| 1 |
nanardon |
55 |
class postgresql { |
| 2 |
misc |
526 |
class server { |
| 3 |
|
|
$pgsql_data = "/var/lib/pgsql/data/" |
| 4 |
|
|
$pg_version = '9.0' |
| 5 |
misc |
189 |
|
| 6 |
misc |
526 |
# missing requires is corrected in cooker, |
| 7 |
|
|
# should be removed |
| 8 |
|
|
# once the fix is in a stable release |
| 9 |
|
|
package { "postgresql$pg_version-plpgsql": |
| 10 |
|
|
alias => "postgresql-plpgsql", |
| 11 |
|
|
ensure => installed, |
| 12 |
|
|
} |
| 13 |
nanardon |
55 |
|
| 14 |
misc |
526 |
package { "postgresql$pg_version-server": |
| 15 |
|
|
alias => "postgresql-server", |
| 16 |
|
|
ensure => installed, |
| 17 |
|
|
require => Package['postgresql-plpgsql'], |
| 18 |
|
|
} |
| 19 |
|
|
|
| 20 |
|
|
service { postgresql: |
| 21 |
|
|
ensure => running, |
| 22 |
|
|
subscribe => Package["postgresql-server"], |
| 23 |
|
|
hasstatus => true, |
| 24 |
|
|
} |
| 25 |
|
|
|
| 26 |
|
|
exec { "service postgresql reload": |
| 27 |
|
|
refreshonly => true, |
| 28 |
|
|
subscribe => [ File["postgresql.conf"], |
| 29 |
|
|
File["pg_ident.conf"], |
| 30 |
|
|
File["pg_hba.conf"] ] |
| 31 |
|
|
} |
| 32 |
misc |
531 |
|
| 33 |
|
|
openssl::self_signed_splitted_cert { "pgsql.$domain": |
| 34 |
|
|
filename => "server", |
| 35 |
|
|
directory => $pgsql_data, |
| 36 |
|
|
owner => "postgres", |
| 37 |
|
|
group => "postgres", |
| 38 |
|
|
require => Package['postgresql-server'] |
| 39 |
|
|
} |
| 40 |
|
|
|
| 41 |
|
|
|
| 42 |
misc |
526 |
file { '/etc/pam.d/postgresql': |
| 43 |
|
|
ensure => present, |
| 44 |
|
|
owner => root, |
| 45 |
|
|
group => root, |
| 46 |
|
|
mode => 644, |
| 47 |
|
|
content => template("postgresql/pam"), |
| 48 |
|
|
} |
| 49 |
|
|
|
| 50 |
|
|
file { "postgresql.conf": |
| 51 |
|
|
path => "$pgsql_data/postgresql.conf", |
| 52 |
|
|
ensure => present, |
| 53 |
|
|
owner => postgres, |
| 54 |
|
|
group => postgres, |
| 55 |
|
|
mode => 600, |
| 56 |
|
|
content => template("postgresql/postgresql.conf"), |
| 57 |
|
|
require => Package["postgresql-server"], |
| 58 |
|
|
} |
| 59 |
|
|
|
| 60 |
misc |
1358 |
$db = list_exported_ressources('Postgresql::Db_and_user') |
| 61 |
misc |
526 |
file { 'pg_hba.conf': |
| 62 |
|
|
path => "$pgsql_data/pg_hba.conf", |
| 63 |
|
|
ensure => present, |
| 64 |
|
|
owner => postgres, |
| 65 |
|
|
group => postgres, |
| 66 |
|
|
mode => 600, |
| 67 |
|
|
content => template("postgresql/pg_hba.conf"), |
| 68 |
|
|
require => Package["postgresql-server"], |
| 69 |
|
|
} |
| 70 |
|
|
|
| 71 |
|
|
file { 'pg_ident.conf': |
| 72 |
|
|
path => "$pgsql_data/pg_ident.conf", |
| 73 |
|
|
ensure => present, |
| 74 |
|
|
owner => postgres, |
| 75 |
|
|
group => postgres, |
| 76 |
|
|
mode => 600, |
| 77 |
|
|
content => template("postgresql/pg_ident.conf"), |
| 78 |
|
|
require => Package["postgresql-server"], |
| 79 |
|
|
} |
| 80 |
misc |
1279 |
} |
| 81 |
misc |
527 |
|
| 82 |
misc |
1279 |
define tagged() { |
| 83 |
misc |
773 |
# TODO add a system of tag so we can declare database on more than one |
| 84 |
|
|
# server |
| 85 |
misc |
1279 |
Postgresql::User <<| tag == $name |>> |
| 86 |
|
|
Postgresql::Database <<| tag == $name |>> |
| 87 |
misc |
1357 |
Postgresql::Db_and_user <<| tag == $name |>> |
| 88 |
nanardon |
55 |
} |
| 89 |
nanardon |
172 |
|
| 90 |
misc |
524 |
|
| 91 |
misc |
1355 |
define remote_db_and_user($description = "", |
| 92 |
|
|
$tag = "default", |
| 93 |
|
|
$password ) { |
| 94 |
|
|
|
| 95 |
misc |
1357 |
@@postgresql::db_and_user { $name: |
| 96 |
|
|
tag => $tag, |
| 97 |
|
|
description => $description, |
| 98 |
|
|
password => $password |
| 99 |
misc |
1355 |
} |
| 100 |
|
|
} |
| 101 |
|
|
|
| 102 |
misc |
1280 |
define remote_database($description = "", |
| 103 |
|
|
$user = "postgresql", |
| 104 |
|
|
$tag = "default") |
| 105 |
|
|
{ |
| 106 |
|
|
@@postgresql::database { $name: |
| 107 |
|
|
description => $description, |
| 108 |
|
|
user => $user, |
| 109 |
|
|
tag => $tag, |
| 110 |
|
|
require => Postgresql::User[$user] |
| 111 |
|
|
} |
| 112 |
|
|
} |
| 113 |
|
|
|
| 114 |
|
|
define remote_user($password, |
| 115 |
|
|
$tag = "default") |
| 116 |
|
|
{ |
| 117 |
|
|
@@postgresql::user { $name: |
| 118 |
|
|
tag => $tag, |
| 119 |
|
|
password => $password, |
| 120 |
|
|
} |
| 121 |
|
|
} |
| 122 |
|
|
|
| 123 |
misc |
1357 |
define db_and_user($description = "", |
| 124 |
|
|
$password ) { |
| 125 |
misc |
1280 |
|
| 126 |
misc |
1357 |
database { $name: |
| 127 |
|
|
description => $description, |
| 128 |
|
|
user => $name, |
| 129 |
|
|
} |
| 130 |
|
|
|
| 131 |
|
|
user { $name: |
| 132 |
|
|
password => $password |
| 133 |
|
|
} |
| 134 |
|
|
} |
| 135 |
|
|
|
| 136 |
misc |
525 |
# TODO convert it to a regular type ( so we can later change user and so on ) |
| 137 |
|
|
define database($description="", $user="postgres") { |
| 138 |
misc |
535 |
exec { "createdb -O $user -U postgres $name '$description'": |
| 139 |
misc |
525 |
user => root, |
| 140 |
misc |
536 |
unless => "psql -A -t -U postgres -l | grep '^$name|'", |
| 141 |
misc |
1046 |
require => Service['postgresql'], |
| 142 |
misc |
525 |
} |
| 143 |
|
|
} |
| 144 |
misc |
773 |
|
| 145 |
|
|
# TODO convert to a regular type, so we can later change password without erasing the |
| 146 |
|
|
# current user |
| 147 |
misc |
524 |
define user($password) { |
| 148 |
misc |
646 |
$sql = "CREATE ROLE $name ENCRYPTED PASSWORD '\$pass' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;" |
| 149 |
misc |
524 |
|
| 150 |
|
|
exec { "psql -U postgres -c \"$sql\" ": |
| 151 |
|
|
user => root, |
| 152 |
misc |
646 |
environment => "pass=$password", |
| 153 |
misc |
524 |
unless => "psql -A -t -U postgres -c '\du $name' | grep '$name'", |
| 154 |
misc |
1046 |
require => Service['postgresql'], |
| 155 |
misc |
524 |
} |
| 156 |
|
|
} |
| 157 |
nanardon |
55 |
} |
Parent Directory
| 
Revision Log