1 |
class postgresql { |
2 |
class server { |
3 |
$pgsql_data = "/var/lib/pgsql/data/" |
4 |
$pg_version = '9.0' |
5 |
|
6 |
# missing requires is corrected in cooker, |
7 |
# should be removed |
8 |
# once the fix is in a stable release |
9 |
package { "postgresql$pg_version-plpgsql": |
10 |
alias => "postgresql-plpgsql", |
11 |
ensure => installed, |
12 |
} |
13 |
|
14 |
package { "postgresql$pg_version-server": |
15 |
alias => "postgresql-server", |
16 |
ensure => installed, |
17 |
require => Package['postgresql-plpgsql'], |
18 |
} |
19 |
|
20 |
service { postgresql: |
21 |
ensure => running, |
22 |
subscribe => Package["postgresql-server"], |
23 |
hasstatus => true, |
24 |
} |
25 |
|
26 |
exec { "service postgresql reload": |
27 |
refreshonly => true, |
28 |
subscribe => [ File["postgresql.conf"], |
29 |
File["pg_ident.conf"], |
30 |
File["pg_hba.conf"] ] |
31 |
} |
32 |
|
33 |
openssl::self_signed_splitted_cert { "pgsql.$domain": |
34 |
filename => "server", |
35 |
directory => $pgsql_data, |
36 |
owner => "postgres", |
37 |
group => "postgres", |
38 |
require => Package['postgresql-server'] |
39 |
} |
40 |
|
41 |
|
42 |
file { '/etc/pam.d/postgresql': |
43 |
ensure => present, |
44 |
owner => root, |
45 |
group => root, |
46 |
mode => 644, |
47 |
content => template("postgresql/pam"), |
48 |
} |
49 |
|
50 |
file { "postgresql.conf": |
51 |
path => "$pgsql_data/postgresql.conf", |
52 |
ensure => present, |
53 |
owner => postgres, |
54 |
group => postgres, |
55 |
mode => 600, |
56 |
content => template("postgresql/postgresql.conf"), |
57 |
require => Package["postgresql-server"], |
58 |
} |
59 |
|
60 |
$db = list_exported_ressources('Postgresql::Db_and_user') |
61 |
|
62 |
$forum_lang = list_exported_ressources('Phpbb::Locale_db') |
63 |
file { 'pg_hba.conf': |
64 |
path => "$pgsql_data/pg_hba.conf", |
65 |
ensure => present, |
66 |
owner => postgres, |
67 |
group => postgres, |
68 |
mode => 600, |
69 |
content => template("postgresql/pg_hba.conf"), |
70 |
require => Package["postgresql-server"], |
71 |
} |
72 |
|
73 |
file { 'pg_ident.conf': |
74 |
path => "$pgsql_data/pg_ident.conf", |
75 |
ensure => present, |
76 |
owner => postgres, |
77 |
group => postgres, |
78 |
mode => 600, |
79 |
content => template("postgresql/pg_ident.conf"), |
80 |
require => Package["postgresql-server"], |
81 |
} |
82 |
} |
83 |
|
84 |
define tagged() { |
85 |
# TODO add a system of tag so we can declare database on more than one |
86 |
# server |
87 |
Postgresql::User <<| tag == $name |>> |
88 |
Postgresql::Database <<| tag == $name |>> |
89 |
Postgresql::Db_and_user <<| tag == $name |>> |
90 |
} |
91 |
|
92 |
|
93 |
define remote_db_and_user($description = "", |
94 |
$tag = "default", |
95 |
$callback_notify = "", |
96 |
$password ) { |
97 |
|
98 |
@@postgresql::db_and_user { $name: |
99 |
callback_notify => $callback_notify, |
100 |
tag => $tag, |
101 |
description => $description, |
102 |
password => $password |
103 |
} |
104 |
# fetch the exported ressources that should have been exported |
105 |
# once the db was created, and trigger a notify to the object passwed as callback_notify |
106 |
Postgresql::Database_callback <<| name == $name |>> |
107 |
} |
108 |
|
109 |
define remote_database($description = "", |
110 |
$user = "postgresql", |
111 |
$callback_notify = "", |
112 |
$tag = "default") |
113 |
{ |
114 |
|
115 |
|
116 |
@@postgresql::database { $name: |
117 |
description => $description, |
118 |
user => $user, |
119 |
callback_notify => $callback_notify, |
120 |
tag => $tag, |
121 |
require => Postgresql::User[$user] |
122 |
} |
123 |
|
124 |
Postgresql::Database_callback <<| name == $name |>> |
125 |
} |
126 |
|
127 |
define remote_user($password, |
128 |
$tag = "default") |
129 |
{ |
130 |
@@postgresql::user { $name: |
131 |
tag => $tag, |
132 |
password => $password, |
133 |
} |
134 |
} |
135 |
|
136 |
define db_and_user($description = "", |
137 |
$callback_notify = "", |
138 |
$password ) { |
139 |
|
140 |
database { $name: |
141 |
callback_notify => $callback_notify, |
142 |
description => $description, |
143 |
user => $name, |
144 |
} |
145 |
|
146 |
user { $name: |
147 |
password => $password |
148 |
} |
149 |
|
150 |
} |
151 |
|
152 |
define database_callback($callback_notify = '') { |
153 |
# dummy declaration, so we can trigger the notify |
154 |
exec { "callback $name": |
155 |
cmd => "true", |
156 |
notify => $callback_notify, |
157 |
} |
158 |
} |
159 |
|
160 |
# TODO convert it to a regular type ( so we can later change user and so on ) |
161 |
define database($description = "", |
162 |
$user = "postgres", |
163 |
$callback_notify = "") { |
164 |
exec { "createdb -O $user -U postgres $name '$description'": |
165 |
user => root, |
166 |
unless => "psql -A -t -U postgres -l | grep '^$name|'", |
167 |
require => Service['postgresql'], |
168 |
} |
169 |
|
170 |
# this is fetched by the manifest asking the database creation, once the db have been created |
171 |
# FIXME proper ordering ? |
172 |
@@postgresql::database_callback { $name: |
173 |
callback_notify => $callback_notify, |
174 |
} |
175 |
} |
176 |
|
177 |
# TODO convert to a regular type, so we can later change password without erasing the |
178 |
# current user |
179 |
define user($password) { |
180 |
$sql = "CREATE ROLE $name ENCRYPTED PASSWORD '\$pass' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;" |
181 |
|
182 |
exec { "psql -U postgres -c \"$sql\" ": |
183 |
user => root, |
184 |
environment => "pass=$password", |
185 |
unless => "psql -A -t -U postgres -c '\du $name' | grep '$name'", |
186 |
require => Service['postgresql'], |
187 |
} |
188 |
} |
189 |
} |