1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
class postgresql {
class server {
$pgsql_data = "/var/lib/pgsql/data/"
$pg_version = '9.0'
# missing requires is corrected in cooker,
# should be removed
# once the fix is in a stable release
package { "postgresql$pg_version-plpgsql":
alias => "postgresql-plpgsql",
ensure => installed,
}
package { "postgresql$pg_version-server":
alias => "postgresql-server",
ensure => installed,
require => Package['postgresql-plpgsql'],
}
service { postgresql:
ensure => running,
subscribe => Package["postgresql-server"],
hasstatus => true,
}
exec { "service postgresql reload":
refreshonly => true,
subscribe => [ File["postgresql.conf"],
File["pg_ident.conf"],
File["pg_hba.conf"] ]
}
openssl::self_signed_splitted_cert { "pgsql.$domain":
filename => "server",
directory => $pgsql_data,
owner => "postgres",
group => "postgres",
require => Package['postgresql-server']
}
file { '/etc/pam.d/postgresql':
ensure => present,
owner => root,
group => root,
mode => 644,
content => template("postgresql/pam"),
}
file { "postgresql.conf":
path => "$pgsql_data/postgresql.conf",
ensure => present,
owner => postgres,
group => postgres,
mode => 600,
content => template("postgresql/postgresql.conf"),
require => Package["postgresql-server"],
}
# TODO use augeas to manage this file once augeas 0.7.4 is installed
# on our server, as this would allow use to autodeclare database in it without
# much trouble
file { 'pg_hba.conf':
path => "$pgsql_data/pg_hba.conf",
ensure => present,
owner => postgres,
group => postgres,
mode => 600,
content => template("postgresql/pg_hba.conf"),
require => Package["postgresql-server"],
}
file { 'pg_ident.conf':
path => "$pgsql_data/pg_ident.conf",
ensure => present,
owner => postgres,
group => postgres,
mode => 600,
content => template("postgresql/pg_ident.conf"),
require => Package["postgresql-server"],
}
# TODO add a system of tag so we can declare database on more than one
# server
Postgresql::User <<| |>>
Postgresql::Database <<| |>>
}
# TODO convert it to a regular type ( so we can later change user and so on )
define database($description="", $user="postgres") {
exec { "createdb -O $user -U postgres $name '$description'":
user => root,
unless => "psql -A -t -U postgres -l | grep '^$name|'",
}
}
# TODO convert to a regular type, so we can later change password without erasing the
# current user
define user($password) {
$sql = "CREATE ROLE $name ENCRYPTED PASSWORD '\$pass' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;"
exec { "psql -U postgres -c \"$sql\" ":
user => root,
environment => "pass=$password",
unless => "psql -A -t -U postgres -c '\du $name' | grep '$name'",
}
}
}
|
