safeguard-devise 0.0.2

data/puppet/modules/postgresql/Modulefile

@@ -0,0 +1,13 @@
+name    'akumria-postgresql'
+version '1.0.0'
+source 'UNKNOWN'
+author 'akumria'
+license 'GNU General Public License, Version 3+'
+summary 'Install and configure postgresql database system'
+description "Postgresql is a database system which is broadly compatible with SQL
+		standards. You can setup users and configure databases using this module.
+"
+project_page 'https://github.com/akumria/puppet-postgresql'
+
+## Add dependencies, if any:
+dependency 'puppetlabs/stdlib', '>= 2.3.1'

data/puppet/modules/postgresql/README.md

@@ -0,0 +1,156 @@
+Puppet module for postgresql
+============================
+
+Basic usage
+-----------
+
+To install the client software
+
+    class {'postgresql':  }
+
+To specify a particular version
+
+    class {'postgresql':
+        version => '9.1',
+    }
+
+To install the server
+
+	class {'postgresql::server': }
+
+By default, the system-wide locale is assumed to be en_US.UTF-8. If the
+locale is not installed or available, you can specify an alternative:
+
+    class { 'postgresql::server':
+        locale => 'es_ES.UTF-8',
+    }
+
+Again, a particular version
+
+	class {'postgresql::server':
+		version => '9.1',
+	}
+
+Listen on a specific post / IP address
+
+	class {'postgresql::server':
+		listen => ['192.168.0.1', ],
+		port   => 5432,
+	}
+
+To allow a remote host to connect to the server, now that you are listening
+on the Internet.
+
+    class {'postgresql::server':
+        listen => ['192.168.0.1', ],
+        port   => 5432,
+        acl   => ['host all all 192.168.0.2/32 md5', ],
+    }
+
+Refer to the [pg_hba.conf docs](http://www.postgresql.org/docs/devel/static/auth-pg-hba-conf.html) for
+the specifics of what each possible ACL field can be set to.
+
+To create a database owned by a user
+
+    postgresql::db { 'myuser':
+        password => 'mypassword',
+    }
+
+This will create `myuser` and then create a database called `myuser`
+which will owned by `myuser`. You can override the default locale and
+encoding and, if required, specify a different owner. For example:
+
+    postgresql::db { 'mydatabase':
+        owner    => 'myuser',
+        password => 'mypassword',
+        locale   => 'en_AU.UTF-8',
+        encoding => 'C',
+    }
+
+
+Read on, if your specific setup does not fall within this
+ (admittedly simple) framework.
+
+Create a user
+-------------
+
+This creates a role in the database cluster, by default the user
+is able to login and will inherit the permissions of any groups it
+is a member of.
+
+	pg_user {'pguser':
+		ensure   => present,
+		password => 'pgpassword',
+	}
+
+You can also modify other attributes like whether the user can create
+databases (`createdb`), create other roles (`createrole`) or is the
+superuser (`superuser`).
+
+For example:
+
+    pg_user {'mighty_pguser':
+        ensure     => present,
+        password   => 'themightyone',
+        createdb   => true,
+        createrole => true,
+    }
+
+
+Create a database
+-----------------
+
+This creates a database and adds a dependancy relationship to the user
+
+	pg_database {'pgdb':
+		ensure   => present,
+		owner    => 'pguser',
+		require  => Pg_user['pguser'],
+	}
+
+The default is UTF-8 and en_US.UTF-8 , for English. If required,
+you can also specify both the locale and encoding of a database.
+
+	pg_database {'pgdb':
+		ensure   => present,
+		owner    => 'pguser',
+		encoding => 'UTF8',
+		locale   => 'de_DE.UTF-8',
+		require  => Pg_user['pguser'],
+	}
+
+
+Notes
+-----
+
+This module will not (yet) update either the user or database once they have
+been initially created. i.e. changing the `login` permission of a user does not work.
+Nor does changing the locale of an existing database.
+
+
+Contributors
+------------
+
+ * [Anand Kumria](https://github.com/akumria) ([@akumria](https://twitter.com/akumria))
+ * [Federico Maggi](https://github.com/phretor)
+ * [Joe Topjian](https://github.com/jtopjian)
+ * [Stephan Hochdörfer](https://github.com/shochdoerfer)
+ * [Marcello Barnaba](https://github.com/vjt)
+
+Copyright and License
+---------------------
+
+Copyright 2012 [Linuxpeak](https://www.linuxpeak.com/) Pty Ltd.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.

data/puppet/modules/postgresql/lib/puppet/provider/pg_database/debian_postgresql.rb

@@ -0,0 +1,30 @@
+Puppet::Type.type(:pg_database).provide(:debian_postgresql) do
+
+  desc "Manage databases for a postgres database cluster"
+
+  defaultfor :operatingsystem => [:debian, :ubuntu]
+
+  optional_commands :psql => 'psql'
+  optional_commands :su => 'su'
+
+  def create
+    su("-", "postgres", "-c", "createdb -T template0 -E %s -l %s -O %s %s" % [ @resource.value(:encoding), @resource.value(:locale), @resource.value(:owner), @resource.value(:name) ])
+  end
+
+  def destroy
+    su("-", "postgres", "-c", "dropdb %s" % [ @resource.value(:name) ])
+  end
+
+  def exists?
+    su_output = su("-", "postgres", "-c", "psql --quiet -A -t -c \"select 1 from pg_database where datname = '%s';\"" % @resource.value(:name))
+    return false if su_output.length == 0
+    su_output.each do |line|
+      if line == "1\n"
+        return true
+      else
+        return false
+      end
+    end
+  end
+
+end

data/puppet/modules/postgresql/lib/puppet/provider/pg_database/default.rb

@@ -0,0 +1,17 @@
+Puppet::Type.type(:pg_database).provide(:default) do
+
+  desc "A default pg_database provider which just fails."
+
+  def create
+    return false
+  end
+
+  def destroy
+    return false
+  end
+
+  def exists?
+    fail('This is just the default provider for pg_database, all it does is fail')
+  end
+
+end

data/puppet/modules/postgresql/lib/puppet/provider/pg_user/debian_postgresql.rb

@@ -0,0 +1,63 @@
+Puppet::Type.type(:pg_user).provide(:debian_postgresql) do
+
+  desc "Manage users for a postgres database cluster"
+
+  defaultfor :operatingsystem => [:debian, :ubuntu]
+
+  optional_commands :psql => 'psql'
+  optional_commands :su => 'su'
+
+  def create
+    stm = "create role %s encrypted password '%s'" % [\
+        @resource.value(:name), @resource.value(:password) ]
+
+    if @resource.value(:createdb) == true
+        stm = stm + " createdb"
+    else
+        stm = stm + " nocreatedb"
+    end
+
+    if @resource.value(:inherit) == false
+        stm = stm + " noinherit"
+    else
+        stm = stm + " inherit"
+    end
+
+    if @resource.value(:login) == false
+        stm = stm + " nologin"
+    else
+        stm = stm + " login"
+    end
+
+    if @resource.value(:createrole) == true
+        stm = stm + " createrole"
+    else
+        stm = stm + " nocreaterole"
+    end
+
+    if @resource.value(:superuser) == true
+        stm = stm + " superuser"
+    else
+        stm = stm + " nosuperuser"
+    end
+
+    su("-", "postgres", "-c", "psql -c \"%s\"" % stm)
+  end
+
+  def destroy
+    su("-", "postgres", "-c", "dropuser %s" % [ @resource.value(:name) ])
+  end
+
+  def exists?
+    su_output = su("-", "postgres", "-c", "psql --quiet -A -t -c \"select 1 from pg_roles where rolname = '%s';\"" % @resource.value(:name))
+    return false if su_output.length == 0
+    su_output.each do |line|
+      if line == "1\n"
+        return true
+      else
+        return false
+      end
+    end
+  end
+
+end

data/puppet/modules/postgresql/lib/puppet/provider/pg_user/default.rb

@@ -0,0 +1,17 @@
+Puppet::Type.type(:pg_user).provide(:default) do
+
+  desc "A default pg_user provider which just fails."
+
+  def create
+    return false
+  end
+
+  def destroy
+    return false
+  end
+
+  def exists?
+    fail('This is just the default provider for pg_user, all it does is fail')
+  end
+
+end

data/puppet/modules/postgresql/lib/puppet/type/pg_database.rb

@@ -0,0 +1,29 @@
+# This has to be a separate type to enable collecting
+Puppet::Type.newtype(:pg_database) do
+  @doc = "Manage Postgresql databases."
+
+  ensurable
+
+  newparam(:name, :namevar=>true) do
+    desc "The name of the database."
+  end
+
+  newparam(:owner) do
+    desc "The owner of the database"
+
+    defaultto :postgres
+  end
+
+  newparam(:encoding) do
+    desc "The character set encoding to use for the database"
+
+    defaultto :UTF8
+  end
+
+  newparam(:locale) do
+    desc "The locale to use for collation. Typical values include 'C' or 'en_US.UTF-8' or other specifiers"
+
+	defaultto :'en_US.UTF-8'
+  end
+
+end

data/puppet/modules/postgresql/lib/puppet/type/pg_user.rb

@@ -0,0 +1,45 @@
+# This has to be a separate type to enable collecting
+Puppet::Type.newtype(:pg_user) do
+  @doc = "Manage a Postgresql database user/role."
+
+  ensurable
+
+  newparam(:name, :namevar=>true) do
+    desc "The name of the user/role"
+  end
+
+  newparam(:password) do
+    desc "The password for the user/role"
+  end
+
+  newparam(:createdb) do
+    desc "Is the user allowed to create databases."
+
+    defaultto :false
+  end
+
+  newparam(:inherit) do
+    desc "Inherit privileges of roles this user/role is a member of."
+
+    defaultto :true
+  end
+
+  newparam(:login) do
+    desc "Can the user/role/ login?"
+
+    defaultto :true
+  end
+
+  newparam(:createrole) do
+    desc "Can the user/role create other users/roles?"
+
+    defaultto :false
+  end
+
+  newparam(:superuser) do
+    desc "Is the user/role a superuser?"
+
+    defaultto :false
+  end
+
+end

data/puppet/modules/postgresql/manifests/db.pp

@@ -0,0 +1,20 @@
+define postgresql::db (
+    $password,
+    $owner = $name,
+    $encoding = 'UTF8',
+    $locale = 'en_US.UTF-8',
+) {
+
+    pg_user {$owner:
+        ensure      => present,
+        password    => $password,
+    }
+
+    pg_database {$name:
+        ensure      => present,
+        owner       => $owner,
+        require     => Pg_user[$owner],
+        encoding    => $encoding,
+        locale      => $locale,
+    }
+}

data/puppet/modules/postgresql/manifests/init.pp

@@ -0,0 +1,12 @@
+class postgresql (
+  $client_package = $postgresql::params::client_package,
+  $version = $postgresql::params::version
+
+) inherits postgresql::params {
+
+  package { "postgresql-client-$version":
+    name    => sprintf("%s-%s", $client_package, $version),
+    ensure  => present,
+  }
+
+}

data/puppet/modules/postgresql/manifests/params.pp

@@ -0,0 +1,15 @@
+class postgresql::params {
+  $locale = 'en_US.UTF-8'
+  case $::operatingsystem {
+    /(Ubuntu|Debian)/: {
+      $version = '9.1'
+      $client_package = 'postgresql-client'
+      $server_package = 'postgresql'
+      $listen_address = 'localhost'
+      $port = 5432
+    }
+    default: {
+      fail("Unsupported platform: ${::operatingsystem}")
+    }
+  }
+}

data/puppet/modules/postgresql/manifests/server.pp

@@ -0,0 +1,47 @@
+class postgresql::server (
+  $server_package = $postgresql::params::server_package,
+  $locale = $postgresql::params::locale,
+  $version = $postgresql::params::version,
+  $listen = $postgresql::params::listen_address,
+  $port = $postgresql::params::port,
+  $acl = []
+) inherits postgresql::params {
+
+  package { "postgresql-server-$version":
+    name    => sprintf("%s-%s", $server_package, $version),
+    ensure  => present,
+  }
+
+  service { "postgresql-system-$version":
+    name        => 'postgresql',
+    enable      => true,
+    ensure      => running,
+    hasstatus   => false,
+    hasrestart  => true,
+    provider    => 'debian',
+    subscribe   => Package["postgresql-server-$version"],
+  }
+
+  file { "postgresql-server-config-$version":
+    name    => "/etc/postgresql/$version/main/postgresql.conf",
+    ensure  => present,
+    content => template('postgresql/postgresql.conf.erb'),
+    owner   => 'postgres',
+    group   => 'postgres',
+    mode    => '0644',
+    require => Package["postgresql-server-$version"],
+    notify  => Service["postgresql-system-$version"],
+  }
+
+  file { "postgresql-server-hba-config-$version":
+    name    => "/etc/postgresql/$version/main/pg_hba.conf",
+    ensure  => present,
+    content => template('postgresql/pg_hba.conf.erb'),
+    owner   => 'postgres',
+    group   => 'postgres',
+    mode    => '0640',
+    require => Package["postgresql-server-$version"],
+    notify  => Service["postgresql-system-$version"],
+  }
+
+}

data/puppet/modules/postgresql/templates/pg_hba.conf.erb

@@ -0,0 +1,105 @@
+# PostgreSQL Client Authentication Configuration File - managed by puppet - DO NOT EDIT
+# =====================================================================================
+#
+# Refer to the "Client Authentication" section in the PostgreSQL
+# documentation for a complete description of this file.  A short
+# synopsis follows.
+#
+# This file controls: which hosts are allowed to connect, how clients
+# are authenticated, which PostgreSQL user names they can use, which
+# databases they can access.  Records take one of these forms:
+#
+# local      DATABASE  USER  METHOD  [OPTIONS]
+# host       DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
+# hostssl    DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
+# hostnossl  DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
+#
+# (The uppercase items must be replaced by actual values.)
+#
+# The first field is the connection type: "local" is a Unix-domain
+# socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
+# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
+# plain TCP/IP socket.
+#
+# DATABASE can be "all", "sameuser", "samerole", "replication", a
+# database name, or a comma-separated list thereof. The "all"
+# keyword does not match "replication". Access to replication
+# must be enabled in a separate record (see example below).
+#
+# USER can be "all", a user name, a group name prefixed with "+", or a
+# comma-separated list thereof.  In both the DATABASE and USER fields
+# you can also write a file name prefixed with "@" to include names
+# from a separate file.
+#
+# ADDRESS specifies the set of hosts the record matches.  It can be a
+# host name, or it is made up of an IP address and a CIDR mask that is
+# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
+# specifies the number of significant bits in the mask.  A host name
+# that starts with a dot (.) matches a suffix of the actual host name.
+# Alternatively, you can write an IP address and netmask in separate
+# columns to specify the set of hosts.  Instead of a CIDR-address, you
+# can write "samehost" to match any of the server's own IP addresses,
+# or "samenet" to match any address in any subnet that the server is
+# directly connected to.
+#
+# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi",
+# "krb5", "ident", "peer", "pam", "ldap", "radius" or "cert".  Note that
+# "password" sends passwords in clear text; "md5" is preferred since
+# it sends encrypted passwords.
+#
+# OPTIONS are a set of options for the authentication in the format
+# NAME=VALUE.  The available options depend on the different
+# authentication methods -- refer to the "Client Authentication"
+# section in the documentation for a list of which options are
+# available for which authentication methods.
+#
+# Database and user names containing spaces, commas, quotes and other
+# special characters must be quoted.  Quoting one of the keywords
+# "all", "sameuser", "samerole" or "replication" makes the name lose
+# its special character, and just match a database or username with
+# that name.
+#
+# This file is read on server startup and when the postmaster receives
+# a SIGHUP signal.  If you edit the file on a running system, you have
+# to SIGHUP the postmaster for the changes to take effect.  You can
+# use "pg_ctl reload" to do that.
+
+# Put your actual configuration here
+# ----------------------------------
+#
+# If you want to allow non-local connections, you need to add more
+# "host" records.  In that case you will also need to make PostgreSQL
+# listen on a non-local interface via the listen_addresses
+# configuration parameter, or via the -i or -h command line switches.
+
+
+
+
+# DO NOT DISABLE!
+# If you change this first entry you will need to make sure that the
+# database superuser can access the database using some other method.
+# Noninteractive access to all databases is required during automatic
+# maintenance (custom daily cronjobs, replication, and similar tasks).
+#
+# Database administrative login by Unix domain socket
+local   all             postgres                                peer
+
+# TYPE  DATABASE        USER            ADDRESS                 METHOD
+
+# "local" is for Unix domain socket connections only
+local   all             all                                     peer
+# IPv4 local connections:
+host    all             all             127.0.0.1/32            md5
+# IPv6 local connections:
+host    all             all             ::1/128                 md5
+
+# site-specific access control list
+<% acl.each do |entry| -%>
+<%= entry %>
+<% end -%>
+
+# Allow replication connections from localhost, by a user with the
+# replication privilege.
+#local   replication     postgres                                peer
+#host    replication     postgres        127.0.0.1/32            md5
+#host    replication     postgres        ::1/128                 md5