safeguard-devise 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +15 -0
- data/.vagrant/machines/default/virtualbox/action_provision +1 -0
- data/.vagrant/machines/default/virtualbox/action_set_name +1 -0
- data/.vagrant/machines/default/virtualbox/id +1 -0
- data/Gemfile +25 -0
- data/Gemfile.lock +186 -0
- data/Rakefile +51 -0
- data/VERSION +1 -0
- data/Vagrantfile +128 -0
- data/app/controllers/devise/devise_safeguard_controller.rb +56 -0
- data/app/views/devise/verify_safeguard.html.erb +9 -0
- data/app/views/devise/verify_safeguard.html.haml +7 -0
- data/config/locales/pt-BR.yml +5 -0
- data/lib/devise-safeguard/controllers/helpers.rb +54 -0
- data/lib/devise-safeguard/hooks/safeguard_authenticatable.rb +7 -0
- data/lib/devise-safeguard/models/safeguard_authenticatable.rb +18 -0
- data/lib/devise-safeguard/rails.rb +7 -0
- data/lib/devise-safeguard/routes.rb +17 -0
- data/lib/generators/active_record/devise_safeguard_generator.rb +13 -0
- data/lib/generators/active_record/templates/migration.rb +15 -0
- data/lib/generators/devise_safeguard/devise_safeguard_generator.rb +30 -0
- data/lib/generators/devise_safeguard/install_generator.rb +44 -0
- data/lib/safeguard-devise.rb +24 -0
- data/puppet/manifests/default.pp +66 -0
- data/puppet/modules/elasticsearch/CHANGELOG +62 -0
- data/puppet/modules/elasticsearch/CONTRIBUTORS +20 -0
- data/puppet/modules/elasticsearch/LICENSE +13 -0
- data/puppet/modules/elasticsearch/Modulefile +9 -0
- data/puppet/modules/elasticsearch/README.md +147 -0
- data/puppet/modules/elasticsearch/Rakefile +5 -0
- data/puppet/modules/elasticsearch/manifests/config.pp +64 -0
- data/puppet/modules/elasticsearch/manifests/init.pp +208 -0
- data/puppet/modules/elasticsearch/manifests/java.pp +50 -0
- data/puppet/modules/elasticsearch/manifests/package.pp +84 -0
- data/puppet/modules/elasticsearch/manifests/params.pp +103 -0
- data/puppet/modules/elasticsearch/manifests/plugin.pp +97 -0
- data/puppet/modules/elasticsearch/manifests/python.pp +34 -0
- data/puppet/modules/elasticsearch/manifests/service.pp +114 -0
- data/puppet/modules/elasticsearch/manifests/template.pp +118 -0
- data/puppet/modules/elasticsearch/metadata.json +41 -0
- data/puppet/modules/elasticsearch/spec/classes/elasticsearch_init_spec.rb +596 -0
- data/puppet/modules/elasticsearch/spec/defines/template_spec.rb +66 -0
- data/puppet/modules/elasticsearch/spec/spec_helper.rb +2 -0
- data/puppet/modules/elasticsearch/templates/etc/default/elasticsearch.erb +5 -0
- data/puppet/modules/elasticsearch/templates/etc/elasticsearch/elasticsearch.yml.erb +93 -0
- data/puppet/modules/memcached/.gitignore +2 -0
- data/puppet/modules/memcached/Modulefile +8 -0
- data/puppet/modules/memcached/README.md +29 -0
- data/puppet/modules/memcached/manifests/init.pp +33 -0
- data/puppet/modules/memcached/manifests/params.pp +21 -0
- data/puppet/modules/memcached/templates/memcached.conf.erb +46 -0
- data/puppet/modules/memcached/templates/memcached_sysconfig.erb +5 -0
- data/puppet/modules/mysql/.fixtures.yml +3 -0
- data/puppet/modules/mysql/.gemfile +5 -0
- data/puppet/modules/mysql/LICENSE +201 -0
- data/puppet/modules/mysql/Modulefile +8 -0
- data/puppet/modules/mysql/README.md +124 -0
- data/puppet/modules/mysql/files/mysqltuner.pl +966 -0
- data/puppet/modules/mysql/lib/puppet/parser/functions/mysql_password.rb +15 -0
- data/puppet/modules/mysql/lib/puppet/provider/database/mysql.rb +42 -0
- data/puppet/modules/mysql/lib/puppet/provider/database_grant/mysql.rb +177 -0
- data/puppet/modules/mysql/lib/puppet/provider/database_user/mysql.rb +42 -0
- data/puppet/modules/mysql/lib/puppet/type/database.rb +17 -0
- data/puppet/modules/mysql/lib/puppet/type/database_grant.rb +75 -0
- data/puppet/modules/mysql/lib/puppet/type/database_user.rb +25 -0
- data/puppet/modules/mysql/manifests/backup.pp +68 -0
- data/puppet/modules/mysql/manifests/config.pp +122 -0
- data/puppet/modules/mysql/manifests/db.pp +77 -0
- data/puppet/modules/mysql/manifests/init.pp +24 -0
- data/puppet/modules/mysql/manifests/java.pp +24 -0
- data/puppet/modules/mysql/manifests/params.pp +91 -0
- data/puppet/modules/mysql/manifests/python.pp +26 -0
- data/puppet/modules/mysql/manifests/ruby.pp +28 -0
- data/puppet/modules/mysql/manifests/server/account_security.pp +13 -0
- data/puppet/modules/mysql/manifests/server/monitor.pp +19 -0
- data/puppet/modules/mysql/manifests/server/mysqltuner.pp +22 -0
- data/puppet/modules/mysql/manifests/server.pp +52 -0
- data/puppet/modules/mysql/templates/my.cnf.erb +42 -0
- data/puppet/modules/mysql/templates/my.cnf.pass.erb +6 -0
- data/puppet/modules/mysql/templates/mysqlbackup.sh.erb +23 -0
- data/puppet/modules/postgresql/GPL-3 +674 -0
- data/puppet/modules/postgresql/Modulefile +13 -0
- data/puppet/modules/postgresql/README.md +156 -0
- data/puppet/modules/postgresql/lib/puppet/provider/pg_database/debian_postgresql.rb +30 -0
- data/puppet/modules/postgresql/lib/puppet/provider/pg_database/default.rb +17 -0
- data/puppet/modules/postgresql/lib/puppet/provider/pg_user/debian_postgresql.rb +63 -0
- data/puppet/modules/postgresql/lib/puppet/provider/pg_user/default.rb +17 -0
- data/puppet/modules/postgresql/lib/puppet/type/pg_database.rb +29 -0
- data/puppet/modules/postgresql/lib/puppet/type/pg_user.rb +45 -0
- data/puppet/modules/postgresql/manifests/db.pp +20 -0
- data/puppet/modules/postgresql/manifests/init.pp +12 -0
- data/puppet/modules/postgresql/manifests/params.pp +15 -0
- data/puppet/modules/postgresql/manifests/server.pp +47 -0
- data/puppet/modules/postgresql/templates/pg_hba.conf.erb +105 -0
- data/puppet/modules/postgresql/templates/postgresql.conf.erb +559 -0
- data/puppet/modules/redis/CHANGELOG +41 -0
- data/puppet/modules/redis/Gemfile +7 -0
- data/puppet/modules/redis/Gemfile.lock +18 -0
- data/puppet/modules/redis/Modulefile +10 -0
- data/puppet/modules/redis/README.md +34 -0
- data/puppet/modules/redis/Rakefile +6 -0
- data/puppet/modules/redis/manifests/init.pp +153 -0
- data/puppet/modules/redis/manifests/params.pp +39 -0
- data/puppet/modules/redis/metadata.json +31 -0
- data/puppet/modules/redis/spec/spec_helper.rb +17 -0
- data/puppet/modules/redis/templates/redis.debian.conf.erb +217 -0
- data/puppet/modules/redis/templates/redis.logrotate.erb +9 -0
- data/puppet/modules/redis/templates/redis.rhel.conf.erb +547 -0
- data/puppet/modules/redis/tests/init.pp +8 -0
- data/puppet/upgrade-puppet.sh +16 -0
- data/safeguard-devise.gemspec +249 -0
- data/spec/controllers/safeguard_devise_controller_spec.rb +67 -0
- data/spec/devise/safeguard_authenticatable_spec.rb +71 -0
- data/spec/orm/active_record.rb +4 -0
- data/spec/routing/routes_spec.rb +13 -0
- data/spec/safeguard-devise-test-app/.gitignore +16 -0
- data/spec/safeguard-devise-test-app/Gemfile +14 -0
- data/spec/safeguard-devise-test-app/Gemfile.lock +119 -0
- data/spec/safeguard-devise-test-app/README.rdoc +28 -0
- data/spec/safeguard-devise-test-app/Rakefile +6 -0
- data/spec/safeguard-devise-test-app/app/assets/images/.keep +0 -0
- data/spec/safeguard-devise-test-app/app/assets/javascripts/application.js +13 -0
- data/spec/safeguard-devise-test-app/app/assets/stylesheets/application.css +13 -0
- data/spec/safeguard-devise-test-app/app/controllers/application_controller.rb +5 -0
- data/spec/safeguard-devise-test-app/app/controllers/concerns/.keep +0 -0
- data/spec/safeguard-devise-test-app/app/controllers/home_controller.rb +6 -0
- data/spec/safeguard-devise-test-app/app/helpers/application_helper.rb +2 -0
- data/spec/safeguard-devise-test-app/app/mailers/.keep +0 -0
- data/spec/safeguard-devise-test-app/app/models/.keep +0 -0
- data/spec/safeguard-devise-test-app/app/models/concerns/.keep +0 -0
- data/spec/safeguard-devise-test-app/app/models/user.rb +6 -0
- data/spec/safeguard-devise-test-app/app/views/devise/devise_safeguard/verify_safeguard.html.erb +9 -0
- data/spec/safeguard-devise-test-app/app/views/devise/devise_safeguard/verify_safeguard.html.haml +6 -0
- data/spec/safeguard-devise-test-app/app/views/home/index.html.erb +1 -0
- data/spec/safeguard-devise-test-app/app/views/layouts/application.html.erb +14 -0
- data/spec/safeguard-devise-test-app/bin/bundle +3 -0
- data/spec/safeguard-devise-test-app/bin/rails +4 -0
- data/spec/safeguard-devise-test-app/bin/rake +4 -0
- data/spec/safeguard-devise-test-app/config/application.rb +31 -0
- data/spec/safeguard-devise-test-app/config/boot.rb +4 -0
- data/spec/safeguard-devise-test-app/config/database.yml +25 -0
- data/spec/safeguard-devise-test-app/config/environment.rb +5 -0
- data/spec/safeguard-devise-test-app/config/environments/development.rb +29 -0
- data/spec/safeguard-devise-test-app/config/environments/production.rb +80 -0
- data/spec/safeguard-devise-test-app/config/environments/test.rb +36 -0
- data/spec/safeguard-devise-test-app/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/safeguard-devise-test-app/config/initializers/devise.rb +259 -0
- data/spec/safeguard-devise-test-app/config/initializers/filter_parameter_logging.rb +4 -0
- data/spec/safeguard-devise-test-app/config/initializers/inflections.rb +16 -0
- data/spec/safeguard-devise-test-app/config/initializers/mime_types.rb +5 -0
- data/spec/safeguard-devise-test-app/config/initializers/secret_token.rb +12 -0
- data/spec/safeguard-devise-test-app/config/initializers/session_store.rb +3 -0
- data/spec/safeguard-devise-test-app/config/initializers/wrap_parameters.rb +14 -0
- data/spec/safeguard-devise-test-app/config/locales/devise.en.yml +59 -0
- data/spec/safeguard-devise-test-app/config/locales/devise.safeguard.pt-BR.yml +5 -0
- data/spec/safeguard-devise-test-app/config/locales/en.yml +23 -0
- data/spec/safeguard-devise-test-app/config/routes.rb +59 -0
- data/spec/safeguard-devise-test-app/config.ru +4 -0
- data/spec/safeguard-devise-test-app/db/migrate/20140220191103_create_users.rb +9 -0
- data/spec/safeguard-devise-test-app/db/migrate/20140220191247_add_devise_to_users.rb +49 -0
- data/spec/safeguard-devise-test-app/db/migrate/20140220191522_devise_safeguard_add_to_users.rb +15 -0
- data/spec/safeguard-devise-test-app/db/schema.rb +37 -0
- data/spec/safeguard-devise-test-app/db/seeds.rb +7 -0
- data/spec/safeguard-devise-test-app/lib/assets/.keep +0 -0
- data/spec/safeguard-devise-test-app/lib/tasks/.keep +0 -0
- data/spec/safeguard-devise-test-app/log/.keep +0 -0
- data/spec/safeguard-devise-test-app/public/404.html +58 -0
- data/spec/safeguard-devise-test-app/public/422.html +58 -0
- data/spec/safeguard-devise-test-app/public/500.html +57 -0
- data/spec/safeguard-devise-test-app/public/favicon.ico +0 -0
- data/spec/safeguard-devise-test-app/public/robots.txt +5 -0
- data/spec/safeguard-devise-test-app/test/controllers/.keep +0 -0
- data/spec/safeguard-devise-test-app/test/fixtures/.keep +0 -0
- data/spec/safeguard-devise-test-app/test/fixtures/users.yml +9 -0
- data/spec/safeguard-devise-test-app/test/helpers/.keep +0 -0
- data/spec/safeguard-devise-test-app/test/integration/.keep +0 -0
- data/spec/safeguard-devise-test-app/test/mailers/.keep +0 -0
- data/spec/safeguard-devise-test-app/test/models/.keep +0 -0
- data/spec/safeguard-devise-test-app/test/models/user_test.rb +7 -0
- data/spec/safeguard-devise-test-app/test/test_helper.rb +15 -0
- data/spec/safeguard-devise-test-app/vendor/assets/javascripts/.keep +0 -0
- data/spec/safeguard-devise-test-app/vendor/assets/stylesheets/.keep +0 -0
- data/spec/spec_helper.rb +31 -0
- data/spec/tests_helper/helpers.rb +34 -0
- metadata +381 -0
@@ -0,0 +1,13 @@
|
|
1
|
+
name 'akumria-postgresql'
|
2
|
+
version '1.0.0'
|
3
|
+
source 'UNKNOWN'
|
4
|
+
author 'akumria'
|
5
|
+
license 'GNU General Public License, Version 3+'
|
6
|
+
summary 'Install and configure postgresql database system'
|
7
|
+
description "Postgresql is a database system which is broadly compatible with SQL
|
8
|
+
standards. You can setup users and configure databases using this module.
|
9
|
+
"
|
10
|
+
project_page 'https://github.com/akumria/puppet-postgresql'
|
11
|
+
|
12
|
+
## Add dependencies, if any:
|
13
|
+
dependency 'puppetlabs/stdlib', '>= 2.3.1'
|
@@ -0,0 +1,156 @@
|
|
1
|
+
Puppet module for postgresql
|
2
|
+
============================
|
3
|
+
|
4
|
+
Basic usage
|
5
|
+
-----------
|
6
|
+
|
7
|
+
To install the client software
|
8
|
+
|
9
|
+
class {'postgresql': }
|
10
|
+
|
11
|
+
To specify a particular version
|
12
|
+
|
13
|
+
class {'postgresql':
|
14
|
+
version => '9.1',
|
15
|
+
}
|
16
|
+
|
17
|
+
To install the server
|
18
|
+
|
19
|
+
class {'postgresql::server': }
|
20
|
+
|
21
|
+
By default, the system-wide locale is assumed to be en_US.UTF-8. If the
|
22
|
+
locale is not installed or available, you can specify an alternative:
|
23
|
+
|
24
|
+
class { 'postgresql::server':
|
25
|
+
locale => 'es_ES.UTF-8',
|
26
|
+
}
|
27
|
+
|
28
|
+
Again, a particular version
|
29
|
+
|
30
|
+
class {'postgresql::server':
|
31
|
+
version => '9.1',
|
32
|
+
}
|
33
|
+
|
34
|
+
Listen on a specific post / IP address
|
35
|
+
|
36
|
+
class {'postgresql::server':
|
37
|
+
listen => ['192.168.0.1', ],
|
38
|
+
port => 5432,
|
39
|
+
}
|
40
|
+
|
41
|
+
To allow a remote host to connect to the server, now that you are listening
|
42
|
+
on the Internet.
|
43
|
+
|
44
|
+
class {'postgresql::server':
|
45
|
+
listen => ['192.168.0.1', ],
|
46
|
+
port => 5432,
|
47
|
+
acl => ['host all all 192.168.0.2/32 md5', ],
|
48
|
+
}
|
49
|
+
|
50
|
+
Refer to the [pg_hba.conf docs](http://www.postgresql.org/docs/devel/static/auth-pg-hba-conf.html) for
|
51
|
+
the specifics of what each possible ACL field can be set to.
|
52
|
+
|
53
|
+
To create a database owned by a user
|
54
|
+
|
55
|
+
postgresql::db { 'myuser':
|
56
|
+
password => 'mypassword',
|
57
|
+
}
|
58
|
+
|
59
|
+
This will create `myuser` and then create a database called `myuser`
|
60
|
+
which will owned by `myuser`. You can override the default locale and
|
61
|
+
encoding and, if required, specify a different owner. For example:
|
62
|
+
|
63
|
+
postgresql::db { 'mydatabase':
|
64
|
+
owner => 'myuser',
|
65
|
+
password => 'mypassword',
|
66
|
+
locale => 'en_AU.UTF-8',
|
67
|
+
encoding => 'C',
|
68
|
+
}
|
69
|
+
|
70
|
+
|
71
|
+
Read on, if your specific setup does not fall within this
|
72
|
+
(admittedly simple) framework.
|
73
|
+
|
74
|
+
Create a user
|
75
|
+
-------------
|
76
|
+
|
77
|
+
This creates a role in the database cluster, by default the user
|
78
|
+
is able to login and will inherit the permissions of any groups it
|
79
|
+
is a member of.
|
80
|
+
|
81
|
+
pg_user {'pguser':
|
82
|
+
ensure => present,
|
83
|
+
password => 'pgpassword',
|
84
|
+
}
|
85
|
+
|
86
|
+
You can also modify other attributes like whether the user can create
|
87
|
+
databases (`createdb`), create other roles (`createrole`) or is the
|
88
|
+
superuser (`superuser`).
|
89
|
+
|
90
|
+
For example:
|
91
|
+
|
92
|
+
pg_user {'mighty_pguser':
|
93
|
+
ensure => present,
|
94
|
+
password => 'themightyone',
|
95
|
+
createdb => true,
|
96
|
+
createrole => true,
|
97
|
+
}
|
98
|
+
|
99
|
+
|
100
|
+
Create a database
|
101
|
+
-----------------
|
102
|
+
|
103
|
+
This creates a database and adds a dependancy relationship to the user
|
104
|
+
|
105
|
+
pg_database {'pgdb':
|
106
|
+
ensure => present,
|
107
|
+
owner => 'pguser',
|
108
|
+
require => Pg_user['pguser'],
|
109
|
+
}
|
110
|
+
|
111
|
+
The default is UTF-8 and en_US.UTF-8 , for English. If required,
|
112
|
+
you can also specify both the locale and encoding of a database.
|
113
|
+
|
114
|
+
pg_database {'pgdb':
|
115
|
+
ensure => present,
|
116
|
+
owner => 'pguser',
|
117
|
+
encoding => 'UTF8',
|
118
|
+
locale => 'de_DE.UTF-8',
|
119
|
+
require => Pg_user['pguser'],
|
120
|
+
}
|
121
|
+
|
122
|
+
|
123
|
+
Notes
|
124
|
+
-----
|
125
|
+
|
126
|
+
This module will not (yet) update either the user or database once they have
|
127
|
+
been initially created. i.e. changing the `login` permission of a user does not work.
|
128
|
+
Nor does changing the locale of an existing database.
|
129
|
+
|
130
|
+
|
131
|
+
Contributors
|
132
|
+
------------
|
133
|
+
|
134
|
+
* [Anand Kumria](https://github.com/akumria) ([@akumria](https://twitter.com/akumria))
|
135
|
+
* [Federico Maggi](https://github.com/phretor)
|
136
|
+
* [Joe Topjian](https://github.com/jtopjian)
|
137
|
+
* [Stephan Hochdörfer](https://github.com/shochdoerfer)
|
138
|
+
* [Marcello Barnaba](https://github.com/vjt)
|
139
|
+
|
140
|
+
Copyright and License
|
141
|
+
---------------------
|
142
|
+
|
143
|
+
Copyright 2012 [Linuxpeak](https://www.linuxpeak.com/) Pty Ltd.
|
144
|
+
|
145
|
+
This program is free software: you can redistribute it and/or modify
|
146
|
+
it under the terms of the GNU General Public License as published by
|
147
|
+
the Free Software Foundation, either version 3 of the License, or
|
148
|
+
(at your option) any later version.
|
149
|
+
|
150
|
+
This program is distributed in the hope that it will be useful,
|
151
|
+
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
152
|
+
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
153
|
+
GNU General Public License for more details.
|
154
|
+
|
155
|
+
You should have received a copy of the GNU General Public License
|
156
|
+
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
@@ -0,0 +1,30 @@
|
|
1
|
+
Puppet::Type.type(:pg_database).provide(:debian_postgresql) do
|
2
|
+
|
3
|
+
desc "Manage databases for a postgres database cluster"
|
4
|
+
|
5
|
+
defaultfor :operatingsystem => [:debian, :ubuntu]
|
6
|
+
|
7
|
+
optional_commands :psql => 'psql'
|
8
|
+
optional_commands :su => 'su'
|
9
|
+
|
10
|
+
def create
|
11
|
+
su("-", "postgres", "-c", "createdb -T template0 -E %s -l %s -O %s %s" % [ @resource.value(:encoding), @resource.value(:locale), @resource.value(:owner), @resource.value(:name) ])
|
12
|
+
end
|
13
|
+
|
14
|
+
def destroy
|
15
|
+
su("-", "postgres", "-c", "dropdb %s" % [ @resource.value(:name) ])
|
16
|
+
end
|
17
|
+
|
18
|
+
def exists?
|
19
|
+
su_output = su("-", "postgres", "-c", "psql --quiet -A -t -c \"select 1 from pg_database where datname = '%s';\"" % @resource.value(:name))
|
20
|
+
return false if su_output.length == 0
|
21
|
+
su_output.each do |line|
|
22
|
+
if line == "1\n"
|
23
|
+
return true
|
24
|
+
else
|
25
|
+
return false
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
Puppet::Type.type(:pg_database).provide(:default) do
|
2
|
+
|
3
|
+
desc "A default pg_database provider which just fails."
|
4
|
+
|
5
|
+
def create
|
6
|
+
return false
|
7
|
+
end
|
8
|
+
|
9
|
+
def destroy
|
10
|
+
return false
|
11
|
+
end
|
12
|
+
|
13
|
+
def exists?
|
14
|
+
fail('This is just the default provider for pg_database, all it does is fail')
|
15
|
+
end
|
16
|
+
|
17
|
+
end
|
@@ -0,0 +1,63 @@
|
|
1
|
+
Puppet::Type.type(:pg_user).provide(:debian_postgresql) do
|
2
|
+
|
3
|
+
desc "Manage users for a postgres database cluster"
|
4
|
+
|
5
|
+
defaultfor :operatingsystem => [:debian, :ubuntu]
|
6
|
+
|
7
|
+
optional_commands :psql => 'psql'
|
8
|
+
optional_commands :su => 'su'
|
9
|
+
|
10
|
+
def create
|
11
|
+
stm = "create role %s encrypted password '%s'" % [\
|
12
|
+
@resource.value(:name), @resource.value(:password) ]
|
13
|
+
|
14
|
+
if @resource.value(:createdb) == true
|
15
|
+
stm = stm + " createdb"
|
16
|
+
else
|
17
|
+
stm = stm + " nocreatedb"
|
18
|
+
end
|
19
|
+
|
20
|
+
if @resource.value(:inherit) == false
|
21
|
+
stm = stm + " noinherit"
|
22
|
+
else
|
23
|
+
stm = stm + " inherit"
|
24
|
+
end
|
25
|
+
|
26
|
+
if @resource.value(:login) == false
|
27
|
+
stm = stm + " nologin"
|
28
|
+
else
|
29
|
+
stm = stm + " login"
|
30
|
+
end
|
31
|
+
|
32
|
+
if @resource.value(:createrole) == true
|
33
|
+
stm = stm + " createrole"
|
34
|
+
else
|
35
|
+
stm = stm + " nocreaterole"
|
36
|
+
end
|
37
|
+
|
38
|
+
if @resource.value(:superuser) == true
|
39
|
+
stm = stm + " superuser"
|
40
|
+
else
|
41
|
+
stm = stm + " nosuperuser"
|
42
|
+
end
|
43
|
+
|
44
|
+
su("-", "postgres", "-c", "psql -c \"%s\"" % stm)
|
45
|
+
end
|
46
|
+
|
47
|
+
def destroy
|
48
|
+
su("-", "postgres", "-c", "dropuser %s" % [ @resource.value(:name) ])
|
49
|
+
end
|
50
|
+
|
51
|
+
def exists?
|
52
|
+
su_output = su("-", "postgres", "-c", "psql --quiet -A -t -c \"select 1 from pg_roles where rolname = '%s';\"" % @resource.value(:name))
|
53
|
+
return false if su_output.length == 0
|
54
|
+
su_output.each do |line|
|
55
|
+
if line == "1\n"
|
56
|
+
return true
|
57
|
+
else
|
58
|
+
return false
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
Puppet::Type.type(:pg_user).provide(:default) do
|
2
|
+
|
3
|
+
desc "A default pg_user provider which just fails."
|
4
|
+
|
5
|
+
def create
|
6
|
+
return false
|
7
|
+
end
|
8
|
+
|
9
|
+
def destroy
|
10
|
+
return false
|
11
|
+
end
|
12
|
+
|
13
|
+
def exists?
|
14
|
+
fail('This is just the default provider for pg_user, all it does is fail')
|
15
|
+
end
|
16
|
+
|
17
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
# This has to be a separate type to enable collecting
|
2
|
+
Puppet::Type.newtype(:pg_database) do
|
3
|
+
@doc = "Manage Postgresql databases."
|
4
|
+
|
5
|
+
ensurable
|
6
|
+
|
7
|
+
newparam(:name, :namevar=>true) do
|
8
|
+
desc "The name of the database."
|
9
|
+
end
|
10
|
+
|
11
|
+
newparam(:owner) do
|
12
|
+
desc "The owner of the database"
|
13
|
+
|
14
|
+
defaultto :postgres
|
15
|
+
end
|
16
|
+
|
17
|
+
newparam(:encoding) do
|
18
|
+
desc "The character set encoding to use for the database"
|
19
|
+
|
20
|
+
defaultto :UTF8
|
21
|
+
end
|
22
|
+
|
23
|
+
newparam(:locale) do
|
24
|
+
desc "The locale to use for collation. Typical values include 'C' or 'en_US.UTF-8' or other specifiers"
|
25
|
+
|
26
|
+
defaultto :'en_US.UTF-8'
|
27
|
+
end
|
28
|
+
|
29
|
+
end
|
@@ -0,0 +1,45 @@
|
|
1
|
+
# This has to be a separate type to enable collecting
|
2
|
+
Puppet::Type.newtype(:pg_user) do
|
3
|
+
@doc = "Manage a Postgresql database user/role."
|
4
|
+
|
5
|
+
ensurable
|
6
|
+
|
7
|
+
newparam(:name, :namevar=>true) do
|
8
|
+
desc "The name of the user/role"
|
9
|
+
end
|
10
|
+
|
11
|
+
newparam(:password) do
|
12
|
+
desc "The password for the user/role"
|
13
|
+
end
|
14
|
+
|
15
|
+
newparam(:createdb) do
|
16
|
+
desc "Is the user allowed to create databases."
|
17
|
+
|
18
|
+
defaultto :false
|
19
|
+
end
|
20
|
+
|
21
|
+
newparam(:inherit) do
|
22
|
+
desc "Inherit privileges of roles this user/role is a member of."
|
23
|
+
|
24
|
+
defaultto :true
|
25
|
+
end
|
26
|
+
|
27
|
+
newparam(:login) do
|
28
|
+
desc "Can the user/role/ login?"
|
29
|
+
|
30
|
+
defaultto :true
|
31
|
+
end
|
32
|
+
|
33
|
+
newparam(:createrole) do
|
34
|
+
desc "Can the user/role create other users/roles?"
|
35
|
+
|
36
|
+
defaultto :false
|
37
|
+
end
|
38
|
+
|
39
|
+
newparam(:superuser) do
|
40
|
+
desc "Is the user/role a superuser?"
|
41
|
+
|
42
|
+
defaultto :false
|
43
|
+
end
|
44
|
+
|
45
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
define postgresql::db (
|
2
|
+
$password,
|
3
|
+
$owner = $name,
|
4
|
+
$encoding = 'UTF8',
|
5
|
+
$locale = 'en_US.UTF-8',
|
6
|
+
) {
|
7
|
+
|
8
|
+
pg_user {$owner:
|
9
|
+
ensure => present,
|
10
|
+
password => $password,
|
11
|
+
}
|
12
|
+
|
13
|
+
pg_database {$name:
|
14
|
+
ensure => present,
|
15
|
+
owner => $owner,
|
16
|
+
require => Pg_user[$owner],
|
17
|
+
encoding => $encoding,
|
18
|
+
locale => $locale,
|
19
|
+
}
|
20
|
+
}
|
@@ -0,0 +1,12 @@
|
|
1
|
+
class postgresql (
|
2
|
+
$client_package = $postgresql::params::client_package,
|
3
|
+
$version = $postgresql::params::version
|
4
|
+
|
5
|
+
) inherits postgresql::params {
|
6
|
+
|
7
|
+
package { "postgresql-client-$version":
|
8
|
+
name => sprintf("%s-%s", $client_package, $version),
|
9
|
+
ensure => present,
|
10
|
+
}
|
11
|
+
|
12
|
+
}
|
@@ -0,0 +1,15 @@
|
|
1
|
+
class postgresql::params {
|
2
|
+
$locale = 'en_US.UTF-8'
|
3
|
+
case $::operatingsystem {
|
4
|
+
/(Ubuntu|Debian)/: {
|
5
|
+
$version = '9.1'
|
6
|
+
$client_package = 'postgresql-client'
|
7
|
+
$server_package = 'postgresql'
|
8
|
+
$listen_address = 'localhost'
|
9
|
+
$port = 5432
|
10
|
+
}
|
11
|
+
default: {
|
12
|
+
fail("Unsupported platform: ${::operatingsystem}")
|
13
|
+
}
|
14
|
+
}
|
15
|
+
}
|
@@ -0,0 +1,47 @@
|
|
1
|
+
class postgresql::server (
|
2
|
+
$server_package = $postgresql::params::server_package,
|
3
|
+
$locale = $postgresql::params::locale,
|
4
|
+
$version = $postgresql::params::version,
|
5
|
+
$listen = $postgresql::params::listen_address,
|
6
|
+
$port = $postgresql::params::port,
|
7
|
+
$acl = []
|
8
|
+
) inherits postgresql::params {
|
9
|
+
|
10
|
+
package { "postgresql-server-$version":
|
11
|
+
name => sprintf("%s-%s", $server_package, $version),
|
12
|
+
ensure => present,
|
13
|
+
}
|
14
|
+
|
15
|
+
service { "postgresql-system-$version":
|
16
|
+
name => 'postgresql',
|
17
|
+
enable => true,
|
18
|
+
ensure => running,
|
19
|
+
hasstatus => false,
|
20
|
+
hasrestart => true,
|
21
|
+
provider => 'debian',
|
22
|
+
subscribe => Package["postgresql-server-$version"],
|
23
|
+
}
|
24
|
+
|
25
|
+
file { "postgresql-server-config-$version":
|
26
|
+
name => "/etc/postgresql/$version/main/postgresql.conf",
|
27
|
+
ensure => present,
|
28
|
+
content => template('postgresql/postgresql.conf.erb'),
|
29
|
+
owner => 'postgres',
|
30
|
+
group => 'postgres',
|
31
|
+
mode => '0644',
|
32
|
+
require => Package["postgresql-server-$version"],
|
33
|
+
notify => Service["postgresql-system-$version"],
|
34
|
+
}
|
35
|
+
|
36
|
+
file { "postgresql-server-hba-config-$version":
|
37
|
+
name => "/etc/postgresql/$version/main/pg_hba.conf",
|
38
|
+
ensure => present,
|
39
|
+
content => template('postgresql/pg_hba.conf.erb'),
|
40
|
+
owner => 'postgres',
|
41
|
+
group => 'postgres',
|
42
|
+
mode => '0640',
|
43
|
+
require => Package["postgresql-server-$version"],
|
44
|
+
notify => Service["postgresql-system-$version"],
|
45
|
+
}
|
46
|
+
|
47
|
+
}
|
@@ -0,0 +1,105 @@
|
|
1
|
+
# PostgreSQL Client Authentication Configuration File - managed by puppet - DO NOT EDIT
|
2
|
+
# =====================================================================================
|
3
|
+
#
|
4
|
+
# Refer to the "Client Authentication" section in the PostgreSQL
|
5
|
+
# documentation for a complete description of this file. A short
|
6
|
+
# synopsis follows.
|
7
|
+
#
|
8
|
+
# This file controls: which hosts are allowed to connect, how clients
|
9
|
+
# are authenticated, which PostgreSQL user names they can use, which
|
10
|
+
# databases they can access. Records take one of these forms:
|
11
|
+
#
|
12
|
+
# local DATABASE USER METHOD [OPTIONS]
|
13
|
+
# host DATABASE USER ADDRESS METHOD [OPTIONS]
|
14
|
+
# hostssl DATABASE USER ADDRESS METHOD [OPTIONS]
|
15
|
+
# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS]
|
16
|
+
#
|
17
|
+
# (The uppercase items must be replaced by actual values.)
|
18
|
+
#
|
19
|
+
# The first field is the connection type: "local" is a Unix-domain
|
20
|
+
# socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
|
21
|
+
# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
|
22
|
+
# plain TCP/IP socket.
|
23
|
+
#
|
24
|
+
# DATABASE can be "all", "sameuser", "samerole", "replication", a
|
25
|
+
# database name, or a comma-separated list thereof. The "all"
|
26
|
+
# keyword does not match "replication". Access to replication
|
27
|
+
# must be enabled in a separate record (see example below).
|
28
|
+
#
|
29
|
+
# USER can be "all", a user name, a group name prefixed with "+", or a
|
30
|
+
# comma-separated list thereof. In both the DATABASE and USER fields
|
31
|
+
# you can also write a file name prefixed with "@" to include names
|
32
|
+
# from a separate file.
|
33
|
+
#
|
34
|
+
# ADDRESS specifies the set of hosts the record matches. It can be a
|
35
|
+
# host name, or it is made up of an IP address and a CIDR mask that is
|
36
|
+
# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
|
37
|
+
# specifies the number of significant bits in the mask. A host name
|
38
|
+
# that starts with a dot (.) matches a suffix of the actual host name.
|
39
|
+
# Alternatively, you can write an IP address and netmask in separate
|
40
|
+
# columns to specify the set of hosts. Instead of a CIDR-address, you
|
41
|
+
# can write "samehost" to match any of the server's own IP addresses,
|
42
|
+
# or "samenet" to match any address in any subnet that the server is
|
43
|
+
# directly connected to.
|
44
|
+
#
|
45
|
+
# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi",
|
46
|
+
# "krb5", "ident", "peer", "pam", "ldap", "radius" or "cert". Note that
|
47
|
+
# "password" sends passwords in clear text; "md5" is preferred since
|
48
|
+
# it sends encrypted passwords.
|
49
|
+
#
|
50
|
+
# OPTIONS are a set of options for the authentication in the format
|
51
|
+
# NAME=VALUE. The available options depend on the different
|
52
|
+
# authentication methods -- refer to the "Client Authentication"
|
53
|
+
# section in the documentation for a list of which options are
|
54
|
+
# available for which authentication methods.
|
55
|
+
#
|
56
|
+
# Database and user names containing spaces, commas, quotes and other
|
57
|
+
# special characters must be quoted. Quoting one of the keywords
|
58
|
+
# "all", "sameuser", "samerole" or "replication" makes the name lose
|
59
|
+
# its special character, and just match a database or username with
|
60
|
+
# that name.
|
61
|
+
#
|
62
|
+
# This file is read on server startup and when the postmaster receives
|
63
|
+
# a SIGHUP signal. If you edit the file on a running system, you have
|
64
|
+
# to SIGHUP the postmaster for the changes to take effect. You can
|
65
|
+
# use "pg_ctl reload" to do that.
|
66
|
+
|
67
|
+
# Put your actual configuration here
|
68
|
+
# ----------------------------------
|
69
|
+
#
|
70
|
+
# If you want to allow non-local connections, you need to add more
|
71
|
+
# "host" records. In that case you will also need to make PostgreSQL
|
72
|
+
# listen on a non-local interface via the listen_addresses
|
73
|
+
# configuration parameter, or via the -i or -h command line switches.
|
74
|
+
|
75
|
+
|
76
|
+
|
77
|
+
|
78
|
+
# DO NOT DISABLE!
|
79
|
+
# If you change this first entry you will need to make sure that the
|
80
|
+
# database superuser can access the database using some other method.
|
81
|
+
# Noninteractive access to all databases is required during automatic
|
82
|
+
# maintenance (custom daily cronjobs, replication, and similar tasks).
|
83
|
+
#
|
84
|
+
# Database administrative login by Unix domain socket
|
85
|
+
local all postgres peer
|
86
|
+
|
87
|
+
# TYPE DATABASE USER ADDRESS METHOD
|
88
|
+
|
89
|
+
# "local" is for Unix domain socket connections only
|
90
|
+
local all all peer
|
91
|
+
# IPv4 local connections:
|
92
|
+
host all all 127.0.0.1/32 md5
|
93
|
+
# IPv6 local connections:
|
94
|
+
host all all ::1/128 md5
|
95
|
+
|
96
|
+
# site-specific access control list
|
97
|
+
<% acl.each do |entry| -%>
|
98
|
+
<%= entry %>
|
99
|
+
<% end -%>
|
100
|
+
|
101
|
+
# Allow replication connections from localhost, by a user with the
|
102
|
+
# replication privilege.
|
103
|
+
#local replication postgres peer
|
104
|
+
#host replication postgres 127.0.0.1/32 md5
|
105
|
+
#host replication postgres ::1/128 md5
|