1 |
nanardon |
55 |
class postgresql { |
2 |
misc |
526 |
class server { |
3 |
|
|
$pgsql_data = "/var/lib/pgsql/data/" |
4 |
|
|
$pg_version = '9.0' |
5 |
misc |
189 |
|
6 |
misc |
526 |
# missing requires is corrected in cooker, |
7 |
|
|
# should be removed |
8 |
|
|
# once the fix is in a stable release |
9 |
|
|
package { "postgresql$pg_version-plpgsql": |
10 |
|
|
alias => "postgresql-plpgsql", |
11 |
|
|
ensure => installed, |
12 |
|
|
} |
13 |
nanardon |
55 |
|
14 |
misc |
526 |
package { "postgresql$pg_version-server": |
15 |
|
|
alias => "postgresql-server", |
16 |
|
|
ensure => installed, |
17 |
|
|
require => Package['postgresql-plpgsql'], |
18 |
|
|
} |
19 |
|
|
|
20 |
|
|
service { postgresql: |
21 |
|
|
ensure => running, |
22 |
|
|
subscribe => Package["postgresql-server"], |
23 |
|
|
hasstatus => true, |
24 |
|
|
} |
25 |
|
|
|
26 |
|
|
exec { "service postgresql reload": |
27 |
|
|
refreshonly => true, |
28 |
|
|
subscribe => [ File["postgresql.conf"], |
29 |
|
|
File["pg_ident.conf"], |
30 |
|
|
File["pg_hba.conf"] ] |
31 |
|
|
} |
32 |
misc |
531 |
|
33 |
|
|
openssl::self_signed_splitted_cert { "pgsql.$domain": |
34 |
|
|
filename => "server", |
35 |
|
|
directory => $pgsql_data, |
36 |
|
|
owner => "postgres", |
37 |
|
|
group => "postgres", |
38 |
|
|
require => Package['postgresql-server'] |
39 |
|
|
} |
40 |
|
|
|
41 |
|
|
|
42 |
misc |
526 |
file { '/etc/pam.d/postgresql': |
43 |
|
|
ensure => present, |
44 |
|
|
owner => root, |
45 |
|
|
group => root, |
46 |
|
|
mode => 644, |
47 |
|
|
content => template("postgresql/pam"), |
48 |
|
|
} |
49 |
|
|
|
50 |
|
|
file { "postgresql.conf": |
51 |
|
|
path => "$pgsql_data/postgresql.conf", |
52 |
|
|
ensure => present, |
53 |
|
|
owner => postgres, |
54 |
|
|
group => postgres, |
55 |
|
|
mode => 600, |
56 |
|
|
content => template("postgresql/postgresql.conf"), |
57 |
|
|
require => Package["postgresql-server"], |
58 |
|
|
} |
59 |
|
|
|
60 |
misc |
1358 |
$db = list_exported_ressources('Postgresql::Db_and_user') |
61 |
misc |
1534 |
|
62 |
|
|
$forum_lang = list_exported_ressources('Phpbb::Locale_db') |
63 |
misc |
526 |
file { 'pg_hba.conf': |
64 |
|
|
path => "$pgsql_data/pg_hba.conf", |
65 |
|
|
ensure => present, |
66 |
|
|
owner => postgres, |
67 |
|
|
group => postgres, |
68 |
|
|
mode => 600, |
69 |
|
|
content => template("postgresql/pg_hba.conf"), |
70 |
|
|
require => Package["postgresql-server"], |
71 |
|
|
} |
72 |
|
|
|
73 |
|
|
file { 'pg_ident.conf': |
74 |
|
|
path => "$pgsql_data/pg_ident.conf", |
75 |
|
|
ensure => present, |
76 |
|
|
owner => postgres, |
77 |
|
|
group => postgres, |
78 |
|
|
mode => 600, |
79 |
|
|
content => template("postgresql/pg_ident.conf"), |
80 |
|
|
require => Package["postgresql-server"], |
81 |
|
|
} |
82 |
misc |
1279 |
} |
83 |
misc |
527 |
|
84 |
misc |
1279 |
define tagged() { |
85 |
misc |
773 |
# TODO add a system of tag so we can declare database on more than one |
86 |
|
|
# server |
87 |
misc |
1279 |
Postgresql::User <<| tag == $name |>> |
88 |
|
|
Postgresql::Database <<| tag == $name |>> |
89 |
misc |
1357 |
Postgresql::Db_and_user <<| tag == $name |>> |
90 |
nanardon |
55 |
} |
91 |
nanardon |
172 |
|
92 |
misc |
524 |
|
93 |
misc |
1355 |
define remote_db_and_user($description = "", |
94 |
|
|
$tag = "default", |
95 |
|
|
$password ) { |
96 |
|
|
|
97 |
misc |
1357 |
@@postgresql::db_and_user { $name: |
98 |
|
|
tag => $tag, |
99 |
|
|
description => $description, |
100 |
|
|
password => $password |
101 |
misc |
1355 |
} |
102 |
|
|
} |
103 |
|
|
|
104 |
misc |
1280 |
define remote_database($description = "", |
105 |
|
|
$user = "postgresql", |
106 |
|
|
$tag = "default") |
107 |
|
|
{ |
108 |
|
|
@@postgresql::database { $name: |
109 |
|
|
description => $description, |
110 |
|
|
user => $user, |
111 |
|
|
tag => $tag, |
112 |
|
|
require => Postgresql::User[$user] |
113 |
|
|
} |
114 |
|
|
} |
115 |
|
|
|
116 |
|
|
define remote_user($password, |
117 |
|
|
$tag = "default") |
118 |
|
|
{ |
119 |
|
|
@@postgresql::user { $name: |
120 |
|
|
tag => $tag, |
121 |
|
|
password => $password, |
122 |
|
|
} |
123 |
|
|
} |
124 |
|
|
|
125 |
misc |
1357 |
define db_and_user($description = "", |
126 |
|
|
$password ) { |
127 |
misc |
1280 |
|
128 |
misc |
1357 |
database { $name: |
129 |
|
|
description => $description, |
130 |
|
|
user => $name, |
131 |
|
|
} |
132 |
|
|
|
133 |
|
|
user { $name: |
134 |
|
|
password => $password |
135 |
|
|
} |
136 |
|
|
} |
137 |
|
|
|
138 |
misc |
525 |
# TODO convert it to a regular type ( so we can later change user and so on ) |
139 |
|
|
define database($description="", $user="postgres") { |
140 |
misc |
535 |
exec { "createdb -O $user -U postgres $name '$description'": |
141 |
misc |
525 |
user => root, |
142 |
misc |
536 |
unless => "psql -A -t -U postgres -l | grep '^$name|'", |
143 |
misc |
1046 |
require => Service['postgresql'], |
144 |
misc |
525 |
} |
145 |
|
|
} |
146 |
misc |
773 |
|
147 |
|
|
# TODO convert to a regular type, so we can later change password without erasing the |
148 |
|
|
# current user |
149 |
misc |
524 |
define user($password) { |
150 |
misc |
646 |
$sql = "CREATE ROLE $name ENCRYPTED PASSWORD '\$pass' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;" |
151 |
misc |
524 |
|
152 |
|
|
exec { "psql -U postgres -c \"$sql\" ": |
153 |
|
|
user => root, |
154 |
misc |
646 |
environment => "pass=$password", |
155 |
misc |
524 |
unless => "psql -A -t -U postgres -c '\du $name' | grep '$name'", |
156 |
misc |
1046 |
require => Service['postgresql'], |
157 |
misc |
524 |
} |
158 |
|
|
} |
159 |
nanardon |
55 |
} |