postgresql/manifests/init.pp

class postgresql {
    class server { 
        $pgsql_data = "/var/lib/pgsql/data/"
        $pg_version = '9.0'
    
        # missing requires is corrected in cooker, 
        # should be removed
        # once the fix is in a stable release 
        package { "postgresql$pg_version-plpgsql":
            alias => "postgresql-plpgsql",
            ensure => installed,
        }
    
        package { "postgresql$pg_version-server":
            alias => "postgresql-server",
            ensure => installed,
            require => Package['postgresql-plpgsql'],
        }
    
        service { postgresql:
            ensure => running,
            subscribe => Package["postgresql-server"],
            hasstatus => true,
        }
    
        exec { "service postgresql reload":
            refreshonly => true,
            subscribe => [ File["postgresql.conf"], 
                           File["pg_ident.conf"],
                           File["pg_hba.conf"] ]
        }
   
        openssl::self_signed_splitted_cert { "pgsql.$domain":
            filename => "server",
            directory => $pgsql_data,
            owner => "postgres",
            group => "postgres",
            require => Package['postgresql-server']
        }


        file { '/etc/pam.d/postgresql':
            ensure => present,
            owner  => root,
            group  => root,
            mode   => 644,
            content => template("postgresql/pam"),
        }
    
        file { "postgresql.conf":
            path => "$pgsql_data/postgresql.conf",
            ensure => present,
            owner => postgres,
            group => postgres,
            mode => 600,
            content => template("postgresql/postgresql.conf"),
            require => Package["postgresql-server"],
        }
        
        $db = list_exported_ressources('Postgresql::Db_and_user')

        $forum_lang = list_exported_ressources('Phpbb::Locale_db')
        file { 'pg_hba.conf':
            path => "$pgsql_data/pg_hba.conf",
            ensure => present,
            owner => postgres,
            group => postgres,
            mode => 600,
            content => template("postgresql/pg_hba.conf"),
            require => Package["postgresql-server"],
        }
    
        file { 'pg_ident.conf':
            path => "$pgsql_data/pg_ident.conf",
            ensure => present,
            owner => postgres,
            group => postgres,
            mode => 600,
            content => template("postgresql/pg_ident.conf"),
            require => Package["postgresql-server"],
        }
    }

    define tagged() {
        # TODO add a system of tag so we can declare database on more than one
        # server 
        Postgresql::User <<| tag == $name |>>
        Postgresql::Database <<| tag == $name |>>
        Postgresql::Db_and_user <<| tag == $name |>>
    }


    define remote_db_and_user($description = "",
                              $tag = "default",
                              $password ) {

        @@postgresql::db_and_user { $name:
                                    tag => $tag,
                                    description => $description,
                                    password => $password
        }
    }

    define remote_database($description = "", 
                           $user = "postgresql", 
                           $tag = "default")
    {
        @@postgresql::database { $name:
            description => $description,
            user => $user,
            tag => $tag,
            require => Postgresql::User[$user]
        }
    }

    define remote_user($password, 
                       $tag = "default")
    {
        @@postgresql::user { $name:
            tag => $tag,
            password => $password,
        }
    }

    define db_and_user($description = "",
                       $password ) {

        database { $name:
                   description => $description,
                   user => $name,
        }

        user { $name:
               password => $password
        }
    }

    # TODO convert it to a regular type ( so we can later change user and so on )
    define database($description="", $user="postgres") {
        exec { "createdb -O $user -U postgres $name '$description'":
            user => root,
            unless => "psql -A -t -U postgres -l | grep '^$name|'",
            require => Service['postgresql'],
        }
    }
    
    # TODO convert to a regular type, so we can later change password without erasing the 
    # current user
    define user($password) {
        $sql = "CREATE ROLE $name ENCRYPTED PASSWORD '\$pass' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;"

        exec { "psql -U postgres -c \"$sql\" ":
            user => root,
            environment => "pass=$password", 
            unless => "psql -A -t -U postgres -c '\du $name' | grep '$name'",
            require => Service['postgresql'],
        }
    }
}
1	class postgresql {
2	class server {
3	$pgsql_data = "/var/lib/pgsql/data/"
4	$pg_version = '9.0'
5
6	# missing requires is corrected in cooker,
7	# should be removed
8	# once the fix is in a stable release
9	package { "postgresql$pg_version-plpgsql":
10	alias => "postgresql-plpgsql",
11	ensure => installed,
12	}
13
14	package { "postgresql$pg_version-server":
15	alias => "postgresql-server",
16	ensure => installed,
17	require => Package['postgresql-plpgsql'],
18	}
19
20	service { postgresql:
21	ensure => running,
22	subscribe => Package["postgresql-server"],
23	hasstatus => true,
24	}
25
26	exec { "service postgresql reload":
27	refreshonly => true,
28	subscribe => [ File["postgresql.conf"],
29	File["pg_ident.conf"],
30	File["pg_hba.conf"] ]
31	}
32
33	openssl::self_signed_splitted_cert { "pgsql.$domain":
34	filename => "server",
35	directory => $pgsql_data,
36	owner => "postgres",
37	group => "postgres",
38	require => Package['postgresql-server']
39	}
40
41
42	file { '/etc/pam.d/postgresql':
43	ensure => present,
44	owner => root,
45	group => root,
46	mode => 644,
47	content => template("postgresql/pam"),
48	}
49
50	file { "postgresql.conf":
51	path => "$pgsql_data/postgresql.conf",
52	ensure => present,
53	owner => postgres,
54	group => postgres,
55	mode => 600,
56	content => template("postgresql/postgresql.conf"),
57	require => Package["postgresql-server"],
58	}
59
60	$db = list_exported_ressources('Postgresql::Db_and_user')
61
62	$forum_lang = list_exported_ressources('Phpbb::Locale_db')
63	file { 'pg_hba.conf':
64	path => "$pgsql_data/pg_hba.conf",
65	ensure => present,
66	owner => postgres,
67	group => postgres,
68	mode => 600,
69	content => template("postgresql/pg_hba.conf"),
70	require => Package["postgresql-server"],
71	}
72
73	file { 'pg_ident.conf':
74	path => "$pgsql_data/pg_ident.conf",
75	ensure => present,
76	owner => postgres,
77	group => postgres,
78	mode => 600,
79	content => template("postgresql/pg_ident.conf"),
80	require => Package["postgresql-server"],
81	}
82	}
83
84	define tagged() {
85	# TODO add a system of tag so we can declare database on more than one
86	# server
87	Postgresql::User <<\| tag == $name \|>>
88	Postgresql::Database <<\| tag == $name \|>>
89	Postgresql::Db_and_user <<\| tag == $name \|>>
90	}
91
92
93	define remote_db_and_user($description = "",
94	$tag = "default",
95	$password ) {
96
97	@@postgresql::db_and_user { $name:
98	tag => $tag,
99	description => $description,
100	password => $password
101	}
102	}
103
104	define remote_database($description = "",
105	$user = "postgresql",
106	$tag = "default")
107	{
108	@@postgresql::database { $name:
109	description => $description,
110	user => $user,
111	tag => $tag,
112	require => Postgresql::User[$user]
113	}
114	}
115
116	define remote_user($password,
117	$tag = "default")
118	{
119	@@postgresql::user { $name:
120	tag => $tag,
121	password => $password,
122	}
123	}
124
125	define db_and_user($description = "",
126	$password ) {
127
128	database { $name:
129	description => $description,
130	user => $name,
131	}
132
133	user { $name:
134	password => $password
135	}
136	}
137
138	# TODO convert it to a regular type ( so we can later change user and so on )
139	define database($description="", $user="postgres") {
140	exec { "createdb -O $user -U postgres $name '$description'":
141	user => root,
142	unless => "psql -A -t -U postgres -l \| grep '^$name\|'",
143	require => Service['postgresql'],
144	}
145	}
146
147	# TODO convert to a regular type, so we can later change password without erasing the
148	# current user
149	define user($password) {
150	$sql = "CREATE ROLE $name ENCRYPTED PASSWORD '\$pass' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;"
151
152	exec { "psql -U postgres -c \"$sql\" ":
153	user => root,
154	environment => "pass=$password",
155	unless => "psql -A -t -U postgres -c '\du $name' \| grep '$name'",
156	require => Service['postgresql'],
157	}
158	}
159	}