from-scratch 0.1.0 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (108) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +1 -0
  3. data/Berksfile.lock +11 -0
  4. data/chefignore +1 -0
  5. data/cookbooks/apt/CHANGELOG.md +248 -0
  6. data/cookbooks/apt/README.md +294 -0
  7. data/cookbooks/apt/attributes/default.rb +51 -0
  8. data/cookbooks/apt/files/default/15update-stamp +1 -0
  9. data/cookbooks/apt/files/default/apt-proxy-v2.conf +50 -0
  10. data/cookbooks/apt/libraries/helpers.rb +61 -0
  11. data/cookbooks/apt/libraries/matchers.rb +17 -0
  12. data/cookbooks/apt/libraries/network.rb +31 -0
  13. data/cookbooks/apt/metadata.json +1 -0
  14. data/cookbooks/apt/providers/preference.rb +84 -0
  15. data/cookbooks/apt/providers/repository.rb +246 -0
  16. data/cookbooks/apt/recipes/cacher-client.rb +83 -0
  17. data/cookbooks/apt/recipes/cacher-ng.rb +43 -0
  18. data/cookbooks/apt/recipes/default.rb +112 -0
  19. data/cookbooks/apt/recipes/unattended-upgrades.rb +47 -0
  20. data/cookbooks/apt/resources/preference.rb +37 -0
  21. data/cookbooks/apt/resources/repository.rb +60 -0
  22. data/cookbooks/apt/templates/debian-6.0/acng.conf.erb +173 -0
  23. data/cookbooks/apt/templates/default/01proxy.erb +9 -0
  24. data/cookbooks/apt/templates/default/10recommends.erb +3 -0
  25. data/cookbooks/apt/templates/default/20auto-upgrades.erb +2 -0
  26. data/cookbooks/apt/templates/default/50unattended-upgrades.erb +68 -0
  27. data/cookbooks/apt/templates/default/acng.conf.erb +275 -0
  28. data/cookbooks/apt/templates/default/unattended-upgrades.seed.erb +1 -0
  29. data/cookbooks/apt/templates/ubuntu-10.04/acng.conf.erb +269 -0
  30. data/cookbooks/build-essential/CHANGELOG.md +136 -0
  31. data/cookbooks/build-essential/README.md +108 -0
  32. data/cookbooks/build-essential/attributes/default.rb +20 -0
  33. data/cookbooks/build-essential/libraries/matchers.rb +5 -0
  34. data/cookbooks/build-essential/libraries/timing.rb +124 -0
  35. data/cookbooks/build-essential/libraries/xcode_command_line_tools.rb +210 -0
  36. data/cookbooks/build-essential/metadata.json +1 -0
  37. data/cookbooks/build-essential/recipes/_debian.rb +28 -0
  38. data/cookbooks/build-essential/recipes/_fedora.rb +32 -0
  39. data/cookbooks/build-essential/recipes/_freebsd.rb +24 -0
  40. data/cookbooks/build-essential/recipes/_mac_os_x.rb +22 -0
  41. data/cookbooks/build-essential/recipes/_omnios.rb +33 -0
  42. data/cookbooks/build-essential/recipes/_rhel.rb +36 -0
  43. data/cookbooks/build-essential/recipes/_smartos.rb +27 -0
  44. data/cookbooks/build-essential/recipes/_solaris2.rb +48 -0
  45. data/cookbooks/build-essential/recipes/_suse.rb +29 -0
  46. data/cookbooks/build-essential/recipes/default.rb +29 -0
  47. data/cookbooks/chef-sugar/CHANGELOG.md +159 -0
  48. data/cookbooks/chef-sugar/README.md +464 -0
  49. data/cookbooks/chef-sugar/metadata.json +1 -0
  50. data/cookbooks/chef-sugar/recipes/default.rb +34 -0
  51. data/cookbooks/openssl/CHANGELOG.md +30 -0
  52. data/cookbooks/openssl/README.md +115 -0
  53. data/cookbooks/openssl/attributes/default.rb +21 -0
  54. data/cookbooks/openssl/libraries/secure_password.rb +37 -0
  55. data/cookbooks/openssl/metadata.json +31 -0
  56. data/cookbooks/openssl/providers/x509.rb +94 -0
  57. data/cookbooks/openssl/recipes/default.rb +18 -0
  58. data/cookbooks/openssl/recipes/upgrade.rb +39 -0
  59. data/cookbooks/openssl/resources/x509.rb +16 -0
  60. data/cookbooks/postgresql/CHANGELOG.md +220 -0
  61. data/cookbooks/postgresql/README.md +464 -0
  62. data/cookbooks/postgresql/attributes/default.rb +549 -0
  63. data/cookbooks/postgresql/files/default/tests/minitest/apt_pgdg_postgresql_test.rb +39 -0
  64. data/cookbooks/postgresql/files/default/tests/minitest/default_test.rb +27 -0
  65. data/cookbooks/postgresql/files/default/tests/minitest/ruby_test.rb +28 -0
  66. data/cookbooks/postgresql/files/default/tests/minitest/server_test.rb +43 -0
  67. data/cookbooks/postgresql/files/default/tests/minitest/support/helpers.rb +29 -0
  68. data/cookbooks/postgresql/libraries/default.rb +377 -0
  69. data/cookbooks/postgresql/metadata.json +56 -0
  70. data/cookbooks/postgresql/recipes/apt_pgdg_postgresql.rb +18 -0
  71. data/cookbooks/postgresql/recipes/client.rb +32 -0
  72. data/cookbooks/postgresql/recipes/config_initdb.rb +148 -0
  73. data/cookbooks/postgresql/recipes/config_pgtune.rb +284 -0
  74. data/cookbooks/postgresql/recipes/contrib.rb +44 -0
  75. data/cookbooks/postgresql/recipes/default.rb +18 -0
  76. data/cookbooks/postgresql/recipes/ruby.rb +117 -0
  77. data/cookbooks/postgresql/recipes/server.rb +89 -0
  78. data/cookbooks/postgresql/recipes/server_conf.rb +34 -0
  79. data/cookbooks/postgresql/recipes/server_debian.rb +38 -0
  80. data/cookbooks/postgresql/recipes/server_redhat.rb +100 -0
  81. data/cookbooks/postgresql/recipes/yum_pgdg_postgresql.rb +45 -0
  82. data/cookbooks/postgresql/templates/default/pg_hba.conf.erb +35 -0
  83. data/cookbooks/postgresql/templates/default/pgsql.sysconfig.erb +4 -0
  84. data/cookbooks/postgresql/templates/default/postgresql.conf.erb +21 -0
  85. data/cookbooks/scratchify/.chef/knife.rb +2 -5
  86. data/cookbooks/scratchify/Berksfile +2 -1
  87. data/cookbooks/scratchify/Berksfile.lock +11 -0
  88. data/cookbooks/scratchify/README.md +34 -17
  89. data/cookbooks/scratchify/bin/scratchify +1 -1
  90. data/cookbooks/scratchify/chefignore +1 -0
  91. data/cookbooks/scratchify/from-scratch.gemspec +2 -5
  92. data/cookbooks/scratchify/lib/from-scratch.rb +25 -0
  93. data/cookbooks/scratchify/lib/{from/scratch → from-scratch}/version.rb +1 -1
  94. data/cookbooks/scratchify/metadata.json +2 -1
  95. data/cookbooks/scratchify/templates/node.json.erb +34 -0
  96. data/cookbooks/scratchify/templates/user.json.erb +6 -0
  97. data/lib/from-scratch.rb +2 -2
  98. data/lib/from-scratch/version.rb +1 -1
  99. data/templates/node.json.erb +6 -3
  100. metadata +85 -10
  101. data/cookbooks/scratchify/bin/console +0 -14
  102. data/cookbooks/scratchify/bin/setup +0 -7
  103. data/cookbooks/scratchify/data_bags/users/deploy.json +0 -6
  104. data/cookbooks/scratchify/environments/.gitkeep +0 -0
  105. data/cookbooks/scratchify/lib/from/scratch.rb +0 -31
  106. data/cookbooks/scratchify/lib/from/scratch/interviewer.rb +0 -35
  107. data/cookbooks/scratchify/nodes/normfood.ru.json +0 -75
  108. data/cookbooks/scratchify/roles/.gitkeep +0 -0
@@ -0,0 +1,220 @@
1
+ postgresql Cookbook CHANGELOG
2
+ =============================
3
+ This file is used to list changes made in each version of the postgresql cookbook.
4
+
5
+ v3.4.20
6
+ -------
7
+ - Revert [#251](https://github.com/hw-cookbooks/postgresql/pull/251), a change which caused the postgresql service to restart every Chef run.
8
+
9
+ v3.4.19 [YANKED]
10
+ -------
11
+ - node.save could better not be run on every chef run since it causes node.default attributes stored to the node objects to differ during a chef run and when
12
+ - Missing attribute in docs for yum_pgdg_postgresql
13
+ - restart postgres service immediately on config change
14
+ - Run restart command right away on the postgresql service.
15
+ - Add kitchen test for shared_preload_libraries & extension setup.
16
+ - Fix install order of contrib packages to fix pg_stat_statements issues.
17
+ - Add Debian Jessie to whitelist for apt.postgresql.org repo
18
+ - Install version 9.4 on Debian Jessie
19
+ - add amazon 2015
20
+ - add rhel7 support
21
+
22
+ v3.4.18
23
+ ------
24
+ - Revert changes from #201 with the intention of revisiting these changes as part of the next major version release.
25
+ - Specify version constraint on openssl cookbook due to an upstream release mishap
26
+
27
+ v3.4.16
28
+ ------
29
+ - Changed hard coded value to attribute #219
30
+ - Correction for directory creation under debian, etc. #222
31
+ - Fedora 20 yum support #223
32
+ - Define version-sensitive attributes in a recipe #201
33
+
34
+ v3.4.14
35
+ ------
36
+ - Support apt repository for Ubuntu Utopic 14.10
37
+ - Do not try and set password on standby hosts
38
+
39
+ v3.4.12
40
+ ------
41
+ - Create configuration templates at the appropriate time
42
+ - If template is updated restart service changed to default of :delayed
43
+ - Fix SSL for PostgreSQL versions < 9.2
44
+
45
+ v3.4.10
46
+ -------
47
+ - correct conditional error created in 3.4.8.
48
+
49
+ v3.4.8
50
+ ------
51
+ - Correct scenario where work_mem could be set to 0 if con is greater than mem Issue #185
52
+ - Add Centos7 suites to kitchen configuration
53
+
54
+ v3.4.6
55
+ ------
56
+ - Don't include the pgdg recipes on the wrong machine types
57
+ - Add missing dir /etc/sysconfig/pgsl for centos7
58
+ - CentOS 7 package support
59
+
60
+ v3.4.4
61
+ ------
62
+ - fix packages on SLES11SP2 and higher
63
+ - [COOK-4737] Add flag to control database user password behavior
64
+ - add amazon platform rpm info
65
+ - Fix issues with the server_redhat recipe on Fedora 16 and later
66
+ - attribute typo correction
67
+ - correctly check and set max_connections to an integer
68
+
69
+ v3.4.2
70
+ ------
71
+ - Changed the Gem::Installer::ExtensionBuildError to a Mixlib::ShellOut::ShellCommandFailed
72
+
73
+ v3.4.1
74
+ ------
75
+ - Added support for Ubuntu 14.04 and Postgresql 9.3
76
+ - Fix [COOK-3490] https://tickets.opscode.com/browse/COOK-3490
77
+
78
+ v3.4.0
79
+ ------
80
+ Updated CONTRIBUTING document.
81
+ Refreshed test kitchen configuration.
82
+ Merged Pull Requests: 122, 116, 104, 102, 99, 96, 93, 90.
83
+
84
+ v3.3.4
85
+ ------
86
+ Testing
87
+
88
+
89
+ v3.3.2
90
+ ------
91
+ - Testing maintainer transfer to Heavywater with Opscode as collaborator
92
+
93
+
94
+ v3.3.0
95
+ ------
96
+ ### Bug
97
+ - **[COOK-3851](https://tickets.opscode.com/browse/COOK-3851)** - Postgresql: reload after config change does not pick up certain configuration changes
98
+ - **[COOK-3611](https://tickets.opscode.com/browse/COOK-3611)** - unix_socket_directory does not exists in 9.3
99
+ - **[COOK-2954](https://tickets.opscode.com/browse/COOK-2954)** - PostgreSQL installation ignores version attribute on CentOS >= 6
100
+
101
+
102
+ v3.2.0
103
+ ------
104
+ - [COOK-3717] Pgdg repositories improvements
105
+ - [COOK-3756] Change postgresql.conf mode from 0600 to 0644
106
+
107
+
108
+ v3.1.0
109
+ ------
110
+ ### Improvement
111
+ - **[COOK-3685](https://tickets.opscode.com/browse/COOK-3685)** - Upgrade Repo Attributes for Postgresql 9.3
112
+ - **[COOK-3597](https://tickets.opscode.com/browse/COOK-3597)** - Fix implementation of `initdb_locale` attribute for RHEL
113
+ - **[COOK-3566](https://tickets.opscode.com/browse/COOK-3566)** - Give the user's rules more priority than the default ones in pg_hba
114
+ - **[COOK-3553](https://tickets.opscode.com/browse/COOK-3553)** - Remove automatic `apt-get update`
115
+
116
+ ### Bug
117
+ - **[COOK-3611](https://tickets.opscode.com/browse/COOK-3611)** - Remove `unix_socket_directory` (it does not exists in 9.3)
118
+ - **[COOK-3599](https://tickets.opscode.com/browse/COOK-3599)** - Automatically add PGDG apt repo dependency on PostgreSQL version
119
+ - **[COOK-3555](https://tickets.opscode.com/browse/COOK-3555)** - Documentation Fix
120
+ - **[COOK-2383](https://tickets.opscode.com/browse/COOK-2383)** - Update Postgres version in attributes
121
+
122
+
123
+ v3.0.4
124
+ ------
125
+ ### Bug
126
+ - **[COOK-3173](https://tickets.opscode.com/browse/COOK-3173)** - Use :reload instead of :restart on conf changes
127
+ - **[COOK-2939](https://tickets.opscode.com/browse/COOK-2939)** - Fix RedHat support
128
+
129
+ v3.0.2
130
+ ------
131
+ ### Bug
132
+ - [COOK-3076]: postgresql::ruby recipe error when using pgdg repositories
133
+
134
+ v3.0.0
135
+ ------
136
+ This is a backwards-incompatible release because the Pitti PPA is deprecated and the recipe removed, replaced with the PGDG apt repository.
137
+
138
+ ### Bug
139
+ - [COOK-2571]: Create helper library for pg extension detection
140
+ - [COOK-2797]: Contrib extension contianing '-' fails to load.
141
+
142
+ ### Improvement
143
+ - [COOK-2387]: Pitti Postgresql PPA is deprecated
144
+
145
+ ### Task
146
+ - [COOK-3022]: update baseboxes in .kitchen.yml
147
+
148
+ v2.4.0
149
+ ------
150
+ - [COOK-2163] - Dangerous "assign-postgres-password" in "recipes/server.rb" -- Can lock out dbadmin access
151
+ - [COOK-2390] - Recipes to auto-generate many postgresql.conf settings, following "initdb" and "pgtune"
152
+ - [COOK-2435] - Foodcritic fixes for postgresql cookbook
153
+ - [COOK-2476] - Installation into database of any contrib module extensions listed in a node attribute
154
+
155
+ v2.2.2
156
+ ------
157
+ - [COOK-2232] -Provide PGDG yum repo to install postgresql 9.x on
158
+ redhat-derived distributions
159
+
160
+ v2.2.0
161
+ ------
162
+ - [COOK-2230] - Careful about Debian minor version numbers
163
+ - [COOK-2231] - Fix support for postgresql 9.x in server_redhat recipe
164
+ - [COOK-2238] - Postgresql recipe error in password check
165
+ - [COOK-2176] - PostgreSQL cookbook in Solo mode can cause "NoMethodError: undefined method `[]' for nil:NilClass"
166
+ - [COOK-2233] - Provide postgresql::contrib recipe to install useful server administration tools
167
+
168
+ v2.1.0
169
+ ------
170
+ - [COOK-1872] - Allow latest PostgreSQL deb packages to be installed
171
+ - [COOK-1961] - Postgresql config file changes with every Chef run
172
+ - [COOK-2041] - Postgres cookbook no longer installs on OpenSuSE 11.4
173
+
174
+ v2.0.2
175
+ ------
176
+ - [COOK-1406] - pg gem compile is unable to find libpq under Chef full stack (omnibus) installation
177
+
178
+ v2.0.0
179
+ ------
180
+ This version is backwards incompatible with previous versions of the cookbook due to use of `platform_family`, and the refactored configuration files using node attributes. See README.md for details on how to modify configuration of PostgreSQL.
181
+
182
+ - [COOK-1508] - fix mixlib shellout error on SUSE
183
+ - [COOK-1744] - Add service enable & start
184
+ - [COOK-1779] - Don't run apt-get update and others in ruby recipe if pg is installed
185
+ - [COOK-1871] - Attribute driven configuration files for PostgreSQL
186
+ - [COOK-1900] - don't assume ssl on all postgresql 8.4+ installs
187
+ - [COOK-1901] - fail a chef-solo run when the postgres password
188
+ attribute is not set
189
+
190
+ v1.0.0
191
+ ------
192
+ **Important note for this release**
193
+
194
+ This version no longer installs Ruby bindings in the client recipe by default. Use the ruby recipe if you'd like the RubyGem. If you'd like packages for your distribution, use them in your application's specific cookbook/recipe, or modify the client packages attribute.
195
+
196
+ This resolves the following tickets.
197
+
198
+ - COOK-1011
199
+ - COOK-1534
200
+
201
+ The following issues are also resolved with this release.
202
+
203
+ - [COOK-1011] - Don't install postgresql packages during compile phase and remove pg gem installation
204
+ - [COOK-1224] - fix undefined variable on Debian
205
+ - [COOK-1462] - Add attribute for specifying listen address
206
+
207
+ v0.99.4
208
+ ------
209
+ - [COOK-421] - config template is malformed
210
+ - [COOK-956] - add make package on ubuntu/debian
211
+
212
+ v0.99.2
213
+ ------
214
+ - [COOK-916] - use < (with float) for version comparison.
215
+
216
+ v0.99.0
217
+ ------
218
+ - Better support for Red Hat-family platforms
219
+ - Integration with database cookbook
220
+ - Make sure the postgres role is updated with a (secure) password
@@ -0,0 +1,464 @@
1
+ Description
2
+ ===========
3
+
4
+ Installs and configures PostgreSQL as a client or a server.
5
+
6
+ Requirements
7
+ ============
8
+
9
+ ## Platforms
10
+
11
+ * Debian, Ubuntu
12
+ * Red Hat/CentOS/Scientific (6.0+ required) - "EL6-family"
13
+ * Fedora
14
+ * SUSE
15
+
16
+ Tested on:
17
+
18
+ * Ubuntu 10.04, 11.10, 12.04, 14.04, 14.10
19
+ * Red Hat 6.1, Scientific 6.1, CentOS 6.3
20
+
21
+ ## Cookbooks
22
+
23
+ Requires Opscode's `openssl` cookbook for secure password generation.
24
+
25
+ Requires a C compiler and development headers in order to build the
26
+ `pg` RubyGem to provide Ruby bindings in the `ruby` recipe.
27
+
28
+ Opscode's `build-essential` cookbook provides this functionality on
29
+ Debian, Ubuntu, and EL6-family.
30
+
31
+ While not required, Opscode's `database` cookbook contains resources
32
+ and providers that can interact with a PostgreSQL database. This
33
+ cookbook is a dependency of database.
34
+
35
+ Attributes
36
+ ==========
37
+
38
+ The following attributes are set based on the platform, see the
39
+ `attributes/default.rb` file for default values.
40
+
41
+ * `node['postgresql']['version']` - version of postgresql to manage
42
+ * `node['postgresql']['dir']` - home directory of where postgresql
43
+ data and configuration lives.
44
+
45
+ * `node['postgresql']['client']['packages']` - An array of package names
46
+ that should be installed on "client" systems.
47
+ * `node['postgresql']['server']['packages']` - An array of package names
48
+ that should be installed on "server" systems.
49
+ * `node['postgresql']['server']['config_change_notify']` - Type of
50
+ notification triggered when a config file changes.
51
+ * `node['postgresql']['contrib']['packages']` - An array of package names
52
+ that could be installed on "server" systems for useful sysadmin tools.
53
+
54
+ * `node['postgresql']['enable_pgdg_apt']` - Whether to enable the apt repo
55
+ by the PostgreSQL Global Development Group, which contains newer versions
56
+ of PostgreSQL.
57
+
58
+ * `node['postgresql']['enable_pgdg_yum']` - Whether to enable the yum repo
59
+ by the PostgreSQL Global Development Group, which contains newer versions
60
+ of PostgreSQL.
61
+
62
+ * `node['postgresql']['initdb_locale']` - Sets the default locale for the
63
+ database cluster. If this attribute is not specified, the locale is
64
+ inherited from the environment that initdb runs in. Sometimes you must
65
+ have a system locale that is not what you want for your database cluster,
66
+ and this attribute addresses that scenario. Valid only for EL-family
67
+ distros (RedHat/Centos/etc.).
68
+
69
+ The following attributes are generated in
70
+ `recipe[postgresql::server]`.
71
+
72
+ * `node['postgresql']['password']['postgres']` - randomly generated
73
+ password by the `openssl` cookbook's library.
74
+ (TODO: This is broken, as it disables the password.)
75
+
76
+ Configuration
77
+ -------------
78
+
79
+ The `postgresql.conf` and `pg_hba.conf` files are dynamically
80
+ generated from attributes. Each key in `node['postgresql']['config']`
81
+ is a postgresql configuration directive, and will be rendered in the
82
+ config file. For example, the attribute:
83
+
84
+ node['postgresql']['config']['listen_addresses'] = 'localhost'
85
+
86
+ Will result in the following line in the `postgresql.conf` file:
87
+
88
+ listen_addresses = 'localhost'
89
+
90
+ The attributes file contains default values for Debian and RHEL
91
+ platform families (per the `node['platform_family']`). These defaults
92
+ have disparity between the platforms because they were originally
93
+ extracted from the postgresql.conf files in the previous version of
94
+ this cookbook, which differed in their default config. The resulting
95
+ configuration files will be the same as before, but the content will
96
+ be dynamically rendered from the attributes. The helpful commentary
97
+ will no longer be present. You should consult the PostgreSQL
98
+ documentation for specific configuration details.
99
+
100
+ See __Recipes__ `config_initdb` and `config_pgtune` below to
101
+ auto-generate many postgresql.conf settings.
102
+
103
+ For values that are "on" or "off", they should be specified as literal
104
+ `true` or `false`. String values will be used with single quotes. Any
105
+ configuration option set to the literal `nil` will be skipped
106
+ entirely. All other values (e.g., numeric literals) will be used as
107
+ is. So for example:
108
+
109
+ node.default['postgresql']['config']['logging_collector'] = true
110
+ node.default['postgresql']['config']['datestyle'] = 'iso, mdy'
111
+ node.default['postgresql']['config']['ident_file'] = nil
112
+ node.default['postgresql']['config']['port'] = 5432
113
+
114
+ Will result in the following config lines:
115
+
116
+ logging_collector = 'on'
117
+ datestyle = 'iso,mdy'
118
+ port = 5432
119
+
120
+ (no line printed for `ident_file` as it is `nil`)
121
+
122
+ Note that the `unix_socket_directory` configuration was renamed to
123
+ `unix_socket_directories` in Postgres 9.3 so make sure to use the
124
+ `node['postgresql']['unix_socket_directories']` attribute instead of
125
+ `node['postgresql']['unix_socket_directory']`.
126
+
127
+ The `pg_hba.conf` file is dynamically generated from the
128
+ `node['postgresql']['pg_hba']` attribute. This attribute must be an
129
+ array of hashes, each hash containing the authorization data. As it is
130
+ an array, you can append to it in your own recipes. The hash keys in
131
+ the array must be symbols. Each hash will be written as a line in
132
+ `pg_hba.conf`. For example, this entry from
133
+ `node['postgresql']['pg_hba']`:
134
+
135
+ [{:comment => '# Optional comment',
136
+ :type => 'local', :db => 'all', :user => 'postgres', :addr => nil, :method => 'md5'}]
137
+
138
+ Will result in the following line in `pg_hba.conf`:
139
+
140
+ # Optional comment
141
+ local all postgres md5
142
+
143
+ Use `nil` if the CIDR-ADDRESS should be empty (as above).
144
+ Don't provide a comment if none is desired in the `pg_hba.conf` file.
145
+
146
+ Note that the following authorization rule is supplied automatically by
147
+ the cookbook template. The cookbook needs this to execute SQL in the
148
+ PostgreSQL server without supplying the clear-text password (which isn't
149
+ known by the cookbook). Therefore, your `node['postgresql']['pg_hba']`
150
+ attributes don't need to specify this authorization rule:
151
+
152
+ # "local" is for Unix domain socket connections only
153
+ local all all ident
154
+
155
+ (By the way, the template uses `peer` instead of `ident` for PostgreSQL-9.1
156
+ and above, which has the same effect.)
157
+
158
+ Recipes
159
+ =======
160
+
161
+ default
162
+ -------
163
+
164
+ Includes the client recipe.
165
+
166
+ client
167
+ ------
168
+
169
+ Installs the packages defined in the
170
+ `node['postgresql']['client']['packages']` attribute.
171
+
172
+ ruby
173
+ ----
174
+
175
+ **NOTE** This recipe may not currently work when installing Chef with
176
+ the
177
+ ["Omnibus" full stack installer](http://opscode.com/chef/install) on
178
+ some platforms due to an incompatibility with OpenSSL. See
179
+ [COOK-1406](http://tickets.opscode.com/browse/COOK-1406). You can
180
+ build from source into the Chef omnibus installation to work around
181
+ this issue.
182
+
183
+ Install the `pg` gem under Chef's Ruby environment so it can be used
184
+ in other recipes. The build-essential packages and postgresql client
185
+ packages will be installed during the compile phase, so that the
186
+ native extensions of `pg` can be compiled.
187
+
188
+ server
189
+ ------
190
+
191
+ Includes the `server_debian` or `server_redhat` recipe to get the
192
+ appropriate server packages installed and service managed. Also
193
+ manages the configuration for the server:
194
+
195
+ * generates a strong default password (via `openssl`) for `postgres`
196
+ (TODO: This is broken, as it disables the password.)
197
+ * sets the password for postgres
198
+ * manages the `postgresql.conf` file.
199
+ * manages the `pg_hba.conf` file.
200
+
201
+ server\_debian
202
+ --------------
203
+
204
+ Installs the postgresql server packages and sets up the service. You
205
+ should include the `postgresql::server` recipe, which will include
206
+ this on Debian platforms.
207
+
208
+ server\_redhat
209
+ --------------
210
+
211
+ Manages the postgres user and group (with UID/GID 26, per RHEL package
212
+ conventions), installs the postgresql server packages, initializes the
213
+ database, and manages the postgresql service. You should include the
214
+ `postgresql::server` recipe, which will include this on RHEL/Fedora
215
+ platforms.
216
+
217
+ config\_initdb
218
+ --------------
219
+
220
+ Takes locale and timezone settings from the system configuration.
221
+ This recipe creates `node.default['postgresql']['config']` attributes
222
+ that conform to the system's locale and timezone. In addition, this
223
+ recipe creates the same error reporting and logging settings that
224
+ `initdb` provided: a rotation of 7 days of log files named
225
+ postgresql-Mon.log, etc.
226
+
227
+ The default attributes created by this recipe are easy to override with
228
+ normal attributes because of Chef attribute precedence. For example,
229
+ suppose a DBA wanted to keep log files indefinitely, rolling over daily
230
+ or when growing to 10MB. The Chef installation could include the
231
+ `postgresql::config_initdb` recipe for the locale and timezone settings,
232
+ but customize the logging settings with these node JSON attributes:
233
+
234
+ "postgresql": {
235
+ "config": {
236
+ "log_rotation_age": "1d",
237
+ "log_rotation_size": "10MB",
238
+ "log_filename": "postgresql-%Y-%m-%d_%H%M%S.log"
239
+ }
240
+ }
241
+
242
+ Credits: This `postgresql::config_initdb` recipe is based on algorithms
243
+ in the [source code](http://doxygen.postgresql.org/initdb_8c_source.html)
244
+ for the PostgreSQL `initdb` utility.
245
+
246
+ config\_pgtune
247
+ --------------
248
+
249
+ Performance tuning.
250
+ Takes the wimpy default postgresql.conf and expands the database server
251
+ to be as powerful as the hardware it's being deployed on. This recipe
252
+ creates a baseline configuration of `node.default['postgresql']['config']`
253
+ attributes in the right general range for a dedicated Postgresql system.
254
+ Most installations won't need additional performance tuning.
255
+
256
+ The only decision you need to make is to choose a `db_type` from the
257
+ following database workloads. (See the recipe code comments for more
258
+ detailed descriptions.)
259
+
260
+ * "dw" -- Data Warehouse
261
+ * "oltp" -- Online Transaction Processing
262
+ * "web" -- Web Application
263
+ * "mixed" -- Mixed DW and OLTP characteristics
264
+ * "desktop" -- Not a dedicated database
265
+
266
+ This recipe uses a performance model with three input parameters.
267
+ These node attributes are completely optional, but it is obviously
268
+ important to choose the `db_type` correctly:
269
+
270
+ * `node['postgresql']['config_pgtune']['db_type']` --
271
+ Specifies database type from the list of five choices above.
272
+ If not specified, the default is "mixed".
273
+
274
+ * `node['postgresql']['config_pgtune']['max_connections']` --
275
+ Specifies maximum number of connections expected.
276
+ If not specified, it depends on database type:
277
+ "web":200, "oltp":300, "dw":20, "mixed":80, "desktop":5
278
+
279
+ * `node['postgresql']['config_pgtune']['total_memory']` --
280
+ Specifies total system memory in kB. (E.g., "49416564kB".)
281
+ If not specified, it will be taken from Ohai automatic attributes.
282
+ This could be used to tune a system that isn't a dedicated database.
283
+
284
+ The default attributes created by this recipe are easy to override with
285
+ normal attributes because of Chef attribute precedence. For example, if
286
+ you are running application benchmarks to try different buffer cache
287
+ sizes, you would experiment with this node JSON attribute:
288
+
289
+ "postgresql": {
290
+ "config": {
291
+ "shared_buffers": "3GB"
292
+ }
293
+ }
294
+
295
+ Note that the recipe uses `max_connections` in its computations. If
296
+ you want to override that setting, you should specify
297
+ `node['postgresql']['config_pgtune']['max_connections']` instead of
298
+ `node['postgresql']['config']['max_connections']`.
299
+
300
+ Credits: This `postgresql::config_pgtune` recipe is based on the
301
+ [pgtune python script](https://github.com/gregs1104/pgtune)
302
+ developed by
303
+ [Greg Smith](http://notemagnet.blogspot.com/2008/11/automating-initial-postgresqlconf.html)
304
+ and
305
+ [other pgsql-hackers](http://www.postgresql.org/message-id/491C6CDC.8090506@agliodbs.com).
306
+
307
+ contrib
308
+ -------
309
+
310
+ Installs the packages defined in the
311
+ `node['postgresql']['contrib']['packages']` attribute. The contrib
312
+ directory of the PostgreSQL distribution includes porting tools,
313
+ analysis utilities, and plug-in features that database engineers often
314
+ require. Some (like `pgbench`) are executable. Others (like
315
+ `pg_buffercache`) would need to be installed into the database.
316
+
317
+ Also installs any contrib module extensions defined in the
318
+ `node['postgresql']['contrib']['extensions']` attribute. These will be
319
+ available in any subsequently created databases in the cluster, because
320
+ they will be installed into the `template1` database using the
321
+ `CREATE EXTENSION` command. For example, it is often necessary/helpful
322
+ for problem troubleshooting and maintenance planning to install the
323
+ views and functions in these [standard instrumentation extensions]
324
+ (http://www.postgresql.org/message-id/flat/4DC32600.6080900@pgexperts.com#4DD3D6C6.5060006@2ndquadrant.com):
325
+
326
+ node['postgresql']['contrib']['extensions'] = [
327
+ "pageinspect",
328
+ "pg_buffercache",
329
+ "pg_freespacemap",
330
+ "pgrowlocks",
331
+ "pg_stat_statements",
332
+ "pgstattuple"
333
+ ]
334
+
335
+ Note that the `pg_stat_statements` view only works if `postgresql.conf`
336
+ loads its shared library, which can be done with this node attribute:
337
+
338
+ node['postgresql']['config']['shared_preload_libraries'] = 'pg_stat_statements'
339
+
340
+ If using `shared_preload_libraries` in combination with the `contrib` recipe,
341
+ make sure that the `contrib` recipe is called before the `server` recipe (to
342
+ ensure the dependencies are installed and setup in order).
343
+
344
+ apt\_pgdg\_postgresql
345
+ ----------------------
346
+
347
+ Enables the PostgreSQL Global Development Group yum repository
348
+ maintained by Devrim G&#252;nd&#252;z for updated PostgreSQL packages.
349
+ (The PGDG is the groups that develops PostgreSQL.)
350
+ Automatically included if the `node['postgresql']['enable_pgdg_apt']`
351
+ attribute is true. Also set the
352
+ `node['postgresql']['client']['packages']` and
353
+ `node['postgresql']['server]['packages']` to the list of packages to
354
+ use from this repository, and set the `node['postgresql']['version']`
355
+ attribute to the version to use (e.g., "9.2").
356
+
357
+ yum\_pgdg\_postgresql
358
+ ---------------------
359
+
360
+ Enables the PostgreSQL Global Development Group yum repository
361
+ maintained by Devrim G&#252;nd&#252;z for updated PostgreSQL packages.
362
+ (The PGDG is the groups that develops PostgreSQL.)
363
+ Automatically included if the `node['postgresql']['enable_pgdg_yum']`
364
+ attribute is true. Also use `override_attributes` to set a number of
365
+ values that will need to have embedded version numbers. For example:
366
+
367
+ node['postgresql']['enable_pgdg_yum'] = true
368
+ node['postgresql']['version'] = "9.2"
369
+ node['postgresql']['dir'] = "/var/lib/pgsql/9.2/data"
370
+ node['postgresql']['config']['data_directory'] = node['postgresql']['dir']
371
+ node['postgresql']['client']['packages'] = ["postgresql92", "postgresql92-devel"]
372
+ node['postgresql']['server']['packages'] = ["postgresql92-server"]
373
+ node['postgresql']['server']['service_name'] = "postgresql-9.2"
374
+ node['postgresql']['contrib']['packages'] = ["postgresql92-contrib"]
375
+
376
+ You may set `node['postgresql']['pgdg']['repo_rpm_url']` attributes
377
+ to pick up recent [PGDG repo packages](http://yum.postgresql.org/repopackages.php).
378
+
379
+ Resources/Providers
380
+ ===================
381
+
382
+ See the [database](http://community.opscode.com/cookbooks/database)
383
+ for resources and providers that can be used for managing PostgreSQL
384
+ users and databases.
385
+
386
+ Usage
387
+ =====
388
+
389
+ On systems that need to connect to a PostgreSQL database, add to a run
390
+ list `recipe[postgresql]` or `recipe[postgresql::client]`.
391
+
392
+ On systems that should be PostgreSQL servers, use
393
+ `recipe[postgresql::server]` on a run list. This recipe does set a
394
+ password for the `postgres` user.
395
+ If you're using `chef server`, if the attribute
396
+ `node['postgresql']['password']['postgres']` is not found,
397
+ the recipe generates a random password and performs a node.save.
398
+ (TODO: This is broken, as it disables the password.)
399
+ If you're using `chef-solo`, you'll need
400
+ to set the attribute `node['postgresql']['password']['postgres']` in
401
+ your node's `json_attribs` file or in a role.
402
+
403
+ On Debian family systems, SSL will be enabled, as the packages on
404
+ Debian/Ubuntu also generate the SSL certificates. If you use another
405
+ platform and wish to use SSL in postgresql, then generate your SSL
406
+ certificates and distribute them in your own cookbook, and set the
407
+ `node['postgresql']['config']['ssl']` attribute to true in your
408
+ role/cookboook/node.
409
+
410
+ On server systems, the postgres server is restarted when a configuration
411
+ file changes. This can be changed to reload only by setting the
412
+ following attribute:
413
+
414
+ node['postgresql']['server']['config_change_notify'] = :reload
415
+
416
+ Chef Solo Note
417
+ ==============
418
+
419
+ The following node attribute is stored on the Chef Server when using
420
+ `chef-client`. Because `chef-solo` does not connect to a server or
421
+ save the node object at all, to have the password persist across
422
+ `chef-solo` runs, you must specify them in the `json_attribs` file
423
+ used. For Example:
424
+
425
+ {
426
+ "postgresql": {
427
+ "password": {
428
+ "postgres": "iloverandompasswordsbutthiswilldo"
429
+ }
430
+ },
431
+ "run_list": ["recipe[postgresql::server]"]
432
+ }
433
+
434
+ That should actually be the "encrypted password" instead of cleartext,
435
+ so you should generate it as an md5 hash using the PostgreSQL algorithm.
436
+
437
+ * You could copy the md5-hashed password from an existing postgres
438
+ database if you have `postgres` access and want to use the same password:<br>
439
+ `select * from pg_shadow where usename='postgres';`
440
+ * You can run this from any postgres database session to use a new password:<br>
441
+ `select 'md5'||md5('iloverandompasswordsbutthiswilldo'||'postgres');`
442
+ * You can run this from a linux commandline:<br>
443
+ `echo -n 'iloverandompasswordsbutthiswilldo''postgres' | openssl md5 | sed -e 's/.* /md5/'`
444
+
445
+ License and Author
446
+ ==================
447
+
448
+ - Author:: Joshua Timberman (<joshua@opscode.com>)
449
+ - Author:: Lamont Granquist (<lamont@opscode.com>)
450
+ - Author:: Chris Roberts (<chrisroberts.code@gmail.com>)
451
+ - Author:: David Crane (<davidc@donorschoose.org>)
452
+ - Author:: Aaron Baer (<aaron@hw-ops.com>)
453
+
454
+ Licensed under the Apache License, Version 2.0 (the "License");
455
+ you may not use this file except in compliance with the License.
456
+ You may obtain a copy of the License at
457
+
458
+ http://www.apache.org/licenses/LICENSE-2.0
459
+
460
+ Unless required by applicable law or agreed to in writing, software
461
+ distributed under the License is distributed on an "AS IS" BASIS,
462
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
463
+ See the License for the specific language governing permissions and
464
+ limitations under the License.