freighthop 0.0.6 → 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Puppetfile +1 -0
- data/Puppetfile.lock +3 -0
- data/Vagrantfile +1 -1
- data/bin/fh +2 -78
- data/lib/freighthop/cli/help.rb +69 -0
- data/lib/freighthop/cli/ssh.rb +46 -0
- data/lib/freighthop/cli/vagrant.rb +26 -0
- data/lib/freighthop/cli.rb +40 -0
- data/lib/freighthop/config.rb +4 -0
- data/lib/freighthop/vagrant_env.rb +24 -0
- data/lib/freighthop/version.rb +1 -1
- data/lib/freighthop.rb +7 -4
- data/local_modules/freighthop/manifests/database/mysql.pp +20 -0
- data/local_modules/freighthop/manifests/database/postgres.pp +6 -6
- data/local_modules/freighthop/manifests/database.pp +6 -8
- data/local_modules/freighthop/manifests/init.pp +1 -8
- data/local_modules/freighthop/manifests/params.pp +0 -3
- data/modules/apt/CHANGELOG +12 -2
- data/modules/apt/Gemfile +6 -5
- data/modules/apt/Gemfile.lock +40 -5
- data/modules/apt/Modulefile +1 -1
- data/modules/apt/README.md +2 -1
- data/modules/apt/Rakefile +1 -0
- data/modules/apt/manifests/init.pp +4 -1
- data/modules/apt/manifests/ppa.pp +1 -1
- data/modules/apt/manifests/update.pp +1 -0
- data/modules/apt/metadata.json +21 -13
- data/modules/apt/spec/defines/ppa_spec.rb +3 -3
- data/modules/apt/spec/defines/source_spec.rb +2 -2
- data/modules/apt/spec/spec_helper_system.rb +30 -0
- data/modules/apt/spec/system/apt_builddep_spec.rb +38 -0
- data/modules/apt/spec/system/apt_key_spec.rb +53 -0
- data/modules/apt/spec/system/apt_ppa_spec.rb +59 -0
- data/modules/apt/spec/system/apt_source_spec.rb +51 -0
- data/modules/apt/spec/system/basic_spec.rb +10 -0
- data/modules/apt/spec/system/class_spec.rb +20 -0
- data/modules/apt/templates/source.list.erb +2 -2
- data/modules/freighthop/manifests/database/mysql.pp +20 -0
- data/modules/freighthop/manifests/database/postgres.pp +6 -6
- data/modules/freighthop/manifests/database.pp +6 -8
- data/modules/freighthop/manifests/init.pp +1 -8
- data/modules/freighthop/manifests/params.pp +0 -3
- data/modules/mysql/CHANGELOG +403 -0
- data/modules/mysql/Gemfile +24 -0
- data/modules/mysql/Gemfile.lock +129 -0
- data/modules/mysql/LICENSE +201 -0
- data/modules/mysql/Modulefile +9 -0
- data/modules/mysql/README.md +492 -0
- data/modules/mysql/Rakefile +2 -0
- data/modules/mysql/TODO +8 -0
- data/modules/mysql/files/mysqltuner.pl +966 -0
- data/modules/mysql/lib/puppet/parser/functions/mysql_deepmerge.rb +52 -0
- data/modules/mysql/lib/puppet/parser/functions/mysql_password.rb +15 -0
- data/modules/mysql/lib/puppet/parser/functions/mysql_strip_hash.rb +21 -0
- data/modules/mysql/lib/puppet/provider/database/mysql.rb +52 -0
- data/modules/mysql/lib/puppet/provider/database_grant/mysql.rb +210 -0
- data/modules/mysql/lib/puppet/provider/database_user/mysql.rb +76 -0
- data/modules/mysql/lib/puppet/provider/mysql.rb +67 -0
- data/modules/mysql/lib/puppet/provider/mysql_database/mysql.rb +68 -0
- data/modules/mysql/lib/puppet/provider/mysql_grant/mysql.rb +115 -0
- data/modules/mysql/lib/puppet/provider/mysql_user/mysql.rb +115 -0
- data/modules/mysql/lib/puppet/type/database.rb +21 -0
- data/modules/mysql/lib/puppet/type/database_grant.rb +79 -0
- data/modules/mysql/lib/puppet/type/database_user.rb +31 -0
- data/modules/mysql/lib/puppet/type/mysql_database.rb +22 -0
- data/modules/mysql/lib/puppet/type/mysql_grant.rb +72 -0
- data/modules/mysql/lib/puppet/type/mysql_user.rb +45 -0
- data/modules/mysql/manifests/backup.pp +31 -0
- data/modules/mysql/manifests/bindings/java.pp +10 -0
- data/modules/mysql/manifests/bindings/perl.pp +10 -0
- data/modules/mysql/manifests/bindings/php.pp +10 -0
- data/modules/mysql/manifests/bindings/python.pp +10 -0
- data/modules/mysql/manifests/bindings/ruby.pp +10 -0
- data/modules/mysql/manifests/bindings.pp +33 -0
- data/modules/mysql/manifests/client/install.pp +8 -0
- data/modules/mysql/manifests/client.pp +27 -0
- data/modules/mysql/manifests/db.pp +59 -0
- data/modules/mysql/manifests/init.pp +100 -0
- data/modules/mysql/manifests/params.pp +230 -0
- data/modules/mysql/manifests/server/account_security.pp +22 -0
- data/modules/mysql/manifests/server/backup.pp +56 -0
- data/modules/mysql/manifests/server/config.pp +31 -0
- data/modules/mysql/manifests/server/install.pp +9 -0
- data/modules/mysql/manifests/server/monitor.pp +24 -0
- data/modules/mysql/manifests/server/mysqltuner.pp +9 -0
- data/modules/mysql/manifests/server/providers.pp +8 -0
- data/modules/mysql/manifests/server/root_password.pp +21 -0
- data/modules/mysql/manifests/server/service.pp +19 -0
- data/modules/mysql/manifests/server.pp +69 -0
- data/modules/mysql/metadata.json +289 -0
- data/modules/mysql/spec/classes/mysql_bindings_spec.rb +58 -0
- data/modules/mysql/spec/classes/mysql_client_spec.rb +16 -0
- data/modules/mysql/spec/classes/mysql_server_account_security_spec.rb +41 -0
- data/modules/mysql/spec/classes/mysql_server_backup_spec.rb +112 -0
- data/modules/mysql/spec/classes/mysql_server_monitor_spec.rb +31 -0
- data/modules/mysql/spec/classes/mysql_server_mysqltuner_spec.rb +5 -0
- data/modules/mysql/spec/classes/mysql_server_spec.rb +162 -0
- data/modules/mysql/spec/defines/mysql_db_spec.rb +51 -0
- data/modules/mysql/spec/spec.opts +6 -0
- data/modules/mysql/spec/spec_helper.rb +5 -0
- data/modules/mysql/spec/spec_helper_system.rb +28 -0
- data/modules/mysql/spec/system/mysql_account_delete_spec.rb +35 -0
- data/modules/mysql/spec/system/mysql_backup_spec.rb +77 -0
- data/modules/mysql/spec/system/mysql_bindings_spec.rb +90 -0
- data/modules/mysql/spec/system/mysql_db_spec.rb +61 -0
- data/modules/mysql/spec/system/mysql_server_monitor_spec.rb +30 -0
- data/modules/mysql/spec/system/mysql_server_root_password_spec.rb +71 -0
- data/modules/mysql/spec/system/mysql_server_spec.rb +85 -0
- data/modules/mysql/spec/system/types/mysql_grant_spec.rb +314 -0
- data/modules/mysql/spec/system/types/mysql_user_spec.rb +35 -0
- data/modules/mysql/spec/unit/mysql_password_spec.rb +27 -0
- data/modules/mysql/spec/unit/puppet/functions/mysql_deepmerge_spec.rb +77 -0
- data/modules/mysql/spec/unit/puppet/provider/database/mysql_spec.rb +86 -0
- data/modules/mysql/spec/unit/puppet/provider/database_grant/mysql_spec.rb +95 -0
- data/modules/mysql/spec/unit/puppet/provider/database_user/mysql_spec.rb +119 -0
- data/modules/mysql/spec/unit/puppet/provider/mysql_database/mysql_spec.rb +118 -0
- data/modules/mysql/spec/unit/puppet/provider/mysql_user/mysql_spec.rb +130 -0
- data/modules/mysql/spec/unit/puppet/type/mysql_database_spec.rb +29 -0
- data/modules/mysql/spec/unit/puppet/type/mysql_user_spec.rb +30 -0
- data/modules/mysql/templates/my.cnf.erb +17 -0
- data/modules/mysql/templates/my.cnf.pass.erb +7 -0
- data/modules/mysql/templates/my.conf.cnf.erb +17 -0
- data/modules/mysql/templates/mysqlbackup.sh.erb +57 -0
- data/modules/mysql/tests/backup.pp +8 -0
- data/modules/mysql/tests/bindings.pp +3 -0
- data/modules/mysql/tests/init.pp +1 -0
- data/modules/mysql/tests/java.pp +1 -0
- data/modules/mysql/tests/mysql_database.pp +12 -0
- data/modules/mysql/tests/mysql_grant.pp +5 -0
- data/modules/mysql/tests/mysql_user.pp +23 -0
- data/modules/mysql/tests/perl.pp +1 -0
- data/modules/mysql/tests/python.pp +1 -0
- data/modules/mysql/tests/ruby.pp +1 -0
- data/modules/mysql/tests/server/account_security.pp +4 -0
- data/modules/mysql/tests/server/config.pp +11 -0
- data/modules/mysql/tests/server.pp +3 -0
- data/modules/postgresql/Changelog +191 -0
- data/modules/postgresql/Gemfile +1 -0
- data/modules/postgresql/Gemfile.lock +9 -0
- data/modules/postgresql/LICENSE +198 -12
- data/modules/postgresql/Modulefile +2 -2
- data/modules/postgresql/NOTICE +14 -0
- data/modules/postgresql/README.md +435 -184
- data/modules/postgresql/files/validate_postgresql_connection.sh +31 -0
- data/modules/postgresql/lib/puppet/provider/postgresql_conf/parsed.rb +37 -0
- data/modules/postgresql/lib/puppet/provider/postgresql_psql/ruby.rb +4 -0
- data/modules/postgresql/lib/puppet/type/postgresql_conf.rb +31 -0
- data/modules/postgresql/lib/puppet/type/postgresql_psql.rb +4 -0
- data/modules/postgresql/manifests/client.pp +17 -16
- data/modules/postgresql/manifests/globals.pp +95 -0
- data/modules/postgresql/manifests/lib/devel.pp +15 -0
- data/modules/postgresql/manifests/lib/java.pp +15 -0
- data/modules/postgresql/manifests/lib/python.pp +13 -0
- data/modules/postgresql/manifests/params.pp +127 -222
- data/modules/postgresql/manifests/repo/apt_postgresql_org.pp +30 -0
- data/modules/postgresql/manifests/repo/yum_postgresql_org.pp +38 -0
- data/modules/postgresql/manifests/repo.pp +22 -0
- data/modules/postgresql/manifests/server/config.pp +113 -0
- data/modules/postgresql/manifests/server/config_entry.pp +43 -0
- data/modules/postgresql/manifests/server/contrib.pp +27 -0
- data/modules/postgresql/manifests/server/database.pp +75 -0
- data/modules/postgresql/manifests/server/database_grant.pp +18 -0
- data/modules/postgresql/manifests/server/db.pp +36 -0
- data/modules/postgresql/manifests/server/firewall.pp +21 -0
- data/modules/postgresql/manifests/server/grant.pp +81 -0
- data/modules/postgresql/manifests/server/initdb.pp +52 -0
- data/modules/postgresql/manifests/server/install.pp +49 -0
- data/modules/postgresql/manifests/server/passwd.pp +34 -0
- data/modules/postgresql/manifests/server/pg_hba_rule.pp +54 -0
- data/modules/postgresql/manifests/server/plperl.pp +27 -0
- data/modules/postgresql/manifests/server/reload.pp +15 -0
- data/modules/postgresql/manifests/{role.pp → server/role.pp} +19 -33
- data/modules/postgresql/manifests/server/service.pp +40 -0
- data/modules/postgresql/manifests/{table_grant.pp → server/table_grant.pp} +4 -4
- data/modules/postgresql/manifests/server/tablespace.pp +42 -0
- data/modules/postgresql/manifests/server.pp +61 -83
- data/modules/postgresql/manifests/validate_db_connection.pp +49 -50
- data/modules/postgresql/metadata.json +123 -73
- data/modules/postgresql/spec/spec_helper_system.rb +13 -1
- data/modules/postgresql/spec/system/client_spec.rb +22 -0
- data/modules/postgresql/spec/system/common_patterns_spec.rb +53 -0
- data/modules/postgresql/spec/system/contrib_spec.rb +33 -0
- data/modules/postgresql/spec/system/lib/devel_spec.rb +22 -0
- data/modules/postgresql/spec/system/lib/java_spec.rb +25 -0
- data/modules/postgresql/spec/system/lib/python_spec.rb +24 -0
- data/modules/postgresql/spec/system/postgresql_psql_spec.rb +51 -0
- data/modules/postgresql/spec/system/server/config_entry_spec.rb +32 -0
- data/modules/postgresql/spec/system/server/database_grant_spec.rb +54 -0
- data/modules/postgresql/spec/system/server/database_spec.rb +35 -0
- data/modules/postgresql/spec/system/server/db_spec.rb +143 -0
- data/modules/postgresql/spec/system/server/grant_spec.rb +55 -0
- data/modules/postgresql/spec/system/server/pg_hba_rule_spec.rb +85 -0
- data/modules/postgresql/spec/system/server/plperl_spec.rb +29 -0
- data/modules/postgresql/spec/system/server/role_spec.rb +103 -0
- data/modules/postgresql/spec/system/server/table_grant_spec.rb +72 -0
- data/modules/postgresql/spec/system/server/tablespace_spec.rb +74 -0
- data/modules/postgresql/spec/system/server_spec.rb +217 -0
- data/modules/postgresql/spec/system/validate_db_connection_spec.rb +91 -0
- data/modules/postgresql/spec/unit/classes/client_spec.rb +27 -2
- data/modules/postgresql/spec/unit/classes/globals_spec.rb +28 -0
- data/modules/postgresql/spec/unit/classes/lib/devel_spec.rb +12 -0
- data/modules/postgresql/spec/unit/classes/{postgresql_java_spec.rb → lib/java_spec.rb} +9 -19
- data/modules/postgresql/spec/unit/classes/lib/python_spec.rb +31 -0
- data/modules/postgresql/spec/unit/classes/params_spec.rb +2 -1
- data/modules/postgresql/spec/unit/classes/repo_spec.rb +17 -0
- data/modules/postgresql/spec/unit/classes/server/contrib_spec.rb +42 -0
- data/modules/postgresql/spec/unit/classes/server/initdb_spec.rb +28 -0
- data/modules/postgresql/spec/unit/classes/server/plperl_spec.rb +45 -0
- data/modules/postgresql/spec/unit/classes/server_spec.rb +83 -2
- data/modules/postgresql/spec/unit/defines/server/config_entry_spec.rb +23 -0
- data/modules/postgresql/spec/unit/defines/server/database_grant_spec.rb +26 -0
- data/modules/postgresql/spec/unit/defines/server/database_spec.rb +16 -0
- data/modules/postgresql/spec/unit/defines/server/db_spec.rb +28 -0
- data/modules/postgresql/spec/unit/defines/{database_grant_spec.rb → server/grant_spec.rb} +7 -4
- data/modules/postgresql/spec/unit/defines/{pg_hba_rule_spec.rb → server/pg_hba_rule_spec.rb} +59 -2
- data/modules/postgresql/spec/unit/defines/server/role_spec.rb +23 -0
- data/modules/postgresql/spec/unit/defines/server/table_grant_spec.rb +27 -0
- data/modules/postgresql/spec/unit/defines/server/tablespace_spec.rb +23 -0
- data/modules/postgresql/spec/unit/defines/validate_db_connection_spec.rb +22 -9
- data/modules/postgresql/spec/unit/provider/postgresql_conf/parsed_spec.rb +112 -0
- data/modules/postgresql/spec/unit/puppet/provider/postgresql_psql/ruby_spec.rb +29 -0
- data/modules/postgresql/spec/unit/puppet/type/postgresql_psql_spec.rb +1 -0
- data/modules/postgresql/spec/unit/type/postgresql_conf_spec.rb +50 -0
- metadata +177 -53
- data/modules/postgresql/examples/init.pp +0 -1
- data/modules/postgresql/examples/official-postgresql-repos.pp +0 -19
- data/modules/postgresql/examples/postgresql_database.pp +0 -22
- data/modules/postgresql/examples/postgresql_db.pp +0 -30
- data/modules/postgresql/examples/postgresql_grant.pp +0 -14
- data/modules/postgresql/examples/postgresql_pg_hba_rule.pp +0 -18
- data/modules/postgresql/examples/postgresql_pgconf_extras.pp +0 -19
- data/modules/postgresql/examples/postgresql_tablespace.pp +0 -73
- data/modules/postgresql/examples/postgresql_user.pp +0 -28
- data/modules/postgresql/examples/server.pp +0 -10
- data/modules/postgresql/lib/facter/postgres_default_version.rb +0 -69
- data/modules/postgresql/manifests/config/afterservice.pp +0 -47
- data/modules/postgresql/manifests/config/beforeservice.pp +0 -171
- data/modules/postgresql/manifests/config.pp +0 -74
- data/modules/postgresql/manifests/contrib.pp +0 -29
- data/modules/postgresql/manifests/database.pp +0 -85
- data/modules/postgresql/manifests/database_grant.pp +0 -35
- data/modules/postgresql/manifests/database_user.pp +0 -60
- data/modules/postgresql/manifests/db.pp +0 -77
- data/modules/postgresql/manifests/devel.pp +0 -27
- data/modules/postgresql/manifests/grant.pp +0 -77
- data/modules/postgresql/manifests/init.pp +0 -145
- data/modules/postgresql/manifests/initdb.pp +0 -52
- data/modules/postgresql/manifests/java.pp +0 -29
- data/modules/postgresql/manifests/package_source/apt_postgresql_org.pp +0 -21
- data/modules/postgresql/manifests/package_source/yum_postgresql_org.pp +0 -30
- data/modules/postgresql/manifests/pg_hba.pp +0 -19
- data/modules/postgresql/manifests/pg_hba_rule.pp +0 -41
- data/modules/postgresql/manifests/plperl.pp +0 -24
- data/modules/postgresql/manifests/psql.pp +0 -56
- data/modules/postgresql/manifests/python.pp +0 -18
- data/modules/postgresql/manifests/tablespace.pp +0 -59
- data/modules/postgresql/spec/system/install_spec.rb +0 -707
- data/modules/postgresql/spec/system/non_defaults_spec.rb +0 -114
- data/modules/postgresql/spec/unit/classes/contrib_spec.rb +0 -11
- data/modules/postgresql/spec/unit/classes/devel_spec.rb +0 -11
- data/modules/postgresql/spec/unit/classes/init_spec.rb +0 -71
- data/modules/postgresql/spec/unit/classes/postgresql_python_spec.rb +0 -53
- data/modules/postgresql/spec/unit/defines/database_spec.rb +0 -14
- data/modules/postgresql/spec/unit/defines/database_user_spec.rb +0 -19
- data/modules/postgresql/spec/unit/defines/db_spec.rb +0 -20
- data/modules/postgresql/spec/unit/defines/pg_hba_spec.rb +0 -20
- data/modules/postgresql/spec/unit/defines/psql_spec.rb +0 -20
- data/modules/postgresql/spec/unit/defines/role_spec.rb +0 -14
- data/modules/postgresql/spec/unit/defines/tablespace_spec.rb +0 -19
- data/modules/postgresql/spec/unit/facts/postgres_default_version_spec.rb +0 -14
@@ -1,73 +0,0 @@
|
|
1
|
-
class { 'postgresql::server':
|
2
|
-
config_hash => {
|
3
|
-
'ip_mask_deny_postgres_user' => '0.0.0.0/32',
|
4
|
-
'ip_mask_allow_all_users' => '0.0.0.0/0',
|
5
|
-
'listen_addresses' => '*',
|
6
|
-
'manage_redhat_firewall' => true,
|
7
|
-
'postgres_password' => 'postgres',
|
8
|
-
},
|
9
|
-
}
|
10
|
-
|
11
|
-
file { '/tmp':
|
12
|
-
ensure => 'directory',
|
13
|
-
}
|
14
|
-
file { '/tmp/pg_tablespaces':
|
15
|
-
ensure => 'directory',
|
16
|
-
owner => 'postgres',
|
17
|
-
group => 'postgres',
|
18
|
-
mode => '0700',
|
19
|
-
require => File['/tmp'],
|
20
|
-
}
|
21
|
-
|
22
|
-
postgresql::tablespace{ 'tablespace1':
|
23
|
-
location => '/tmp/pg_tablespaces/space1',
|
24
|
-
require => [Class['postgresql::server'], File['/tmp/pg_tablespaces']],
|
25
|
-
}
|
26
|
-
postgresql::database{ 'tablespacedb1':
|
27
|
-
# TODO: ensure not yet supported
|
28
|
-
#ensure => present,
|
29
|
-
charset => 'utf8',
|
30
|
-
require => Class['postgresql::server'],
|
31
|
-
}
|
32
|
-
postgresql::database{ 'tablespacedb2':
|
33
|
-
# TODO: ensure not yet supported
|
34
|
-
#ensure => present,
|
35
|
-
charset => 'utf8',
|
36
|
-
tablespace => 'tablespace1',
|
37
|
-
require => Postgresql::Tablespace['tablespace1'],
|
38
|
-
}
|
39
|
-
postgresql::db{ 'tablespacedb3':
|
40
|
-
# TODO: ensure not yet supported
|
41
|
-
#ensure => present,
|
42
|
-
user => 'dbuser1',
|
43
|
-
password => 'dbuser1',
|
44
|
-
require => Class['postgresql::server'],
|
45
|
-
}
|
46
|
-
postgresql::db{ 'tablespacedb4':
|
47
|
-
# TODO: ensure not yet supported
|
48
|
-
#ensure => present,
|
49
|
-
user => 'dbuser2',
|
50
|
-
password => 'dbuser2',
|
51
|
-
tablespace => 'tablespace1',
|
52
|
-
require => Postgresql::Tablespace['tablespace1'],
|
53
|
-
}
|
54
|
-
|
55
|
-
postgresql::database_user{ 'spcuser':
|
56
|
-
# TODO: ensure is not yet supported
|
57
|
-
#ensure => present,
|
58
|
-
password_hash => postgresql_password('spcuser', 'spcuser'),
|
59
|
-
require => Class['postgresql::server'],
|
60
|
-
}
|
61
|
-
postgresql::tablespace{ 'tablespace2':
|
62
|
-
location => '/tmp/pg_tablespaces/space2',
|
63
|
-
owner => 'spcuser',
|
64
|
-
require => [Postgresql::Database_user['spcuser'], File['/tmp/pg_tablespaces']],
|
65
|
-
}
|
66
|
-
postgresql::database{ 'tablespacedb5':
|
67
|
-
# TODO: ensure not yet supported
|
68
|
-
#ensure => present,
|
69
|
-
charset => 'utf8',
|
70
|
-
tablespace => 'tablespace2',
|
71
|
-
require => Postgresql::Tablespace['tablespace2'],
|
72
|
-
}
|
73
|
-
|
@@ -1,28 +0,0 @@
|
|
1
|
-
class { 'postgresql::server':
|
2
|
-
config_hash => {
|
3
|
-
'ip_mask_deny_postgres_user' => '0.0.0.0/32',
|
4
|
-
'ip_mask_allow_all_users' => '0.0.0.0/0',
|
5
|
-
'listen_addresses' => '*',
|
6
|
-
'manage_redhat_firewall' => true,
|
7
|
-
'postgres_password' => 'postgres',
|
8
|
-
},
|
9
|
-
}
|
10
|
-
|
11
|
-
# TODO: in mysql module, the username includes, e.g., '@%' or '@localhost', which
|
12
|
-
# affects the user's ability to connect from remote hosts. In postgres this is
|
13
|
-
# managed via pg_hba.conf; not sure if we want to try to reconcile that difference
|
14
|
-
# in the modules or not.
|
15
|
-
postgresql::database_user{ 'redmine':
|
16
|
-
# TODO: ensure is not yet supported
|
17
|
-
#ensure => present,
|
18
|
-
password_hash => postgresql_password('redmine', 'redmine'),
|
19
|
-
require => Class['postgresql::server'],
|
20
|
-
}
|
21
|
-
|
22
|
-
postgresql::database_user{ 'dan':
|
23
|
-
# TODO: ensure is not yet supported
|
24
|
-
#ensure => present,
|
25
|
-
password_hash => postgresql_password('dan', 'blah'),
|
26
|
-
require => Class['postgresql::server'],
|
27
|
-
}
|
28
|
-
|
@@ -1,10 +0,0 @@
|
|
1
|
-
class { 'postgresql::server':
|
2
|
-
config_hash => {
|
3
|
-
'ip_mask_deny_postgres_user' => '0.0.0.0/32',
|
4
|
-
'ip_mask_allow_all_users' => '0.0.0.0/0',
|
5
|
-
'listen_addresses' => '*',
|
6
|
-
'ipv4acls' => ['hostssl all johndoe 192.168.0.0/24 cert'],
|
7
|
-
'manage_redhat_firewall' => true,
|
8
|
-
'postgres_password' => 'postgres',
|
9
|
-
},
|
10
|
-
}
|
@@ -1,69 +0,0 @@
|
|
1
|
-
def get_debianfamily_postgres_version
|
2
|
-
case Facter.value('operatingsystem')
|
3
|
-
when "Debian"
|
4
|
-
get_debian_postgres_version()
|
5
|
-
when "Ubuntu"
|
6
|
-
get_ubuntu_postgres_version()
|
7
|
-
else
|
8
|
-
nil
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
def get_debian_postgres_version
|
13
|
-
case Facter.value('operatingsystemrelease')
|
14
|
-
# TODO: add more debian versions or better logic here
|
15
|
-
when /^6\./
|
16
|
-
"8.4"
|
17
|
-
when /^wheezy/, /^7\./
|
18
|
-
"9.1"
|
19
|
-
else
|
20
|
-
nil
|
21
|
-
end
|
22
|
-
end
|
23
|
-
|
24
|
-
def get_ubuntu_postgres_version
|
25
|
-
case Facter.value('operatingsystemrelease')
|
26
|
-
when "11.10", "12.04", "12.10", "13.04"
|
27
|
-
"9.1"
|
28
|
-
when "10.04", "10.10", "11.04"
|
29
|
-
"8.4"
|
30
|
-
else
|
31
|
-
nil
|
32
|
-
end
|
33
|
-
end
|
34
|
-
|
35
|
-
def get_redhatfamily_postgres_version
|
36
|
-
case Facter.value('operatingsystemrelease')
|
37
|
-
when /^6\./
|
38
|
-
"8.4"
|
39
|
-
when /^5\./
|
40
|
-
"8.1"
|
41
|
-
else
|
42
|
-
nil
|
43
|
-
end
|
44
|
-
end
|
45
|
-
|
46
|
-
Facter.add("postgres_default_version") do
|
47
|
-
setcode do
|
48
|
-
result =
|
49
|
-
case Facter.value('osfamily')
|
50
|
-
when 'RedHat'
|
51
|
-
get_redhatfamily_postgres_version()
|
52
|
-
when 'Linux'
|
53
|
-
get_redhatfamily_postgres_version()
|
54
|
-
when 'Debian'
|
55
|
-
get_debianfamily_postgres_version()
|
56
|
-
else
|
57
|
-
nil
|
58
|
-
end
|
59
|
-
|
60
|
-
# TODO: not sure if this is really a great idea, but elsewhere in the code
|
61
|
-
# it is useful to be able to distinguish between the case where the fact
|
62
|
-
# does not exist at all (e.g., if pluginsync is not enabled), and the case
|
63
|
-
# where the fact is not known for the OS in question.
|
64
|
-
if result == nil
|
65
|
-
result = 'unknown'
|
66
|
-
end
|
67
|
-
result
|
68
|
-
end
|
69
|
-
end
|
@@ -1,47 +0,0 @@
|
|
1
|
-
# Class: postgresql::config::afterservice
|
2
|
-
#
|
3
|
-
# Parameters:
|
4
|
-
#
|
5
|
-
# [*postgres_password*] - postgres db user password.
|
6
|
-
#
|
7
|
-
# Actions:
|
8
|
-
#
|
9
|
-
# Requires:
|
10
|
-
#
|
11
|
-
# Usage:
|
12
|
-
# This class is not intended to be used directly; it is
|
13
|
-
# managed by postgresl::config. It contains resources
|
14
|
-
# that should be handled *after* the postgres service
|
15
|
-
# has been started up.
|
16
|
-
#
|
17
|
-
# class { 'postgresql::config::afterservice':
|
18
|
-
# postgres_password => 'postgres'
|
19
|
-
# }
|
20
|
-
#
|
21
|
-
class postgresql::config::afterservice(
|
22
|
-
$postgres_password = undef
|
23
|
-
) inherits postgresql::params {
|
24
|
-
|
25
|
-
if ($postgres_password != undef) {
|
26
|
-
# NOTE: this password-setting logic relies on the pg_hba.conf being configured
|
27
|
-
# to allow the postgres system user to connect via psql without specifying
|
28
|
-
# a password ('ident' or 'trust' security). This is the default
|
29
|
-
# for pg_hba.conf.
|
30
|
-
$escapedpassword = postgresql_escape($postgres_password)
|
31
|
-
|
32
|
-
exec { 'set_postgres_postgrespw':
|
33
|
-
# This command works w/no password because we run it as postgres system user
|
34
|
-
command => "psql -c 'ALTER ROLE \"${postgresql::params::user}\" PASSWORD ${escapedpassword}'",
|
35
|
-
user => $postgresql::params::user,
|
36
|
-
group => $postgresql::params::group,
|
37
|
-
logoutput => true,
|
38
|
-
cwd => '/tmp',
|
39
|
-
# With this command we're passing -h to force TCP authentication, which does require
|
40
|
-
# a password. We specify the password via the PGPASSWORD environment variable. If
|
41
|
-
# the password is correct (current), this command will exit with an exit code of 0,
|
42
|
-
# which will prevent the main command from running.
|
43
|
-
unless => "env PGPASSWORD='${postgres_password}' psql -h localhost -c 'select 1' > /dev/null",
|
44
|
-
path => '/usr/bin:/usr/local/bin:/bin',
|
45
|
-
}
|
46
|
-
}
|
47
|
-
}
|
@@ -1,171 +0,0 @@
|
|
1
|
-
# Class: postgresql::config::beforeservice
|
2
|
-
#
|
3
|
-
# Parameters:
|
4
|
-
#
|
5
|
-
# [*firewall_supported*] - Is the firewall supported?
|
6
|
-
# [*ip_mask_deny_postgres_user*] - ip mask for denying remote access for postgres user; defaults to '0.0.0.0/0',
|
7
|
-
# meaning that all TCP access for postgres user is denied.
|
8
|
-
# [*ip_mask_allow_all_users*] - ip mask for allowing remote access for other users (besides postgres);
|
9
|
-
# defaults to '127.0.0.1/32', meaning only allow connections from localhost
|
10
|
-
# [*listen_addresses*] - what IP address(es) to listen on; comma-separated list of addresses; defaults to
|
11
|
-
# 'localhost', '*' = all
|
12
|
-
# [*ipv4acls*] - list of strings for access control for connection method, users, databases, IPv4
|
13
|
-
# addresses; see postgresql documentation about pg_hba.conf for information
|
14
|
-
# [*ipv6acls*] - list of strings for access control for connection method, users, databases, IPv6
|
15
|
-
# addresses; see postgresql documentation about pg_hba.conf for information
|
16
|
-
# [*pg_hba_conf_path*] - path to pg_hba.conf file
|
17
|
-
# [*postgresql_conf_path*] - path to postgresql.conf file
|
18
|
-
# [*manage_redhat_firewall*] - boolean indicating whether or not the module should open a port in the firewall on
|
19
|
-
# redhat-based systems; this parameter is likely to change in future versions. Possible
|
20
|
-
# changes include support for non-RedHat systems and finer-grained control over the
|
21
|
-
# firewall rule (currently, it simply opens up the postgres port to all TCP connections).
|
22
|
-
# [*manage_pg_hba_conf*] - boolean indicating whether or not the module manages pg_hba.conf file.
|
23
|
-
# [*persist_firewall_command*] - Command to persist firewall connections.
|
24
|
-
#
|
25
|
-
# Actions:
|
26
|
-
#
|
27
|
-
# Requires:
|
28
|
-
#
|
29
|
-
# Usage:
|
30
|
-
# This class is not intended to be used directly; it is
|
31
|
-
# managed by postgresl::config. It contains resources
|
32
|
-
# that should be handled *before* the postgres service
|
33
|
-
# has been started up.
|
34
|
-
#
|
35
|
-
# class { 'postgresql::config::before_service':
|
36
|
-
# ip_mask_allow_all_users => '0.0.0.0/0',
|
37
|
-
# }
|
38
|
-
#
|
39
|
-
class postgresql::config::beforeservice(
|
40
|
-
$pg_hba_conf_path,
|
41
|
-
$postgresql_conf_path,
|
42
|
-
$firewall_supported = $postgresql::params::firewall_supported,
|
43
|
-
$ip_mask_deny_postgres_user = $postgresql::params::ip_mask_deny_postgres_user,
|
44
|
-
$ip_mask_allow_all_users = $postgresql::params::ip_mask_allow_all_users,
|
45
|
-
$listen_addresses = $postgresql::params::listen_addresses,
|
46
|
-
$ipv4acls = $postgresql::params::ipv4acls,
|
47
|
-
$ipv6acls = $postgresql::params::ipv6acls,
|
48
|
-
$manage_redhat_firewall = $postgresql::params::manage_redhat_firewall,
|
49
|
-
$manage_pg_hba_conf = $postgresql::params::manage_pg_hba_conf,
|
50
|
-
$persist_firewall_command = $postgresql::params::persist_firewall_command,
|
51
|
-
) inherits postgresql::params {
|
52
|
-
|
53
|
-
|
54
|
-
File {
|
55
|
-
owner => $postgresql::params::user,
|
56
|
-
group => $postgresql::params::group,
|
57
|
-
}
|
58
|
-
|
59
|
-
if $manage_pg_hba_conf {
|
60
|
-
# Create the main pg_hba resource
|
61
|
-
postgresql::pg_hba { 'main':
|
62
|
-
notify => Exec['reload_postgresql'],
|
63
|
-
}
|
64
|
-
|
65
|
-
Postgresql::Pg_hba_rule {
|
66
|
-
database => 'all',
|
67
|
-
user => 'all',
|
68
|
-
}
|
69
|
-
|
70
|
-
# Lets setup the base rules
|
71
|
-
$auth_option = $postgresql::params::version ? {
|
72
|
-
'8.1' => 'sameuser',
|
73
|
-
default => undef,
|
74
|
-
}
|
75
|
-
|
76
|
-
postgresql::pg_hba_rule { 'local access as postgres user':
|
77
|
-
type => 'local',
|
78
|
-
user => $postgresql::params::user,
|
79
|
-
auth_method => 'ident',
|
80
|
-
auth_option => $auth_option,
|
81
|
-
order => '001',
|
82
|
-
}
|
83
|
-
postgresql::pg_hba_rule { 'local access to database with same name':
|
84
|
-
type => 'local',
|
85
|
-
auth_method => 'ident',
|
86
|
-
auth_option => $auth_option,
|
87
|
-
order => '002',
|
88
|
-
}
|
89
|
-
postgresql::pg_hba_rule { 'deny access to postgresql user':
|
90
|
-
type => 'host',
|
91
|
-
user => $postgresql::params::user,
|
92
|
-
address => $ip_mask_deny_postgres_user,
|
93
|
-
auth_method => 'reject',
|
94
|
-
order => '003',
|
95
|
-
}
|
96
|
-
|
97
|
-
# ipv4acls are passed as an array of rule strings, here we transform them into
|
98
|
-
# a resources hash, and pass the result to create_resources
|
99
|
-
$ipv4acl_resources = postgresql_acls_to_resources_hash($ipv4acls, 'ipv4acls', 10)
|
100
|
-
create_resources('postgresql::pg_hba_rule', $ipv4acl_resources)
|
101
|
-
|
102
|
-
postgresql::pg_hba_rule { 'allow access to all users':
|
103
|
-
type => 'host',
|
104
|
-
address => $ip_mask_allow_all_users,
|
105
|
-
auth_method => 'md5',
|
106
|
-
order => '100',
|
107
|
-
}
|
108
|
-
postgresql::pg_hba_rule { 'allow access to ipv6 localhost':
|
109
|
-
type => 'host',
|
110
|
-
address => '::1/128',
|
111
|
-
auth_method => 'md5',
|
112
|
-
order => '101',
|
113
|
-
}
|
114
|
-
|
115
|
-
# ipv6acls are passed as an array of rule strings, here we transform them into
|
116
|
-
# a resources hash, and pass the result to create_resources
|
117
|
-
$ipv6acl_resources = postgresql_acls_to_resources_hash($ipv6acls, 'ipv6acls', 102)
|
118
|
-
create_resources('postgresql::pg_hba_rule', $ipv6acl_resources)
|
119
|
-
}
|
120
|
-
|
121
|
-
# We must set a "listen_addresses" line in the postgresql.conf if we
|
122
|
-
# want to allow any connections from remote hosts.
|
123
|
-
file_line { 'postgresql.conf#listen_addresses':
|
124
|
-
path => $postgresql_conf_path,
|
125
|
-
match => '^listen_addresses\s*=.*$',
|
126
|
-
line => "listen_addresses = '${listen_addresses}'",
|
127
|
-
notify => Service['postgresqld'],
|
128
|
-
}
|
129
|
-
|
130
|
-
# Here we are adding an 'include' line so that users have the option of
|
131
|
-
# managing their own settings in a second conf file. This only works for
|
132
|
-
# postgresql 8.2 and higher.
|
133
|
-
if(versioncmp($postgresql::params::version, '8.2') >= 0) {
|
134
|
-
# Since we're adding an "include" for this extras config file, we need
|
135
|
-
# to make sure it exists.
|
136
|
-
exec { 'create_postgresql_conf_path':
|
137
|
-
command => "touch `dirname ${postgresql_conf_path}`/postgresql_puppet_extras.conf",
|
138
|
-
path => '/usr/bin:/bin',
|
139
|
-
unless => "[ -f `dirname ${postgresql_conf_path}`/postgresql_puppet_extras.conf ]"
|
140
|
-
}
|
141
|
-
|
142
|
-
file_line { 'postgresql.conf#include':
|
143
|
-
path => $postgresql_conf_path,
|
144
|
-
line => 'include \'postgresql_puppet_extras.conf\'',
|
145
|
-
require => Exec['create_postgresql_conf_path'],
|
146
|
-
notify => Service['postgresqld'],
|
147
|
-
}
|
148
|
-
}
|
149
|
-
|
150
|
-
|
151
|
-
# TODO: is this a reasonable place for this firewall stuff?
|
152
|
-
# TODO: figure out a way to make this not platform-specific; debian and ubuntu have
|
153
|
-
# an out-of-the-box firewall configuration that seems trickier to manage
|
154
|
-
# TODO: get rid of hard-coded port
|
155
|
-
if ( $manage_redhat_firewall and $firewall_supported ) {
|
156
|
-
exec { 'postgresql-persist-firewall':
|
157
|
-
command => $persist_firewall_command,
|
158
|
-
refreshonly => true,
|
159
|
-
}
|
160
|
-
|
161
|
-
Firewall {
|
162
|
-
notify => Exec['postgresql-persist-firewall']
|
163
|
-
}
|
164
|
-
|
165
|
-
firewall { '5432 accept - postgres':
|
166
|
-
port => '5432',
|
167
|
-
proto => 'tcp',
|
168
|
-
action => 'accept',
|
169
|
-
}
|
170
|
-
}
|
171
|
-
}
|
@@ -1,74 +0,0 @@
|
|
1
|
-
# Class: postgresql::config
|
2
|
-
#
|
3
|
-
# Parameters:
|
4
|
-
#
|
5
|
-
# [*postgres_password*] - postgres db user password.
|
6
|
-
# [*ip_mask_deny_postgres_user*] - ip mask for denying remote access for postgres user; defaults to '0.0.0.0/0',
|
7
|
-
# meaning that all TCP access for postgres user is denied.
|
8
|
-
# [*ip_mask_allow_all_users*] - ip mask for allowing remote access for other users (besides postgres);
|
9
|
-
# defaults to '127.0.0.1/32', meaning only allow connections from localhost
|
10
|
-
# [*listen_addresses*] - what IP address(es) to listen on; comma-separated list of addresses; defaults to
|
11
|
-
# 'localhost', '*' = all
|
12
|
-
# [*ipv4acls*] - list of strings for access control for connection method, users, databases, IPv4
|
13
|
-
# addresses; see postgresql documentation about pg_hba.conf for information
|
14
|
-
# [*ipv6acls*] - list of strings for access control for connection method, users, databases, IPv6
|
15
|
-
# addresses; see postgresql documentation about pg_hba.conf for information
|
16
|
-
# [*pg_hba_conf_path*] - path to pg_hba.conf file
|
17
|
-
# [*postgresql_conf_path*] - path to postgresql.conf file
|
18
|
-
# [*manage_redhat_firewall*] - boolean indicating whether or not the module should open a port in the firewall on
|
19
|
-
# redhat-based systems; this parameter is likely to change in future versions. Possible
|
20
|
-
# changes include support for non-RedHat systems and finer-grained control over the
|
21
|
-
# firewall rule (currently, it simply opens up the postgres port to all TCP connections).
|
22
|
-
# [*manage_pg_hba_conf*] - boolean indicating whether or not the module manages pg_hba.conf file.
|
23
|
-
#
|
24
|
-
#
|
25
|
-
# Actions:
|
26
|
-
#
|
27
|
-
# Requires:
|
28
|
-
#
|
29
|
-
# Usage:
|
30
|
-
#
|
31
|
-
# class { 'postgresql::config':
|
32
|
-
# postgres_password => 'postgres',
|
33
|
-
# ip_mask_allow_all_users => '0.0.0.0/0',
|
34
|
-
# }
|
35
|
-
#
|
36
|
-
class postgresql::config(
|
37
|
-
$postgres_password = undef,
|
38
|
-
$ip_mask_deny_postgres_user = $postgresql::params::ip_mask_deny_postgres_user,
|
39
|
-
$ip_mask_allow_all_users = $postgresql::params::ip_mask_allow_all_users,
|
40
|
-
$listen_addresses = $postgresql::params::listen_addresses,
|
41
|
-
$ipv4acls = $postgresql::params::ipv4acls,
|
42
|
-
$ipv6acls = $postgresql::params::ipv6acls,
|
43
|
-
$pg_hba_conf_path = $postgresql::params::pg_hba_conf_path,
|
44
|
-
$postgresql_conf_path = $postgresql::params::postgresql_conf_path,
|
45
|
-
$manage_redhat_firewall = $postgresql::params::manage_redhat_firewall,
|
46
|
-
$manage_pg_hba_conf = $postgresql::params::manage_pg_hba_conf
|
47
|
-
) inherits postgresql::params {
|
48
|
-
|
49
|
-
# Basically, all this class needs to handle is passing parameters on
|
50
|
-
# to the "beforeservice" and "afterservice" classes, and ensure
|
51
|
-
# the proper ordering.
|
52
|
-
|
53
|
-
class { 'postgresql::config::beforeservice':
|
54
|
-
ip_mask_deny_postgres_user => $ip_mask_deny_postgres_user,
|
55
|
-
ip_mask_allow_all_users => $ip_mask_allow_all_users,
|
56
|
-
listen_addresses => $listen_addresses,
|
57
|
-
ipv4acls => $ipv4acls,
|
58
|
-
ipv6acls => $ipv6acls,
|
59
|
-
pg_hba_conf_path => $pg_hba_conf_path,
|
60
|
-
postgresql_conf_path => $postgresql_conf_path,
|
61
|
-
manage_redhat_firewall => $manage_redhat_firewall,
|
62
|
-
manage_pg_hba_conf => $manage_pg_hba_conf,
|
63
|
-
}
|
64
|
-
|
65
|
-
class { 'postgresql::config::afterservice':
|
66
|
-
postgres_password => $postgres_password,
|
67
|
-
}
|
68
|
-
|
69
|
-
Class['postgresql::config'] ->
|
70
|
-
Class['postgresql::config::beforeservice'] ->
|
71
|
-
Service['postgresqld'] ->
|
72
|
-
Class['postgresql::config::afterservice']
|
73
|
-
|
74
|
-
}
|
@@ -1,29 +0,0 @@
|
|
1
|
-
# Class: postgresql::contrib
|
2
|
-
#
|
3
|
-
# This class installs the postgresql contrib package.
|
4
|
-
#
|
5
|
-
# Parameters:
|
6
|
-
# [*package_name*] - The name of the postgresql contrib package.
|
7
|
-
# [*package_ensure*] - The ensure value of the package.
|
8
|
-
#
|
9
|
-
# Actions:
|
10
|
-
#
|
11
|
-
# Requires:
|
12
|
-
#
|
13
|
-
# Sample Usage:
|
14
|
-
#
|
15
|
-
# class { 'postgresql::contrib': }
|
16
|
-
#
|
17
|
-
class postgresql::contrib (
|
18
|
-
$package_name = $postgresql::params::contrib_package_name,
|
19
|
-
$package_ensure = 'present'
|
20
|
-
) inherits postgresql::params {
|
21
|
-
|
22
|
-
validate_string($package_name)
|
23
|
-
|
24
|
-
package { 'postgresql-contrib':
|
25
|
-
ensure => $package_ensure,
|
26
|
-
name => $package_name,
|
27
|
-
tag => 'postgresql',
|
28
|
-
}
|
29
|
-
}
|
@@ -1,85 +0,0 @@
|
|
1
|
-
# puppet-postgresql
|
2
|
-
# For all details and documentation:
|
3
|
-
# http://github.com/inkling/puppet-postgresql
|
4
|
-
#
|
5
|
-
# Copyright 2012- Inkling Systems, Inc.
|
6
|
-
#
|
7
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
8
|
-
# you may not use this file except in compliance with the License.
|
9
|
-
# You may obtain a copy of the License at
|
10
|
-
#
|
11
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
12
|
-
#
|
13
|
-
# Unless required by applicable law or agreed to in writing, software
|
14
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
15
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
16
|
-
# See the License for the specific language governing permissions and
|
17
|
-
# limitations under the License.
|
18
|
-
|
19
|
-
# TODO: in order to match up more closely with the mysql module, this probably
|
20
|
-
# needs to be moved over to ruby, and add support for ensurable.
|
21
|
-
|
22
|
-
define postgresql::database(
|
23
|
-
$dbname = $title,
|
24
|
-
$owner = $postgresql::params::user,
|
25
|
-
$tablespace = undef,
|
26
|
-
$charset = $postgresql::params::charset,
|
27
|
-
$locale = $postgresql::params::locale,
|
28
|
-
$istemplate = false
|
29
|
-
) {
|
30
|
-
include postgresql::params
|
31
|
-
|
32
|
-
# Set the defaults for the postgresql_psql resource
|
33
|
-
Postgresql_psql {
|
34
|
-
psql_user => $postgresql::params::user,
|
35
|
-
psql_group => $postgresql::params::group,
|
36
|
-
psql_path => $postgresql::params::psql_path,
|
37
|
-
}
|
38
|
-
|
39
|
-
# Optionally set the locale switch. Older versions of createdb may not accept
|
40
|
-
# --locale, so if the parameter is undefined its safer not to pass it.
|
41
|
-
if ($postgresql::params::version != '8.1') {
|
42
|
-
$locale_option = $locale ? {
|
43
|
-
undef => '',
|
44
|
-
default => "--locale=${locale}",
|
45
|
-
}
|
46
|
-
$public_revoke_privilege = 'CONNECT'
|
47
|
-
} else {
|
48
|
-
$locale_option = ''
|
49
|
-
$public_revoke_privilege = 'ALL'
|
50
|
-
}
|
51
|
-
|
52
|
-
$createdb_command_tmp = "${postgresql::params::createdb_path} --owner='${owner}' --template=template0 --encoding '${charset}' ${locale_option} '${dbname}'"
|
53
|
-
|
54
|
-
if($tablespace == undef) {
|
55
|
-
$createdb_command = $createdb_command_tmp
|
56
|
-
}
|
57
|
-
else {
|
58
|
-
$createdb_command = "${createdb_command_tmp} --tablespace='${tablespace}'"
|
59
|
-
}
|
60
|
-
|
61
|
-
postgresql_psql { "Check for existence of db '${dbname}'":
|
62
|
-
command => 'SELECT 1',
|
63
|
-
unless => "SELECT datname FROM pg_database WHERE datname='${dbname}'",
|
64
|
-
require => Class['postgresql::server']
|
65
|
-
} ~>
|
66
|
-
|
67
|
-
exec { $createdb_command :
|
68
|
-
refreshonly => true,
|
69
|
-
user => $postgresql::params::user,
|
70
|
-
logoutput => on_failure,
|
71
|
-
} ~>
|
72
|
-
|
73
|
-
# This will prevent users from connecting to the database unless they've been
|
74
|
-
# granted privileges.
|
75
|
-
postgresql_psql {"REVOKE ${public_revoke_privilege} ON DATABASE \"${dbname}\" FROM public":
|
76
|
-
db => $postgresql::params::user,
|
77
|
-
refreshonly => true,
|
78
|
-
}
|
79
|
-
|
80
|
-
Exec [ $createdb_command ] ->
|
81
|
-
|
82
|
-
postgresql_psql {"UPDATE pg_database SET datistemplate = ${istemplate} WHERE datname = '${dbname}'":
|
83
|
-
unless => "SELECT datname FROM pg_database WHERE datname = '${dbname}' AND datistemplate = ${istemplate}",
|
84
|
-
}
|
85
|
-
}
|
@@ -1,35 +0,0 @@
|
|
1
|
-
# puppet-postgresql
|
2
|
-
# For all details and documentation:
|
3
|
-
# http://github.com/inkling/puppet-postgresql
|
4
|
-
#
|
5
|
-
# Copyright 2012- Inkling Systems, Inc.
|
6
|
-
#
|
7
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
8
|
-
# you may not use this file except in compliance with the License.
|
9
|
-
# You may obtain a copy of the License at
|
10
|
-
#
|
11
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
12
|
-
#
|
13
|
-
# Unless required by applicable law or agreed to in writing, software
|
14
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
15
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
16
|
-
# See the License for the specific language governing permissions and
|
17
|
-
# limitations under the License.
|
18
|
-
define postgresql::database_grant(
|
19
|
-
$privilege,
|
20
|
-
$db,
|
21
|
-
$role,
|
22
|
-
$psql_db = undef,
|
23
|
-
$psql_user = undef
|
24
|
-
) {
|
25
|
-
include postgresql::params
|
26
|
-
postgresql::grant { "database:${name}":
|
27
|
-
role => $role,
|
28
|
-
db => $db,
|
29
|
-
privilege => $privilege,
|
30
|
-
object_type => 'DATABASE',
|
31
|
-
object_name => $db,
|
32
|
-
psql_db => $psql_db,
|
33
|
-
psql_user => $psql_user,
|
34
|
-
}
|
35
|
-
}
|