diff options
Diffstat (limited to 'modules/postgresql/manifests')
| -rw-r--r-- | modules/postgresql/manifests/config.pp | 10 | ||||
| -rw-r--r-- | modules/postgresql/manifests/database.pp | 20 | ||||
| -rw-r--r-- | modules/postgresql/manifests/database_callback.pp | 9 | ||||
| -rw-r--r-- | modules/postgresql/manifests/db_and_user.pp | 15 | ||||
| -rw-r--r-- | modules/postgresql/manifests/hba_entry.pp | 40 | ||||
| -rw-r--r-- | modules/postgresql/manifests/init.pp | 173 | ||||
| -rw-r--r-- | modules/postgresql/manifests/pg_hba.pp | 13 | ||||
| -rw-r--r-- | modules/postgresql/manifests/remote_database.pp | 15 | ||||
| -rw-r--r-- | modules/postgresql/manifests/remote_db_and_user.pp | 18 | ||||
| -rw-r--r-- | modules/postgresql/manifests/remote_user.pp | 10 | ||||
| -rw-r--r-- | modules/postgresql/manifests/server.pp | 53 | ||||
| -rw-r--r-- | modules/postgresql/manifests/tagged.pp | 8 | ||||
| -rw-r--r-- | modules/postgresql/manifests/user.pp | 13 | ||||
| -rw-r--r-- | modules/postgresql/manifests/var.pp | 7 |
14 files changed, 232 insertions, 172 deletions
diff --git a/modules/postgresql/manifests/config.pp b/modules/postgresql/manifests/config.pp new file mode 100644 index 00000000..a9f2ad7f --- /dev/null +++ b/modules/postgresql/manifests/config.pp @@ -0,0 +1,10 @@ +define postgresql::config($content) { + file { $name: + owner => 'postgres', + group => 'postgres', + mode => '0600', + content => $content, + require => Package['postgresql-server'], + notify => Exec['service postgresql reload'], + } +} diff --git a/modules/postgresql/manifests/database.pp b/modules/postgresql/manifests/database.pp new file mode 100644 index 00000000..34cee2a6 --- /dev/null +++ b/modules/postgresql/manifests/database.pp @@ -0,0 +1,20 @@ +# TODO convert it to a regular type ( so we can later change user and so on ) +define postgresql::database($description = '', + $user = 'postgres', + $callback_notify = '') { + + exec { "createdb -O ${user} -U postgres ${name} '${description}' ": + user => 'root', + unless => "psql -A -t -U postgres -l | grep '^${name}|'", + require => Service['postgresql'], + } + + # this is fetched by the manifest asking the database creation, + # once the db have been created + # FIXME proper ordering ? + # FIXME In puppet >3.0 word 'tag' is reserved, so it has to be renamed + @@postgresql::database_callback { $name: + tag => $name, + callback_notify => $callback_notify, + } +} diff --git a/modules/postgresql/manifests/database_callback.pp b/modules/postgresql/manifests/database_callback.pp new file mode 100644 index 00000000..0ab1771f --- /dev/null +++ b/modules/postgresql/manifests/database_callback.pp @@ -0,0 +1,9 @@ +define postgresql::database_callback($callback_notify = '') { + # dummy declaration, so we can trigger the notify + if $callback_notify { + exec { "callback ${name}": + command => '/bin/true', + notify => $callback_notify, + } + } +} diff --git a/modules/postgresql/manifests/db_and_user.pp b/modules/postgresql/manifests/db_and_user.pp new file mode 100644 index 00000000..2d59e1ca --- /dev/null +++ b/modules/postgresql/manifests/db_and_user.pp @@ -0,0 +1,15 @@ +define postgresql::db_and_user( $password, + $description = '', + $callback_notify = '') { + + postgresql::database { $name: + callback_notify => $callback_notify, + description => $description, + user => $name, + require => Postgresql::User[$name], + } + + postgresql::user { $name: + password => $password + } +} diff --git a/modules/postgresql/manifests/hba_entry.pp b/modules/postgresql/manifests/hba_entry.pp new file mode 100644 index 00000000..30fccda0 --- /dev/null +++ b/modules/postgresql/manifests/hba_entry.pp @@ -0,0 +1,40 @@ +# == Define: postgresql::hba_entry +# +# Set a new entry to pg_hba.conf file +# +# === Parameters +# +# See pgsql doc for more details about pg_hba.conf parameters : +# https://www.postgresql.org/docs/9.1/static/auth-pg-hba-conf.html +# +# [*namevar*] +# namevar is not used. +# +# [*type*] +# can be local, host, hostssl, hostnossl +# +# [*database*] +# database name +# +# [*user*] +# user name +# +# [*address*] +# host name or IP address range +# +# [*method*] +# authentication method to use +# +define postgresql::hba_entry( + $type, + $database, + $user, + $address, + $method +) { + include postgresql::var + Postgresql::Pg_hba <| title == $postgresql::var::hba_file |> { + conf_lines +> "${type} ${database} ${user} ${address} ${method}", + } +} +# vim: sw=2 diff --git a/modules/postgresql/manifests/init.pp b/modules/postgresql/manifests/init.pp index 394037cd..faec8b8c 100644 --- a/modules/postgresql/manifests/init.pp +++ b/modules/postgresql/manifests/init.pp @@ -1,172 +1 @@ -class postgresql { - class server { - $pgsql_data = "/var/lib/pgsql/data/" - $pg_version = '9.0' - - # missing requires is corrected in cooker, - # should be removed - # once the fix is in a stable release - package { "postgresql${pg_version}-plpgsql": - alias => "postgresql-plpgsql", - } - - package { "postgresql${pg_version}-server": - alias => "postgresql-server", - require => Package['postgresql-plpgsql'], - } - - service { postgresql: - subscribe => Package["postgresql-server"], - } - - exec { "service postgresql reload": - refreshonly => true, - } - - openssl::self_signed_splitted_cert { "pgsql.$domain": - filename => "server", - directory => $pgsql_data, - owner => "postgres", - group => "postgres", - require => Package['postgresql-server'] - } - - - file { '/etc/pam.d/postgresql': - content => template("postgresql/pam"), - } - - define config($content) { - file { "$name": - owner => postgres, - group => postgres, - mode => 600, - content => $content, - require => Package["postgresql-server"], - notify => Exec['service postgresql reload'], - } - } - - - $db = list_exported_ressources('Postgresql::Db_and_user') - - $forum_lang = list_exported_ressources('Phpbb::Locale_db') - - config { - "$pgsql_data/pg_hba.conf": content => template("postgresql/pg_hba.conf"); - "$pgsql_data/pg_ident.conf": content => template("postgresql/pg_ident.conf"); - "$pgsql_data/postgresql.conf": content => template("postgresql/postgresql.conf"); - } - - } - - define tagged() { - # TODO add a system of tag so we can declare database on more than one - # server - Postgresql::User <<| tag == $name |>> - Postgresql::Database <<| tag == $name |>> - Postgresql::Db_and_user <<| tag == $name |>> - } - - - define remote_db_and_user($description = "", - $tag = "default", - $callback_notify = "", - $password ) { - - @@postgresql::db_and_user { $name: - callback_notify => $callback_notify, - tag => $tag, - description => $description, - password => $password - } - # fetch the exported ressources that should have been exported - # once the db was created, and trigger a notify to the object passwed as callback_notify - Postgresql::Database_callback <<| tag == $name |>> - } - - define remote_database($description = "", - $user = "postgresql", - $callback_notify = "", - $tag = "default") - { - - - @@postgresql::database { $name: - description => $description, - user => $user, - callback_notify => $callback_notify, - tag => $tag, - require => Postgresql::User[$user] - } - - Postgresql::Database_callback <<| tag == $name |>> - } - - define remote_user($password, - $tag = "default") - { - @@postgresql::user { $name: - tag => $tag, - password => $password, - } - } - - define db_and_user($description = "", - $callback_notify = "", - $password ) { - - postgresql::database { $name: - callback_notify => $callback_notify, - description => $description, - user => $name, - require => Postgresql::User[$name], - } - - postgresql::user { $name: - password => $password - } - - } - - define database_callback($callback_notify = '') { - # dummy declaration, so we can trigger the notify - if $callback_notify { - exec { "callback $name": - command => "true", - notify => $callback_notify, - } - } - } - - # TODO convert it to a regular type ( so we can later change user and so on ) - define database($description = "", - $user = "postgres", - $callback_notify = "") { - exec { "createdb -O $user -U postgres $name '$description'": - user => root, - unless => "psql -A -t -U postgres -l | grep '^$name|'", - require => Service['postgresql'], - } - - # this is fetched by the manifest asking the database creation, once the db have been created - # FIXME proper ordering ? - @@postgresql::database_callback { $name: - tag => $name, - callback_notify => $callback_notify, - } - } - - # TODO convert to a regular type, so we can later change password without erasing the - # current user - define user($password) { - $sql = "CREATE ROLE $name ENCRYPTED PASSWORD '\$pass' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;" - - exec { "psql -U postgres -c \"$sql\" ": - user => root, - environment => "pass=$password", - unless => "psql -A -t -U postgres -c '\\du $name' | grep '$name'", - require => Service['postgresql'], - } - } -} +class postgresql { } diff --git a/modules/postgresql/manifests/pg_hba.pp b/modules/postgresql/manifests/pg_hba.pp new file mode 100644 index 00000000..777eee47 --- /dev/null +++ b/modules/postgresql/manifests/pg_hba.pp @@ -0,0 +1,13 @@ +define postgresql::pg_hba( + $conf_lines = [] +) { + $db = list_exported_ressources('Postgresql::Db_and_user') + + $forum_lang = list_exported_ressources('Phpbb::Locale_db') + +# (tmb) disable rewriting config as we are moving to mariadb +# postgresql::config { $name: +# content => template('postgresql/pg_hba.conf'), +# } +} +# vim: sw=2 diff --git a/modules/postgresql/manifests/remote_database.pp b/modules/postgresql/manifests/remote_database.pp new file mode 100644 index 00000000..15b54651 --- /dev/null +++ b/modules/postgresql/manifests/remote_database.pp @@ -0,0 +1,15 @@ +# FIXME: In puppet >3.0 word 'tag' is reserved, so it has to be renamed +define postgresql::remote_database($description = '', + $user = 'postgresql', + $callback_notify = '', + $tag = 'default') { + @@postgresql::database { $name: + description => $description, + user => $user, + callback_notify => $callback_notify, + tag => $tag, + require => Postgresql::User[$user], + } + + Postgresql::Database_callback <<| tag == $name |>> +} diff --git a/modules/postgresql/manifests/remote_db_and_user.pp b/modules/postgresql/manifests/remote_db_and_user.pp new file mode 100644 index 00000000..07e3ea23 --- /dev/null +++ b/modules/postgresql/manifests/remote_db_and_user.pp @@ -0,0 +1,18 @@ +# FIXME: In puppet >3.0 word 'tag' is reserved, so it have to be renamed +define postgresql::remote_db_and_user($password, + $description = '', + $tag = 'default', + $callback_notify = '') { + + @@postgresql::db_and_user { $name: + callback_notify => $callback_notify, + tag => $tag, + description => $description, + password => $password, + } + + # fetch the exported resources that should have been exported + # once the db was created, and trigger a notify to the object + # passed as callback_notify + Postgresql::Database_callback <<| tag == $name |>> +} diff --git a/modules/postgresql/manifests/remote_user.pp b/modules/postgresql/manifests/remote_user.pp new file mode 100644 index 00000000..fb53df4c --- /dev/null +++ b/modules/postgresql/manifests/remote_user.pp @@ -0,0 +1,10 @@ +# FIXME: In puppet >3.0 word 'tag' is reserved, so it have to be renamed +define postgresql::remote_user( $password, + $tag = 'default') { + @@postgresql::user { $name: + tag => $tag, + password => $password, + } +} + + diff --git a/modules/postgresql/manifests/server.pp b/modules/postgresql/manifests/server.pp new file mode 100644 index 00000000..8b92bb2b --- /dev/null +++ b/modules/postgresql/manifests/server.pp @@ -0,0 +1,53 @@ +class postgresql::server { + include postgresql::var + + # missing requires is corrected in cooker, + # should be removed + # once the fix is in a stable release + package { "postgresql${postgresql::var::pg_version}-plpgsql": + alias => 'postgresql-plpgsql', + } + + package { "postgresql${postgresql::var::pg_version}-server": + alias => 'postgresql-server', + require => Package['postgresql-plpgsql'], + } + + service { 'postgresql': + subscribe => Package['postgresql-server'], + } + + exec { 'service postgresql reload': + refreshonly => true, + } + + openssl::self_signed_splitted_cert { "pgsql.${::domain}": + filename => 'server', + directory => $postgresql::var::pgsql_data, + owner => 'postgres', + group => 'postgres', + require => Package['postgresql-server'] + } + + + file { '/etc/pam.d/postgresql': + content => template('postgresql/pam'), + } + + @postgresql::pg_hba { $postgresql::var::hba_file: } + + postgresql::hba_entry { 'allow_local_ipv4': + type => 'host', + database => 'all', + user => 'all', + address => '127.0.0.1/32', + method => 'md5', + } + + postgresql::config { + "${postgresql::var::pgsql_data}/pg_ident.conf": + content => template('postgresql/pg_ident.conf'); + "${postgresql::var::pgsql_data}/postgresql.conf": + content => template('postgresql/postgresql.conf'); + } +} diff --git a/modules/postgresql/manifests/tagged.pp b/modules/postgresql/manifests/tagged.pp new file mode 100644 index 00000000..6a49e3ff --- /dev/null +++ b/modules/postgresql/manifests/tagged.pp @@ -0,0 +1,8 @@ +# FIXME: In puppet >3.0 word 'tag' is reserved, so it have to be renamed +define postgresql::tagged() { + # TODO add a system of tag so we can declare database on more than one + # server + Postgresql::User <<| tag == $name |>> + Postgresql::Database <<| tag == $name |>> + Postgresql::Db_and_user <<| tag == $name |>> +} diff --git a/modules/postgresql/manifests/user.pp b/modules/postgresql/manifests/user.pp new file mode 100644 index 00000000..5b73b243 --- /dev/null +++ b/modules/postgresql/manifests/user.pp @@ -0,0 +1,13 @@ +# TODO convert to a regular type, so we can later change password +# without erasing the current user +define postgresql::user($password) { + $sql = "CREATE ROLE ${name} ENCRYPTED PASSWORD '\${pass}' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;" + + exec { "psql -U postgres -c \"${sql}\" ": + user => 'root', + # do not leak the password on commandline + environment => "pass=${password}", + unless => "psql -A -t -U postgres -c '\\du ${name}' | grep '${name}'", + require => Service['postgresql'], + } +} diff --git a/modules/postgresql/manifests/var.pp b/modules/postgresql/manifests/var.pp new file mode 100644 index 00000000..b31c7ffe --- /dev/null +++ b/modules/postgresql/manifests/var.pp @@ -0,0 +1,7 @@ +class postgresql::var { + + $pgsql_data = '/var/lib/pgsql/data/' + $pg_version = '9.6' + $hba_file = "${pgsql_data}/pg_hba.conf" +} +# vim: sw=2 |