from-scratch 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3fd33f498a44da3fa69a159e08ed8cb5abce737b
-  data.tar.gz: 85835eb65547f0d5c037ef56c8d253ce46c6ba20
+  metadata.gz: 513b2b040732fc278e3ea45ed344f19b4c74eefd
+  data.tar.gz: 44e86e612bf4f422092abb44a5609971856c6b3c
 SHA512:
-  metadata.gz: 8515f8f2f281f214e96bea5c97b55b90ec131785ae8c22144963a87990bd9add9319b57696bde6f7e41602c930dab0768e465a66008d869a31ca9ff71d951308
-  data.tar.gz: d8daa090fdecaf523cec1b095ddb7497689e65164d9931a0a6979da206d141e859e0b4620c0161fb4e49de6db6df9261cb24aab2a85c7cf7e6212477b6159b14
+  metadata.gz: ed49b8496b3cc2a2c06ff5d6410586c6ed1e93252b5da489718c30d5f1c31308aeae8272205e81cf0ab782aa7635473a5797cd31343d7dd835fb5a17a77804bf
+  data.tar.gz: 2ae4cabfcfdcc0b3c087ccdecf9ccb1b0f2f05aeca0c0b33f54ab4b1e9d83e6e963bac4ad299f57176bdf1d99f67f69bdb54220dbec70872002793981ec04265

data/cookbooks/postgresql/README.md

@@ -1,3 +1,8 @@
+About this fork
+===============
+
+This fork is created specially for [from-scratch](https://github.com/sandrew/from-scratch) gem. It's feature is backported `setup_users` and `setup_databases` recipes from [another postgresql cookbook](https://github.com/phlipper/chef-postgresql) that, unfortunately, does not support YUM-based Linux distributions.
+
 Description
 ===========
 

data/cookbooks/postgresql/metadata.json

@@ -1,7 +1,7 @@
 {
   "name": "postgresql",
   "description": "Installs and configures postgresql for clients or servers",
-  "long_description": "Description\n===========\n\nInstalls and configures PostgreSQL as a client or a server.\n\nRequirements\n============\n\n## Platforms\n\n* Debian, Ubuntu\n* Red Hat/CentOS/Scientific (6.0+ required) - \"EL6-family\"\n* Fedora\n* SUSE\n\nTested on:\n\n* Ubuntu 10.04, 11.10, 12.04, 14.04, 14.10\n* Red Hat 6.1, Scientific 6.1, CentOS 6.3\n\n## Cookbooks\n\nRequires Opscode's `openssl` cookbook for secure password generation.\n\nRequires a C compiler and development headers in order to build the\n`pg` RubyGem to provide Ruby bindings in the `ruby` recipe.\n\nOpscode's `build-essential` cookbook provides this functionality on\nDebian, Ubuntu, and EL6-family.\n\nWhile not required, Opscode's `database` cookbook contains resources\nand providers that can interact with a PostgreSQL database. This\ncookbook is a dependency of database.\n\nAttributes\n==========\n\nThe following attributes are set based on the platform, see the\n`attributes/default.rb` file for default values.\n\n* `node['postgresql']['version']` - version of postgresql to manage\n* `node['postgresql']['dir']` - home directory of where postgresql\n  data and configuration lives.\n\n* `node['postgresql']['client']['packages']` - An array of package names\n  that should be installed on \"client\" systems.\n* `node['postgresql']['server']['packages']` - An array of package names\n  that should be installed on \"server\" systems.\n* `node['postgresql']['server']['config_change_notify']` - Type of\n  notification triggered when a config file changes.\n* `node['postgresql']['contrib']['packages']` - An array of package names\n  that could be installed on \"server\" systems for useful sysadmin tools.\n\n* `node['postgresql']['enable_pgdg_apt']` - Whether to enable the apt repo\n  by the PostgreSQL Global Development Group, which contains newer versions\n  of PostgreSQL.\n\n* `node['postgresql']['enable_pgdg_yum']` - Whether to enable the yum repo\n  by the PostgreSQL Global Development Group, which contains newer versions\n  of PostgreSQL.\n\n* `node['postgresql']['initdb_locale']` - Sets the default locale for the\n  database cluster. If this attribute is not specified, the locale is\n  inherited from the environment that initdb runs in. Sometimes you must\n  have a system locale that is not what you want for your database cluster,\n  and this attribute addresses that scenario. Valid only for EL-family\n  distros (RedHat/Centos/etc.).\n\nThe following attributes are generated in\n`recipe[postgresql::server]`.\n\n* `node['postgresql']['password']['postgres']` - randomly generated\n  password by the `openssl` cookbook's library.\n  (TODO: This is broken, as it disables the password.)\n\nConfiguration\n-------------\n\nThe `postgresql.conf` and `pg_hba.conf` files are dynamically\ngenerated from attributes. Each key in `node['postgresql']['config']`\nis a postgresql configuration directive, and will be rendered in the\nconfig file. For example, the attribute:\n\n    node['postgresql']['config']['listen_addresses'] = 'localhost'\n\nWill result in the following line in the `postgresql.conf` file:\n\n    listen_addresses = 'localhost'\n\nThe attributes file contains default values for Debian and RHEL\nplatform families (per the `node['platform_family']`). These defaults\nhave disparity between the platforms because they were originally\nextracted from the postgresql.conf files in the previous version of\nthis cookbook, which differed in their default config. The resulting\nconfiguration files will be the same as before, but the content will\nbe dynamically rendered from the attributes. The helpful commentary\nwill no longer be present. You should consult the PostgreSQL\ndocumentation for specific configuration details.\n\nSee __Recipes__ `config_initdb` and `config_pgtune` below to\nauto-generate many postgresql.conf settings.\n\nFor values that are \"on\" or \"off\", they should be specified as literal\n`true` or `false`. String values will be used with single quotes. Any\nconfiguration option set to the literal `nil` will be skipped\nentirely. All other values (e.g., numeric literals) will be used as\nis. So for example:\n\n    node.default['postgresql']['config']['logging_collector'] = true\n    node.default['postgresql']['config']['datestyle'] = 'iso, mdy'\n    node.default['postgresql']['config']['ident_file'] = nil\n    node.default['postgresql']['config']['port'] = 5432\n\nWill result in the following config lines:\n\n    logging_collector = 'on'\n    datestyle = 'iso,mdy'\n    port = 5432\n\n(no line printed for `ident_file` as it is `nil`)\n\nNote that the `unix_socket_directory` configuration was renamed to\n`unix_socket_directories` in Postgres 9.3 so make sure to use the\n`node['postgresql']['unix_socket_directories']` attribute instead of\n`node['postgresql']['unix_socket_directory']`.\n\nThe `pg_hba.conf` file is dynamically generated from the\n`node['postgresql']['pg_hba']` attribute. This attribute must be an\narray of hashes, each hash containing the authorization data. As it is\nan array, you can append to it in your own recipes. The hash keys in\nthe array must be symbols. Each hash will be written as a line in\n`pg_hba.conf`. For example, this entry from\n`node['postgresql']['pg_hba']`:\n\n    [{:comment => '# Optional comment',\n    :type => 'local', :db => 'all', :user => 'postgres', :addr => nil, :method => 'md5'}]\n\nWill result in the following line in `pg_hba.conf`:\n\n    # Optional comment\n    local   all             postgres                                md5\n\nUse `nil` if the CIDR-ADDRESS should be empty (as above).\nDon't provide a comment if none is desired in the `pg_hba.conf` file.\n\nNote that the following authorization rule is supplied automatically by\nthe cookbook template. The cookbook needs this to execute SQL in the\nPostgreSQL server without supplying the clear-text password (which isn't\nknown by the cookbook). Therefore, your `node['postgresql']['pg_hba']`\nattributes don't need to specify this authorization rule:\n\n    # \"local\" is for Unix domain socket connections only\n    local   all             all                                     ident\n\n(By the way, the template uses `peer` instead of `ident` for PostgreSQL-9.1\nand above, which has the same effect.)\n\nRecipes\n=======\n\ndefault\n-------\n\nIncludes the client recipe.\n\nclient\n------\n\nInstalls the packages defined in the\n`node['postgresql']['client']['packages']` attribute.\n\nruby\n----\n\n**NOTE** This recipe may not currently work when installing Chef with\n  the\n  [\"Omnibus\" full stack installer](http://opscode.com/chef/install) on\n  some platforms due to an incompatibility with OpenSSL. See\n  [COOK-1406](http://tickets.opscode.com/browse/COOK-1406). You can\n  build from source into the Chef omnibus installation to work around\n  this issue.\n\nInstall the `pg` gem under Chef's Ruby environment so it can be used\nin other recipes. The build-essential packages and postgresql client\npackages will be installed during the compile phase, so that the\nnative extensions of `pg` can be compiled.\n\nserver\n------\n\nIncludes the `server_debian` or `server_redhat` recipe to get the\nappropriate server packages installed and service managed. Also\nmanages the configuration for the server:\n\n* generates a strong default password (via `openssl`) for `postgres`\n  (TODO: This is broken, as it disables the password.)\n* sets the password for postgres\n* manages the `postgresql.conf` file.\n* manages the `pg_hba.conf` file.\n\nserver\\_debian\n--------------\n\nInstalls the postgresql server packages and sets up the service. You\nshould include the `postgresql::server` recipe, which will include\nthis on Debian platforms.\n\nserver\\_redhat\n--------------\n\nManages the postgres user and group (with UID/GID 26, per RHEL package\nconventions), installs the postgresql server packages, initializes the\ndatabase, and manages the postgresql service. You should include the\n`postgresql::server` recipe, which will include this on RHEL/Fedora\nplatforms.\n\nconfig\\_initdb\n--------------\n\nTakes locale and timezone settings from the system configuration.\nThis recipe creates `node.default['postgresql']['config']` attributes\nthat conform to the system's locale and timezone. In addition, this\nrecipe creates the same error reporting and logging settings that\n`initdb` provided: a rotation of 7 days of log files named\npostgresql-Mon.log, etc.\n\nThe default attributes created by this recipe are easy to override with\nnormal attributes because of Chef attribute precedence. For example,\nsuppose a DBA wanted to keep log files indefinitely, rolling over daily\nor when growing to 10MB. The Chef installation could include the\n`postgresql::config_initdb` recipe for the locale and timezone settings,\nbut customize the logging settings with these node JSON attributes:\n\n    \"postgresql\": {\n      \"config\": {\n        \"log_rotation_age\": \"1d\",\n        \"log_rotation_size\": \"10MB\",\n        \"log_filename\": \"postgresql-%Y-%m-%d_%H%M%S.log\"\n      }\n    }\n\nCredits: This `postgresql::config_initdb` recipe is based on algorithms\nin the [source code](http://doxygen.postgresql.org/initdb_8c_source.html)\nfor the PostgreSQL `initdb` utility.\n\nconfig\\_pgtune\n--------------\n\nPerformance tuning.\nTakes the wimpy default postgresql.conf and expands the database server\nto be as powerful as the hardware it's being deployed on. This recipe\ncreates a baseline configuration of `node.default['postgresql']['config']`\nattributes in the right general range for a dedicated Postgresql system.\nMost installations won't need additional performance tuning.\n\nThe only decision you need to make is to choose a `db_type` from the\nfollowing database workloads. (See the recipe code comments for more\ndetailed descriptions.)\n\n * \"dw\" -- Data Warehouse\n * \"oltp\" -- Online Transaction Processing\n * \"web\" -- Web Application\n * \"mixed\" -- Mixed DW and OLTP characteristics\n * \"desktop\" -- Not a dedicated database\n\nThis recipe uses a performance model with three input parameters.\nThese node attributes are completely optional, but it is obviously\nimportant to choose the `db_type` correctly:\n\n * `node['postgresql']['config_pgtune']['db_type']` --\n   Specifies database type from the list of five choices above.\n   If not specified, the default is \"mixed\".\n\n * `node['postgresql']['config_pgtune']['max_connections']` --\n   Specifies maximum number of connections expected.\n   If not specified, it depends on database type:\n   \"web\":200, \"oltp\":300, \"dw\":20, \"mixed\":80, \"desktop\":5\n\n * `node['postgresql']['config_pgtune']['total_memory']` --\n   Specifies total system memory in kB. (E.g., \"49416564kB\".)\n   If not specified, it will be taken from Ohai automatic attributes.\n   This could be used to tune a system that isn't a dedicated database.\n\nThe default attributes created by this recipe are easy to override with\nnormal attributes because of Chef attribute precedence. For example, if\nyou are running application benchmarks to try different buffer cache\nsizes, you would experiment with this node JSON attribute:\n\n    \"postgresql\": {\n      \"config\": {\n        \"shared_buffers\": \"3GB\"\n      }\n    }\n\nNote that the recipe uses `max_connections` in its computations. If\nyou want to override that setting, you should specify\n`node['postgresql']['config_pgtune']['max_connections']` instead of\n`node['postgresql']['config']['max_connections']`.\n\nCredits: This `postgresql::config_pgtune` recipe is based on the\n[pgtune python script](https://github.com/gregs1104/pgtune)\ndeveloped by\n[Greg Smith](http://notemagnet.blogspot.com/2008/11/automating-initial-postgresqlconf.html)\nand\n[other pgsql-hackers](http://www.postgresql.org/message-id/491C6CDC.8090506@agliodbs.com).\n\ncontrib\n-------\n\nInstalls the packages defined in the\n`node['postgresql']['contrib']['packages']` attribute. The contrib\ndirectory of the PostgreSQL distribution includes porting tools,\nanalysis utilities, and plug-in features that database engineers often\nrequire. Some (like `pgbench`) are executable. Others (like\n`pg_buffercache`) would need to be installed into the database.\n\nAlso installs any contrib module extensions defined in the\n`node['postgresql']['contrib']['extensions']` attribute. These will be\navailable in any subsequently created databases in the cluster, because\nthey will be installed into the `template1` database using the\n`CREATE EXTENSION` command. For example, it is often necessary/helpful\nfor problem troubleshooting and maintenance planning to install the\nviews and functions in these [standard instrumentation extensions]\n(http://www.postgresql.org/message-id/flat/4DC32600.6080900@pgexperts.com#4DD3D6C6.5060006@2ndquadrant.com):\n\n    node['postgresql']['contrib']['extensions'] = [\n      \"pageinspect\",\n      \"pg_buffercache\",\n      \"pg_freespacemap\",\n      \"pgrowlocks\",\n      \"pg_stat_statements\",\n      \"pgstattuple\"\n    ]\n\nNote that the `pg_stat_statements` view only works if `postgresql.conf`\nloads its shared library, which can be done with this node attribute:\n\n    node['postgresql']['config']['shared_preload_libraries'] = 'pg_stat_statements'\n\nIf using `shared_preload_libraries` in combination with the `contrib` recipe,\nmake sure that the `contrib` recipe is called before the `server` recipe (to\nensure the dependencies are installed and setup in order).\n\napt\\_pgdg\\_postgresql\n----------------------\n\nEnables the PostgreSQL Global Development Group yum repository\nmaintained by Devrim G&#252;nd&#252;z for updated PostgreSQL packages.\n(The PGDG is the groups that develops PostgreSQL.)\nAutomatically included if the `node['postgresql']['enable_pgdg_apt']`\nattribute is true. Also set the\n`node['postgresql']['client']['packages']` and\n`node['postgresql']['server]['packages']` to the list of packages to\nuse from this repository, and set the `node['postgresql']['version']`\nattribute to the version to use (e.g., \"9.2\").\n\nyum\\_pgdg\\_postgresql\n---------------------\n\nEnables the PostgreSQL Global Development Group yum repository\nmaintained by Devrim G&#252;nd&#252;z for updated PostgreSQL packages.\n(The PGDG is the groups that develops PostgreSQL.)\nAutomatically included if the `node['postgresql']['enable_pgdg_yum']`\nattribute is true. Also use `override_attributes` to set a number of\nvalues that will need to have embedded version numbers. For example:\n\n    node['postgresql']['enable_pgdg_yum'] = true\n    node['postgresql']['version'] = \"9.2\"\n    node['postgresql']['dir'] = \"/var/lib/pgsql/9.2/data\"\n    node['postgresql']['config']['data_directory'] = node['postgresql']['dir']\n    node['postgresql']['client']['packages'] = [\"postgresql92\", \"postgresql92-devel\"]\n    node['postgresql']['server']['packages'] = [\"postgresql92-server\"]\n    node['postgresql']['server']['service_name'] = \"postgresql-9.2\"\n    node['postgresql']['contrib']['packages'] = [\"postgresql92-contrib\"]\n\nYou may set `node['postgresql']['pgdg']['repo_rpm_url']` attributes\nto pick up recent [PGDG repo packages](http://yum.postgresql.org/repopackages.php).\n\nResources/Providers\n===================\n\nSee the [database](http://community.opscode.com/cookbooks/database)\nfor resources and providers that can be used for managing PostgreSQL\nusers and databases.\n\nUsage\n=====\n\nOn systems that need to connect to a PostgreSQL database, add to a run\nlist `recipe[postgresql]` or `recipe[postgresql::client]`.\n\nOn systems that should be PostgreSQL servers, use\n`recipe[postgresql::server]` on a run list. This recipe does set a\npassword for the `postgres` user.\nIf you're using `chef server`, if the attribute\n`node['postgresql']['password']['postgres']` is not found,\nthe recipe generates a random password and performs a node.save.\n(TODO: This is broken, as it disables the password.)\nIf you're using `chef-solo`, you'll need\nto set the attribute `node['postgresql']['password']['postgres']` in\nyour node's `json_attribs` file or in a role.\n\nOn Debian family systems, SSL will be enabled, as the packages on\nDebian/Ubuntu also generate the SSL certificates. If you use another\nplatform and wish to use SSL in postgresql, then generate your SSL\ncertificates and distribute them in your own cookbook, and set the\n`node['postgresql']['config']['ssl']` attribute to true in your\nrole/cookboook/node.\n\nOn server systems, the postgres server is restarted when a configuration\nfile changes.  This can be changed to reload only by setting the\nfollowing attribute:\n\n    node['postgresql']['server']['config_change_notify'] = :reload\n\nChef Solo Note\n==============\n\nThe following node attribute is stored on the Chef Server when using\n`chef-client`. Because `chef-solo` does not connect to a server or\nsave the node object at all, to have the password persist across\n`chef-solo` runs, you must specify them in the `json_attribs` file\nused. For Example:\n\n    {\n      \"postgresql\": {\n        \"password\": {\n          \"postgres\": \"iloverandompasswordsbutthiswilldo\"\n        }\n      },\n      \"run_list\": [\"recipe[postgresql::server]\"]\n    }\n\nThat should actually be the \"encrypted password\" instead of cleartext,\nso you should generate it as an md5 hash using the PostgreSQL algorithm.\n\n* You could copy the md5-hashed password from an existing postgres\ndatabase if you have `postgres` access and want to use the same password:<br>\n`select * from pg_shadow where usename='postgres';`\n* You can run this from any postgres database session to use a new password:<br>\n`select 'md5'||md5('iloverandompasswordsbutthiswilldo'||'postgres');`\n* You can run this from a linux commandline:<br>\n`echo -n 'iloverandompasswordsbutthiswilldo''postgres' | openssl md5 | sed -e 's/.* /md5/'`\n\nLicense and Author\n==================\n\n- Author:: Joshua Timberman (<joshua@opscode.com>)\n- Author:: Lamont Granquist (<lamont@opscode.com>)\n- Author:: Chris Roberts (<chrisroberts.code@gmail.com>)\n- Author:: David Crane (<davidc@donorschoose.org>)\n- Author:: Aaron Baer (<aaron@hw-ops.com>)\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n",
+  "long_description": "About this fork\n===============\n\nThis fork is created specially for [from-scratch](https://github.com/sandrew/from-scratch) gem. It's feature is backported `setup_users` and `setup_databases` recipes from [another postgresql cookbook](https://github.com/phlipper/chef-postgresql) that, unfortunately, does not support YUM-based Linux distributions.\n\nDescription\n===========\n\nInstalls and configures PostgreSQL as a client or a server.\n\nRequirements\n============\n\n## Platforms\n\n* Debian, Ubuntu\n* Red Hat/CentOS/Scientific (6.0+ required) - \"EL6-family\"\n* Fedora\n* SUSE\n\nTested on:\n\n* Ubuntu 10.04, 11.10, 12.04, 14.04, 14.10\n* Red Hat 6.1, Scientific 6.1, CentOS 6.3\n\n## Cookbooks\n\nRequires Opscode's `openssl` cookbook for secure password generation.\n\nRequires a C compiler and development headers in order to build the\n`pg` RubyGem to provide Ruby bindings in the `ruby` recipe.\n\nOpscode's `build-essential` cookbook provides this functionality on\nDebian, Ubuntu, and EL6-family.\n\nWhile not required, Opscode's `database` cookbook contains resources\nand providers that can interact with a PostgreSQL database. This\ncookbook is a dependency of database.\n\nAttributes\n==========\n\nThe following attributes are set based on the platform, see the\n`attributes/default.rb` file for default values.\n\n* `node['postgresql']['version']` - version of postgresql to manage\n* `node['postgresql']['dir']` - home directory of where postgresql\n  data and configuration lives.\n\n* `node['postgresql']['client']['packages']` - An array of package names\n  that should be installed on \"client\" systems.\n* `node['postgresql']['server']['packages']` - An array of package names\n  that should be installed on \"server\" systems.\n* `node['postgresql']['server']['config_change_notify']` - Type of\n  notification triggered when a config file changes.\n* `node['postgresql']['contrib']['packages']` - An array of package names\n  that could be installed on \"server\" systems for useful sysadmin tools.\n\n* `node['postgresql']['enable_pgdg_apt']` - Whether to enable the apt repo\n  by the PostgreSQL Global Development Group, which contains newer versions\n  of PostgreSQL.\n\n* `node['postgresql']['enable_pgdg_yum']` - Whether to enable the yum repo\n  by the PostgreSQL Global Development Group, which contains newer versions\n  of PostgreSQL.\n\n* `node['postgresql']['initdb_locale']` - Sets the default locale for the\n  database cluster. If this attribute is not specified, the locale is\n  inherited from the environment that initdb runs in. Sometimes you must\n  have a system locale that is not what you want for your database cluster,\n  and this attribute addresses that scenario. Valid only for EL-family\n  distros (RedHat/Centos/etc.).\n\nThe following attributes are generated in\n`recipe[postgresql::server]`.\n\n* `node['postgresql']['password']['postgres']` - randomly generated\n  password by the `openssl` cookbook's library.\n  (TODO: This is broken, as it disables the password.)\n\nConfiguration\n-------------\n\nThe `postgresql.conf` and `pg_hba.conf` files are dynamically\ngenerated from attributes. Each key in `node['postgresql']['config']`\nis a postgresql configuration directive, and will be rendered in the\nconfig file. For example, the attribute:\n\n    node['postgresql']['config']['listen_addresses'] = 'localhost'\n\nWill result in the following line in the `postgresql.conf` file:\n\n    listen_addresses = 'localhost'\n\nThe attributes file contains default values for Debian and RHEL\nplatform families (per the `node['platform_family']`). These defaults\nhave disparity between the platforms because they were originally\nextracted from the postgresql.conf files in the previous version of\nthis cookbook, which differed in their default config. The resulting\nconfiguration files will be the same as before, but the content will\nbe dynamically rendered from the attributes. The helpful commentary\nwill no longer be present. You should consult the PostgreSQL\ndocumentation for specific configuration details.\n\nSee __Recipes__ `config_initdb` and `config_pgtune` below to\nauto-generate many postgresql.conf settings.\n\nFor values that are \"on\" or \"off\", they should be specified as literal\n`true` or `false`. String values will be used with single quotes. Any\nconfiguration option set to the literal `nil` will be skipped\nentirely. All other values (e.g., numeric literals) will be used as\nis. So for example:\n\n    node.default['postgresql']['config']['logging_collector'] = true\n    node.default['postgresql']['config']['datestyle'] = 'iso, mdy'\n    node.default['postgresql']['config']['ident_file'] = nil\n    node.default['postgresql']['config']['port'] = 5432\n\nWill result in the following config lines:\n\n    logging_collector = 'on'\n    datestyle = 'iso,mdy'\n    port = 5432\n\n(no line printed for `ident_file` as it is `nil`)\n\nNote that the `unix_socket_directory` configuration was renamed to\n`unix_socket_directories` in Postgres 9.3 so make sure to use the\n`node['postgresql']['unix_socket_directories']` attribute instead of\n`node['postgresql']['unix_socket_directory']`.\n\nThe `pg_hba.conf` file is dynamically generated from the\n`node['postgresql']['pg_hba']` attribute. This attribute must be an\narray of hashes, each hash containing the authorization data. As it is\nan array, you can append to it in your own recipes. The hash keys in\nthe array must be symbols. Each hash will be written as a line in\n`pg_hba.conf`. For example, this entry from\n`node['postgresql']['pg_hba']`:\n\n    [{:comment => '# Optional comment',\n    :type => 'local', :db => 'all', :user => 'postgres', :addr => nil, :method => 'md5'}]\n\nWill result in the following line in `pg_hba.conf`:\n\n    # Optional comment\n    local   all             postgres                                md5\n\nUse `nil` if the CIDR-ADDRESS should be empty (as above).\nDon't provide a comment if none is desired in the `pg_hba.conf` file.\n\nNote that the following authorization rule is supplied automatically by\nthe cookbook template. The cookbook needs this to execute SQL in the\nPostgreSQL server without supplying the clear-text password (which isn't\nknown by the cookbook). Therefore, your `node['postgresql']['pg_hba']`\nattributes don't need to specify this authorization rule:\n\n    # \"local\" is for Unix domain socket connections only\n    local   all             all                                     ident\n\n(By the way, the template uses `peer` instead of `ident` for PostgreSQL-9.1\nand above, which has the same effect.)\n\nRecipes\n=======\n\ndefault\n-------\n\nIncludes the client recipe.\n\nclient\n------\n\nInstalls the packages defined in the\n`node['postgresql']['client']['packages']` attribute.\n\nruby\n----\n\n**NOTE** This recipe may not currently work when installing Chef with\n  the\n  [\"Omnibus\" full stack installer](http://opscode.com/chef/install) on\n  some platforms due to an incompatibility with OpenSSL. See\n  [COOK-1406](http://tickets.opscode.com/browse/COOK-1406). You can\n  build from source into the Chef omnibus installation to work around\n  this issue.\n\nInstall the `pg` gem under Chef's Ruby environment so it can be used\nin other recipes. The build-essential packages and postgresql client\npackages will be installed during the compile phase, so that the\nnative extensions of `pg` can be compiled.\n\nserver\n------\n\nIncludes the `server_debian` or `server_redhat` recipe to get the\nappropriate server packages installed and service managed. Also\nmanages the configuration for the server:\n\n* generates a strong default password (via `openssl`) for `postgres`\n  (TODO: This is broken, as it disables the password.)\n* sets the password for postgres\n* manages the `postgresql.conf` file.\n* manages the `pg_hba.conf` file.\n\nserver\\_debian\n--------------\n\nInstalls the postgresql server packages and sets up the service. You\nshould include the `postgresql::server` recipe, which will include\nthis on Debian platforms.\n\nserver\\_redhat\n--------------\n\nManages the postgres user and group (with UID/GID 26, per RHEL package\nconventions), installs the postgresql server packages, initializes the\ndatabase, and manages the postgresql service. You should include the\n`postgresql::server` recipe, which will include this on RHEL/Fedora\nplatforms.\n\nconfig\\_initdb\n--------------\n\nTakes locale and timezone settings from the system configuration.\nThis recipe creates `node.default['postgresql']['config']` attributes\nthat conform to the system's locale and timezone. In addition, this\nrecipe creates the same error reporting and logging settings that\n`initdb` provided: a rotation of 7 days of log files named\npostgresql-Mon.log, etc.\n\nThe default attributes created by this recipe are easy to override with\nnormal attributes because of Chef attribute precedence. For example,\nsuppose a DBA wanted to keep log files indefinitely, rolling over daily\nor when growing to 10MB. The Chef installation could include the\n`postgresql::config_initdb` recipe for the locale and timezone settings,\nbut customize the logging settings with these node JSON attributes:\n\n    \"postgresql\": {\n      \"config\": {\n        \"log_rotation_age\": \"1d\",\n        \"log_rotation_size\": \"10MB\",\n        \"log_filename\": \"postgresql-%Y-%m-%d_%H%M%S.log\"\n      }\n    }\n\nCredits: This `postgresql::config_initdb` recipe is based on algorithms\nin the [source code](http://doxygen.postgresql.org/initdb_8c_source.html)\nfor the PostgreSQL `initdb` utility.\n\nconfig\\_pgtune\n--------------\n\nPerformance tuning.\nTakes the wimpy default postgresql.conf and expands the database server\nto be as powerful as the hardware it's being deployed on. This recipe\ncreates a baseline configuration of `node.default['postgresql']['config']`\nattributes in the right general range for a dedicated Postgresql system.\nMost installations won't need additional performance tuning.\n\nThe only decision you need to make is to choose a `db_type` from the\nfollowing database workloads. (See the recipe code comments for more\ndetailed descriptions.)\n\n * \"dw\" -- Data Warehouse\n * \"oltp\" -- Online Transaction Processing\n * \"web\" -- Web Application\n * \"mixed\" -- Mixed DW and OLTP characteristics\n * \"desktop\" -- Not a dedicated database\n\nThis recipe uses a performance model with three input parameters.\nThese node attributes are completely optional, but it is obviously\nimportant to choose the `db_type` correctly:\n\n * `node['postgresql']['config_pgtune']['db_type']` --\n   Specifies database type from the list of five choices above.\n   If not specified, the default is \"mixed\".\n\n * `node['postgresql']['config_pgtune']['max_connections']` --\n   Specifies maximum number of connections expected.\n   If not specified, it depends on database type:\n   \"web\":200, \"oltp\":300, \"dw\":20, \"mixed\":80, \"desktop\":5\n\n * `node['postgresql']['config_pgtune']['total_memory']` --\n   Specifies total system memory in kB. (E.g., \"49416564kB\".)\n   If not specified, it will be taken from Ohai automatic attributes.\n   This could be used to tune a system that isn't a dedicated database.\n\nThe default attributes created by this recipe are easy to override with\nnormal attributes because of Chef attribute precedence. For example, if\nyou are running application benchmarks to try different buffer cache\nsizes, you would experiment with this node JSON attribute:\n\n    \"postgresql\": {\n      \"config\": {\n        \"shared_buffers\": \"3GB\"\n      }\n    }\n\nNote that the recipe uses `max_connections` in its computations. If\nyou want to override that setting, you should specify\n`node['postgresql']['config_pgtune']['max_connections']` instead of\n`node['postgresql']['config']['max_connections']`.\n\nCredits: This `postgresql::config_pgtune` recipe is based on the\n[pgtune python script](https://github.com/gregs1104/pgtune)\ndeveloped by\n[Greg Smith](http://notemagnet.blogspot.com/2008/11/automating-initial-postgresqlconf.html)\nand\n[other pgsql-hackers](http://www.postgresql.org/message-id/491C6CDC.8090506@agliodbs.com).\n\ncontrib\n-------\n\nInstalls the packages defined in the\n`node['postgresql']['contrib']['packages']` attribute. The contrib\ndirectory of the PostgreSQL distribution includes porting tools,\nanalysis utilities, and plug-in features that database engineers often\nrequire. Some (like `pgbench`) are executable. Others (like\n`pg_buffercache`) would need to be installed into the database.\n\nAlso installs any contrib module extensions defined in the\n`node['postgresql']['contrib']['extensions']` attribute. These will be\navailable in any subsequently created databases in the cluster, because\nthey will be installed into the `template1` database using the\n`CREATE EXTENSION` command. For example, it is often necessary/helpful\nfor problem troubleshooting and maintenance planning to install the\nviews and functions in these [standard instrumentation extensions]\n(http://www.postgresql.org/message-id/flat/4DC32600.6080900@pgexperts.com#4DD3D6C6.5060006@2ndquadrant.com):\n\n    node['postgresql']['contrib']['extensions'] = [\n      \"pageinspect\",\n      \"pg_buffercache\",\n      \"pg_freespacemap\",\n      \"pgrowlocks\",\n      \"pg_stat_statements\",\n      \"pgstattuple\"\n    ]\n\nNote that the `pg_stat_statements` view only works if `postgresql.conf`\nloads its shared library, which can be done with this node attribute:\n\n    node['postgresql']['config']['shared_preload_libraries'] = 'pg_stat_statements'\n\nIf using `shared_preload_libraries` in combination with the `contrib` recipe,\nmake sure that the `contrib` recipe is called before the `server` recipe (to\nensure the dependencies are installed and setup in order).\n\napt\\_pgdg\\_postgresql\n----------------------\n\nEnables the PostgreSQL Global Development Group yum repository\nmaintained by Devrim G&#252;nd&#252;z for updated PostgreSQL packages.\n(The PGDG is the groups that develops PostgreSQL.)\nAutomatically included if the `node['postgresql']['enable_pgdg_apt']`\nattribute is true. Also set the\n`node['postgresql']['client']['packages']` and\n`node['postgresql']['server]['packages']` to the list of packages to\nuse from this repository, and set the `node['postgresql']['version']`\nattribute to the version to use (e.g., \"9.2\").\n\nyum\\_pgdg\\_postgresql\n---------------------\n\nEnables the PostgreSQL Global Development Group yum repository\nmaintained by Devrim G&#252;nd&#252;z for updated PostgreSQL packages.\n(The PGDG is the groups that develops PostgreSQL.)\nAutomatically included if the `node['postgresql']['enable_pgdg_yum']`\nattribute is true. Also use `override_attributes` to set a number of\nvalues that will need to have embedded version numbers. For example:\n\n    node['postgresql']['enable_pgdg_yum'] = true\n    node['postgresql']['version'] = \"9.2\"\n    node['postgresql']['dir'] = \"/var/lib/pgsql/9.2/data\"\n    node['postgresql']['config']['data_directory'] = node['postgresql']['dir']\n    node['postgresql']['client']['packages'] = [\"postgresql92\", \"postgresql92-devel\"]\n    node['postgresql']['server']['packages'] = [\"postgresql92-server\"]\n    node['postgresql']['server']['service_name'] = \"postgresql-9.2\"\n    node['postgresql']['contrib']['packages'] = [\"postgresql92-contrib\"]\n\nYou may set `node['postgresql']['pgdg']['repo_rpm_url']` attributes\nto pick up recent [PGDG repo packages](http://yum.postgresql.org/repopackages.php).\n\nResources/Providers\n===================\n\nSee the [database](http://community.opscode.com/cookbooks/database)\nfor resources and providers that can be used for managing PostgreSQL\nusers and databases.\n\nUsage\n=====\n\nOn systems that need to connect to a PostgreSQL database, add to a run\nlist `recipe[postgresql]` or `recipe[postgresql::client]`.\n\nOn systems that should be PostgreSQL servers, use\n`recipe[postgresql::server]` on a run list. This recipe does set a\npassword for the `postgres` user.\nIf you're using `chef server`, if the attribute\n`node['postgresql']['password']['postgres']` is not found,\nthe recipe generates a random password and performs a node.save.\n(TODO: This is broken, as it disables the password.)\nIf you're using `chef-solo`, you'll need\nto set the attribute `node['postgresql']['password']['postgres']` in\nyour node's `json_attribs` file or in a role.\n\nOn Debian family systems, SSL will be enabled, as the packages on\nDebian/Ubuntu also generate the SSL certificates. If you use another\nplatform and wish to use SSL in postgresql, then generate your SSL\ncertificates and distribute them in your own cookbook, and set the\n`node['postgresql']['config']['ssl']` attribute to true in your\nrole/cookboook/node.\n\nOn server systems, the postgres server is restarted when a configuration\nfile changes.  This can be changed to reload only by setting the\nfollowing attribute:\n\n    node['postgresql']['server']['config_change_notify'] = :reload\n\nChef Solo Note\n==============\n\nThe following node attribute is stored on the Chef Server when using\n`chef-client`. Because `chef-solo` does not connect to a server or\nsave the node object at all, to have the password persist across\n`chef-solo` runs, you must specify them in the `json_attribs` file\nused. For Example:\n\n    {\n      \"postgresql\": {\n        \"password\": {\n          \"postgres\": \"iloverandompasswordsbutthiswilldo\"\n        }\n      },\n      \"run_list\": [\"recipe[postgresql::server]\"]\n    }\n\nThat should actually be the \"encrypted password\" instead of cleartext,\nso you should generate it as an md5 hash using the PostgreSQL algorithm.\n\n* You could copy the md5-hashed password from an existing postgres\ndatabase if you have `postgres` access and want to use the same password:<br>\n`select * from pg_shadow where usename='postgres';`\n* You can run this from any postgres database session to use a new password:<br>\n`select 'md5'||md5('iloverandompasswordsbutthiswilldo'||'postgres');`\n* You can run this from a linux commandline:<br>\n`echo -n 'iloverandompasswordsbutthiswilldo''postgres' | openssl md5 | sed -e 's/.* /md5/'`\n\nLicense and Author\n==================\n\n- Author:: Joshua Timberman (<joshua@opscode.com>)\n- Author:: Lamont Granquist (<lamont@opscode.com>)\n- Author:: Chris Roberts (<chrisroberts.code@gmail.com>)\n- Author:: David Crane (<davidc@donorschoose.org>)\n- Author:: Aaron Baer (<aaron@hw-ops.com>)\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n",
   "maintainer": "Heavy Water Operations, LLC",
   "maintainer_email": "support@hw-ops.com",
   "license": "Apache 2.0",

data/cookbooks/scratchify/Berksfile

@@ -7,7 +7,7 @@ metadata
 
 cookbook 'user'
 cookbook 'rvm', github: 'fnichol/chef-rvm'
-cookbook 'postgresql', path: '../postgresql'
+cookbook 'postgresql', github: 'sandrew/postgresql', branch: 'develop'
 
 # cookbook 'dpkg_packages', git: "https://gitlab.acid.cl/acidlabs/chef-dpkg-packages.git"
 # cookbook 'nginx',         git: "https://gitlab.acid.cl/acidlabs/chef-nginx.git"

data/cookbooks/scratchify/Berksfile.lock

@@ -1,6 +1,8 @@
 DEPENDENCIES
   postgresql
-    path: ../postgresql
+    git: git://github.com/sandrew/postgresql.git
+    revision: a1f3ce3e2e22515bc175011a3e3faa0af98dd8db
+    branch: develop
   rvm
     git: git://github.com/fnichol/chef-rvm.git
     revision: 08ec265f277e112a5a2e4b201bd32ddfe1bb968c

data/cookbooks/scratchify/from-scratch.gemspec

@@ -20,12 +20,12 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency "bundler", "~> 1.10"
   spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_development_dependency 'rspec', "~> 3.3.0"
-  spec.add_development_dependency 'pry'
+  spec.add_development_dependency 'rspec', "~> 3.3"
+  spec.add_development_dependency 'pry', "~> 0.10"
 
   spec.add_dependency 'knife-solo'
   spec.add_dependency 'knife-solo_data_bag'
-  spec.add_dependency 'chef'
+  spec.add_dependency 'chef', "~> 12.5"
   spec.add_dependency 'berkshelf'
 
 

data/cookbooks/scratchify/lib/from-scratch.rb

@@ -6,8 +6,11 @@ module FromScratch
   def self.run!
     app_name, host = ARGV
     ssh_pub_key = `cat ~/.ssh/id_rsa.pub`.strip
-    postgresql_admin_password = `echo -n '#{SecureRandom.hex(64)}''postgres' | openssl md5 | sed -e 's/.* /md5/'`.strip
-    postgresql_user_password = SecureRandom.hex(16)
+    postgresql_admin_password = `echo -n '#{SecureRandom.base64(16)}''postgres' | openssl md5 | sed -e 's/.* /md5/'`.strip
+
+    puts "Your PG #{app_name} password is:"
+    puts postgresql_user_password = SecureRandom.base64(16)
+    puts
 
     { node: ['nodes', host], user: ['data_bags/users', 'deploy'] }.each do |from, to|
       FileUtils.mkdir_p File.expand_path("../../tmp/#{to[0]}", __FILE__)
@@ -17,8 +20,8 @@ module FromScratch
     end
 
     Dir.chdir(File.expand_path('../..', __FILE__)) do
-      system "knife solo bootstrap root@#{host}"
-      system "knife solo clean root@#{host}"
+      system "knife solo bootstrap root@#{host} -c ./.chef/knife.rb"
+      system "knife solo clean root@#{host} -c ./.chef/knife.rb"
     end
 
     FileUtils.rm_rf [File.expand_path('../../tmp', __FILE__)]

data/cookbooks/scratchify/recipes/default.rb

@@ -0,0 +1,20 @@
+directory "/home/deploy/#{node['scratchify']['app_name']}/shared/config" do
+  owner 'deploy'
+  group 'deploy'
+  mode '0755'
+  recursive true
+end
+
+template "/home/deploy/#{node['scratchify']['app_name']}/shared/config/database.yml" do
+  source 'database.yml.erb'
+  owner 'deploy'
+  group 'deploy'
+  mode '0600'
+end
+
+template "/home/deploy/#{node['scratchify']['app_name']}/shared/config/secrets.yml" do
+  source 'secrets.yml.erb'
+  owner 'deploy'
+  group 'deploy'
+  mode '0600'
+end

data/cookbooks/scratchify/templates/database.yml.erb

@@ -0,0 +1,7 @@
+production:
+  adapter: postgresql
+  database: '<%= node['postgresql']['databases'][0]['name'] %>'
+  username: '<%= node['postgresql']['users'][0]['username'] %>'
+  password: '<%= node['postgresql']['users'][0]['password'] %>'
+  encoding: unicode
+  host: localhost

data/cookbooks/scratchify/templates/node.json.erb

@@ -40,11 +40,31 @@
         "owner": "<%= app_name %>"
       }
     ],
+    "pg_hba": [
+      {
+        "type": "host",
+        "db": "all",
+        "user": "all",
+        "addr": "127.0.0.1/32",
+        "method": "md5"
+      },
+      {
+        "type": "host",
+        "db": "all",
+        "user": "all",
+        "addr": "::1/128",
+        "method": "md5"
+      }
+    ],
     "config_pgtune": {
       "db_type": "web"
     }
   },
 
+  "scratchify": {
+    "app_name": "<%= app_name %>"
+  },
+
   "automatic": {
     "ipaddress": "<%= host %>"
   }

data/cookbooks/scratchify/templates/secrets.yml.erb

@@ -0,0 +1,2 @@
+production:
+  secret_key_base: '<%= SecureRandom.hex(64) %>'

data/from-scratch.gemspec

@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency 'knife-solo'
   spec.add_dependency 'knife-solo_data_bag'
-  spec.add_dependency 'chef'
+  spec.add_dependency 'chef', "~> 12.5"
   spec.add_dependency 'berkshelf'
 
 

data/lib/from-scratch.rb

@@ -8,10 +8,6 @@ module FromScratch
     ssh_pub_key = `cat ~/.ssh/id_rsa.pub`.strip
     postgresql_admin_password = `echo -n '#{SecureRandom.base64(16)}''postgres' | openssl md5 | sed -e 's/.* /md5/'`.strip
 
-    puts "Your PG #{app_name} password is:"
-    puts postgresql_user_password = SecureRandom.base64(16)
-    puts
-
     { node: ['nodes', host], user: ['data_bags/users', 'deploy'] }.each do |from, to|
       FileUtils.mkdir_p File.expand_path("../../tmp/#{to[0]}", __FILE__)
       File.open(File.expand_path("../../tmp/#{to.join('/')}.json", __FILE__), 'w') do |f|

data/lib/from-scratch/version.rb

@@ -1,3 +1,3 @@
 module FromScratch
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

data/recipes/default.rb

@@ -0,0 +1,20 @@
+directory "/home/deploy/#{node['scratchify']['app_name']}/shared/config" do
+  owner 'deploy'
+  group 'deploy'
+  mode '0755'
+  recursive true
+end
+
+template "/home/deploy/#{node['scratchify']['app_name']}/shared/config/database.yml" do
+  source 'database.yml.erb'
+  owner 'deploy'
+  group 'deploy'
+  mode '0600'
+end
+
+template "/home/deploy/#{node['scratchify']['app_name']}/shared/config/secrets.yml" do
+  source 'secrets.yml.erb'
+  owner 'deploy'
+  group 'deploy'
+  mode '0600'
+end

data/templates/database.yml.erb

@@ -0,0 +1,7 @@
+production:
+  adapter: postgresql
+  database: '<%= node['postgresql']['databases'][0]['name'] %>'
+  username: '<%= node['postgresql']['users'][0]['username'] %>'
+  password: '<%= node['postgresql']['users'][0]['password'] %>'
+  encoding: unicode
+  host: localhost

data/templates/node.json.erb

@@ -61,6 +61,10 @@
     }
   },
 
+  "scratchify": {
+    "app_name": "<%= app_name %>"
+  },
+
   "automatic": {
     "ipaddress": "<%= host %>"
   }

data/templates/secrets.yml.erb

@@ -0,0 +1,2 @@
+production:
+  secret_key_base: '<%= SecureRandom.hex(64) %>'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: from-scratch
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Andrew Shaydurov
@@ -98,16 +98,16 @@ dependencies:
   name: chef
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '12.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '12.5'
 - !ruby/object:Gem::Dependency
   name: berkshelf
   requirement: !ruby/object:Gem::Requirement
@@ -378,7 +378,9 @@ files:
 - cookbooks/scratchify/recipes/default.rb
 - cookbooks/scratchify/spec/from/scratch_spec.rb
 - cookbooks/scratchify/spec/spec_helper.rb
+- cookbooks/scratchify/templates/database.yml.erb
 - cookbooks/scratchify/templates/node.json.erb
+- cookbooks/scratchify/templates/secrets.yml.erb
 - cookbooks/scratchify/templates/user.json.erb
 - cookbooks/user/.gitignore
 - cookbooks/user/.kitchen.yml
@@ -401,7 +403,9 @@ files:
 - lib/from-scratch/version.rb
 - metadata.rb
 - recipes/default.rb
+- templates/database.yml.erb
 - templates/node.json.erb
+- templates/secrets.yml.erb
 - templates/user.json.erb
 homepage: https://github.com/sandrew/from-scratch
 licenses: