1 |
class postgresql { |
2 |
class server { |
3 |
$pgsql_data = "/var/lib/pgsql/data/" |
4 |
$pg_version = '9.0' |
5 |
|
6 |
# missing requires is corrected in cooker, |
7 |
# should be removed |
8 |
# once the fix is in a stable release |
9 |
package { "postgresql$pg_version-plpgsql": |
10 |
alias => "postgresql-plpgsql", |
11 |
ensure => installed, |
12 |
} |
13 |
|
14 |
package { "postgresql$pg_version-server": |
15 |
alias => "postgresql-server", |
16 |
ensure => installed, |
17 |
require => Package['postgresql-plpgsql'], |
18 |
} |
19 |
|
20 |
service { postgresql: |
21 |
ensure => running, |
22 |
subscribe => Package["postgresql-server"], |
23 |
hasstatus => true, |
24 |
} |
25 |
|
26 |
exec { "service postgresql reload": |
27 |
refreshonly => true, |
28 |
subscribe => [ File["postgresql.conf"], |
29 |
File["pg_ident.conf"], |
30 |
File["pg_hba.conf"] ] |
31 |
} |
32 |
|
33 |
openssl::self_signed_splitted_cert { "pgsql.$domain": |
34 |
filename => "server", |
35 |
directory => $pgsql_data, |
36 |
owner => "postgres", |
37 |
group => "postgres", |
38 |
require => Package['postgresql-server'] |
39 |
} |
40 |
|
41 |
|
42 |
file { '/etc/pam.d/postgresql': |
43 |
ensure => present, |
44 |
owner => root, |
45 |
group => root, |
46 |
mode => 644, |
47 |
content => template("postgresql/pam"), |
48 |
} |
49 |
|
50 |
file { "postgresql.conf": |
51 |
path => "$pgsql_data/postgresql.conf", |
52 |
ensure => present, |
53 |
owner => postgres, |
54 |
group => postgres, |
55 |
mode => 600, |
56 |
content => template("postgresql/postgresql.conf"), |
57 |
require => Package["postgresql-server"], |
58 |
} |
59 |
|
60 |
# TODO use augeas to manage this file once augeas 0.7.4 is installed |
61 |
# on our server, as this would allow use to autodeclare database in it without |
62 |
# much trouble |
63 |
$db = list_exported_ressources('Postgresql::Database') |
64 |
file { 'pg_hba.conf': |
65 |
path => "$pgsql_data/pg_hba.conf", |
66 |
ensure => present, |
67 |
owner => postgres, |
68 |
group => postgres, |
69 |
mode => 600, |
70 |
content => template("postgresql/pg_hba.conf"), |
71 |
require => Package["postgresql-server"], |
72 |
} |
73 |
|
74 |
file { 'pg_ident.conf': |
75 |
path => "$pgsql_data/pg_ident.conf", |
76 |
ensure => present, |
77 |
owner => postgres, |
78 |
group => postgres, |
79 |
mode => 600, |
80 |
content => template("postgresql/pg_ident.conf"), |
81 |
require => Package["postgresql-server"], |
82 |
} |
83 |
} |
84 |
|
85 |
define tagged() { |
86 |
# TODO add a system of tag so we can declare database on more than one |
87 |
# server |
88 |
Postgresql::User <<| tag == $name |>> |
89 |
Postgresql::Database <<| tag == $name |>> |
90 |
} |
91 |
|
92 |
|
93 |
define remote_database($description = "", |
94 |
$user = "postgresql", |
95 |
$tag = "default") |
96 |
{ |
97 |
@@postgresql::database { $name: |
98 |
description => $description, |
99 |
user => $user, |
100 |
tag => $tag, |
101 |
require => Postgresql::User[$user] |
102 |
} |
103 |
} |
104 |
|
105 |
define remote_user($password, |
106 |
$tag = "default") |
107 |
{ |
108 |
@@postgresql::user { $name: |
109 |
tag => $tag, |
110 |
password => $password, |
111 |
} |
112 |
} |
113 |
|
114 |
|
115 |
# TODO convert it to a regular type ( so we can later change user and so on ) |
116 |
define database($description="", $user="postgres") { |
117 |
exec { "createdb -O $user -U postgres $name '$description'": |
118 |
user => root, |
119 |
unless => "psql -A -t -U postgres -l | grep '^$name|'", |
120 |
require => Service['postgresql'], |
121 |
} |
122 |
} |
123 |
|
124 |
# TODO convert to a regular type, so we can later change password without erasing the |
125 |
# current user |
126 |
define user($password) { |
127 |
$sql = "CREATE ROLE $name ENCRYPTED PASSWORD '\$pass' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;" |
128 |
|
129 |
exec { "psql -U postgres -c \"$sql\" ": |
130 |
user => root, |
131 |
environment => "pass=$password", |
132 |
unless => "psql -A -t -U postgres -c '\du $name' | grep '$name'", |
133 |
require => Service['postgresql'], |
134 |
} |
135 |
} |
136 |
} |