freighthop 0.0.6 → 0.1.0

data/modules/postgresql/examples/postgresql_tablespace.pp

@@ -1,73 +0,0 @@
-class { 'postgresql::server':
-    config_hash => {
-        'ip_mask_deny_postgres_user' => '0.0.0.0/32',
-        'ip_mask_allow_all_users'    => '0.0.0.0/0',
-        'listen_addresses'           => '*',
-        'manage_redhat_firewall'     => true,
-        'postgres_password'          => 'postgres',
-    },
-}
-
-file { '/tmp':
-  ensure => 'directory',
-}
-file { '/tmp/pg_tablespaces':
-  ensure  => 'directory',
-  owner   => 'postgres',
-  group   => 'postgres',
-  mode    => '0700',
-  require => File['/tmp'],
-}
-
-postgresql::tablespace{ 'tablespace1':
-  location => '/tmp/pg_tablespaces/space1',
-  require => [Class['postgresql::server'], File['/tmp/pg_tablespaces']],
-}
-postgresql::database{ 'tablespacedb1':
-  # TODO: ensure not yet supported
-  #ensure  => present,
-  charset => 'utf8',
-  require => Class['postgresql::server'],
-}
-postgresql::database{ 'tablespacedb2':
-  # TODO: ensure not yet supported
-  #ensure  => present,
-  charset => 'utf8',
-  tablespace => 'tablespace1',
-  require => Postgresql::Tablespace['tablespace1'],
-}
-postgresql::db{ 'tablespacedb3':
-  # TODO: ensure not yet supported
-  #ensure  => present,
-  user => 'dbuser1',
-  password => 'dbuser1',
-  require => Class['postgresql::server'],
-}
-postgresql::db{ 'tablespacedb4':
-  # TODO: ensure not yet supported
-  #ensure  => present,
-  user => 'dbuser2',
-  password => 'dbuser2',
-  tablespace => 'tablespace1',
-  require => Postgresql::Tablespace['tablespace1'],
-}
-
-postgresql::database_user{ 'spcuser':
-  # TODO: ensure is not yet supported
-  #ensure        => present,
-  password_hash => postgresql_password('spcuser', 'spcuser'),
-  require       => Class['postgresql::server'],
-}
-postgresql::tablespace{ 'tablespace2':
-  location => '/tmp/pg_tablespaces/space2',
-  owner => 'spcuser',
-  require => [Postgresql::Database_user['spcuser'], File['/tmp/pg_tablespaces']],
-}
-postgresql::database{ 'tablespacedb5':
-  # TODO: ensure not yet supported
-  #ensure  => present,
-  charset => 'utf8',
-  tablespace => 'tablespace2',
-  require => Postgresql::Tablespace['tablespace2'],
-}
-

data/modules/postgresql/examples/postgresql_user.pp

@@ -1,28 +0,0 @@
-class { 'postgresql::server':
-    config_hash => {
-        'ip_mask_deny_postgres_user' => '0.0.0.0/32',
-        'ip_mask_allow_all_users'    => '0.0.0.0/0',
-        'listen_addresses'           => '*',
-        'manage_redhat_firewall'     => true,
-        'postgres_password'          => 'postgres',
-    },
-}
-
-# TODO: in mysql module, the username includes, e.g., '@%' or '@localhost', which
-#  affects the user's ability to connect from remote hosts.  In postgres this is
-#  managed via pg_hba.conf; not sure if we want to try to reconcile that difference
-#  in the modules or not.
-postgresql::database_user{ 'redmine':
-  # TODO: ensure is not yet supported
-  #ensure        => present,
-  password_hash => postgresql_password('redmine', 'redmine'),
-  require       => Class['postgresql::server'],
-}
-
-postgresql::database_user{ 'dan':
-  # TODO: ensure is not yet supported
-  #ensure        => present,
-  password_hash => postgresql_password('dan', 'blah'),
-  require       => Class['postgresql::server'],
-}
-

data/modules/postgresql/examples/server.pp

@@ -1,10 +0,0 @@
-class { 'postgresql::server':
-    config_hash => {
-        'ip_mask_deny_postgres_user' => '0.0.0.0/32',
-        'ip_mask_allow_all_users'    => '0.0.0.0/0',
-        'listen_addresses'           => '*',
-        'ipv4acls'                   => ['hostssl all johndoe 192.168.0.0/24 cert'],
-        'manage_redhat_firewall'     => true,
-        'postgres_password'          => 'postgres',
-    },
-}

data/modules/postgresql/lib/facter/postgres_default_version.rb

@@ -1,69 +0,0 @@
-def get_debianfamily_postgres_version
-  case Facter.value('operatingsystem')
-    when "Debian"
-      get_debian_postgres_version()
-    when "Ubuntu"
-      get_ubuntu_postgres_version()
-    else
-      nil
-  end
-end
-
-def get_debian_postgres_version
-  case Facter.value('operatingsystemrelease')
-    # TODO: add more debian versions or better logic here
-    when /^6\./
-      "8.4"
-    when /^wheezy/, /^7\./
-      "9.1"
-    else
-      nil
-  end
-end
-
-def get_ubuntu_postgres_version
-  case Facter.value('operatingsystemrelease')
-    when "11.10", "12.04", "12.10", "13.04"
-      "9.1"
-    when "10.04", "10.10", "11.04"
-      "8.4"
-    else
-      nil
-  end
-end
-
-def get_redhatfamily_postgres_version
-  case Facter.value('operatingsystemrelease')
-    when /^6\./
-      "8.4"
-    when /^5\./
-      "8.1"
-    else
-      nil
-  end
-end
-
-Facter.add("postgres_default_version") do
-  setcode do
-    result =
-      case Facter.value('osfamily')
-        when 'RedHat'
-          get_redhatfamily_postgres_version()
-        when 'Linux'
-          get_redhatfamily_postgres_version()
-        when 'Debian'
-          get_debianfamily_postgres_version()
-        else
-          nil
-      end
-
-    # TODO: not sure if this is really a great idea, but elsewhere in the code
-    # it is useful to be able to distinguish between the case where the fact
-    # does not exist at all (e.g., if pluginsync is not enabled), and the case
-    # where the fact is not known for the OS in question.
-    if result == nil
-      result = 'unknown'
-    end
-    result
-  end
-end

data/modules/postgresql/manifests/config/afterservice.pp

@@ -1,47 +0,0 @@
-# Class: postgresql::config::afterservice
-#
-# Parameters:
-#
-#   [*postgres_password*]     - postgres db user password.
-#
-# Actions:
-#
-# Requires:
-#
-# Usage:
-#   This class is not intended to be used directly; it is
-#   managed by postgresl::config.  It contains resources
-#   that should be handled *after* the postgres service
-#   has been started up.
-#
-#   class { 'postgresql::config::afterservice':
-#     postgres_password     => 'postgres'
-#   }
-#
-class postgresql::config::afterservice(
-  $postgres_password = undef
-) inherits postgresql::params {
-
-  if ($postgres_password != undef) {
-    # NOTE: this password-setting logic relies on the pg_hba.conf being configured
-    #  to allow the postgres system user to connect via psql without specifying
-    #  a password ('ident' or 'trust' security).  This is the default
-    #  for pg_hba.conf.
-    $escapedpassword = postgresql_escape($postgres_password)
-
-    exec { 'set_postgres_postgrespw':
-        # This command works w/no password because we run it as postgres system user
-        command     => "psql -c 'ALTER ROLE \"${postgresql::params::user}\" PASSWORD ${escapedpassword}'",
-        user        => $postgresql::params::user,
-        group       => $postgresql::params::group,
-        logoutput   => true,
-        cwd         => '/tmp',
-        # With this command we're passing -h to force TCP authentication, which does require
-        #  a password.  We specify the password via the PGPASSWORD environment variable.  If
-        #  the password is correct (current), this command will exit with an exit code of 0,
-        #  which will prevent the main command from running.
-        unless      => "env PGPASSWORD='${postgres_password}' psql -h localhost -c 'select 1' > /dev/null",
-        path        => '/usr/bin:/usr/local/bin:/bin',
-    }
-  }
-}

data/modules/postgresql/manifests/config/beforeservice.pp

@@ -1,171 +0,0 @@
-# Class: postgresql::config::beforeservice
-#
-# Parameters:
-#
-#   [*firewall_supported*]      - Is the firewall supported?
-#   [*ip_mask_deny_postgres_user*]   - ip mask for denying remote access for postgres user; defaults to '0.0.0.0/0',
-#                                       meaning that all TCP access for postgres user is denied.
-#   [*ip_mask_allow_all_users*]      - ip mask for allowing remote access for other users (besides postgres);
-#                                       defaults to '127.0.0.1/32', meaning only allow connections from localhost
-#   [*listen_addresses*]        - what IP address(es) to listen on; comma-separated list of addresses; defaults to
-#                                    'localhost', '*' = all
-#   [*ipv4acls*]                - list of strings for access control for connection method, users, databases, IPv4
-#                                    addresses; see postgresql documentation about pg_hba.conf for information
-#   [*ipv6acls*]                - list of strings for access control for connection method, users, databases, IPv6
-#                                    addresses; see postgresql documentation about pg_hba.conf for information
-#   [*pg_hba_conf_path*]        - path to pg_hba.conf file
-#   [*postgresql_conf_path*]    - path to postgresql.conf file
-#   [*manage_redhat_firewall*]  - boolean indicating whether or not the module should open a port in the firewall on
-#                                    redhat-based systems; this parameter is likely to change in future versions.  Possible
-#                                    changes include support for non-RedHat systems and finer-grained control over the
-#                                    firewall rule (currently, it simply opens up the postgres port to all TCP connections).
-#   [*manage_pg_hba_conf*]      - boolean indicating whether or not the module manages pg_hba.conf file.
-#   [*persist_firewall_command*] - Command to persist firewall connections.
-#
-# Actions:
-#
-# Requires:
-#
-# Usage:
-#   This class is not intended to be used directly; it is
-#   managed by postgresl::config.  It contains resources
-#   that should be handled *before* the postgres service
-#   has been started up.
-#
-#   class { 'postgresql::config::before_service':
-#     ip_mask_allow_all_users    => '0.0.0.0/0',
-#   }
-#
-class postgresql::config::beforeservice(
-  $pg_hba_conf_path,
-  $postgresql_conf_path,
-  $firewall_supported         = $postgresql::params::firewall_supported,
-  $ip_mask_deny_postgres_user = $postgresql::params::ip_mask_deny_postgres_user,
-  $ip_mask_allow_all_users    = $postgresql::params::ip_mask_allow_all_users,
-  $listen_addresses           = $postgresql::params::listen_addresses,
-  $ipv4acls                   = $postgresql::params::ipv4acls,
-  $ipv6acls                   = $postgresql::params::ipv6acls,
-  $manage_redhat_firewall     = $postgresql::params::manage_redhat_firewall,
-  $manage_pg_hba_conf         = $postgresql::params::manage_pg_hba_conf,
-  $persist_firewall_command   = $postgresql::params::persist_firewall_command,
-) inherits postgresql::params {
-
-
-  File {
-    owner  => $postgresql::params::user,
-    group  => $postgresql::params::group,
-  }
-
-  if $manage_pg_hba_conf {
-    # Create the main pg_hba resource
-    postgresql::pg_hba { 'main':
-      notify => Exec['reload_postgresql'],
-    }
-
-    Postgresql::Pg_hba_rule {
-      database => 'all',
-      user => 'all',
-    }
-
-    # Lets setup the base rules
-    $auth_option = $postgresql::params::version ? {
-      '8.1'   => 'sameuser',
-      default => undef,
-    }
-
-    postgresql::pg_hba_rule { 'local access as postgres user':
-      type        => 'local',
-      user        => $postgresql::params::user,
-      auth_method => 'ident',
-      auth_option => $auth_option,
-      order       => '001',
-    }
-    postgresql::pg_hba_rule { 'local access to database with same name':
-      type        => 'local',
-      auth_method => 'ident',
-      auth_option => $auth_option,
-      order       => '002',
-    }
-    postgresql::pg_hba_rule { 'deny access to postgresql user':
-      type        => 'host',
-      user        => $postgresql::params::user,
-      address     => $ip_mask_deny_postgres_user,
-      auth_method => 'reject',
-      order       => '003',
-    }
-
-    # ipv4acls are passed as an array of rule strings, here we transform them into
-    # a resources hash, and pass the result to create_resources
-    $ipv4acl_resources = postgresql_acls_to_resources_hash($ipv4acls, 'ipv4acls', 10)
-    create_resources('postgresql::pg_hba_rule', $ipv4acl_resources)
-
-    postgresql::pg_hba_rule { 'allow access to all users':
-      type        => 'host',
-      address     => $ip_mask_allow_all_users,
-      auth_method => 'md5',
-      order       => '100',
-    }
-    postgresql::pg_hba_rule { 'allow access to ipv6 localhost':
-      type        => 'host',
-      address     => '::1/128',
-      auth_method => 'md5',
-      order       => '101',
-    }
-
-    # ipv6acls are passed as an array of rule strings, here we transform them into
-    # a resources hash, and pass the result to create_resources
-    $ipv6acl_resources = postgresql_acls_to_resources_hash($ipv6acls, 'ipv6acls', 102)
-    create_resources('postgresql::pg_hba_rule', $ipv6acl_resources)
-  }
-
-  # We must set a "listen_addresses" line in the postgresql.conf if we
-  #  want to allow any connections from remote hosts.
-  file_line { 'postgresql.conf#listen_addresses':
-    path        => $postgresql_conf_path,
-    match       => '^listen_addresses\s*=.*$',
-    line        => "listen_addresses = '${listen_addresses}'",
-    notify      => Service['postgresqld'],
-  }
-
-  # Here we are adding an 'include' line so that users have the option of
-  # managing their own settings in a second conf file. This only works for
-  # postgresql 8.2 and higher.
-  if(versioncmp($postgresql::params::version, '8.2') >= 0) {
-    # Since we're adding an "include" for this extras config file, we need
-    # to make sure it exists.
-    exec { 'create_postgresql_conf_path':
-      command => "touch `dirname ${postgresql_conf_path}`/postgresql_puppet_extras.conf",
-      path    => '/usr/bin:/bin',
-      unless  => "[ -f `dirname ${postgresql_conf_path}`/postgresql_puppet_extras.conf ]"
-    }
-
-    file_line { 'postgresql.conf#include':
-      path        => $postgresql_conf_path,
-      line        => 'include \'postgresql_puppet_extras.conf\'',
-      require     => Exec['create_postgresql_conf_path'],
-      notify      => Service['postgresqld'],
-    }
-  }
-
-
-  # TODO: is this a reasonable place for this firewall stuff?
-  # TODO: figure out a way to make this not platform-specific; debian and ubuntu have
-  #        an out-of-the-box firewall configuration that seems trickier to manage
-  # TODO: get rid of hard-coded port
-  if ( $manage_redhat_firewall and $firewall_supported ) {
-      exec { 'postgresql-persist-firewall':
-        command     => $persist_firewall_command,
-        refreshonly => true,
-      }
-
-      Firewall {
-        notify => Exec['postgresql-persist-firewall']
-      }
-
-      firewall { '5432 accept - postgres':
-        port   => '5432',
-        proto  => 'tcp',
-        action => 'accept',
-      }
-  }
-}

data/modules/postgresql/manifests/config.pp

@@ -1,74 +0,0 @@
-# Class: postgresql::config
-#
-# Parameters:
-#
-#   [*postgres_password*]            - postgres db user password.
-#   [*ip_mask_deny_postgres_user*]   - ip mask for denying remote access for postgres user; defaults to '0.0.0.0/0',
-#                                       meaning that all TCP access for postgres user is denied.
-#   [*ip_mask_allow_all_users*]      - ip mask for allowing remote access for other users (besides postgres);
-#                                       defaults to '127.0.0.1/32', meaning only allow connections from localhost
-#   [*listen_addresses*]             - what IP address(es) to listen on; comma-separated list of addresses; defaults to
-#                                       'localhost', '*' = all
-#   [*ipv4acls*]                     - list of strings for access control for connection method, users, databases, IPv4
-#                                       addresses; see postgresql documentation about pg_hba.conf for information
-#   [*ipv6acls*]                     - list of strings for access control for connection method, users, databases, IPv6
-#                                       addresses; see postgresql documentation about pg_hba.conf for information
-#   [*pg_hba_conf_path*]             - path to pg_hba.conf file
-#   [*postgresql_conf_path*]         - path to postgresql.conf file
-#   [*manage_redhat_firewall*]       - boolean indicating whether or not the module should open a port in the firewall on
-#                                       redhat-based systems; this parameter is likely to change in future versions.  Possible
-#                                       changes include support for non-RedHat systems and finer-grained control over the
-#                                       firewall rule (currently, it simply opens up the postgres port to all TCP connections).
-#   [*manage_pg_hba_conf*]      - boolean indicating whether or not the module manages pg_hba.conf file.
-#
-#
-# Actions:
-#
-# Requires:
-#
-# Usage:
-#
-#   class { 'postgresql::config':
-#     postgres_password         => 'postgres',
-#     ip_mask_allow_all_users   => '0.0.0.0/0',
-#   }
-#
-class postgresql::config(
-  $postgres_password          = undef,
-  $ip_mask_deny_postgres_user = $postgresql::params::ip_mask_deny_postgres_user,
-  $ip_mask_allow_all_users    = $postgresql::params::ip_mask_allow_all_users,
-  $listen_addresses           = $postgresql::params::listen_addresses,
-  $ipv4acls                   = $postgresql::params::ipv4acls,
-  $ipv6acls                   = $postgresql::params::ipv6acls,
-  $pg_hba_conf_path           = $postgresql::params::pg_hba_conf_path,
-  $postgresql_conf_path       = $postgresql::params::postgresql_conf_path,
-  $manage_redhat_firewall     = $postgresql::params::manage_redhat_firewall,
-  $manage_pg_hba_conf         = $postgresql::params::manage_pg_hba_conf
-) inherits postgresql::params {
-
-  # Basically, all this class needs to handle is passing parameters on
-  #  to the "beforeservice" and "afterservice" classes, and ensure
-  #  the proper ordering.
-
-  class { 'postgresql::config::beforeservice':
-    ip_mask_deny_postgres_user => $ip_mask_deny_postgres_user,
-    ip_mask_allow_all_users    => $ip_mask_allow_all_users,
-    listen_addresses           => $listen_addresses,
-    ipv4acls                   => $ipv4acls,
-    ipv6acls                   => $ipv6acls,
-    pg_hba_conf_path           => $pg_hba_conf_path,
-    postgresql_conf_path       => $postgresql_conf_path,
-    manage_redhat_firewall     => $manage_redhat_firewall,
-    manage_pg_hba_conf         => $manage_pg_hba_conf,
-  }
-
-  class { 'postgresql::config::afterservice':
-    postgres_password        => $postgres_password,
-  }
-
-  Class['postgresql::config'] ->
-      Class['postgresql::config::beforeservice'] ->
-      Service['postgresqld'] ->
-      Class['postgresql::config::afterservice']
-
-}

data/modules/postgresql/manifests/contrib.pp

@@ -1,29 +0,0 @@
-# Class: postgresql::contrib
-#
-# This class installs the postgresql contrib package.
-#
-# Parameters:
-#   [*package_name*]    - The name of the postgresql contrib package.
-#   [*package_ensure*]  - The ensure value of the package.
-#
-# Actions:
-#
-# Requires:
-#
-# Sample Usage:
-#
-#   class { 'postgresql::contrib': }
-#
-class postgresql::contrib (
-  $package_name   = $postgresql::params::contrib_package_name,
-  $package_ensure = 'present'
-) inherits postgresql::params {
-
-  validate_string($package_name)
-
-  package { 'postgresql-contrib':
-    ensure => $package_ensure,
-    name   => $package_name,
-    tag    => 'postgresql',
-  }
-}

data/modules/postgresql/manifests/database.pp

@@ -1,85 +0,0 @@
-# puppet-postgresql
-# For all details and documentation:
-# http://github.com/inkling/puppet-postgresql
-#
-# Copyright 2012- Inkling Systems, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# TODO: in order to match up more closely with the mysql module, this probably
-#  needs to be moved over to ruby, and add support for ensurable.
-
-define postgresql::database(
-  $dbname   = $title,
-  $owner = $postgresql::params::user,
-  $tablespace = undef,
-  $charset  = $postgresql::params::charset,
-  $locale   = $postgresql::params::locale,
-  $istemplate = false
-) {
-  include postgresql::params
-
-  # Set the defaults for the postgresql_psql resource
-  Postgresql_psql {
-    psql_user    => $postgresql::params::user,
-    psql_group   => $postgresql::params::group,
-    psql_path    => $postgresql::params::psql_path,
-  }
-
-  # Optionally set the locale switch. Older versions of createdb may not accept
-  # --locale, so if the parameter is undefined its safer not to pass it.
-  if ($postgresql::params::version != '8.1') {
-    $locale_option = $locale ? {
-      undef   => '',
-      default => "--locale=${locale}",
-    }
-    $public_revoke_privilege = 'CONNECT'
-  } else {
-    $locale_option = ''
-    $public_revoke_privilege = 'ALL'
-  }
-
-  $createdb_command_tmp = "${postgresql::params::createdb_path} --owner='${owner}' --template=template0 --encoding '${charset}' ${locale_option} '${dbname}'"
-
-  if($tablespace == undef) {
-    $createdb_command = $createdb_command_tmp
-  }
-  else {
-    $createdb_command = "${createdb_command_tmp} --tablespace='${tablespace}'"
-  }
-
-  postgresql_psql { "Check for existence of db '${dbname}'":
-    command => 'SELECT 1',
-    unless  => "SELECT datname FROM pg_database WHERE datname='${dbname}'",
-    require => Class['postgresql::server']
-  } ~>
-
-  exec { $createdb_command :
-    refreshonly => true,
-    user        => $postgresql::params::user,
-    logoutput   => on_failure,
-  } ~>
-
-  # This will prevent users from connecting to the database unless they've been
-  #  granted privileges.
-  postgresql_psql {"REVOKE ${public_revoke_privilege} ON DATABASE \"${dbname}\" FROM public":
-    db          => $postgresql::params::user,
-    refreshonly => true,
-  }
-
-  Exec [ $createdb_command ] ->
-
-  postgresql_psql {"UPDATE pg_database SET datistemplate = ${istemplate} WHERE datname = '${dbname}'":
-    unless => "SELECT datname FROM pg_database WHERE datname = '${dbname}' AND datistemplate = ${istemplate}",
-  }
-}

data/modules/postgresql/manifests/database_grant.pp

@@ -1,35 +0,0 @@
-# puppet-postgresql
-# For all details and documentation:
-# http://github.com/inkling/puppet-postgresql
-#
-# Copyright 2012- Inkling Systems, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-define postgresql::database_grant(
-  $privilege,
-  $db,
-  $role,
-  $psql_db   = undef,
-  $psql_user = undef
-) {
-  include postgresql::params
-  postgresql::grant { "database:${name}":
-    role        => $role,
-    db          => $db,
-    privilege   => $privilege,
-    object_type => 'DATABASE',
-    object_name => $db,
-    psql_db     => $psql_db,
-    psql_user   => $psql_user,
-  }
-}