| 1 |
class postgresql { |
| 2 |
class server { |
| 3 |
$pgsql_data = "/var/lib/pgsql/data/" |
| 4 |
$pg_version = '9.0' |
| 5 |
|
| 6 |
# missing requires is corrected in cooker, |
| 7 |
# should be removed |
| 8 |
# once the fix is in a stable release |
| 9 |
package { "postgresql$pg_version-plpgsql": |
| 10 |
alias => "postgresql-plpgsql", |
| 11 |
ensure => installed, |
| 12 |
} |
| 13 |
|
| 14 |
package { "postgresql$pg_version-server": |
| 15 |
alias => "postgresql-server", |
| 16 |
ensure => installed, |
| 17 |
require => Package['postgresql-plpgsql'], |
| 18 |
} |
| 19 |
|
| 20 |
service { postgresql: |
| 21 |
ensure => running, |
| 22 |
subscribe => Package["postgresql-server"], |
| 23 |
hasstatus => true, |
| 24 |
} |
| 25 |
|
| 26 |
exec { "service postgresql reload": |
| 27 |
refreshonly => true, |
| 28 |
subscribe => [ File["postgresql.conf"], |
| 29 |
File["pg_ident.conf"], |
| 30 |
File["pg_hba.conf"] ] |
| 31 |
} |
| 32 |
|
| 33 |
openssl::self_signed_splitted_cert { "pgsql.$domain": |
| 34 |
filename => "server", |
| 35 |
directory => $pgsql_data, |
| 36 |
owner => "postgres", |
| 37 |
group => "postgres", |
| 38 |
require => Package['postgresql-server'] |
| 39 |
} |
| 40 |
|
| 41 |
|
| 42 |
file { '/etc/pam.d/postgresql': |
| 43 |
ensure => present, |
| 44 |
owner => root, |
| 45 |
group => root, |
| 46 |
mode => 644, |
| 47 |
content => template("postgresql/pam"), |
| 48 |
} |
| 49 |
|
| 50 |
file { "postgresql.conf": |
| 51 |
path => "$pgsql_data/postgresql.conf", |
| 52 |
ensure => present, |
| 53 |
owner => postgres, |
| 54 |
group => postgres, |
| 55 |
mode => 600, |
| 56 |
content => template("postgresql/postgresql.conf"), |
| 57 |
require => Package["postgresql-server"], |
| 58 |
} |
| 59 |
|
| 60 |
$db = list_exported_ressources('Postgresql::Db_and_user') |
| 61 |
|
| 62 |
$forum_lang = list_exported_ressources('Phpbb::Locale_db') |
| 63 |
file { 'pg_hba.conf': |
| 64 |
path => "$pgsql_data/pg_hba.conf", |
| 65 |
ensure => present, |
| 66 |
owner => postgres, |
| 67 |
group => postgres, |
| 68 |
mode => 600, |
| 69 |
content => template("postgresql/pg_hba.conf"), |
| 70 |
require => Package["postgresql-server"], |
| 71 |
} |
| 72 |
|
| 73 |
file { 'pg_ident.conf': |
| 74 |
path => "$pgsql_data/pg_ident.conf", |
| 75 |
ensure => present, |
| 76 |
owner => postgres, |
| 77 |
group => postgres, |
| 78 |
mode => 600, |
| 79 |
content => template("postgresql/pg_ident.conf"), |
| 80 |
require => Package["postgresql-server"], |
| 81 |
} |
| 82 |
} |
| 83 |
|
| 84 |
define tagged() { |
| 85 |
# TODO add a system of tag so we can declare database on more than one |
| 86 |
# server |
| 87 |
Postgresql::User <<| tag == $name |>> |
| 88 |
Postgresql::Database <<| tag == $name |>> |
| 89 |
Postgresql::Db_and_user <<| tag == $name |>> |
| 90 |
} |
| 91 |
|
| 92 |
|
| 93 |
define remote_db_and_user($description = "", |
| 94 |
$tag = "default", |
| 95 |
$callback_notify = "", |
| 96 |
$password ) { |
| 97 |
|
| 98 |
@@postgresql::db_and_user { $name: |
| 99 |
callback_notify => $callback_notify, |
| 100 |
tag => $tag, |
| 101 |
description => $description, |
| 102 |
password => $password |
| 103 |
} |
| 104 |
# fetch the exported ressources that should have been exported |
| 105 |
# once the db was created, and trigger a notify to the object passwed as callback_notify |
| 106 |
Postgresql::Database_callback <<| name == $name |>> |
| 107 |
} |
| 108 |
|
| 109 |
define remote_database($description = "", |
| 110 |
$user = "postgresql", |
| 111 |
$callback_notify = "", |
| 112 |
$tag = "default") |
| 113 |
{ |
| 114 |
|
| 115 |
|
| 116 |
@@postgresql::database { $name: |
| 117 |
description => $description, |
| 118 |
user => $user, |
| 119 |
callback_notify => $callback_notify, |
| 120 |
tag => $tag, |
| 121 |
require => Postgresql::User[$user] |
| 122 |
} |
| 123 |
|
| 124 |
Postgresql::Database_callback <<| name == $name |>> |
| 125 |
} |
| 126 |
|
| 127 |
define remote_user($password, |
| 128 |
$tag = "default") |
| 129 |
{ |
| 130 |
@@postgresql::user { $name: |
| 131 |
tag => $tag, |
| 132 |
password => $password, |
| 133 |
} |
| 134 |
} |
| 135 |
|
| 136 |
define db_and_user($description = "", |
| 137 |
$callback_notify = "", |
| 138 |
$password ) { |
| 139 |
|
| 140 |
database { $name: |
| 141 |
callback_notify => $callback_notify, |
| 142 |
description => $description, |
| 143 |
user => $name, |
| 144 |
} |
| 145 |
|
| 146 |
user { $name: |
| 147 |
password => $password |
| 148 |
} |
| 149 |
|
| 150 |
} |
| 151 |
|
| 152 |
define database_callback($callback_notify = '') { |
| 153 |
# dummy declaration, so we can trigger the notify |
| 154 |
exec { "callback $name": |
| 155 |
command => "true", |
| 156 |
notify => $callback_notify, |
| 157 |
} |
| 158 |
} |
| 159 |
|
| 160 |
# TODO convert it to a regular type ( so we can later change user and so on ) |
| 161 |
define database($description = "", |
| 162 |
$user = "postgres", |
| 163 |
$callback_notify = "") { |
| 164 |
exec { "createdb -O $user -U postgres $name '$description'": |
| 165 |
user => root, |
| 166 |
unless => "psql -A -t -U postgres -l | grep '^$name|'", |
| 167 |
require => Service['postgresql'], |
| 168 |
} |
| 169 |
|
| 170 |
# this is fetched by the manifest asking the database creation, once the db have been created |
| 171 |
# FIXME proper ordering ? |
| 172 |
@@postgresql::database_callback { $name: |
| 173 |
callback_notify => $callback_notify, |
| 174 |
} |
| 175 |
} |
| 176 |
|
| 177 |
# TODO convert to a regular type, so we can later change password without erasing the |
| 178 |
# current user |
| 179 |
define user($password) { |
| 180 |
$sql = "CREATE ROLE $name ENCRYPTED PASSWORD '\$pass' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;" |
| 181 |
|
| 182 |
exec { "psql -U postgres -c \"$sql\" ": |
| 183 |
user => root, |
| 184 |
environment => "pass=$password", |
| 185 |
unless => "psql -A -t -U postgres -c '\du $name' | grep '$name'", |
| 186 |
require => Service['postgresql'], |
| 187 |
} |
| 188 |
} |
| 189 |
} |
Parent Directory
| 
Revision Log