postgresql/manifests/init.pp

class postgresql {
    class server { 
        $pgsql_data = "/var/lib/pgsql/data/"
        $pg_version = '9.0'
    
        # missing requires is corrected in cooker, 
        # should be removed
        # once the fix is in a stable release 
        package { "postgresql$pg_version-plpgsql":
            alias => "postgresql-plpgsql",
            ensure => installed,
        }
    
        package { "postgresql$pg_version-server":
            alias => "postgresql-server",
            ensure => installed,
            require => Package['postgresql-plpgsql'],
        }
    
        service { postgresql:
            ensure => running,
            subscribe => Package["postgresql-server"],
            hasstatus => true,
        }
    
        exec { "service postgresql reload":
            refreshonly => true,
            subscribe => [ File["postgresql.conf"], 
                           File["pg_ident.conf"],
                           File["pg_hba.conf"] ]
        }
   
        openssl::self_signed_splitted_cert { "pgsql.$domain":
            filename => "server",
            directory => $pgsql_data,
            owner => "postgres",
            group => "postgres",
            require => Package['postgresql-server']
        }


        file { '/etc/pam.d/postgresql':
            ensure => present,
            owner  => root,
            group  => root,
            mode   => 644,
            content => template("postgresql/pam"),
        }
    
        file { "postgresql.conf":
            path => "$pgsql_data/postgresql.conf",
            ensure => present,
            owner => postgres,
            group => postgres,
            mode => 600,
            content => template("postgresql/postgresql.conf"),
            require => Package["postgresql-server"],
        }
        
        $db = list_exported_ressources('Postgresql::Db_and_user')

        $forum_lang = list_exported_ressources('Phpbb::Locale_db')
        file { 'pg_hba.conf':
            path => "$pgsql_data/pg_hba.conf",
            ensure => present,
            owner => postgres,
            group => postgres,
            mode => 600,
            content => template("postgresql/pg_hba.conf"),
            require => Package["postgresql-server"],
        }
    
        file { 'pg_ident.conf':
            path => "$pgsql_data/pg_ident.conf",
            ensure => present,
            owner => postgres,
            group => postgres,
            mode => 600,
            content => template("postgresql/pg_ident.conf"),
            require => Package["postgresql-server"],
        }
    }

    define tagged() {
        # TODO add a system of tag so we can declare database on more than one
        # server 
        Postgresql::User <<| tag == $name |>>
        Postgresql::Database <<| tag == $name |>>
        Postgresql::Db_and_user <<| tag == $name |>>
    }


    define remote_db_and_user($description = "",
                              $tag = "default",
                              $callback_notify = "", 
                              $password ) {

        @@postgresql::db_and_user { $name:
                                    callback_notify => $callback_notify, 
                                    tag => $tag,
                                    description => $description,
                                    password => $password
        }
        # fetch the exported ressources that should have been exported
        # once the db was created, and trigger a notify to the object passwed as callback_notify
        Postgresql::Database_callback <<| name == $name |>> 
    }

    define remote_database($description = "", 
                           $user = "postgresql",
                           $callback_notify = "", 
                           $tag = "default")
    {

        
        @@postgresql::database { $name:
            description => $description,
            user => $user,
            callback_notify => $callback_notify, 
            tag => $tag,
            require => Postgresql::User[$user]
        }

        Postgresql::Database_callback <<| name == $name |>> 
    }

    define remote_user($password, 
                       $tag = "default")
    {
        @@postgresql::user { $name:
            tag => $tag,
            password => $password,
        }
    }

    define db_and_user($description = "",
                       $callback_notify = "",
                       $password ) {

        database { $name:
                   callback_notify => $callback_notify, 
                   description => $description,
                   user => $name,
        }

        user { $name:
               password => $password
        }
        
    }

    define database_callback($callback_notify = '') {
        # dummy declaration, so we can trigger the notify
        exec { "callback $name":
            command => "true",
            notify => $callback_notify,
        }
    }

    # TODO convert it to a regular type ( so we can later change user and so on )
    define database($description = "", 
                    $user = "postgres",
                    $callback_notify = "") {
        exec { "createdb -O $user -U postgres $name '$description'":
            user => root,
            unless => "psql -A -t -U postgres -l | grep '^$name|'",
            require => Service['postgresql'],
        }

        # this is fetched by the manifest asking the database creation, once the db have been created
        # FIXME proper ordering ?
        @@postgresql::database_callback { $name:
            callback_notify => $callback_notify,
        }
    }
    
    # TODO convert to a regular type, so we can later change password without erasing the 
    # current user
    define user($password) {
        $sql = "CREATE ROLE $name ENCRYPTED PASSWORD '\$pass' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;"

        exec { "psql -U postgres -c \"$sql\" ":
            user => root,
            environment => "pass=$password", 
            unless => "psql -A -t -U postgres -c '\du $name' | grep '$name'",
            require => Service['postgresql'],
        }
    }
}
1	nanardon	55	class postgresql {
2	misc	526	class server {
3			$pgsql_data = "/var/lib/pgsql/data/"
4			$pg_version = '9.0'
5	misc	189
6	misc	526	# missing requires is corrected in cooker,
7			# should be removed
8			# once the fix is in a stable release
9			package { "postgresql$pg_version-plpgsql":
10			alias => "postgresql-plpgsql",
11			ensure => installed,
12			}
13	nanardon	55
14	misc	526	package { "postgresql$pg_version-server":
15			alias => "postgresql-server",
16			ensure => installed,
17			require => Package['postgresql-plpgsql'],
18			}
19
20			service { postgresql:
21			ensure => running,
22			subscribe => Package["postgresql-server"],
23			hasstatus => true,
24			}
25
26			exec { "service postgresql reload":
27			refreshonly => true,
28			subscribe => [ File["postgresql.conf"],
29			File["pg_ident.conf"],
30			File["pg_hba.conf"] ]
31			}
32	misc	531
33			openssl::self_signed_splitted_cert { "pgsql.$domain":
34			filename => "server",
35			directory => $pgsql_data,
36			owner => "postgres",
37			group => "postgres",
38			require => Package['postgresql-server']
39			}
40
41
42	misc	526	file { '/etc/pam.d/postgresql':
43			ensure => present,
44			owner => root,
45			group => root,
46			mode => 644,
47			content => template("postgresql/pam"),
48			}
49
50			file { "postgresql.conf":
51			path => "$pgsql_data/postgresql.conf",
52			ensure => present,
53			owner => postgres,
54			group => postgres,
55			mode => 600,
56			content => template("postgresql/postgresql.conf"),
57			require => Package["postgresql-server"],
58			}
59
60	misc	1358	$db = list_exported_ressources('Postgresql::Db_and_user')
61	misc	1534
62			$forum_lang = list_exported_ressources('Phpbb::Locale_db')
63	misc	526	file { 'pg_hba.conf':
64			path => "$pgsql_data/pg_hba.conf",
65			ensure => present,
66			owner => postgres,
67			group => postgres,
68			mode => 600,
69			content => template("postgresql/pg_hba.conf"),
70			require => Package["postgresql-server"],
71			}
72
73			file { 'pg_ident.conf':
74			path => "$pgsql_data/pg_ident.conf",
75			ensure => present,
76			owner => postgres,
77			group => postgres,
78			mode => 600,
79			content => template("postgresql/pg_ident.conf"),
80			require => Package["postgresql-server"],
81			}
82	misc	1279	}
83	misc	527
84	misc	1279	define tagged() {
85	misc	773	# TODO add a system of tag so we can declare database on more than one
86			# server
87	misc	1279	Postgresql::User <<\| tag == $name \|>>
88			Postgresql::Database <<\| tag == $name \|>>
89	misc	1357	Postgresql::Db_and_user <<\| tag == $name \|>>
90	nanardon	55	}
91	nanardon	172
92	misc	524
93	misc	1355	define remote_db_and_user($description = "",
94			$tag = "default",
95	misc	1744	$callback_notify = "",
96	misc	1355	$password ) {
97
98	misc	1357	@@postgresql::db_and_user { $name:
99	misc	1744	callback_notify => $callback_notify,
100	misc	1357	tag => $tag,
101			description => $description,
102			password => $password
103	misc	1355	}
104	misc	1744	# fetch the exported ressources that should have been exported
105			# once the db was created, and trigger a notify to the object passwed as callback_notify
106			Postgresql::Database_callback <<\| name == $name \|>>
107	misc	1355	}
108
109	misc	1280	define remote_database($description = "",
110	misc	1744	$user = "postgresql",
111			$callback_notify = "",
112	misc	1280	$tag = "default")
113			{
114	misc	1744
115
116	misc	1280	@@postgresql::database { $name:
117			description => $description,
118			user => $user,
119	misc	1744	callback_notify => $callback_notify,
120	misc	1280	tag => $tag,
121			require => Postgresql::User[$user]
122			}
123	misc	1744
124			Postgresql::Database_callback <<\| name == $name \|>>
125	misc	1280	}
126
127			define remote_user($password,
128			$tag = "default")
129			{
130			@@postgresql::user { $name:
131			tag => $tag,
132			password => $password,
133			}
134			}
135
136	misc	1357	define db_and_user($description = "",
137	misc	1744	$callback_notify = "",
138	misc	1357	$password ) {
139	misc	1280
140	misc	1357	database { $name:
141	misc	1744	callback_notify => $callback_notify,
142	misc	1357	description => $description,
143			user => $name,
144			}
145
146			user { $name:
147			password => $password
148			}
149	misc	1744
150	misc	1357	}
151
152	misc	1744	define database_callback($callback_notify = '') {
153			# dummy declaration, so we can trigger the notify
154			exec { "callback $name":
155	misc	1755	command => "true",
156	misc	1744	notify => $callback_notify,
157			}
158			}
159
160	misc	525	# TODO convert it to a regular type ( so we can later change user and so on )
161	misc	1744	define database($description = "",
162			$user = "postgres",
163			$callback_notify = "") {
164	misc	535	exec { "createdb -O $user -U postgres $name '$description'":
165	misc	525	user => root,
166	misc	536	unless => "psql -A -t -U postgres -l \| grep '^$name\|'",
167	misc	1046	require => Service['postgresql'],
168	misc	525	}
169	misc	1744
170			# this is fetched by the manifest asking the database creation, once the db have been created
171			# FIXME proper ordering ?
172			@@postgresql::database_callback { $name:
173			callback_notify => $callback_notify,
174			}
175	misc	525	}
176	misc	773
177			# TODO convert to a regular type, so we can later change password without erasing the
178			# current user
179	misc	524	define user($password) {
180	misc	646	$sql = "CREATE ROLE $name ENCRYPTED PASSWORD '\$pass' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;"
181	misc	524
182			exec { "psql -U postgres -c \"$sql\" ":
183			user => root,
184	misc	646	environment => "pass=$password",
185	misc	524	unless => "psql -A -t -U postgres -c '\du $name' \| grep '$name'",
186	misc	1046	require => Service['postgresql'],
187	misc	524	}
188			}
189	nanardon	55	}