1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
class postgresql {
class server {
$pgsql_data = "/var/lib/pgsql/data/"
$pg_version = '9.0'
# missing requires is corrected in cooker,
# should be removed
# once the fix is in a stable release
package { "postgresql$pg_version-plpgsql":
alias => "postgresql-plpgsql",
ensure => installed,
}
package { "postgresql$pg_version-server":
alias => "postgresql-server",
ensure => installed,
require => Package['postgresql-plpgsql'],
}
service { postgresql:
ensure => running,
subscribe => Package["postgresql-server"],
hasstatus => true,
}
exec { "service postgresql reload":
refreshonly => true,
subscribe => [ File["postgresql.conf"],
File["pg_ident.conf"],
File["pg_hba.conf"] ]
}
openssl::self_signed_splitted_cert { "pgsql.$domain":
filename => "server",
directory => $pgsql_data,
owner => "postgres",
group => "postgres",
require => Package['postgresql-server']
}
file { '/etc/pam.d/postgresql':
ensure => present,
owner => root,
group => root,
mode => 644,
content => template("postgresql/pam"),
}
file { "postgresql.conf":
path => "$pgsql_data/postgresql.conf",
ensure => present,
owner => postgres,
group => postgres,
mode => 600,
content => template("postgresql/postgresql.conf"),
require => Package["postgresql-server"],
}
# TODO use augeas to manage this file once augeas 0.7.4 is installed
# on our server, as this would allow use to autodeclare database in it without
# much trouble
file { 'pg_hba.conf':
path => "$pgsql_data/pg_hba.conf",
ensure => present,
owner => postgres,
group => postgres,
mode => 600,
content => template("postgresql/pg_hba.conf"),
require => Package["postgresql-server"],
}
file { 'pg_ident.conf':
path => "$pgsql_data/pg_ident.conf",
ensure => present,
owner => postgres,
group => postgres,
mode => 600,
content => template("postgresql/pg_ident.conf"),
require => Package["postgresql-server"],
}
}
define tagged() {
# TODO add a system of tag so we can declare database on more than one
# server
Postgresql::User <<| tag == $name |>>
Postgresql::Database <<| tag == $name |>>
}
define remote_database($description = "",
$user = "postgresql",
$tag = "default")
{
@@postgresql::database { $name:
description => $description,
user => $user,
tag => $tag,
require => Postgresql::User[$user]
}
}
define remote_user($password,
$tag = "default")
{
@@postgresql::user { $name:
tag => $tag,
password => $password,
}
}
# TODO convert it to a regular type ( so we can later change user and so on )
define database($description="", $user="postgres") {
exec { "createdb -O $user -U postgres $name '$description'":
user => root,
unless => "psql -A -t -U postgres -l | grep '^$name|'",
require => Service['postgresql'],
}
}
# TODO convert to a regular type, so we can later change password without erasing the
# current user
define user($password) {
$sql = "CREATE ROLE $name ENCRYPTED PASSWORD '\$pass' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;"
exec { "psql -U postgres -c \"$sql\" ":
user => root,
environment => "pass=$password",
unless => "psql -A -t -U postgres -c '\du $name' | grep '$name'",
require => Service['postgresql'],
}
}
}
|