 -4
- data/local_modules/freighthop/manifests/database/mysql.pp +20 -0
- data/local_modules/freighthop/manifests/database/postgres.pp +6 -6
- data/local_modules/freighthop/manifests/database.pp +6 -8
- data/local_modules/freighthop/manifests/init.pp +1 -8
- data/local_modules/freighthop/manifests/params.pp +0 -3
- data/modules/apt/CHANGELOG +12 -2
- data/modules/apt/Gemfile +6 -5
- data/modules/apt/Gemfile.lock +40 -5
- data/modules/apt/Modulefile +1 -1
- data/modules/apt/README.md +2 -1
- data/modules/apt/Rakefile +1 -0
- data/modules/apt/manifests/init.pp +4 -1
- data/modules/apt/manifests/ppa.pp +1 -1
- data/modules/apt/manifests/update.pp +1 -0
- data/modules/apt/metadata.json +21 -13
- data/modules/apt/spec/defines/ppa_spec.rb +3 -3
- data/modules/apt/spec/defines/source_spec.rb +2 -2
- data/modules/apt/spec/spec_helper_system.rb +30 -0
- data/modules/apt/spec/system/apt_builddep_spec.rb +38 -0
- data/modules/apt/spec/system/apt_key_spec.rb +53 -0
- data/modules/apt/spec/system/apt_ppa_spec.rb +59 -0
- data/modules/apt/spec/system/apt_source_spec.rb +51 -0
- data/modules/apt/spec/system/basic_spec.rb +10 -0
- data/modules/apt/spec/system/class_spec.rb +20 -0
- data/modules/apt/templates/source.list.erb +2 -2
- data/modules/freighthop/manifests/database/mysql.pp +20 -0
- data/modules/freighthop/manifests/database/postgres.pp +6 -6
- data/modules/freighthop/manifests/database.pp +6 -8
- data/modules/freighthop/manifests/init.pp +1 -8
- data/modules/freighthop/manifests/params.pp +0 -3
- data/modules/mysql/CHANGELOG +403 -0
- data/modules/mysql/Gemfile +24 -0
- data/modules/mysql/Gemfile.lock +129 -0
- data/modules/mysql/LICENSE +201 -0
- data/modules/mysql/Modulefile +9 -0
- data/modules/mysql/README.md +492 -0
- data/modules/mysql/Rakefile +2 -0
- data/modules/mysql/TODO +8 -0
- data/modules/mysql/files/mysqltuner.pl +966 -0
- data/modules/mysql/lib/puppet/parser/functions/mysql_deepmerge.rb +52 -0
- data/modules/mysql/lib/puppet/parser/functions/mysql_password.rb +15 -0
- data/modules/mysql/lib/puppet/parser/functions/mysql_strip_hash.rb +21 -0
- data/modules/mysql/lib/puppet/provider/database/mysql.rb +52 -0
- data/modules/mysql/lib/puppet/provider/database_grant/mysql.rb +210 -0
- data/modules/mysql/lib/puppet/provider/database_user/mysql.rb +76 -0
- data/modules/mysql/lib/puppet/provider/mysql.rb +67 -0
- data/modules/mysql/lib/puppet/provider/mysql_database/mysql.rb +68 -0
- data/modules/mysql/lib/puppet/provider/mysql_grant/mysql.rb +115 -0
- data/modules/mysql/lib/puppet/provider/mysql_user/mysql.rb +115 -0
- data/modules/mysql/lib/puppet/type/database.rb +21 -0
- data/modules/mysql/lib/puppet/type/database_grant.rb +79 -0
- data/modules/mysql/lib/puppet/type/database_user.rb +31 -0
- data/modules/mysql/lib/puppet/type/mysql_database.rb +22 -0
- data/modules/mysql/lib/puppet/type/mysql_grant.rb +72 -0
- data/modules/mysql/lib/puppet/type/mysql_user.rb +45 -0
- data/modules/mysql/manifests/backup.pp +31 -0
- data/modules/mysql/manifests/bindings/java.pp +10 -0
- data/modules/mysql/manifests/bindings/perl.pp +10 -0
- data/modules/mysql/manifests/bindings/php.pp +10 -0
- data/modules/mysql/manifests/bindings/python.pp +10 -0
- data/modules/mysql/manifests/bindings/ruby.pp +10 -0
- data/modules/mysql/manifests/bindings.pp +33 -0
- data/modules/mysql/manifests/client/install.pp +8 -0
- data/modules/mysql/manifests/client.pp +27 -0
- data/modules/mysql/manifests/db.pp +59 -0
- data/modules/mysql/manifests/init.pp +100 -0
- data/modules/mysql/manifests/params.pp +230 -0
- data/modules/mysql/manifests/server/account_security.pp +22 -0
- data/modules/mysql/manifests/server/backup.pp +56 -0
- data/modules/mysql/manifests/server/config.pp +31 -0
- data/modules/mysql/manifests/server/install.pp +9 -0
- data/modules/mysql/manifests/server/monitor.pp +24 -0
- data/modules/mysql/manifests/server/mysqltuner.pp +9 -0
- data/modules/mysql/manifests/server/providers.pp +8 -0
- data/modules/mysql/manifests/server/root_password.pp +21 -0
- data/modules/mysql/manifests/server/service.pp +19 -0
- data/modules/mysql/manifests/server.pp +69 -0
- data/modules/mysql/metadata.json +289 -0
- data/modules/mysql/spec/classes/mysql_bindings_spec.rb +58 -0
- data/modules/mysql/spec/classes/mysql_client_spec.rb +16 -0
- data/modules/mysql/spec/classes/mysql_server_account_security_spec.rb +41 -0
- data/modules/mysql/spec/classes/mysql_server_backup_spec.rb +112 -0
- data/modules/mysql/spec/classes/mysql_server_monitor_spec.rb +31 -0
- data/modules/mysql/spec/classes/mysql_server_mysqltuner_spec.rb +5 -0
- data/modules/mysql/spec/classes/mysql_server_spec.rb +162 -0
- data/modules/mysql/spec/defines/mysql_db_spec.rb +51 -0
- data/modules/mysql/spec/spec.opts +6 -0
- data/modules/mysql/spec/spec_helper.rb +5 -0
- data/modules/mysql/spec/spec_helper_system.rb +28 -0
- data/modules/mysql/spec/system/mysql_account_delete_spec.rb +35 -0
- data/modules/mysql/spec/system/mysql_backup_spec.rb +77 -0
- data/modules/mysql/spec/system/mysql_bindings_spec.rb +90 -0
- data/modules/mysql/spec/system/mysql_db_spec.rb +61 -0
- data/modules/mysql/spec/system/mysql_server_monitor_spec.rb +30 -0
- data/modules/mysql/spec/system/mysql_server_root_password_spec.rb +71 -0
- data/modules/mysql/spec/system/mysql_server_spec.rb +85 -0
- data/modules/mysql/spec/system/types/mysql_grant_spec.rb +314 -0
- data/modules/mysql/spec/system/types/mysql_user_spec.rb +35 -0
- data/modules/mysql/spec/unit/mysql_password_spec.rb +27 -0
- data/modules/mysql/spec/unit/puppet/functions/mysql_deepmerge_spec.rb +77 -0
- data/modules/mysql/spec/unit/puppet/provider/database/mysql_spec.rb +86 -0
- data/modules/mysql/spec/unit/puppet/provider/database_grant/mysql_spec.rb +95 -0
- data/modules/mysql/spec/unit/puppet/provider/database_user/mysql_spec.rb +119 -0
- data/modules/mysql/spec/unit/puppet/provider/mysql_database/mysql_spec.rb +118 -0
- data/modules/mysql/spec/unit/puppet/provider/mysql_user/mysql_spec.rb +130 -0
- data/modules/mysql/spec/unit/puppet/type/mysql_database_spec.rb +29 -0
- data/modules/mysql/spec/unit/puppet/type/mysql_user_spec.rb +30 -0
- data/modules/mysql/templates/my.cnf.erb +17 -0
- data/modules/mysql/templates/my.cnf.pass.erb +7 -0
- data/modules/mysql/templates/my.conf.cnf.erb +17 -0
- data/modules/mysql/templates/mysqlbackup.sh.erb +57 -0
- data/modules/mysql/tests/backup.pp +8 -0
- data/modules/mysql/tests/bindings.pp +3 -0
- data/modules/mysql/tests/init.pp +1 -0
- data/modules/mysql/tests/java.pp +1 -0
- data/modules/mysql/tests/mysql_database.pp +12 -0
- data/modules/mysql/tests/mysql_grant.pp +5 -0
- data/modules/mysql/tests/mysql_user.pp +23 -0
- data/modules/mysql/tests/perl.pp +1 -0
- data/modules/mysql/tests/python.pp +1 -0
- data/modules/mysql/tests/ruby.pp +1 -0
- data/modules/mysql/tests/server/account_security.pp +4 -0
- data/modules/mysql/tests/server/config.pp +11 -0
- data/modules/mysql/tests/server.pp +3 -0
- data/modules/postgresql/Changelog +191 -0
- data/modules/postgresql/Gemfile +1 -0
- data/modules/postgresql/Gemfile.lock +9 -0
- data/modules/postgresql/LICENSE +198 -12
- data/modules/postgresql/Modulefile +2 -2
- data/modules/postgresql/NOTICE +14 -0
- data/modules/postgresql/README.md +435 -184
- data/modules/postgresql/files/validate_postgresql_connection.sh +31 -0
- data/modules/postgresql/lib/puppet/provider/postgresql_conf/parsed.rb +37 -0
- data/modules/postgresql/lib/puppet/provider/postgresql_psql/ruby.rb +4 -0
- data/modules/postgresql/lib/puppet/type/postgresql_conf.rb +31 -0
- data/modules/postgresql/lib/puppet/type/postgresql_psql.rb +4 -0
- data/modules/postgresql/manifests/client.pp +17 -16
- data/modules/postgresql/manifests/globals.pp +95 -0
- data/modules/postgresql/manifests/lib/devel.pp +15 -0
- data/modules/postgresql/manifests/lib/java.pp +15 -0
- data/modules/postgresql/manifests/lib/python.pp +13 -0
- data/modules/postgresql/manifests/params.pp +127 -222
- data/modules/postgresql/manifests/repo/apt_postgresql_org.pp +30 -0
- data/modules/postgresql/manifests/repo/yum_postgresql_org.pp +38 -0
- data/modules/postgresql/manifests/repo.pp +22 -0
- data/modules/postgresql/manifests/server/config.pp +113 -0
- data/modules/postgresql/manifests/server/config_entry.pp +43 -0
- data/modules/postgresql/manifests/server/contrib.pp +27 -0
- data/modules/postgresql/manifests/server/database.pp +75 -0
- data/modules/postgresql/manifests/server/database_grant.pp +18 -0
- data/modules/postgresql/manifests/server/db.pp +36 -0
- data/modules/postgresql/manifests/server/firewall.pp +21 -0
- data/modules/postgresql/manifests/server/grant.pp +81 -0
- data/modules/postgresql/manifests/server/initdb.pp +52 -0
- data/modules/postgresql/manifests/server/install.pp +49 -0
- data/modules/postgresql/manifests/server/passwd.pp +34 -0
- data/modules/postgresql/manifests/server/pg_hba_rule.pp +54 -0
- data/modules/postgresql/manifests/server/plperl.pp +27 -0
- data/modules/postgresql/manifests/server/reload.pp +15 -0
- data/modules/postgresql/manifests/{role.pp → server/role.pp} +19 -33
- data/modules/postgresql/manifests/server/service.pp +40 -0
- data/modules/postgresql/manifests/{table_grant.pp → server/table_grant.pp} +4 -4
- data/modules/postgresql/manifests/server/tablespace.pp +42 -0
- data/modules/postgresql/manifests/server.pp +61 -83
- data/modules/postgresql/manifests/validate_db_connection.pp +49 -50
- data/modules/postgresql/metadata.json +123 -73
- data/modules/postgresql/spec/spec_helper_system.rb +13 -1
- data/modules/postgresql/spec/system/client_spec.rb +22 -0
- data/modules/postgresql/spec/system/common_patterns_spec.rb +53 -0
- data/modules/postgresql/spec/system/contrib_spec.rb +33 -0
- data/modules/postgresql/spec/system/lib/devel_spec.rb +22 -0
- data/modules/postgresql/spec/system/lib/java_spec.rb +25 -0
- data/modules/postgresql/spec/system/lib/python_spec.rb +24 -0
- data/modules/postgresql/spec/system/postgresql_psql_spec.rb +51 -0
- data/modules/postgresql/spec/system/server/config_entry_spec.rb +32 -0
- data/modules/postgresql/spec/system/server/database_grant_spec.rb +54 -0
- data/modules/postgresql/spec/system/server/database_spec.rb +35 -0
- data/modules/postgresql/spec/system/server/db_spec.rb +143 -0
- data/modules/postgresql/spec/system/server/grant_spec.rb +55 -0
- data/modules/postgresql/spec/system/server/pg_hba_rule_spec.rb +85 -0
- data/modules/postgresql/spec/system/server/plperl_spec.rb +29 -0
- data/modules/postgresql/spec/system/server/role_spec.rb +103 -0
- data/modules/postgresql/spec/system/server/table_grant_spec.rb +72 -0
- data/modules/postgresql/spec/system/server/tablespace_spec.rb +74 -0
- data/modules/postgresql/spec/system/server_spec.rb +217 -0
- data/modules/postgresql/spec/system/validate_db_connection_spec.rb +91 -0
- data/modules/postgresql/spec/unit/classes/client_spec.rb +27 -2
- data/modules/postgresql/spec/unit/classes/globals_spec.rb +28 -0
- data/modules/postgresql/spec/unit/classes/lib/devel_spec.rb +12 -0
- data/modules/postgresql/spec/unit/classes/{postgresql_java_spec.rb → lib/java_spec.rb} +9 -19
- data/modules/postgresql/spec/unit/classes/lib/python_spec.rb +31 -0
- data/modules/postgresql/spec/unit/classes/params_spec.rb +2 -1
- data/modules/postgresql/spec/unit/classes/repo_spec.rb +17 -0
- data/modules/postgresql/spec/unit/classes/server/contrib_spec.rb +42 -0
- data/modules/postgresql/spec/unit/classes/server/initdb_spec.rb +28 -0
- data/modules/postgresql/spec/unit/classes/server/plperl_spec.rb +45 -0
- data/modules/postgresql/spec/unit/classes/server_spec.rb +83 -2
- data/modules/postgresql/spec/unit/defines/server/config_entry_spec.rb +23 -0
- data/modules/postgresql/spec/unit/defines/server/database_grant_spec.rb +26 -0
- data/modules/postgresql/spec/unit/defines/server/database_spec.rb +16 -0
- data/modules/postgresql/spec/unit/defines/server/db_spec.rb +28 -0
- data/modules/postgresql/spec/unit/defines/{database_grant_spec.rb → server/grant_spec.rb} +7 -4
- data/modules/postgresql/spec/unit/defines/{pg_hba_rule_spec.rb → server/pg_hba_rule_spec.rb} +59 -2
- data/modules/postgresql/spec/unit/defines/server/role_spec.rb +23 -0
- data/modules/postgresql/spec/unit/defines/server/table_grant_spec.rb +27 -0
- data/modules/postgresql/spec/unit/defines/server/tablespace_spec.rb +23 -0
- data/modules/postgresql/spec/unit/defines/validate_db_connection_spec.rb +22 -9
- data/modules/postgresql/spec/unit/provider/postgresql_conf/parsed_spec.rb +112 -0
- data/modules/postgresql/spec/unit/puppet/provider/postgresql_psql/ruby_spec.rb +29 -0
- data/modules/postgresql/spec/unit/puppet/type/postgresql_psql_spec.rb +1 -0
- data/modules/postgresql/spec/unit/type/postgresql_conf_spec.rb +50 -0
- metadata +177 -53
- data/modules/postgresql/examples/init.pp +0 -1
- data/modules/postgresql/examples/official-postgresql-repos.pp +0 -19
- data/modules/postgresql/examples/postgresql_database.pp +0 -22
- data/modules/postgresql/examples/postgresql_db.pp +0 -30
- data/modules/postgresql/examples/postgresql_grant.pp +0 -14
- data/modules/postgresql/examples/postgresql_pg_hba_rule.pp +0 -18
- data/modules/postgresql/examples/postgresql_pgconf_extras.pp +0 -19
- data/modules/postgresql/examples/postgresql_tablespace.pp +0 -73
- data/modules/postgresql/examples/postgresql_user.pp +0 -28
- data/modules/postgresql/examples/server.pp +0 -10
- data/modules/postgresql/lib/facter/postgres_default_version.rb +0 -69
- data/modules/postgresql/manifests/config/afterservice.pp +0 -47
- data/modules/postgresql/manifests/config/beforeservice.pp +0 -171
- data/modules/postgresql/manifests/config.pp +0 -74
- data/modules/postgresql/manifests/contrib.pp +0 -29
- data/modules/postgresql/manifests/database.pp +0 -85
- data/modules/postgresql/manifests/database_grant.pp +0 -35
- data/modules/postgresql/manifests/database_user.pp +0 -60
- data/modules/postgresql/manifests/db.pp +0 -77
- data/modules/postgresql/manifests/devel.pp +0 -27
- data/modules/postgresql/manifests/grant.pp +0 -77
- data/modules/postgresql/manifests/init.pp +0 -145
- data/modules/postgresql/manifests/initdb.pp +0 -52
- data/modules/postgresql/manifests/java.pp +0 -29
- data/modules/postgresql/manifests/package_source/apt_postgresql_org.pp +0 -21
- data/modules/postgresql/manifests/package_source/yum_postgresql_org.pp +0 -30
- data/modules/postgresql/manifests/pg_hba.pp +0 -19
- data/modules/postgresql/manifests/pg_hba_rule.pp +0 -41
- data/modules/postgresql/manifests/plperl.pp +0 -24
- data/modules/postgresql/manifests/psql.pp +0 -56
- data/modules/postgresql/manifests/python.pp +0 -18
- data/modules/postgresql/manifests/tablespace.pp +0 -59
- data/modules/postgresql/spec/system/install_spec.rb +0 -707
- data/modules/postgresql/spec/system/non_defaults_spec.rb +0 -114
- data/modules/postgresql/spec/unit/classes/contrib_spec.rb +0 -11
- data/modules/postgresql/spec/unit/classes/devel_spec.rb +0 -11
- data/modules/postgresql/spec/unit/classes/init_spec.rb +0 -71
- data/modules/postgresql/spec/unit/classes/postgresql_python_spec.rb +0 -53
- data/modules/postgresql/spec/unit/defines/database_spec.rb +0 -14
- data/modules/postgresql/spec/unit/defines/database_user_spec.rb +0 -19
- data/modules/postgresql/spec/unit/defines/db_spec.rb +0 -20
- data/modules/postgresql/spec/unit/defines/pg_hba_spec.rb +0 -20
- data/modules/postgresql/spec/unit/defines/psql_spec.rb +0 -20
- data/modules/postgresql/spec/unit/defines/role_spec.rb +0 -14
- data/modules/postgresql/spec/unit/defines/tablespace_spec.rb +0 -19
- data/modules/postgresql/spec/unit/facts/postgres_default_version_spec.rb +0 -14
@@ -0,0 +1,75 @@
|
|
1
|
+
# Define for creating a database. See README.md for more details.
|
2
|
+
define postgresql::server::database(
|
3
|
+
$dbname = $title,
|
4
|
+
$owner = $postgresql::server::user,
|
5
|
+
$tablespace = undef,
|
6
|
+
$encoding = $postgresql::server::encoding,
|
7
|
+
$locale = $postgresql::server::locale,
|
8
|
+
$istemplate = false
|
9
|
+
) {
|
10
|
+
$createdb_path = $postgresql::server::createdb_path
|
11
|
+
$user = $postgresql::server::user
|
12
|
+
$group = $postgresql::server::group
|
13
|
+
$psql_path = $postgresql::server::psql_path
|
14
|
+
$version = $postgresql::server::version
|
15
|
+
|
16
|
+
# Set the defaults for the postgresql_psql resource
|
17
|
+
Postgresql_psql {
|
18
|
+
psql_user => $user,
|
19
|
+
psql_group => $group,
|
20
|
+
psql_path => $psql_path,
|
21
|
+
}
|
22
|
+
|
23
|
+
# Optionally set the locale switch. Older versions of createdb may not accept
|
24
|
+
# --locale, so if the parameter is undefined its safer not to pass it.
|
25
|
+
if ($version != '8.1') {
|
26
|
+
$locale_option = $locale ? {
|
27
|
+
undef => '',
|
28
|
+
default => "--locale=${locale} ",
|
29
|
+
}
|
30
|
+
$public_revoke_privilege = 'CONNECT'
|
31
|
+
} else {
|
32
|
+
$locale_option = ''
|
33
|
+
$public_revoke_privilege = 'ALL'
|
34
|
+
}
|
35
|
+
|
36
|
+
$encoding_option = $encoding ? {
|
37
|
+
undef => '',
|
38
|
+
default => "--encoding '${encoding}' ",
|
39
|
+
}
|
40
|
+
|
41
|
+
$tablespace_option = $tablespace ? {
|
42
|
+
undef => '',
|
43
|
+
default => "--tablespace='${tablespace}' ",
|
44
|
+
}
|
45
|
+
|
46
|
+
$createdb_command = "${createdb_path} --owner='${owner}' --template=template0 ${encoding_option}${locale_option}${tablespace_option} '${dbname}'"
|
47
|
+
|
48
|
+
postgresql_psql { "Check for existence of db '${dbname}'":
|
49
|
+
command => 'SELECT 1',
|
50
|
+
unless => "SELECT datname FROM pg_database WHERE datname='${dbname}'",
|
51
|
+
require => Class['postgresql::server::service']
|
52
|
+
}~>
|
53
|
+
exec { $createdb_command :
|
54
|
+
refreshonly => true,
|
55
|
+
user => $user,
|
56
|
+
logoutput => on_failure,
|
57
|
+
}~>
|
58
|
+
|
59
|
+
# This will prevent users from connecting to the database unless they've been
|
60
|
+
# granted privileges.
|
61
|
+
postgresql_psql {"REVOKE ${public_revoke_privilege} ON DATABASE \"${dbname}\" FROM public":
|
62
|
+
db => $user,
|
63
|
+
refreshonly => true,
|
64
|
+
}
|
65
|
+
|
66
|
+
Exec [ $createdb_command ]->
|
67
|
+
postgresql_psql {"UPDATE pg_database SET datistemplate = ${istemplate} WHERE datname = '${dbname}'":
|
68
|
+
unless => "SELECT datname FROM pg_database WHERE datname = '${dbname}' AND datistemplate = ${istemplate}",
|
69
|
+
}
|
70
|
+
|
71
|
+
# Build up dependencies on tablespace
|
72
|
+
if($tablespace != undef and defined(Postgresql::Server::Tablespace[$tablespace])) {
|
73
|
+
Postgresql::Server::Tablespace[$tablespace]->Exec[$createdb_command]
|
74
|
+
}
|
75
|
+
}
|
@@ -0,0 +1,18 @@
|
|
1
|
+
# Manage a database grant. See README.md for more details.
|
2
|
+
define postgresql::server::database_grant(
|
3
|
+
$privilege,
|
4
|
+
$db,
|
5
|
+
$role,
|
6
|
+
$psql_db = undef,
|
7
|
+
$psql_user = undef
|
8
|
+
) {
|
9
|
+
postgresql::server::grant { "database:${name}":
|
10
|
+
role => $role,
|
11
|
+
db => $db,
|
12
|
+
privilege => $privilege,
|
13
|
+
object_type => 'DATABASE',
|
14
|
+
object_name => $db,
|
15
|
+
psql_db => $psql_db,
|
16
|
+
psql_user => $psql_user,
|
17
|
+
}
|
18
|
+
}
|
@@ -0,0 +1,36 @@
|
|
1
|
+
# Define for conveniently creating a role, database and assigning the correct
|
2
|
+
# permissions. See README.md for more details.
|
3
|
+
define postgresql::server::db (
|
4
|
+
$user,
|
5
|
+
$password,
|
6
|
+
$encoding = $postgresql::server::encoding,
|
7
|
+
$locale = $postgresql::server::locale,
|
8
|
+
$grant = 'ALL',
|
9
|
+
$tablespace = undef,
|
10
|
+
$istemplate = false,
|
11
|
+
$owner = undef
|
12
|
+
) {
|
13
|
+
postgresql::server::database { $name:
|
14
|
+
encoding => $encoding,
|
15
|
+
tablespace => $tablespace,
|
16
|
+
locale => $locale,
|
17
|
+
istemplate => $istemplate,
|
18
|
+
owner => $owner,
|
19
|
+
}
|
20
|
+
|
21
|
+
if ! defined(Postgresql::Server::Role[$user]) {
|
22
|
+
postgresql::server::role { $user:
|
23
|
+
password_hash => $password,
|
24
|
+
}
|
25
|
+
}
|
26
|
+
|
27
|
+
postgresql::server::database_grant { "GRANT ${user} - ${grant} - ${name}":
|
28
|
+
privilege => $grant,
|
29
|
+
db => $name,
|
30
|
+
role => $user,
|
31
|
+
}
|
32
|
+
|
33
|
+
if($tablespace != undef and defined(Postgresql::Server::Tablespace[$tablespace])) {
|
34
|
+
Postgresql::Server::Tablespace[$tablespace]->Postgresql::Server::Database[$name]
|
35
|
+
}
|
36
|
+
}
|
@@ -0,0 +1,21 @@
|
|
1
|
+
# PRIVATE CLASS: do not use directly
|
2
|
+
class postgresql::server::firewall {
|
3
|
+
$ensure = $postgresql::server::ensure
|
4
|
+
$manage_firewall = $postgresql::server::manage_firewall
|
5
|
+
$firewall_supported = $postgresql::server::firewall_supported
|
6
|
+
|
7
|
+
if ($manage_firewall and $firewall_supported) {
|
8
|
+
if ($ensure == 'present' or $ensure == true) {
|
9
|
+
# TODO: get rid of hard-coded port
|
10
|
+
firewall { '5432 accept - postgres':
|
11
|
+
port => '5432',
|
12
|
+
proto => 'tcp',
|
13
|
+
action => 'accept',
|
14
|
+
}
|
15
|
+
} else {
|
16
|
+
firewall { '5432 accept - postgres':
|
17
|
+
ensure => absent,
|
18
|
+
}
|
19
|
+
}
|
20
|
+
}
|
21
|
+
}
|
@@ -0,0 +1,81 @@
|
|
1
|
+
# Define for granting permissions to roles. See README.md for more details.
|
2
|
+
define postgresql::server::grant (
|
3
|
+
$role,
|
4
|
+
$db,
|
5
|
+
$privilege = undef,
|
6
|
+
$object_type = 'database',
|
7
|
+
$object_name = $db,
|
8
|
+
$psql_db = $postgresql::server::user,
|
9
|
+
$psql_user = $postgresql::server::user
|
10
|
+
) {
|
11
|
+
$group = $postgresql::server::group
|
12
|
+
$psql_path = $postgresql::server::psql_path
|
13
|
+
|
14
|
+
## Munge the input values
|
15
|
+
$_object_type = upcase($object_type)
|
16
|
+
$_privilege = upcase($privilege)
|
17
|
+
|
18
|
+
## Validate that the object type is known
|
19
|
+
validate_string($_object_type,
|
20
|
+
#'COLUMN',
|
21
|
+
'DATABASE',
|
22
|
+
#'FOREIGN SERVER',
|
23
|
+
#'FOREIGN DATA WRAPPER',
|
24
|
+
#'FUNCTION',
|
25
|
+
#'PROCEDURAL LANGUAGE',
|
26
|
+
#'SCHEMA',
|
27
|
+
#'SEQUENCE',
|
28
|
+
'TABLE',
|
29
|
+
#'TABLESPACE',
|
30
|
+
#'VIEW',
|
31
|
+
)
|
32
|
+
|
33
|
+
## Validate that the object type's privilege is acceptable
|
34
|
+
case $_object_type {
|
35
|
+
'DATABASE': {
|
36
|
+
validate_string($_privilege,'CREATE','CONNECT','TEMPORARY','TEMP','ALL',
|
37
|
+
'ALL PRIVILEGES')
|
38
|
+
$unless_function = 'has_database_privilege'
|
39
|
+
$on_db = $psql_db
|
40
|
+
}
|
41
|
+
'TABLE': {
|
42
|
+
validate_string($_privilege,'SELECT','INSERT','UPDATE','REFERENCES',
|
43
|
+
'ALL','ALL PRIVILEGES')
|
44
|
+
$unless_function = 'has_table_privilege'
|
45
|
+
$on_db = $db
|
46
|
+
}
|
47
|
+
default: {
|
48
|
+
fail("Missing privilege validation for object type ${_object_type}")
|
49
|
+
}
|
50
|
+
}
|
51
|
+
|
52
|
+
# TODO: this is a terrible hack; if they pass "ALL" as the desired privilege,
|
53
|
+
# we need a way to test for it--and has_database_privilege does not
|
54
|
+
# recognize 'ALL' as a valid privilege name. So we probably need to
|
55
|
+
# hard-code a mapping between 'ALL' and the list of actual privileges that
|
56
|
+
# it entails, and loop over them to check them. That sort of thing will
|
57
|
+
# probably need to wait until we port this over to ruby, so, for now, we're
|
58
|
+
# just going to assume that if they have "CREATE" privileges on a database,
|
59
|
+
# then they have "ALL". (I told you that it was terrible!)
|
60
|
+
$unless_privilege = $_privilege ? {
|
61
|
+
'ALL' => 'CREATE',
|
62
|
+
default => $_privilege,
|
63
|
+
}
|
64
|
+
$grant_cmd = "GRANT ${_privilege} ON ${_object_type} \"${object_name}\" TO \"${role}\""
|
65
|
+
postgresql_psql { $grant_cmd:
|
66
|
+
db => $on_db,
|
67
|
+
psql_user => $psql_user,
|
68
|
+
psql_group => $group,
|
69
|
+
psql_path => $psql_path,
|
70
|
+
unless => "SELECT 1 WHERE ${unless_function}('${role}', '${object_name}', '${unless_privilege}')",
|
71
|
+
require => Class['postgresql::server']
|
72
|
+
}
|
73
|
+
|
74
|
+
if($role != undef and defined(Postgresql::Server::Role[$role])) {
|
75
|
+
Postgresql::Server::Role[$role]->Postgresql_psql[$grant_cmd]
|
76
|
+
}
|
77
|
+
|
78
|
+
if($db != undef and defined(Postgresql::Server::Database[$db])) {
|
79
|
+
Postgresql::Server::Database[$db]->Postgresql_psql[$grant_cmd]
|
80
|
+
}
|
81
|
+
}
|
@@ -0,0 +1,52 @@
|
|
1
|
+
# PRIVATE CLASS: do not call directly
|
2
|
+
class postgresql::server::initdb {
|
3
|
+
$ensure = $postgresql::server::ensure
|
4
|
+
$needs_initdb = $postgresql::server::needs_initdb
|
5
|
+
$initdb_path = $postgresql::server::initdb_path
|
6
|
+
$datadir = $postgresql::server::datadir
|
7
|
+
$encoding = $postgresql::server::encoding
|
8
|
+
$locale = $postgresql::server::locale
|
9
|
+
$group = $postgresql::server::group
|
10
|
+
$user = $postgresql::server::user
|
11
|
+
|
12
|
+
if($ensure == 'present' or $ensure == true) {
|
13
|
+
# Make sure the data directory exists, and has the correct permissions.
|
14
|
+
file { $datadir:
|
15
|
+
ensure => directory,
|
16
|
+
owner => $user,
|
17
|
+
group => $group,
|
18
|
+
mode => '0700',
|
19
|
+
}
|
20
|
+
|
21
|
+
if($needs_initdb) {
|
22
|
+
# Build up the initdb command.
|
23
|
+
#
|
24
|
+
# We optionally add the locale switch if specified. Older versions of the
|
25
|
+
# initdb command don't accept this switch. So if the user didn't pass the
|
26
|
+
# parameter, lets not pass the switch at all.
|
27
|
+
$ic_base = "${initdb_path} --encoding '${encoding}' --pgdata '${datadir}'"
|
28
|
+
$initdb_command = $locale ? {
|
29
|
+
undef => $ic_base,
|
30
|
+
default => "${ic_base} --locale '${locale}'"
|
31
|
+
}
|
32
|
+
|
33
|
+
# This runs the initdb command, we use the existance of the PG_VERSION
|
34
|
+
# file to ensure we don't keep running this command.
|
35
|
+
exec { 'postgresql_initdb':
|
36
|
+
command => $initdb_command,
|
37
|
+
creates => "${datadir}/PG_VERSION",
|
38
|
+
user => $user,
|
39
|
+
group => $group,
|
40
|
+
logoutput => on_failure,
|
41
|
+
before => File[$datadir],
|
42
|
+
}
|
43
|
+
}
|
44
|
+
} else {
|
45
|
+
# Purge data directory if ensure => absent
|
46
|
+
file { $datadir:
|
47
|
+
ensure => absent,
|
48
|
+
recurse => true,
|
49
|
+
force => true,
|
50
|
+
}
|
51
|
+
}
|
52
|
+
}
|
@@ -0,0 +1,49 @@
|
|
1
|
+
# PRIVATE CLASS: do not call directly
|
2
|
+
class postgresql::server::install {
|
3
|
+
$package_ensure = $postgresql::server::package_ensure
|
4
|
+
$package_name = $postgresql::server::package_name
|
5
|
+
$client_package_name = $postgresql::server::client_package_name
|
6
|
+
|
7
|
+
# This is necessary to ensure that the extra client package that was
|
8
|
+
# installed automatically by the server package is removed and all
|
9
|
+
# of its dependencies are removed also. Without this later installation
|
10
|
+
# of the native Ubuntu packages will fail.
|
11
|
+
if($::operatingsystem == 'Ubuntu' and $package_ensure == 'absent') {
|
12
|
+
# This is an exec, because we want to invoke autoremove.
|
13
|
+
#
|
14
|
+
# An alternative would be to have a full list of packages, but that seemed
|
15
|
+
# more problematic to maintain, not to mention the conflict with the
|
16
|
+
# client class will create duplicate resources.
|
17
|
+
exec { 'apt-get-autoremove-postgresql-client-XX':
|
18
|
+
command => "apt-get autoremove --purge --yes ${client_package_name}",
|
19
|
+
onlyif => "dpkg -l ${client_package_name} | grep -e '^ii'",
|
20
|
+
logoutput => on_failure,
|
21
|
+
path => '/usr/bin:/bin:/usr/sbin/:/sbin',
|
22
|
+
}
|
23
|
+
|
24
|
+
# This will clean up anything we miss
|
25
|
+
exec { 'apt-get-autoremove-postgresql-client-brute':
|
26
|
+
command => "dpkg -P postgresql*",
|
27
|
+
onlyif => "dpkg -l postgresql* | grep -e '^ii'",
|
28
|
+
logoutput => on_failure,
|
29
|
+
path => '/usr/bin:/bin:/usr/sbin/:/sbin',
|
30
|
+
}
|
31
|
+
}
|
32
|
+
|
33
|
+
$_package_ensure = $package_ensure ? {
|
34
|
+
true => 'present',
|
35
|
+
false => 'purged',
|
36
|
+
'absent' => 'purged',
|
37
|
+
default => $package_ensure,
|
38
|
+
}
|
39
|
+
|
40
|
+
package { 'postgresql-server':
|
41
|
+
ensure => $_package_ensure,
|
42
|
+
name => $package_name,
|
43
|
+
|
44
|
+
# This is searched for to create relationships with the package repos, be
|
45
|
+
# careful about its removal
|
46
|
+
tag => 'postgresql',
|
47
|
+
}
|
48
|
+
|
49
|
+
}
|
@@ -0,0 +1,34 @@
|
|
1
|
+
# PRIVATE CLASS: do not call directly
|
2
|
+
class postgresql::server::passwd {
|
3
|
+
$ensure = $postgresql::server::ensure
|
4
|
+
$postgres_password = $postgresql::server::postgres_password
|
5
|
+
$user = $postgresql::server::user
|
6
|
+
$group = $postgresql::server::group
|
7
|
+
|
8
|
+
if($ensure == 'present' or $ensure == true) {
|
9
|
+
if ($postgres_password != undef) {
|
10
|
+
# NOTE: this password-setting logic relies on the pg_hba.conf being
|
11
|
+
# configured to allow the postgres system user to connect via psql
|
12
|
+
# without specifying a password ('ident' or 'trust' security). This is
|
13
|
+
# the default for pg_hba.conf.
|
14
|
+
$escaped = postgresql_escape($postgres_password)
|
15
|
+
$env = "env PGPASSWORD='${postgres_password}'"
|
16
|
+
exec { 'set_postgres_postgrespw':
|
17
|
+
# This command works w/no password because we run it as postgres system
|
18
|
+
# user
|
19
|
+
command => "psql -c 'ALTER ROLE \"${user}\" PASSWORD ${escaped}'",
|
20
|
+
user => $user,
|
21
|
+
group => $group,
|
22
|
+
logoutput => true,
|
23
|
+
cwd => '/tmp',
|
24
|
+
# With this command we're passing -h to force TCP authentication, which
|
25
|
+
# does require a password. We specify the password via the PGPASSWORD
|
26
|
+
# environment variable. If the password is correct (current), this
|
27
|
+
# command will exit with an exit code of 0, which will prevent the main
|
28
|
+
# command from running.
|
29
|
+
unless => "${env} psql -h localhost -c 'select 1' > /dev/null",
|
30
|
+
path => '/usr/bin:/usr/local/bin:/bin',
|
31
|
+
}
|
32
|
+
}
|
33
|
+
}
|
34
|
+
}
|
@@ -0,0 +1,54 @@
|
|
1
|
+
# This resource manages an individual rule that applies to the file defined in
|
2
|
+
# $target. See README.md for more details.
|
3
|
+
define postgresql::server::pg_hba_rule(
|
4
|
+
$type,
|
5
|
+
$database,
|
6
|
+
$user,
|
7
|
+
$auth_method,
|
8
|
+
$address = undef,
|
9
|
+
$description = 'none',
|
10
|
+
$auth_option = undef,
|
11
|
+
$order = '150',
|
12
|
+
|
13
|
+
# Needed for testing primarily, support for multiple files is not really
|
14
|
+
# working.
|
15
|
+
$target = $postgresql::server::pg_hba_conf_path
|
16
|
+
) {
|
17
|
+
|
18
|
+
if $postgresql::server::manage_pga_conf == false {
|
19
|
+
fail('postgresql::server::manage_pga_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests')
|
20
|
+
} else {
|
21
|
+
validate_re($type, '^(local|host|hostssl|hostnossl)$',
|
22
|
+
"The type you specified [${type}] must be one of: local, host, hostssl, hostnosssl")
|
23
|
+
|
24
|
+
if($type =~ /^host/ and $address == undef) {
|
25
|
+
fail('You must specify an address property when type is host based')
|
26
|
+
}
|
27
|
+
|
28
|
+
$allowed_auth_methods = $postgresql::server::version ? {
|
29
|
+
'9.3' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
|
30
|
+
'9.2' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
|
31
|
+
'9.1' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
|
32
|
+
'9.0' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'radius', 'cert', 'pam'],
|
33
|
+
'8.4' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'cert', 'pam'],
|
34
|
+
'8.3' => ['trust', 'reject', 'md5', 'sha1', 'crypt', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'pam'],
|
35
|
+
'8.2' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'ldap', 'pam'],
|
36
|
+
'8.1' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'pam'],
|
37
|
+
default => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'crypt']
|
38
|
+
}
|
39
|
+
|
40
|
+
$auth_method_regex = join(['^(', join($allowed_auth_methods, '|'), ')$'],'')
|
41
|
+
validate_re($auth_method, $auth_method_regex,
|
42
|
+
join(["The auth_method you specified [${auth_method}] must be one of: ", join($allowed_auth_methods, ', ')],''))
|
43
|
+
|
44
|
+
# Create a rule fragment
|
45
|
+
$fragname = "pg_hba_rule_${name}"
|
46
|
+
concat::fragment { $fragname:
|
47
|
+
target => $target,
|
48
|
+
content => template('postgresql/pg_hba_rule.conf'),
|
49
|
+
order => $order,
|
50
|
+
owner => $::id,
|
51
|
+
mode => '0600',
|
52
|
+
}
|
53
|
+
}
|
54
|
+
}
|
@@ -0,0 +1,27 @@
|
|
1
|
+
# This class installs the PL/Perl procedural language for postgresql. See
|
2
|
+
# README.md for more details.
|
3
|
+
class postgresql::server::plperl(
|
4
|
+
$package_ensure = 'present',
|
5
|
+
$package_name = $postgresql::server::plperl_package_name
|
6
|
+
) {
|
7
|
+
package { 'postgresql-plperl':
|
8
|
+
ensure => $package_ensure,
|
9
|
+
name => $package_name,
|
10
|
+
tag => 'postgresql',
|
11
|
+
}
|
12
|
+
|
13
|
+
if($package_ensure == 'present' or $package_ensure == true) {
|
14
|
+
anchor { 'postgresql::server::plperl::start': }->
|
15
|
+
Class['postgresql::server::install']->
|
16
|
+
Package['postgresql-plperl']->
|
17
|
+
Class['postgresql::server::service']->
|
18
|
+
anchor { 'postgresql::server::plperl::end': }
|
19
|
+
} else {
|
20
|
+
anchor { 'postgresql::server::plperl::start': }->
|
21
|
+
Class['postgresql::server::service']->
|
22
|
+
Package['postgresql-plperl']->
|
23
|
+
Class['postgresql::server::install']->
|
24
|
+
anchor { 'postgresql::server::plperl::end': }
|
25
|
+
}
|
26
|
+
|
27
|
+
}
|
@@ -0,0 +1,15 @@
|
|
1
|
+
# PRIVATE CLASS: do not use directly
|
2
|
+
class postgresql::server::reload {
|
3
|
+
$ensure = $postgresql::server::ensure
|
4
|
+
$service_name = $postgresql::server::service_name
|
5
|
+
$service_status = $postgresql::server::service_status
|
6
|
+
|
7
|
+
if($ensure == 'present' or $ensure == true) {
|
8
|
+
exec { 'postgresql_reload':
|
9
|
+
path => '/usr/bin:/usr/sbin:/bin:/sbin',
|
10
|
+
command => "service ${service_name} reload",
|
11
|
+
onlyif => $service_status,
|
12
|
+
refreshonly => true,
|
13
|
+
}
|
14
|
+
}
|
15
|
+
}
|
@@ -1,39 +1,25 @@
|
|
1
|
-
#
|
2
|
-
|
3
|
-
# http://github.com/inkling/puppet-postgresql
|
4
|
-
#
|
5
|
-
# Copyright 2012- Inkling Systems, Inc.
|
6
|
-
#
|
7
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
8
|
-
# you may not use this file except in compliance with the License.
|
9
|
-
# You may obtain a copy of the License at
|
10
|
-
#
|
11
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
12
|
-
#
|
13
|
-
# Unless required by applicable law or agreed to in writing, software
|
14
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
15
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
16
|
-
# See the License for the specific language governing permissions and
|
17
|
-
# limitations under the License.
|
18
|
-
|
19
|
-
define postgresql::role(
|
1
|
+
# Define for creating a database role. See README.md for more information
|
2
|
+
define postgresql::server::role(
|
20
3
|
$password_hash = false,
|
21
4
|
$createdb = false,
|
22
5
|
$createrole = false,
|
23
|
-
$db =
|
24
|
-
$login =
|
6
|
+
$db = $postgresql::server::user,
|
7
|
+
$login = true,
|
25
8
|
$superuser = false,
|
26
9
|
$replication = false,
|
27
10
|
$connection_limit = '-1',
|
28
11
|
$username = $title
|
29
12
|
) {
|
30
|
-
|
13
|
+
$psql_user = $postgresql::server::user
|
14
|
+
$psql_group = $postgresql::server::group
|
15
|
+
$psql_path = $postgresql::server::psql_path
|
16
|
+
$version = $postgresql::server::version
|
31
17
|
|
32
|
-
$login_sql = $login ? { true => 'LOGIN'
|
33
|
-
$createrole_sql = $createrole ? { true => 'CREATEROLE'
|
34
|
-
$createdb_sql = $createdb ? { true => 'CREATEDB'
|
35
|
-
$superuser_sql = $superuser ? { true => 'SUPERUSER'
|
36
|
-
$replication_sql = $replication ? { true => 'REPLICATION'
|
18
|
+
$login_sql = $login ? { true => 'LOGIN', default => 'NOLOGIN' }
|
19
|
+
$createrole_sql = $createrole ? { true => 'CREATEROLE', default => 'NOCREATEROLE' }
|
20
|
+
$createdb_sql = $createdb ? { true => 'CREATEDB', default => 'NOCREATEDB' }
|
21
|
+
$superuser_sql = $superuser ? { true => 'SUPERUSER', default => 'NOSUPERUSER' }
|
22
|
+
$replication_sql = $replication ? { true => 'REPLICATION', default => '' }
|
37
23
|
if ($password_hash != false) {
|
38
24
|
$password_sql = "ENCRYPTED PASSWORD '${password_hash}'"
|
39
25
|
} else {
|
@@ -42,15 +28,15 @@ define postgresql::role(
|
|
42
28
|
|
43
29
|
Postgresql_psql {
|
44
30
|
db => $db,
|
45
|
-
psql_user => $
|
46
|
-
psql_group => $
|
47
|
-
psql_path => $
|
48
|
-
require => Postgresql_psql["CREATE ROLE \"${username}\" ${password_sql} ${login_sql} ${createrole_sql} ${createdb_sql} ${superuser_sql} ${replication_sql} CONNECTION LIMIT ${connection_limit}"],
|
31
|
+
psql_user => $psql_user,
|
32
|
+
psql_group => $psql_group,
|
33
|
+
psql_path => $psql_path,
|
34
|
+
require => [ Postgresql_psql["CREATE ROLE \"${username}\" ${password_sql} ${login_sql} ${createrole_sql} ${createdb_sql} ${superuser_sql} ${replication_sql} CONNECTION LIMIT ${connection_limit}"], Class['postgresql::server'] ],
|
49
35
|
}
|
50
36
|
|
51
37
|
postgresql_psql {"CREATE ROLE \"${username}\" ${password_sql} ${login_sql} ${createrole_sql} ${createdb_sql} ${superuser_sql} ${replication_sql} CONNECTION LIMIT ${connection_limit}":
|
52
38
|
unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}'",
|
53
|
-
require =>
|
39
|
+
require => Class['Postgresql::Server'],
|
54
40
|
}
|
55
41
|
|
56
42
|
postgresql_psql {"ALTER ROLE \"${username}\" ${superuser_sql}":
|
@@ -69,7 +55,7 @@ define postgresql::role(
|
|
69
55
|
unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolcanlogin=${login}",
|
70
56
|
}
|
71
57
|
|
72
|
-
if(versioncmp($
|
58
|
+
if(versioncmp($version, '9.1') >= 0) {
|
73
59
|
postgresql_psql {"ALTER ROLE \"${username}\" ${replication_sql}":
|
74
60
|
unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolreplication=${replication}",
|
75
61
|
}
|
@@ -0,0 +1,40 @@
|
|
1
|
+
# PRIVATE CLASS: do not call directly
|
2
|
+
class postgresql::server::service {
|
3
|
+
$ensure = $postgresql::server::ensure
|
4
|
+
$service_name = $postgresql::server::service_name
|
5
|
+
$service_provider = $postgresql::server::service_provider
|
6
|
+
$service_status = $postgresql::server::service_status
|
7
|
+
$user = $postgresql::server::user
|
8
|
+
$default_database = $postgresql::server::default_database
|
9
|
+
|
10
|
+
$service_ensure = $ensure ? {
|
11
|
+
present => true,
|
12
|
+
absent => false,
|
13
|
+
default => $ensure
|
14
|
+
}
|
15
|
+
|
16
|
+
service { 'postgresqld':
|
17
|
+
ensure => $service_ensure,
|
18
|
+
name => $service_name,
|
19
|
+
enable => $service_ensure,
|
20
|
+
provider => $service_provider,
|
21
|
+
hasstatus => true,
|
22
|
+
status => $service_status,
|
23
|
+
}
|
24
|
+
|
25
|
+
if($service_ensure) {
|
26
|
+
# This blocks the class before continuing if chained correctly, making
|
27
|
+
# sure the service really is 'up' before continuing.
|
28
|
+
#
|
29
|
+
# Without it, we may continue doing more work before the database is
|
30
|
+
# prepared leading to a nasty race condition.
|
31
|
+
postgresql::validate_db_connection { 'validate_service_is_running':
|
32
|
+
run_as => $user,
|
33
|
+
database_name => $default_database,
|
34
|
+
sleep => 1,
|
35
|
+
tries => 60,
|
36
|
+
create_db_first => false,
|
37
|
+
require => Service['postgresqld'],
|
38
|
+
}
|
39
|
+
}
|
40
|
+
}
|
@@ -1,5 +1,6 @@
|
|
1
|
-
#
|
2
|
-
|
1
|
+
# This resource wraps the grant resource to manage table grants specifically.
|
2
|
+
# See README.md for more details.
|
3
|
+
define postgresql::server::table_grant(
|
3
4
|
$privilege,
|
4
5
|
$table,
|
5
6
|
$db,
|
@@ -7,8 +8,7 @@ define postgresql::table_grant(
|
|
7
8
|
$psql_db = undef,
|
8
9
|
$psql_user = undef
|
9
10
|
) {
|
10
|
-
|
11
|
-
postgresql::grant { "table:${name}":
|
11
|
+
postgresql::server::grant { "table:${name}":
|
12
12
|
role => $role,
|
13
13
|
db => $db,
|
14
14
|
privilege => $privilege,
|
@@ -0,0 +1,42 @@
|
|
1
|
+
# This module creates tablespace. See README.md for more details.
|
2
|
+
define postgresql::server::tablespace(
|
3
|
+
$location,
|
4
|
+
$owner = undef,
|
5
|
+
$spcname = $title
|
6
|
+
) {
|
7
|
+
$user = $postgresql::server::user
|
8
|
+
$group = $postgresql::server::group
|
9
|
+
$psql_path = $postgresql::server::psql_path
|
10
|
+
|
11
|
+
Postgresql_psql {
|
12
|
+
psql_user => $user,
|
13
|
+
psql_group => $group,
|
14
|
+
psql_path => $psql_path,
|
15
|
+
}
|
16
|
+
|
17
|
+
if ($owner == undef) {
|
18
|
+
$owner_section = ''
|
19
|
+
} else {
|
20
|
+
$owner_section = "OWNER \"${owner}\""
|
21
|
+
}
|
22
|
+
|
23
|
+
$create_tablespace_command = "CREATE TABLESPACE \"${spcname}\" ${owner_section} LOCATION '${location}'"
|
24
|
+
|
25
|
+
file { $location:
|
26
|
+
ensure => directory,
|
27
|
+
owner => $user,
|
28
|
+
group => $group,
|
29
|
+
mode => '0700',
|
30
|
+
}
|
31
|
+
|
32
|
+
$create_ts = "Create tablespace '${spcname}'"
|
33
|
+
postgresql_psql { "Create tablespace '${spcname}'":
|
34
|
+
command => $create_tablespace_command,
|
35
|
+
unless => "SELECT spcname FROM pg_tablespace WHERE spcname='${spcname}'",
|
36
|
+
require => [Class['postgresql::server'], File[$location]],
|
37
|
+
}
|
38
|
+
|
39
|
+
if($owner != undef and defined(Postgresql::Server::Role[$owner])) {
|
40
|
+
Postgresql::Server::Role[$owner]->Postgresql_psql[$create_ts]
|
41
|
+
}
|
42
|
+
}
|