puppetlabs-postgresql-6.7.00040755000076700000240000000000013722221531013007 5ustar00puppetlabs-postgresql-6.7.0/.geppetto-rc.json0100644000076700000240000000017013627456423016301 0ustar00{ "excludes": [ "**/contrib/**", "**/examples/**", "**/tests/**", "**/spec/**", "**/pkg/**" ] } puppetlabs-postgresql-6.7.0/.github0040755000076700000240000000000013722221531014347 5ustar00puppetlabs-postgresql-6.7.0/.github/workflows0040755000076700000240000000000013722221531016404 5ustar00puppetlabs-postgresql-6.7.0/.github/workflows/release.yml0100644000076700000240000000356613674331764020655 0ustar00name: "release" on: push: branches: - 'release' jobs: LitmusAcceptancePuppet5: env: HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 HONEYCOMB_DATASET: litmus tests runs-on: self-hosted strategy: matrix: ruby_version: [2.5.x] puppet_gem_version: [~> 6.0] platform: [release_checks_5] agent_family: ['puppet5'] steps: - uses: actions/checkout@v1 - name: Litmus Parallel uses: puppetlabs/action-litmus_parallel@master with: platform: ${{ matrix.platform }} agent_family: ${{ matrix.agent_family }} LitmusAcceptancePuppet6: env: HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 HONEYCOMB_DATASET: litmus tests runs-on: self-hosted strategy: matrix: ruby_version: [2.5.x] puppet_gem_version: [~> 6.0] platform: [release_checks_6] agent_family: ['puppet6'] steps: - uses: actions/checkout@v1 - name: Litmus Parallel uses: puppetlabs/action-litmus_parallel@master with: platform: ${{ matrix.platform }} agent_family: ${{ matrix.agent_family }} Spec: runs-on: self-hosted strategy: matrix: check: [parallel_spec, 'syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop'] ruby_version: [2.5.x] puppet_gem_version: [~> 5.0, ~> 6.0] exclude: - puppet_gem_version: ~> 5.0 check: 'syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop' - ruby_version: 2.5.x puppet_gem_version: ~> 5.0 steps: - uses: actions/checkout@v1 - name: Spec Tests uses: puppetlabs/action-litmus_spec@master with: puppet_gem_version: ${{ matrix.puppet_gem_version }} check: ${{ matrix.check }} puppetlabs-postgresql-6.7.0/.github/workflows/weekly.yml0100644000076700000240000000356013674331764020527 0ustar00name: "weekly" on: schedule: - cron: '0 3 * * 1' jobs: LitmusAcceptancePuppet5: env: HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 HONEYCOMB_DATASET: litmus tests runs-on: self-hosted strategy: matrix: ruby_version: [2.5.x] puppet_gem_version: [~> 6.0] platform: [release_checks_5] agent_family: ['puppet5'] steps: - uses: actions/checkout@v1 - name: Litmus Parallel uses: puppetlabs/action-litmus_parallel@master with: platform: ${{ matrix.platform }} agent_family: ${{ matrix.agent_family }} LitmusAcceptancePuppet6: env: HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 HONEYCOMB_DATASET: litmus tests runs-on: self-hosted strategy: matrix: ruby_version: [2.5.x] puppet_gem_version: [~> 6.0] platform: [release_checks_6] agent_family: ['puppet6'] steps: - uses: actions/checkout@v1 - name: Litmus Parallel uses: puppetlabs/action-litmus_parallel@master with: platform: ${{ matrix.platform }} agent_family: ${{ matrix.agent_family }} Spec: runs-on: self-hosted strategy: matrix: check: [parallel_spec, 'syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop'] ruby_version: [2.5.x] puppet_gem_version: [~> 5.0, ~> 6.0] exclude: - puppet_gem_version: ~> 5.0 check: 'syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop' - ruby_version: 2.5.x puppet_gem_version: ~> 5.0 steps: - uses: actions/checkout@v1 - name: Spec Tests uses: puppetlabs/action-litmus_spec@master with: puppet_gem_version: ${{ matrix.puppet_gem_version }} check: ${{ matrix.check }} puppetlabs-postgresql-6.7.0/.github_changelog_generator0100644000076700000240000000007613627456423020444 0ustar00user=puppetlabs project=puppetlabs-postgresql since_tag=5.3.0 puppetlabs-postgresql-6.7.0/.nodeset.yml0100644000076700000240000000123413627456423015343 0ustar00--- default_set: 'centos-64-x64' sets: 'centos-59-x64': nodes: "main.foo.vm": prefab: 'centos-59-x64' 'centos-64-x64': nodes: "main.foo.vm": prefab: 'centos-64-x64' 'fedora-18-x64': nodes: "main.foo.vm": prefab: 'fedora-18-x64' 'debian-607-x64': nodes: "main.foo.vm": prefab: 'debian-607-x64' 'debian-70rc1-x64': nodes: "main.foo.vm": prefab: 'debian-70rc1-x64' 'ubuntu-server-10044-x64': nodes: "main.foo.vm": prefab: 'ubuntu-server-10044-x64' 'ubuntu-server-12042-x64': nodes: "main.foo.vm": prefab: 'ubuntu-server-12042-x64' puppetlabs-postgresql-6.7.0/.puppet-lint.rc0100644000076700000240000000001313627456423015760 0ustar00--relative puppetlabs-postgresql-6.7.0/.rubocop_todo.yml0100644000076700000240000000000013627456423016366 0ustar00puppetlabs-postgresql-6.7.0/.sync.yml0100644000076700000240000000246713674331764014671 0ustar00--- ".gitlab-ci.yml": delete: true ".travis.yml": global_env: - HONEYCOMB_WRITEKEY="7f3c63a70eecc61d635917de46bea4e6",HONEYCOMB_DATASET="litmus tests" deploy_to_forge: enabled: false user: puppet secure: '' branches: - release use_litmus: true litmus: provision_list: - ---travis_el - travis_deb - travis_el6 - travis_el7 - travis_el8 complex: - collection: puppet_collection: - puppet6 provision_list: - travis_ub_6 - collection: puppet_collection: - puppet5 provision_list: - travis_ub_5 simplecov: true notifications: slack: secure: sulU0RHAFNMVQyQnqcyRHLRjL7Zl1Ao7ywuObL/qTsCiIweRsFiHX0BdTrurxobhjgdHQizx9G2IakkvhE120AOlLbCV9Nw45tvyuzdV4HhdPSKtwdWWKXgU4IvP2tSblZ4hCOEG4CuEKPvFtoY8UEW2ODmvvwFlQz+GOYOBYMw= appveyor.yml: delete: true Gemfile: optional: ":development": - gem: github_changelog_generator git: https://github.com/skywinder/github-changelog-generator ref: 20ee04ba1234e9e83eb2ffb5056e23d641c7a018 condition: Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.2.2') Rakefile: extras: "FastGettext.default_text_domain = 'default-text-domain'" changelog_user: puppetlabs spec/spec_helper.rb: mock_with: ":rspec" coverage_report: true puppetlabs-postgresql-6.7.0/CHANGELOG.md0100644000076700000240000015134413722221521014703 0ustar00# Change log All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). ## [v6.7.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.7.0) (2020-08-28) [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.6.0...v6.7.0) ### Added - pdksync - \(IAC-973\) - Update travis/appveyor to run on new default branch `main` [\#1182](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1182) ([david22swan](https://github.com/david22swan)) ### Fixed - Invert psql/package dependency logic [\#1179](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1179) ([raphink](https://github.com/raphink)) ## [v6.6.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.6.0) (2020-06-02) [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.5.0...v6.6.0) ### Added - \(IAC-746\) - Add ubuntu 20.04 support [\#1172](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1172) ([david22swan](https://github.com/david22swan)) ### Fixed - Fix custom port in extension [\#1165](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1165) ([Vampouille](https://github.com/Vampouille)) ## [v6.5.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.5.0) (2020-05-13) [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.4.0...v6.5.0) ### Added - service\_ensure =\> true is now an allowed value \(aliased to running\) [\#1167](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1167) ([binford2k](https://github.com/binford2k)) - Finish conversion of `postgresql\_acls\_to\_resources\_hash` function [\#1163](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1163) ([alexjfisher](https://github.com/alexjfisher)) - Finish conversion of `postgresql\_escape` function [\#1162](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1162) ([alexjfisher](https://github.com/alexjfisher)) - Finish conversion of `postgresql\_password` function [\#1161](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1161) ([alexjfisher](https://github.com/alexjfisher)) - Allow usage of grant and role when not managing postgresql::server [\#1159](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1159) ([tuxmea](https://github.com/tuxmea)) - Add version configs for SLES 12 SP 3 to 5 [\#1158](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1158) ([XnS](https://github.com/XnS)) - Add extra parameter "extra\_systemd\_config" [\#1156](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1156) ([veninga](https://github.com/veninga)) ### Fixed - \(MODULES-10610\) Use correct lower bound for concat version [\#1160](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1160) ([ghoneycutt](https://github.com/ghoneycutt)) ## [v6.4.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.4.0) (2020-03-17) [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.3.0...v6.4.0) ### Added - Add Fedora 31 compatibility [\#1141](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1141) ([blackknight36](https://github.com/blackknight36)) - feat: enable different database resource name in extension [\#1136](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1136) ([jfroche](https://github.com/jfroche)) - pdksync - \(FM-8581\) - Debian 10 added to travis and provision file refactored [\#1130](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1130) ([david22swan](https://github.com/david22swan)) - Puppet 4 functions [\#1129](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1129) ([binford2k](https://github.com/binford2k)) ### Fixed - Fix incorrectly quoted GRANT cmd on functions [\#1150](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1150) ([olifre](https://github.com/olifre)) - Correct versioncmp logic in config.pp [\#1137](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1137) ([boydtom](https://github.com/boydtom)) - Treat $version as an integer for comparison, defaults to string [\#1135](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1135) ([boydtom](https://github.com/boydtom)) - Allow usage of PUBLIC role [\#1134](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1134) ([Vampouille](https://github.com/Vampouille)) - fix missing systemd override config for EL8 \(CentOS and RHEL\) [\#1131](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1131) ([david-barbion](https://github.com/david-barbion)) ## [v6.3.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.3.0) (2019-12-18) [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.2.0...v6.3.0) ### Added - Add support for granting privileges on functions [\#1118](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1118) ([crispygoth](https://github.com/crispygoth)) - \(FM-8679\) - Support added for CentOS 8 [\#1117](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1117) ([david22swan](https://github.com/david22swan)) - MODULES-10041 - allow define password\_encryption for version above 10 [\#1111](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1111) ([k2patel](https://github.com/k2patel)) ### Fixed - Remove duplicate REFERENCE.md file with strange unicode character at end of filename [\#1108](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1108) ([nudgegoonies](https://github.com/nudgegoonies)) ## [v6.2.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.2.0) (2019-09-12) [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.1.0...v6.2.0) ### Added - FM-8408 - add support on Debian10 [\#1103](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1103) ([lionce](https://github.com/lionce)) - Fix/directory defined twice [\#1089](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1089) ([arcenik](https://github.com/arcenik)) - Adding SLES 15 [\#1087](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1087) ([msurato](https://github.com/msurato)) - \(FM-7500\) conversion to use litmus [\#1081](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1081) ([tphoney](https://github.com/tphoney)) ### Fixed - \(MODULES-9658\) - custom ports are not labeled correctly [\#1099](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1099) ([blackknight36](https://github.com/blackknight36)) - Fix: When assigning a tablespace to a database, no equal sign is needed in the query [\#1098](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1098) ([biertie](https://github.com/biertie)) - Grant all tables in schema fixup [\#1096](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1096) ([georgehansper](https://github.com/georgehansper)) - \(MODULES-9219\) - puppetlabs-postgresql : catalog compilation fails when the service command is not installed [\#1093](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1093) ([blackknight36](https://github.com/blackknight36)) ## [v6.1.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.1.0) (2019-06-04) [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.0.0...v6.1.0) ### Added - \(FM-8031\) Add RedHat 8 support [\#1083](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1083) ([eimlav](https://github.com/eimlav)) ## [v6.0.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.0.0) (2019-05-14) [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.12.1...v6.0.0) ### Changed - pdksync - \(MODULES-8444\) - Raise lower Puppet bound [\#1070](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1070) ([david22swan](https://github.com/david22swan)) - \(maint\) remove inconsistent extra variable [\#1044](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1044) ([binford2k](https://github.com/binford2k)) ### Added - Add Fedora 30 compatibility [\#1067](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1067) ([blackknight36](https://github.com/blackknight36)) - Include EL8 version for config checks [\#1060](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1060) ([ehelms](https://github.com/ehelms)) ### Fixed - Support current version of puppetlabs/apt. [\#1073](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1073) ([pillarsdotnet](https://github.com/pillarsdotnet)) - change username/group/datadir defaults for FreeBSD [\#1063](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1063) ([olevole](https://github.com/olevole)) ## [5.12.1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.12.1) (2019-02-14) [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.12.0...5.12.1) ### Fixed - \(FM-7811\) - Use postgresql 9.4 for SLES 11 sp4 [\#1057](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1057) ([david22swan](https://github.com/david22swan)) - \(MODULES-8553\) Further cleanup for package tag issues [\#1055](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1055) ([HelenCampbell](https://github.com/HelenCampbell)) ## [5.12.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.12.0) (2019-02-01) [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.11.0...5.12.0) ### Added - \(MODULES-3804\) Fix sort order of pg\_hba\_rule entries [\#1040](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1040) ([olavmrk](https://github.com/olavmrk)) ### Fixed - \(MODULES-8553\) Fix dependency on apt by explicitly using 'puppetlabs-postgresql' as tag [\#1052](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1052) ([HelenCampbell](https://github.com/HelenCampbell)) - \(MODULES-8352\) Don't use empty encoding string on initdb [\#1043](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1043) ([binford2k](https://github.com/binford2k)) - pdksync - \(FM-7655\) Fix rubygems-update for ruby \< 2.3 [\#1042](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1042) ([tphoney](https://github.com/tphoney)) ## [5.11.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.11.0) (2018-11-21) [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.10.0...5.11.0) ### Added - Add postgis support for postgres 10 [\#1032](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1032) ([smussie](https://github.com/smussie)) ### Fixed - Strip quotes from role names [\#1034](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1034) ([jstuart](https://github.com/jstuart)) - Ignore .psqlrc so output is clean and doesn't break Puppet [\#1021](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1021) ([flaviogurgel](https://github.com/flaviogurgel)) - Change initdb option '--xlogdir' to '-X' for PG10 compatibility [\#976](https://github.com/puppetlabs/puppetlabs-postgresql/pull/976) ([fcanovai](https://github.com/fcanovai)) ## [5.10.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.10.0) (2018-09-27) [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.9.0...5.10.0) ### Added - pdksync - \(MODULES-6805\) metadata.json shows support for puppet 6 [\#1026](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1026) ([tphoney](https://github.com/tphoney)) ## [5.9.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.9.0) (2018-09-06) [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.8.0...5.9.0) ### Added - pdksync - \(MODULES-7705\) - Bumping stdlib dependency from \< 5.0.0 to \< 6.0.0 [\#1018](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1018) ([pmcmaw](https://github.com/pmcmaw)) ## [5.8.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.8.0) (2018-08-06) [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.7.0...5.8.0) ### Added - metadata.json: bump allowed version of puppetlabs-apt to 6.0.0 [\#1012](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1012) ([mateusz-gozdek-sociomantic](https://github.com/mateusz-gozdek-sociomantic)) ## [5.7.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.7.0) (2018-07-19) [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.6.0...5.7.0) ### Added - \(MODULES-7479\) Update postgresql to support Ubuntu 18.04 [\#1005](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1005) ([david22swan](https://github.com/david22swan)) - \(MODULES-6542\) - Adding SLES 11 & 12 to metadata [\#1001](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1001) ([pmcmaw](https://github.com/pmcmaw)) ### Fixed - \(MODULES-7479\) Ensure net-tools is installed when testing on Ubuntu 18.04 [\#1006](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1006) ([david22swan](https://github.com/david22swan)) - \(MODULES-7460\) - Updating grant table to include INSERT privileges [\#1004](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1004) ([pmcmaw](https://github.com/pmcmaw)) - Fix packages choice for ubuntu 17.10 [\#1000](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1000) ([fflorens](https://github.com/fflorens)) ## [5.6.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.6.0) (2018-06-20) [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.5.0...5.6.0) ### Changed - Fix creation of recovery.conf file when recovery configuration is not specified [\#995](https://github.com/puppetlabs/puppetlabs-postgresql/pull/995) ([cdloh](https://github.com/cdloh)) ### Added - Add compatibility for Fedora 28 [\#994](https://github.com/puppetlabs/puppetlabs-postgresql/pull/994) ([jflorian](https://github.com/jflorian)) - \(MODULES-5994\) Add debian 9 [\#992](https://github.com/puppetlabs/puppetlabs-postgresql/pull/992) ([hunner](https://github.com/hunner)) - Adding default Postgresql version for Ubuntu 18.04 [\#981](https://github.com/puppetlabs/puppetlabs-postgresql/pull/981) ([lutaylor](https://github.com/lutaylor)) ### Fixed - Fix quoting on schema owners [\#979](https://github.com/puppetlabs/puppetlabs-postgresql/pull/979) ([hasegeli](https://github.com/hasegeli)) ## [5.5.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.5.0) (2018-04-06) [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.4.0...5.5.0) ### Added - Parameters `roles`, `config\_entires`, and `pg\_hba\_rules` to `postgresql::server` for hiera [\#950](https://github.com/puppetlabs/puppetlabs-postgresql/pull/950) ([ekohl](https://github.com/ekohl)) ## [5.4.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.4.0) (2018-03-22) [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.3.0...5.4.0) ### Added - \(MODULES-6330\) PDK convert 1.4.1 [\#961](https://github.com/puppetlabs/puppetlabs-postgresql/pull/961) ([pmcmaw](https://github.com/pmcmaw)) - Parameter `ensure` on `postgresql::server::grant` and `postgresql::server::database\_grant` [\#891](https://github.com/puppetlabs/puppetlabs-postgresql/pull/891) ([georgehansper](https://github.com/georgehansper)) ### Fixed - Documentation error, `reassign\_owned\_by` uses `\*\_role` not `\*\_owner`. [\#958](https://github.com/puppetlabs/puppetlabs-postgresql/pull/958) ([computermouth](https://github.com/computermouth)) ## 5.3.0 ### Summary Implements rubocop changes within the module, alongside other smaller changes. #### Added - ensure=>absent added to postgresql::server:role. - Support added for Fedora 27. - scram-sha-256 added as a valid ph_hba_rule auth method. - 9.6 settings inherited for later PgSQL versions on FreeBSD. - A require has been added for puppet. #### Changed - Changes made to avoid the useless loading of files by augeas. - Modulesync changes. - psql_path defaulted to postgresql::server::psql_path. - Rubocop changes have been made. #### Removed - Debian 9 support deprecated. ## Supported Release 5.2.1 ### Summary Bug fix for issue introduced in 5.2.0 #### Fixed - issue where the module was attempting to install extensions before a database was available. ([SERVER-2003](https://tickets.puppetlabs.com/browse/SERVER-2003)) ## Supported Release 5.2.0 ### Summary Adds several new features including some work around OS support. Also includes a couple of fixes to tests and the removal of unsupported Ubuntu versions. #### Added - Added default postgresql version of Ubuntu 17.4 version to the globals.pp file. - Fedora 26 provides postgresql-server version 9.6 by default - Added support to manifests/globals.pp to avoid puppet failures on Fedora 26 nodes. - Use postgresql 9.6 for the newest SLES and openSUSE releases. - Enhanced --data-checksums on initdb. - Added support for Debian version 9. - Added a `version` parameter. #### Changed - Replaced validate_re calls with puppet datatype `Pattern` and is_array calls with puppet datatype `Array`. - Installation method for apt in the spec_helper_acceptance, this is a temporary workaround due to issues with module installation. #### Fixed - Updated spec tests to remove deprecation warnings. - Docs formatting. - Pass default_connect_settings to validate service ([MODULES-4682](https://tickets.puppetlabs.com/browse/MODULES-4682)) - Rocket Alignment for Lint. - Fixed changes in error messages in tests ([MODULES-5378](https://tickets.puppetlabs.com/browse/MODULES-5378)) #### Removed - Removed unsupported Ubuntu versions 10.04 and 12.04 ([MODULES-5501](https://tickets.puppetlabs.com/browse/MODULES-5501)) - Removed unsupported Debian version 6. - Removed numeric order override. ## Supported Release 5.1.0 ### Summary This release includes Japanese translations for internationalization, Puppet 5 support, implementation of defined type postgresql::server::reassign_owned_by. #### Features - Updating translations for readmes/README_ja_JP.md - add defined type postgresql::server::reassign_owned_by - Allow order parameter to be string value - prep for puppet 5 ([MODULES-5144](https://tickets.puppetlabs.com/browse/MODULES-5144)) - add data_checksums option to initdb - parameter ensure of custom resource postgresql_replication_slot is not documented ([MODULES-2989](https://tickets.puppetlabs.com/browse/MODULES-2989)) #### Bug Fixes - Adding a space for header formatting - use https for apt.postgresql.org repo - msync puppet 5 and ruby 2.4 ([MODULES-5197](https://tickets.puppetlabs.com/browse/MODULES-5187)) - Only run test on postgresql >= 9.0 ([FM-6240](https://tickets.puppetlabs.com/browse/FM-6240)) - Fix Ruby 2.4 deprecation in postgresql_acls_to_resources_hash ## Supported Release 5.0.0 ### Summary This **major** release dropped support for Puppet 3 and PostgreSQL 8.x, added Puppet 4 data types, and deprecated the validate_db_connection type. #### Added - `locales/` directory, .pot file, and i18n `config.yaml`. ([FM-6116](https://tickets.puppet.com/browse/FM-6116)) - `update_password` parameter to toggle password management per role. - **Puppet 4** type validation. - new `postgresql_conn_validator` custom type and deprecated `validate_db_connection`. ([MODULES-1394](https://tickets.puppet.com/browse/MODULES-1394)) #### Changed - default postgis versions in postgresql::globals to use newer versions. - puppetlabs-concat and puppetlabs-apt dependencies to use latest versions. ([MODULES-4906](https://tickets.puppet.com/browse/MODULES-4906), [MODULES-4947](https://tickets.puppet.com/browse/MODULES-4947)) - default value for `log_line_prefix` to `undef`. - `listen_addresses` default value to 'localhost'. Allows for it to be set independently of a class declaration. - use of stdlib validate_* functions. They have been removed in favor of Puppet 4 type validation. - lower Puppet dependency in metadata to 4.7.0. ([MODULES-4826](https://tickets.puppet.com/browse/MODULES-4826)) #### Fixed - deprecated apt::source parameters(`key`,`key_source`, & `include_src`). - default SUSE parameters. ([MODULES-4598](https://tickets.puppet.com/browse/MODULES-4598)) - use of force parameter on concat resources. ## Supported Release 4.9.0 ### Summary This release adds several types and, among other bugs, fixes an issue with the yum URL. #### Features - Modifying ownership of databases and schemas now available (MODULES-3247) - Use `module_workdir` to specify a custom directory in which to execute psql commands - `grant_role` and `grant` types added! - Support for parallel unit testing (parallel_tests) - Override download/installation repo URL with `repo_baseurl` - Set your timezone with `timezone` - Grant privileges on LANGUAGEs - Added support for Debian Stretch and Ubuntu Yakkety Yak #### Bugfixes - Usernames and passwords are now converted to strings before password hash is created - Specify default database name if it is not the username - Update to yum repo - Schema name conflicts fix ## Supported Release 4.8.0 ### Summary This release primarily fixes an issue with `postgresql_conf` values of ipaddresses being considered floats and not getting quoted. #### Features - Add `default_connect_settings` parameter to `postgresql::server` - Running under strict variables is now supported - Add timestamps into logs by default #### Bugfixes - Obscure password in postgresql\_psql type - Fix ip address quoting in postgresql\_conf type - Fix handling of systemd service on Ubuntu - Mark log_min_duration_statement setting as requiring a service restart - Add fixes for Fedora 23, Fedora 24, FreeBSD, OpenBSD - Fix environment handling to avoid "Overriding environment setting" message - Work around PUP-6385, using empty arrays instead of undef when specifying resource relationships - README editorial pass - Reduce whitespace in templates - Update build/test infrastructure ## Supported Release 4.7.1 ### Summary This release contains some bugfixes and documentation updates. #### Bugfixes - (MODULES-3024) Quote database objects when creating databases. - Properly escape case where password ends with '$'. - Fixes password change when postgres is configure to non-standard port. - Unpins concat dependency to be able to use concat 2.x. - Workaround to fix installing on Amazon Linux. - Fixes proper defaulting of `$service_provider` parameter. - Fixes postgres server init script naming on Amazon Linux. - Fixes service reload parameter on Arch Linux. - Adds missing onlyif_function to sequence grant code. - Fixes to the markdown of the README. ## Supported Release 4.7.0 ### Summary A release with a considerable amount of new features, including remote db support and several platform support updates. Various bugfixes including several to address warnings and a sizable README update. #### Features - Remote DB support - Connection-settings allows a hash of options that can be used when connecting to a remote DB. - Debian 8 support. - Updated systemd-override to support fedora and CentOS paths. - Adds the ability to define the extension name separately from the title of the resource, which allows you to add the extension to more than one database. - Added parameter to disable automatic service restarts on config changes. - Ubuntu 15.10 compatibility. - OpenBSD version is now 9.4. - Added .gitattributes to maintain line endings for .sh and .rb files. - Adds default postgis version for 9.5. - Allows float postgresql_conf values. - Schedule apt update after install of repo. #### Bugfixes - Fixed systemd-override for RedHat systems with unmanaged Yum repos. - Removed inherits postgresql::params. - Multi-node tests are now not ran by default. - Change apt::pin to apt_postgresql_org to prevent error message. - Removed syntax error near UTF8. - Removal of extra blanks and backslashes in README. - Double quotes now used around database name to prevent syntax error. - Removes ruby 1.8.7 and puppet 2.7 from travis-ci jobs. - Fixed paths to work on Amazon Linux. - Fixed quotes around locale options. - Huge README update. - Update to use current msync configs. - Fixes postgresql::server acceptance test descriptions. ## Supported Release 4.6.1 ###Summary Small release for support of newer PE versions. This increments the version of PE in the metadata.json file. ## 2015-09-01 - Supported Release 4.6.0 ### Summary This release adds a proxy feature for yum, Postgis improvements, and decoupling pg_hba_rule from postgresql::server. #### Features - Support setting a proxy for yum operations - Allow for undefined PostGIS version - Decouple pg_hba_rule from postgresql::server #### Bugfixes - Fix postgis default package name on RedHat ## 2015-07-27 - Supported Release 4.5.0 ### Summary This release adds sequence grants, some postgresql 9.4 fixes, and `onlyif` to the psql resource. ### Features - Add `onlyif` parameter to `postgresql_psql` - Add unsupported compatibility with Ubuntu 15.04 - Add unsupported compatibility with SLES 11/12 and OpenSuSE 13.2 - Add `postgresql::server::grant::onlyif_exists` attribute - Add `postgresql::server::table_grant::onlyif_exists` attribute - Add granting permissions on sequences ### Bugfixes - Added docs for `postgresql::server::grant` - Fix `pg_hba_conf_defaults => false` to not disable ipv4/ipv6 acls - Fix 9.4 for `postgresql::server::pg_hba_rule` ## 2015-07-07 - Supported Release 4.4.2 ### Summary This release fixes a bug introduced in 4.4.0. #### Bugfixes - Fixes `withenv` execution under Puppet 2.7. (MODULES-2185) ## 2015-07-01 - Supported Release 4.4.1 ### Summary This release fixes RHEL 7 & Fedora with manage_package_repo switched on. #### Bugfixes - Ensure manage_package_repo variable is in scope for systemd-override file for RHEL7 ## 2015-06-30 - Supported Release 4.4.0 ### Summary This release has several new features, bugfixes, and test improvements. #### Features - Adds a resource to manage recovery.conf. - Adds a parameter that allows the specification of a validate connection script in `postgresql::client`. - Adds support for plpython package management. - Adds support for postgresql-docs management. - Adds ability to make `postgresql::server::schema` titles unique. (MODULES-2049) - Updates puppetlabs-apt module dependency to support version 2.1.0. #### Bugfixes - Fix `postgresql_psql` parameter ordering to work on OpenBSD with Future Parser - Fix setting postgres role password (MODULES-1869) - Fix execution command with puppet <3.4 (MODULES-1923) - Fix Puppet.newtype deprecation warning (MODULES-2007) - Fix systemd override for manage_repo package versions - Fix Copy snakeoil certificate and key instead of symlinking #### Test Improvements - Allows setting BEAKER and BEAKER_RSPEC versions via environment variables. - Enables Unit testing on Travis CI with Puppet 4. - Cleans up spec_helper_acceptance.rb to use new puppet_install_helper gem. ## 2015-03-24 - Supported Release 4.3.0 ### Summary This release fixes compatibility with Puppet 4 and removes opportunities for local users to view the postgresql password. It also adds a new custom resource to aid in managing replication. #### Features - Add `postgresql::server::logdir` parameter to manage the logdir - Add `environment` parameter to `postgresql_psql` - Add `postgresql_replication_slot` custom resource #### Bugfixes - Fix for Puppet 4 - Don't print postgresql\_psql password in command - Allow `postgresql::validate_db_connection` for more than one host+port+database combo - Fix service command on Debian 8 and up - Fix `postgresql::server::extension` to work with custom user/group/port - Fix `postgresql::server::initdb` to work with custom user/group/port - Fix changing template1 encoding - Fix default `postgresql::server::grant::object_name` value - Fix idempotency of granting all tables in schema with `puppet::server::grant` - Fix lint warnings - Fix apt key to use 40 character key and bump puppetlabs-apt to >= 1.8.0 < 2.0.0 ##2015-03-10 - Supported Release 4.2.0 ###Summary This release has several new features including support for server extensions, improved grant support, and a number of bugfixes. ####Features - Changes to support OpenBSD - Add `service_reload` parameter to `postgresql::server` - Add `comment` parameter to `postgresql::server::database` (MODULES-1153) - Add `postgresql::server::extension` defined type - Add postgresql versions for utopic and jessie - Update `postgresql::server::grant` to support 'GRANT SCHEMA' and 'ALL TABLES IN SCHEMA' ####Bugfixes - Lint cleanup - Remove outdated upgrade info from README - Use correct TCP port when checking password - Create role before database - Fix template1 encoding on Debian - Require server package before user permissions - Fix `service_status` default for FreeBSD to allow PostgreSQL to start the first run - Fix invalid US-ASCII byte sequence in `postgresql::server::grant` comments - Reverted to default behavior for Debian systems as `pg_config` should not be overwritten (MODULES-1485) ##2014-11-04 - Supported Release 4.1.0 ###Summary This release adds the ability to change the PGDATA directory, and also includes documentation and test updates, future parser support, and a few other new features. ####Features - Future parser support - Documentation updates - Test updates - Add a link from `/etc/sysconfig/pgsql/postgresql-${version}` to `/etc/sysconfig/pgsql/postgresql` to support init scripts from the postgresql.org repo - Add support for changing the PGDATA directory - Set default versions for Fedora 21 and FreeBSD ##2014-09-03 - Supported Release 4.0.0 ###Summary This release removes the uninstall ability from the module, removes the firewall management, overhauls all of the acceptance testing, as well as adds better support for SuSE and Fedora. ###Backwards Incompatible changes. - Uninstall code removal. - Firewall management for Postgres. - Set manage_pg_ident_conf to true. ####Uninstallation removal We rely heavily on the ability to uninstall and reinstall postgres throughout our testing code, testing features like "can I move from the distribution packages to the upstream packages through the module" and over time we've learnt that the uninstall code simply doesn't work a lot of the time. It leaves traces of postgres behind or fails to remove certain packages on Ubuntu, and generally causes bits to be left on your system that you didn't expect. When we then reinstall things fail because it's not a true clean slate, and this causes us enormous problems during test. We've spent weeks and months working on these tests and they simply don't hold up well across the full range of PE platforms. Due to all these problems we've decided to take a stance on uninstalling in general. We feel that in 2014 it's completely reasonable and normal to have a good provisioning pipeline combined with your configuration management and the "correct" way to uninstall a fully installed service like postgresql is to simply reprovision the server without it in the first place. As a general rule this is how I personally like to work and I think is a good practice. ####I'm not OK with this! We understand that there are environments and situations in which it's not easy to do that. What if you accidently deployed Postgres on 100,000 nodes? In the future we're going to take a look at building some example 'profiles' to be found under examples/ within this module that can uninstall postgres on popular platforms. These can be modified and used in your specific case to uninstall postgresql. They will be much more brute force and reliant on deleting entire directories and require you to do more work up front in specifying where things are installed but we think it'll prove to be a much cleaner mechanism for this kind of thing rather than trying to weave it into the main module logic itself. ####Features - Removal of uninstall. - Removal of firewall management. - Tests ported to rspec3. - Acceptance tests rewritten. - Add a defined type for creating database schemas. - Add a pg_ident_rule defined type. - Set manage_pg_ident_conf to true. - Manage pg_ident.conf by default. - Improve selinux support for tablespace. - Remove deprecation warnings. - Support changing PGDATA on RedHat. - Add SLES 11 support. ####Bugfixes - Link pg_config binary into /usr/bin. - Fix fedora support by using systemd. - Initdb should create xlogdir if set. - Use a regular expression to match the major OS version on Ubuntu. ##2014-07-31 - Supported Release 3.4.2 ###Summary This release fixes recent Fedora versions. ####Features ####Bugfixes - Fix Fedora. ##2014-07-15 - Supported Release 3.4.1 ###Summary This release merely updates metadata.json so the module can be uninstalled and upgraded via the puppet module command. ##2014-04-14 - Supported Release 3.4.0 ###Summary This feature rolls up several important features, the biggest being PostGIS handling and allowing `port` to be set on postgresql::server in order to change the port that Postgres listens on. We've added support for RHEL7 and Ubuntu 14.04, as well as allowing you to manage the service via `service_ensure` finally. ####Features - Added `perl_package_name` for installing bindings. - Added `service_ensure` for allowing control of services. - Added `postgis_version` and postgis class for installing postgis. - Added `port` for selecting the port Postgres runs on. - Add support for RHEL7 and Ubuntu 14.04. - Add `default_db` to postgresql::server::database. - Widen the selection of unquoted parameters in postgresql_conf{} - Require the service within postgresql::server::reload for RHEL7. - Add `inherit` to postgresql::server::role. ####Bugfixes ##2014-03-04 - Supported Release 3.3.3 ###Summary This is a supported release. This release removes a testing symlink that can cause trouble on systems where /var is on a seperate filesystem from the modulepath. ####Features ####Bugfixes ####Known Bugs * SLES is not supported. ##2014-03-04 - Supported Release 3.3.2 ###Summary This is a supported release. It fixes a problem with updating passwords on postgresql.org distributed versions of PostgreSQL. ####Bugfixes - Correct psql path when setting password on custom versions. - Documentation updates - Test updates ####Known Bugs * SLES is not supported. ##2014-02-12 - Version 3.3.1 ####Bugfix: - Allow dynamic rubygems host ##2014-01-28 - Version 3.3.0 ###Summary This release rolls up a bunch of bugfixes our users have found and fixed for us over the last few months. This improves things for 9.1 users, and makes this module usable on FreeBSD. This release is dedicated to 'bma', who's suffering with Puppet 3.4.1 issues thanks to Puppet::Util::SUIDManager.run_and_capture. ####Features - Add lc_ config entry settings - Can pass template at database creation. - Add FreeBSD support. - Add support for customer `xlogdir` parameter. - Switch tests from rspec-system to beaker. (This isn't really a feature) ####Bugfixes - Properly fix the deprecated Puppet::Util::SUIDManager.run_and_capture errors. - Fix NOREPLICATION option for Postgres 9.1 - Wrong parameter name: manage_pg_conf -> manage_pg_hba_conf - Add $postgresql::server::client_package_name, referred to by install.pp - Add missing service_provider/service_name descriptions in ::globals. - Fix several smaller typos/issues throughout. - Exec['postgresql_initdb'] needs to be done after $datadir exists - Prevent defined resources from floating in the catalog. - Fix granting all privileges on a table. - Add some missing privileges. - Remove deprecated and unused concat::fragment parameters. ##2013-11-05 - Version 3.2.0 ###Summary Add's support for Ubuntu 13.10 (and 14.04) as well as x, y, z. ####Features - Add versions for Ubuntu 13.10 and 14.04. - Use default_database in validate_db_connection instead of a hardcoded 'postgres' - Add globals/params layering for default_database. - Allow specification of default database name. ####Bugs - Fixes to the README. ##2013-10-25 - Version 3.1.0 ###Summary This is a minor feature and bug fix release. Firstly, the postgresql_psql type now includes a new parameter `search_path` which is equivalent to using `set search_path` which allows you to change the default schema search path. The default version of Fedora 17 has now been added, so that Fedora 17 users can enjoy the module. And finally we've extended the capabilities of the defined type postgresql::validate_db_connection so that now it can handle retrying and sleeping between retries. This feature has been monopolized to fix a bug we were seeing with startup race conditions, but it can also be used by remote systems to 'wait' for PostgreSQL to start before their Puppet run continues. ####Features - Defined $default_version for Fedora 17 (Bret Comnes) - add search_path attribute to postgresql_psql resource (Jeremy Kitchen) - (GH-198) Add wait and retry capability to validate_db_connection (Ken Barber) ####Bugs - enabling defined postgres user password without resetting on every puppet run (jonoterc) - periods are valid in configuration variables also (Jeremy Kitchen) - Add zero length string to join() function (Jarl Stefansson) - add require of install to reload class (cdenneen) - (GH-198) Fix race condition on postgresql startup (Ken Barber) - Remove concat::setup for include in preparation for the next concat release (Ken Barber) ##2013-10-14 - Version 3.0.0 Final release of 3.0, enjoy! ##2013-10-14 - Version 3.0.0-rc3 ###Summary Add a parameter to unmanage pg_hba.conf to fix a regression from 2.5, as well as allowing owner to be passed into x. ####Features - `manage_pg_hba_conf` parameter added to control pg_hba.conf management. - `owner` parameter added to server::db. ##2013-10-09 - Version 3.0.0-rc2 ###Summary A few bugfixes have been found since -rc1. ####Fixes - Special case for $datadir on Amazon - Fix documentation about username/password for the postgresql_hash function ##2013-10-01 - Version 3.0.0-rc1 ###Summary Version 3 was a major rewrite to fix some internal dependency issues, and to make the new Public API more clear. As a consequence a lot of things have changed for version 3 and older revisions that we will try to outline here. (NOTE: The format of this CHANGELOG differs to normal in an attempt to explain the scope of changes) * Server specific objects now moved under `postgresql::server::` namespace: To restructure server specific elements under the `postgresql::server::` namespaces the following objects were renamed as such: `postgresql::database` -> `postgresql::server::database` `postgresql::database_grant` -> `postgresql::server::database_grant` `postgresql::db` -> `postgresql::server::db` `postgresql::grant` -> `postgresql::server::grant` `postgresql::pg_hba_rule` -> `postgresql::server::pg_hba_rule` `postgresql::plperl` -> `postgresql::server::plperl` `postgresql::contrib` -> `postgresql::server::contrib` `postgresql::role` -> `postgresql::server::role` `postgresql::table_grant` -> `postgresql::server::table_grant` `postgresql::tablespace` -> `postgresql::server::tablespace` * New `postgresql::server::config_entry` resource for managing configuration: Previously we used the `file_line` resource to modify `postgresql.conf`. This new revision now adds a new resource named `postgresql::server::config_entry` for managing this file. For example: ```puppet postgresql::server::config_entry { 'check_function_bodies': value => 'off', } ``` If you were using `file_line` for this purpose, you should change to this new methodology. * `postgresql_puppet_extras.conf` has been removed: Now that we have a methodology for managing `postgresql.conf`, and due to concerns over the file management methodology using an `exec { 'touch ...': }` as a way to create an empty file the existing postgresql\_puppet\_extras.conf file is no longer managed by this module. If you wish to recreate this methodology yourself, use this pattern: ```puppet class { 'postgresql::server': } $extras = "/tmp/include.conf" file { $extras: content => 'max_connections = 123', notify => Class['postgresql::server::service'], }-> postgresql::server::config_entry { 'include': value => $extras, } ``` * All uses of the parameter `charset` changed to `encoding`: Since PostgreSQL uses the terminology `encoding` not `charset` the parameter has been made consisent across all classes and resources. * The `postgresql` base class is no longer how you set globals: The old global override pattern was less then optimal so it has been fixed, however we decided to demark this properly by specifying these overrides in the class `postgresql::global`. Consult the documentation for this class now to see what options are available. Also, some parameter elements have been moved between this and the `postgresql::server` class where it made sense. * `config_hash` parameter collapsed for the `postgresql::server` class: Because the `config_hash` was really passing data through to what was in effect an internal class (`postgresql::config`). And since we don't want this kind of internal exposure the parameters were collapsed up into the `postgresql::server` class directly. * Lots of changes to 'private' or 'undocumented' classes: If you were using these before, these have changed names. You should only use what is documented in this README.md, and if you don't have what you need you should raise a patch to add that feature to a public API. All internal classes now have a comment at the top indicating them as private to make sure the message is clear that they are not supported as Public API. * `pg_hba_conf_defaults` parameter included to turn off default pg\_hba rules: The defaults should be good enough for most cases (if not raise a bug) but if you simply need an escape hatch, this setting will turn off the defaults. If you want to do this, it may affect the rest of the module so make sure you replace the rules with something that continues operation. * `postgresql::database_user` has now been removed: Use `postgresql::server::role` instead. * `postgresql::psql` resource has now been removed: Use `postgresql_psql` instead. In the future we may recreate this as a wrapper to add extra capability, but it will not match the old behaviour. * `postgresql_default_version` fact has now been removed: It didn't make sense to have this logic in a fact any more, the logic has been moved into `postgresql::params`. * `ripienaar/concat` is no longer used, instead we use `puppetlabs/concat`: The older concat module is now deprecated and moved into the `puppetlabs/concat` namespace. Functionality is more or less identical, but you may need to intervene during the installing of this package - as both use the same `concat` namespace. --- ##2013-09-09 Release 2.5.0 ###Summary The focus of this release is primarily to capture the fixes done to the types and providers to make sure refreshonly works properly and to set the stage for the large scale refactoring work of 3.0.0. ####Features ####Bugfixes - Use boolean for refreshonly. - Fix postgresql::plperl documentation. - Add two missing parameters to config::beforeservice - Style fixes ##2013-08-01 Release 2.4.1 ###Summary This minor bugfix release solves an idempotency issue when using plain text passwords for the password_hash parameter for the postgresql::role defined type. Without this, users would continually see resource changes everytime your run Puppet. ####Bugfixes - Alter role call not idempotent with cleartext passwords (Ken Barber) ##2013-07-19 Release 2.4.0 ###Summary This updates adds the ability to change permissions on tables, create template databases from normal databases, manage PL-Perl's postgres package, and disable the management of `pg_hba.conf`. ####Features - Add `postgresql::table_grant` defined resource - Add `postgresql::plperl` class - Add `manage_pg_hba_conf` parameter to the `postgresql::config` class - Add `istemplate` parameter to the `postgresql::database` define ####Bugfixes - Update `postgresql::role` class to be able to update roles when modified instead of only on creation. - Update tests - Fix documentation of `postgresql::database_grant` ##2.3.0 This feature release includes the following changes: * Add a new parameter `owner` to the `database` type. This can be used to grant ownership of a new database to a specific user. (Bruno Harbulot) * Add support for operating systems other than Debian/RedHat, as long as the user supplies custom values for all of the required paths, package names, etc. (Chris Price) * Improved integration testing (Ken Barber) ##2.2.1 This release fixes a bug whereby one of our shell commands (psql) were not ran from a globally accessible directory. This was causing permission denied errors when the command attempted to change user without changing directory. Users of previous versions might have seen this error: Error: Error executing SQL; psql returned 256: 'could not change directory to "/root" This patch should correct that. #### Detail Changes * Set /tmp as default CWD for postgresql_psql ##2.2.0 This feature release introduces a number of new features and bug fixes. First of all it includes a new class named `postgresql::python` which provides you with a convenient way of install the python Postgresql client libraries. class { 'postgresql::python': } You are now able to use `postgresql::database_user` without having to specify a password_hash, useful for different authentication mechanisms that do not need passwords (ie. cert, local etc.). We've also provided a lot more advanced custom parameters now for greater control of your Postgresql installation. Consult the class documentation for PuppetDB in the README. This release in particular has largely been contributed by the community members below, a big thanks to one and all. #### Detailed Changes * Add support for psycopg installation (Flaper Fesp and Dan Prince) * Added default PostgreSQL version for Ubuntu 13.04 (Kamil Szymanski) * Add ability to create users without a password (Bruno Harbulot) * Three Puppet 2.6 fixes (Dominic Cleal) * Add explicit call to concat::setup when creating concat file (Dominic Cleal) * Fix readme typo (Jordi Boggiano) * Update postgres_default_version for Ubuntu (Kamil Szymanski) * Allow to set connection for noew role (Kamil Szymanski) * Fix pg_hba_rule for postgres local access (Kamil Szymanski) * Fix versions for travis-ci (Ken Barber) * Add replication support (Jordi Boggiano) * Cleaned up and added unit tests (Ken Barber) * Generalization to provide more flexability in postgresql configuration (Karel Brezina) * Create dependent directory for sudoers so tests work on Centos 5 (Ken Barber) * Allow SQL commands to be run against a specific DB (Carlos Villela) * Drop trailing comma to support Puppet 2.6 (Michael Arnold) ##2.1.1 This release provides a bug fix for RHEL 5 and Centos 5 systems, or specifically systems using PostgreSQL 8.1 or older. On those systems one would have received the error: Error: Could not start Service[postgresqld]: Execution of ‘/sbin/service postgresql start’ returned 1: And the postgresql log entry: FATAL: unrecognized configuration parameter "include" This bug is due to a new feature we had added in 2.1.0, whereby the `include` directive in `postgresql.conf` was not compatible. As a work-around we have added checks in our code to make sure systems running PostgreSQL 8.1 or older do not have this directive added. #### Detailed Changes 2013-01-21 - Ken Barber * Only install `include` directive and included file on PostgreSQL >= 8.2 * Add system tests for Centos 5 ##2.1.0 This release is primarily a feature release, introducing some new helpful constructs to the module. For starters, we've added the line `include 'postgresql_conf_extras.conf'` by default so extra parameters not managed by the module can be added by other tooling or by Puppet itself. This provides a useful escape-hatch for managing settings that are not currently managed by the module today. We've added a new defined resource for managing your tablespace, so you can now create new tablespaces using the syntax: postgresql::tablespace { 'dbspace': location => '/srv/dbspace', } We've added a locale parameter to the `postgresql` class, to provide a default. Also the parameter has been added to the `postgresql::database` and `postgresql::db` defined resources for changing the locale per database: postgresql::db { 'mydatabase': user => 'myuser', password => 'mypassword', encoding => 'UTF8', locale => 'en_NG', } There is a new class for installing the necessary packages to provide the PostgreSQL JDBC client jars: class { 'postgresql::java': } And we have a brand new defined resource for managing fine-grained rule sets within your pg_hba.conf access lists: postgresql::pg_hba { 'Open up postgresql for access from 200.1.2.0/24': type => 'host', database => 'app', user => 'app', address => '200.1.2.0/24', auth_method => 'md5', } Finally, we've also added Travis-CI support and unit tests to help us iterate faster with tests to reduce regression. The current URL for these tests is here: https://travis-ci.org/puppetlabs/puppet-postgresql. Instructions on how to run the unit tests available are provided in the README for the module. A big thanks to all those listed below who made this feature release possible :-). #### Detailed Changes 2013-01-18 - Simão Fontes & Flaper Fesp * Remove trailing commas from params.pp property definition for Puppet 2.6.0 compatibility 2013-01-18 - Lauren Rother * Updated README.md to conform with best practices template 2013-01-09 - Adrien Thebo * Update postgresql_default_version to 9.1 for Debian 7.0 2013-01-28 - Karel Brezina * Add support for tablespaces 2013-01-16 - Chris Price & Karel Brezina * Provide support for an 'include' config file 'postgresql_conf_extras.conf' that users can modify manually or outside of the module. 2013-01-31 - jv * Fix typo in README.pp for postgresql::db example 2013-02-03 - Ken Barber * Add unit tests and travis-ci support 2013-02-02 - Ken Barber * Add locale parameter support to the 'postgresql' class 2013-01-21 - Michael Arnold * Add a class for install the packages containing the PostgreSQL JDBC jar 2013-02-06 - fhrbek * Coding style fixes to reduce warnings in puppet-lint and Geppetto 2013-02-10 - Ken Barber * Provide new defined resource for managing pg_hba.conf 2013-02-11 - Ken Barber * Fix bug with reload of Postgresql on Redhat/Centos 2013-02-15 - Erik Dalén * Fix more style issues to reduce warnings in puppet-lint and Geppetto 2013-02-15 - Erik Dalén * Fix case whereby we were modifying a hash after creation ##2.0.1 Minor bugfix release. 2013-01-16 - Chris Price * Fix revoke command in database.pp to support postgres 8.1 (43ded42) 2013-01-15 - Jordi Boggiano * Add support for ubuntu 12.10 status (3504405) ##2.0.0 Many thanks to the following people who contributed patches to this release: * Adrien Thebo * Albert Koch * Andreas Ntaflos * Brett Porter * Chris Price * dharwood * Etienne Pelletier * Florin Broasca * Henrik * Hunter Haugen * Jari Bakken * Jordi Boggiano * Ken Barber * nzakaria * Richard Arends * Spenser Gilliland * stormcrow * William Van Hevelingen Notable features: * Add support for versions of postgres other than the system default version (which varies depending on OS distro). This includes optional support for automatically managing the package repo for the "official" postgres yum/apt repos. (Major thanks to Etienne Pelletier and Ken Barber for their tireless efforts and patience on this feature set!) For example usage see `tests/official-postgresql-repos.pp`. * Add some support for Debian Wheezy and Ubuntu Quantal * Add new `postgres_psql` type with a Ruby provider, to replace the old exec-based `psql` type. This gives us much more flexibility around executing SQL statements and controlling their logging / reports output. * Major refactor of the "spec" tests--which are actually more like acceptance tests. We now support testing against multiple OS distros via vagrant, and the framework is in place to allow us to very easily add more distros. Currently testing against Cent6 and Ubuntu 10.04. * Fixed a bug that was preventing multiple databases from being owned by the same user (9adcd182f820101f5e4891b9f2ff6278dfad495c - Etienne Pelletier ) * Add support for ACLs for finer-grained control of user/interface access (b8389d19ad78b4fb66024897097b4ed7db241930 - dharwood ) * Many other bug fixes and improvements! --- ##1.0.0 2012-09-17 - Version 0.3.0 released 2012-09-14 - Chris Price * Add a type for validating a postgres connection (ce4a049) 2012-08-25 - Jari Bakken * Remove trailing commas. (e6af5e5) 2012-08-16 - Version 0.2.0 released [5.4.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/5.3.0...5.4.0 [5.3.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/5.2.1...5.3.0 \* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)* puppetlabs-postgresql-6.7.0/CODEOWNERS0100644000076700000240000000007613627456423014477 0ustar00# Setting ownership to the modules team * @puppetlabs/modules puppetlabs-postgresql-6.7.0/CONTRIBUTING.md0100644000076700000240000002306013627456423015333 0ustar00# Contributing to Puppet modules So you want to contribute to a Puppet module: Great! Below are some instructions to get you started doing that very thing while setting expectations around code quality as well as a few tips for making the process as easy as possible. ### Table of Contents 1. [Getting Started](#getting-started) 1. [Commit Checklist](#commit-checklist) 1. [Submission](#submission) 1. [More about commits](#more-about-commits) 1. [Testing](#testing) - [Running Tests](#running-tests) - [Writing Tests](#writing-tests) 1. [Get Help](#get-help) ## Getting Started - Fork the module repository on GitHub and clone to your workspace - Make your changes! ## Commit Checklist ### The Basics - [x] my commit is a single logical unit of work - [x] I have checked for unnecessary whitespace with "git diff --check" - [x] my commit does not include commented out code or unneeded files ### The Content - [x] my commit includes tests for the bug I fixed or feature I added - [x] my commit includes appropriate documentation changes if it is introducing a new feature or changing existing functionality - [x] my code passes existing test suites ### The Commit Message - [x] the first line of my commit message includes: - [x] an issue number (if applicable), e.g. "(MODULES-xxxx) This is the first line" - [x] a short description (50 characters is the soft limit, excluding ticket number(s)) - [x] the body of my commit message: - [x] is meaningful - [x] uses the imperative, present tense: "change", not "changed" or "changes" - [x] includes motivation for the change, and contrasts its implementation with the previous behavior ## Submission ### Pre-requisites - Make sure you have a [GitHub account](https://github.com/join) - [Create a ticket](https://tickets.puppet.com/secure/CreateIssue!default.jspa), or [watch the ticket](https://tickets.puppet.com/browse/) you are patching for. ### Push and PR - Push your changes to your fork - [Open a Pull Request](https://help.github.com/articles/creating-a-pull-request-from-a-fork/) against the repository in the puppetlabs organization ## More about commits 1. Make separate commits for logically separate changes. Please break your commits down into logically consistent units which include new or changed tests relevant to the rest of the change. The goal of doing this is to make the diff easier to read for whoever is reviewing your code. In general, the easier your diff is to read, the more likely someone will be happy to review it and get it into the code base. If you are going to refactor a piece of code, please do so as a separate commit from your feature or bug fix changes. We also really appreciate changes that include tests to make sure the bug is not re-introduced, and that the feature is not accidentally broken. Describe the technical detail of the change(s). If your description starts to get too long, that is a good sign that you probably need to split up your commit into more finely grained pieces. Commits which plainly describe the things which help reviewers check the patch and future developers understand the code are much more likely to be merged in with a minimum of bike-shedding or requested changes. Ideally, the commit message would include information, and be in a form suitable for inclusion in the release notes for the version of Puppet that includes them. Please also check that you are not introducing any trailing whitespace or other "whitespace errors". You can do this by running "git diff --check" on your changes before you commit. 2. Sending your patches To submit your changes via a GitHub pull request, we _highly_ recommend that you have them on a topic branch, instead of directly on "master". It makes things much easier to keep track of, especially if you decide to work on another thing before your first change is merged in. GitHub has some pretty good [general documentation](http://help.github.com/) on using their site. They also have documentation on [creating pull requests](https://help.github.com/articles/creating-a-pull-request-from-a-fork/). In general, after pushing your topic branch up to your repository on GitHub, you can switch to the branch in the GitHub UI and click "Pull Request" towards the top of the page in order to open a pull request. 3. Update the related JIRA issue. If there is a JIRA issue associated with the change you submitted, then you should update the ticket to include the location of your branch, along with any other commentary you may wish to make. # Testing ## Getting Started Our Puppet modules provide [`Gemfile`](./Gemfile)s, which can tell a Ruby package manager such as [bundler](http://bundler.io/) what Ruby packages, or Gems, are required to build, develop, and test this software. Please make sure you have [bundler installed](http://bundler.io/#getting-started) on your system, and then use it to install all dependencies needed for this project in the project root by running ```shell % bundle install --path .bundle/gems Fetching gem metadata from https://rubygems.org/........ Fetching gem metadata from https://rubygems.org/.. Using rake (10.1.0) Using builder (3.2.2) -- 8><-- many more --><8 -- Using rspec-system-puppet (2.2.0) Using serverspec (0.6.3) Using rspec-system-serverspec (1.0.0) Using bundler (1.3.5) Your bundle is complete! Use `bundle show [gemname]` to see where a bundled gem is installed. ``` NOTE: some systems may require you to run this command with sudo. If you already have those gems installed, make sure they are up-to-date: ```shell % bundle update ``` ## Running Tests With all dependencies in place and up-to-date, run the tests: ### Unit Tests ```shell % bundle exec rake spec ``` This executes all the [rspec tests](http://rspec-puppet.com/) in the directories defined [here](https://github.com/puppetlabs/puppetlabs_spec_helper/blob/699d9fbca1d2489bff1736bb254bb7b7edb32c74/lib/puppetlabs_spec_helper/rake_tasks.rb#L17) and so on. rspec tests may have the same kind of dependencies as the module they are testing. Although the module defines these dependencies in its [metadata.json](./metadata.json), rspec tests define them in [.fixtures.yml](./fixtures.yml). ### Acceptance Tests Some Puppet modules also come with acceptance tests, which use [beaker][]. These tests spin up a virtual machine under [VirtualBox](https://www.virtualbox.org/), controlled with [Vagrant](http://www.vagrantup.com/), to simulate scripted test scenarios. In order to run these, you need both Virtualbox and Vagrant installed on your system. Run the tests by issuing the following command ```shell % bundle exec rake spec_clean % bundle exec rspec spec/acceptance ``` This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml), install Puppet, copy this module, and install its dependencies per [spec/spec_helper_acceptance.rb](./spec/spec_helper_acceptance.rb) and then run all the tests under [spec/acceptance](./spec/acceptance). ## Writing Tests ### Unit Tests When writing unit tests for Puppet, [rspec-puppet][] is your best friend. It provides tons of helper methods for testing your manifests against a catalog (e.g. contain_file, contain_package, with_params, etc). It would be ridiculous to try and top rspec-puppet's [documentation][rspec-puppet_docs] but here's a tiny sample: Sample manifest: ```puppet file { "a test file": ensure => present, path => "/etc/sample", } ``` Sample test: ```ruby it 'does a thing' do expect(subject).to contain_file("a test file").with({:path => "/etc/sample"}) end ``` ### Acceptance Tests Writing acceptance tests for Puppet involves [beaker][] and its cousin [beaker-rspec][]. A common pattern for acceptance tests is to create a test manifest, apply it twice to check for idempotency or errors, then run expectations. ```ruby it 'does an end-to-end thing' do pp = <<-EOF file { 'a test file': ensure => present, path => "/etc/sample", content => "test string", } apply_manifest(pp, :catch_failures => true) apply_manifest(pp, :catch_changes => true) end describe file("/etc/sample") do it { is_expected.to contain "test string" } end ``` # If you have commit access to the repository Even if you have commit access to the repository, you still need to go through the process above, and have someone else review and merge in your changes. The rule is that **all changes must be reviewed by a project developer that did not write the code to ensure that all changes go through a code review process.** The record of someone performing the merge is the record that they performed the code review. Again, this should be someone other than the author of the topic branch. # Get Help ### On the web * [Puppet help messageboard](http://puppet.com/community/get-help) * [Writing tests](https://docs.puppet.com/guides/module_guides/bgtm.html#step-three-module-testing) * [General GitHub documentation](http://help.github.com/) * [GitHub pull request documentation](http://help.github.com/send-pull-requests/) ### On chat * Slack (slack.puppet.com) #forge-modules, #puppet-dev, #windows, #voxpupuli * IRC (freenode) #puppet-dev, #voxpupuli [rspec-puppet]: http://rspec-puppet.com/ [rspec-puppet_docs]: http://rspec-puppet.com/documentation/ [beaker]: https://github.com/puppetlabs/beaker [beaker-rspec]: https://github.com/puppetlabs/beaker-rspec puppetlabs-postgresql-6.7.0/HISTORY.md0100644000076700000240000011300013627456423014557 0ustar00## 5.3.0 ### Summary Implements rubocop changes within the module, alongside other smaller changes. #### Added - ensure=>absent added to postgresql::server:role. - Support added for Fedora 27. - scram-sha-256 added as a valid ph_hba_rule auth method. - 9.6 settings inherited for later PgSQL versions on FreeBSD. - A require has been added for puppet. #### Changed - Changes made to avoid the useless loading of files by augeas. - Modulesync changes. - psql_path defaulted to postgresql::server::psql_path. - Rubocop changes have been made. #### Removed - Debian 9 support deprecated. ## Supported Release 5.2.1 ### Summary Bug fix for issue introduced in 5.2.0 #### Fixed - issue where the module was attempting to install extensions before a database was available. ([SERVER-2003](https://tickets.puppetlabs.com/browse/SERVER-2003)) ## Supported Release 5.2.0 ### Summary Adds several new features including some work around OS support. Also includes a couple of fixes to tests and the removal of unsupported Ubuntu versions. #### Added - Added default postgresql version of Ubuntu 17.4 version to the globals.pp file. - Fedora 26 provides postgresql-server version 9.6 by default - Added support to manifests/globals.pp to avoid puppet failures on Fedora 26 nodes. - Use postgresql 9.6 for the newest SLES and openSUSE releases. - Enhanced --data-checksums on initdb. - Added support for Debian version 9. - Added a `version` parameter. #### Changed - Replaced validate_re calls with puppet datatype `Pattern` and is_array calls with puppet datatype `Array`. - Installation method for apt in the spec_helper_acceptance, this is a temporary workaround due to issues with module installation. #### Fixed - Updated spec tests to remove deprecation warnings. - Docs formatting. - Pass default_connect_settings to validate service ([MODULES-4682](https://tickets.puppetlabs.com/browse/MODULES-4682)) - Rocket Alignment for Lint. - Fixed changes in error messages in tests ([MODULES-5378](https://tickets.puppetlabs.com/browse/MODULES-5378)) #### Removed - Removed unsupported Ubuntu versions 10.04 and 12.04 ([MODULES-5501](https://tickets.puppetlabs.com/browse/MODULES-5501)) - Removed unsupported Debian version 6. - Removed numeric order override. ## Supported Release 5.1.0 ### Summary This release includes Japanese translations for internationalization, Puppet 5 support, implementation of defined type postgresql::server::reassign_owned_by. #### Features - Updating translations for readmes/README_ja_JP.md - add defined type postgresql::server::reassign_owned_by - Allow order parameter to be string value - prep for puppet 5 ([MODULES-5144](https://tickets.puppetlabs.com/browse/MODULES-5144)) - add data_checksums option to initdb - parameter ensure of custom resource postgresql_replication_slot is not documented ([MODULES-2989](https://tickets.puppetlabs.com/browse/MODULES-2989)) #### Bug Fixes - Adding a space for header formatting - use https for apt.postgresql.org repo - msync puppet 5 and ruby 2.4 ([MODULES-5197](https://tickets.puppetlabs.com/browse/MODULES-5187)) - Only run test on postgresql >= 9.0 ([FM-6240](https://tickets.puppetlabs.com/browse/FM-6240)) - Fix Ruby 2.4 deprecation in postgresql_acls_to_resources_hash ## Supported Release 5.0.0 ### Summary This **major** release dropped support for Puppet 3 and PostgreSQL 8.x, added Puppet 4 data types, and deprecated the validate_db_connection type. #### Added - `locales/` directory, .pot file, and i18n `config.yaml`. ([FM-6116](https://tickets.puppet.com/browse/FM-6116)) - `update_password` parameter to toggle password management per role. - **Puppet 4** type validation. - new `postgresql_conn_validator` custom type and deprecated `validate_db_connection`. ([MODULES-1394](https://tickets.puppet.com/browse/MODULES-1394)) #### Changed - default postgis versions in postgresql::globals to use newer versions. - puppetlabs-concat and puppetlabs-apt dependencies to use latest versions. ([MODULES-4906](https://tickets.puppet.com/browse/MODULES-4906), [MODULES-4947](https://tickets.puppet.com/browse/MODULES-4947)) - default value for `log_line_prefix` to `undef`. - `listen_addresses` default value to 'localhost'. Allows for it to be set independently of a class declaration. - use of stdlib validate_* functions. They have been removed in favor of Puppet 4 type validation. - lower Puppet dependency in metadata to 4.7.0. ([MODULES-4826](https://tickets.puppet.com/browse/MODULES-4826)) #### Fixed - deprecated apt::source parameters(`key`,`key_source`, & `include_src`). - default SUSE parameters. ([MODULES-4598](https://tickets.puppet.com/browse/MODULES-4598)) - use of force parameter on concat resources. ## Supported Release 4.9.0 ### Summary This release adds several types and, among other bugs, fixes an issue with the yum URL. #### Features - Modifying ownership of databases and schemas now available (MODULES-3247) - Use `module_workdir` to specify a custom directory in which to execute psql commands - `grant_role` and `grant` types added! - Support for parallel unit testing (parallel_tests) - Override download/installation repo URL with `repo_baseurl` - Set your timezone with `timezone` - Grant privileges on LANGUAGEs - Added support for Debian Stretch and Ubuntu Yakkety Yak #### Bugfixes - Usernames and passwords are now converted to strings before password hash is created - Specify default database name if it is not the username - Update to yum repo - Schema name conflicts fix ## Supported Release 4.8.0 ### Summary This release primarily fixes an issue with `postgresql_conf` values of ipaddresses being considered floats and not getting quoted. #### Features - Add `default_connect_settings` parameter to `postgresql::server` - Running under strict variables is now supported - Add timestamps into logs by default #### Bugfixes - Obscure password in postgresql\_psql type - Fix ip address quoting in postgresql\_conf type - Fix handling of systemd service on Ubuntu - Mark log_min_duration_statement setting as requiring a service restart - Add fixes for Fedora 23, Fedora 24, FreeBSD, OpenBSD - Fix environment handling to avoid "Overriding environment setting" message - Work around PUP-6385, using empty arrays instead of undef when specifying resource relationships - README editorial pass - Reduce whitespace in templates - Update build/test infrastructure ## Supported Release 4.7.1 ### Summary This release contains some bugfixes and documentation updates. #### Bugfixes - (MODULES-3024) Quote database objects when creating databases. - Properly escape case where password ends with '$'. - Fixes password change when postgres is configure to non-standard port. - Unpins concat dependency to be able to use concat 2.x. - Workaround to fix installing on Amazon Linux. - Fixes proper defaulting of `$service_provider` parameter. - Fixes postgres server init script naming on Amazon Linux. - Fixes service reload parameter on Arch Linux. - Adds missing onlyif_function to sequence grant code. - Fixes to the markdown of the README. ## Supported Release 4.7.0 ### Summary A release with a considerable amount of new features, including remote db support and several platform support updates. Various bugfixes including several to address warnings and a sizable README update. #### Features - Remote DB support - Connection-settings allows a hash of options that can be used when connecting to a remote DB. - Debian 8 support. - Updated systemd-override to support fedora and CentOS paths. - Adds the ability to define the extension name separately from the title of the resource, which allows you to add the extension to more than one database. - Added parameter to disable automatic service restarts on config changes. - Ubuntu 15.10 compatibility. - OpenBSD version is now 9.4. - Added .gitattributes to maintain line endings for .sh and .rb files. - Adds default postgis version for 9.5. - Allows float postgresql_conf values. - Schedule apt update after install of repo. #### Bugfixes - Fixed systemd-override for RedHat systems with unmanaged Yum repos. - Removed inherits postgresql::params. - Multi-node tests are now not ran by default. - Change apt::pin to apt_postgresql_org to prevent error message. - Removed syntax error near UTF8. - Removal of extra blanks and backslashes in README. - Double quotes now used around database name to prevent syntax error. - Removes ruby 1.8.7 and puppet 2.7 from travis-ci jobs. - Fixed paths to work on Amazon Linux. - Fixed quotes around locale options. - Huge README update. - Update to use current msync configs. - Fixes postgresql::server acceptance test descriptions. ## Supported Release 4.6.1 ###Summary Small release for support of newer PE versions. This increments the version of PE in the metadata.json file. ## 2015-09-01 - Supported Release 4.6.0 ### Summary This release adds a proxy feature for yum, Postgis improvements, and decoupling pg_hba_rule from postgresql::server. #### Features - Support setting a proxy for yum operations - Allow for undefined PostGIS version - Decouple pg_hba_rule from postgresql::server #### Bugfixes - Fix postgis default package name on RedHat ## 2015-07-27 - Supported Release 4.5.0 ### Summary This release adds sequence grants, some postgresql 9.4 fixes, and `onlyif` to the psql resource. ### Features - Add `onlyif` parameter to `postgresql_psql` - Add unsupported compatibility with Ubuntu 15.04 - Add unsupported compatibility with SLES 11/12 and OpenSuSE 13.2 - Add `postgresql::server::grant::onlyif_exists` attribute - Add `postgresql::server::table_grant::onlyif_exists` attribute - Add granting permissions on sequences ### Bugfixes - Added docs for `postgresql::server::grant` - Fix `pg_hba_conf_defaults => false` to not disable ipv4/ipv6 acls - Fix 9.4 for `postgresql::server::pg_hba_rule` ## 2015-07-07 - Supported Release 4.4.2 ### Summary This release fixes a bug introduced in 4.4.0. #### Bugfixes - Fixes `withenv` execution under Puppet 2.7. (MODULES-2185) ## 2015-07-01 - Supported Release 4.4.1 ### Summary This release fixes RHEL 7 & Fedora with manage_package_repo switched on. #### Bugfixes - Ensure manage_package_repo variable is in scope for systemd-override file for RHEL7 ## 2015-06-30 - Supported Release 4.4.0 ### Summary This release has several new features, bugfixes, and test improvements. #### Features - Adds a resource to manage recovery.conf. - Adds a parameter that allows the specification of a validate connection script in `postgresql::client`. - Adds support for plpython package management. - Adds support for postgresql-docs management. - Adds ability to make `postgresql::server::schema` titles unique. (MODULES-2049) - Updates puppetlabs-apt module dependency to support version 2.1.0. #### Bugfixes - Fix `postgresql_psql` parameter ordering to work on OpenBSD with Future Parser - Fix setting postgres role password (MODULES-1869) - Fix execution command with puppet <3.4 (MODULES-1923) - Fix Puppet.newtype deprecation warning (MODULES-2007) - Fix systemd override for manage_repo package versions - Fix Copy snakeoil certificate and key instead of symlinking #### Test Improvements - Allows setting BEAKER and BEAKER_RSPEC versions via environment variables. - Enables Unit testing on Travis CI with Puppet 4. - Cleans up spec_helper_acceptance.rb to use new puppet_install_helper gem. ## 2015-03-24 - Supported Release 4.3.0 ### Summary This release fixes compatibility with Puppet 4 and removes opportunities for local users to view the postgresql password. It also adds a new custom resource to aid in managing replication. #### Features - Add `postgresql::server::logdir` parameter to manage the logdir - Add `environment` parameter to `postgresql_psql` - Add `postgresql_replication_slot` custom resource #### Bugfixes - Fix for Puppet 4 - Don't print postgresql\_psql password in command - Allow `postgresql::validate_db_connection` for more than one host+port+database combo - Fix service command on Debian 8 and up - Fix `postgresql::server::extension` to work with custom user/group/port - Fix `postgresql::server::initdb` to work with custom user/group/port - Fix changing template1 encoding - Fix default `postgresql::server::grant::object_name` value - Fix idempotency of granting all tables in schema with `puppet::server::grant` - Fix lint warnings - Fix apt key to use 40 character key and bump puppetlabs-apt to >= 1.8.0 < 2.0.0 ##2015-03-10 - Supported Release 4.2.0 ###Summary This release has several new features including support for server extensions, improved grant support, and a number of bugfixes. ####Features - Changes to support OpenBSD - Add `service_reload` parameter to `postgresql::server` - Add `comment` parameter to `postgresql::server::database` (MODULES-1153) - Add `postgresql::server::extension` defined type - Add postgresql versions for utopic and jessie - Update `postgresql::server::grant` to support 'GRANT SCHEMA' and 'ALL TABLES IN SCHEMA' ####Bugfixes - Lint cleanup - Remove outdated upgrade info from README - Use correct TCP port when checking password - Create role before database - Fix template1 encoding on Debian - Require server package before user permissions - Fix `service_status` default for FreeBSD to allow PostgreSQL to start the first run - Fix invalid US-ASCII byte sequence in `postgresql::server::grant` comments - Reverted to default behavior for Debian systems as `pg_config` should not be overwritten (MODULES-1485) ##2014-11-04 - Supported Release 4.1.0 ###Summary This release adds the ability to change the PGDATA directory, and also includes documentation and test updates, future parser support, and a few other new features. ####Features - Future parser support - Documentation updates - Test updates - Add a link from `/etc/sysconfig/pgsql/postgresql-${version}` to `/etc/sysconfig/pgsql/postgresql` to support init scripts from the postgresql.org repo - Add support for changing the PGDATA directory - Set default versions for Fedora 21 and FreeBSD ##2014-09-03 - Supported Release 4.0.0 ###Summary This release removes the uninstall ability from the module, removes the firewall management, overhauls all of the acceptance testing, as well as adds better support for SuSE and Fedora. ###Backwards Incompatible changes. - Uninstall code removal. - Firewall management for Postgres. - Set manage_pg_ident_conf to true. ####Uninstallation removal We rely heavily on the ability to uninstall and reinstall postgres throughout our testing code, testing features like "can I move from the distribution packages to the upstream packages through the module" and over time we've learnt that the uninstall code simply doesn't work a lot of the time. It leaves traces of postgres behind or fails to remove certain packages on Ubuntu, and generally causes bits to be left on your system that you didn't expect. When we then reinstall things fail because it's not a true clean slate, and this causes us enormous problems during test. We've spent weeks and months working on these tests and they simply don't hold up well across the full range of PE platforms. Due to all these problems we've decided to take a stance on uninstalling in general. We feel that in 2014 it's completely reasonable and normal to have a good provisioning pipeline combined with your configuration management and the "correct" way to uninstall a fully installed service like postgresql is to simply reprovision the server without it in the first place. As a general rule this is how I personally like to work and I think is a good practice. ####I'm not OK with this! We understand that there are environments and situations in which it's not easy to do that. What if you accidently deployed Postgres on 100,000 nodes? In the future we're going to take a look at building some example 'profiles' to be found under examples/ within this module that can uninstall postgres on popular platforms. These can be modified and used in your specific case to uninstall postgresql. They will be much more brute force and reliant on deleting entire directories and require you to do more work up front in specifying where things are installed but we think it'll prove to be a much cleaner mechanism for this kind of thing rather than trying to weave it into the main module logic itself. ####Features - Removal of uninstall. - Removal of firewall management. - Tests ported to rspec3. - Acceptance tests rewritten. - Add a defined type for creating database schemas. - Add a pg_ident_rule defined type. - Set manage_pg_ident_conf to true. - Manage pg_ident.conf by default. - Improve selinux support for tablespace. - Remove deprecation warnings. - Support changing PGDATA on RedHat. - Add SLES 11 support. ####Bugfixes - Link pg_config binary into /usr/bin. - Fix fedora support by using systemd. - Initdb should create xlogdir if set. - Use a regular expression to match the major OS version on Ubuntu. ##2014-07-31 - Supported Release 3.4.2 ###Summary This release fixes recent Fedora versions. ####Features ####Bugfixes - Fix Fedora. ##2014-07-15 - Supported Release 3.4.1 ###Summary This release merely updates metadata.json so the module can be uninstalled and upgraded via the puppet module command. ##2014-04-14 - Supported Release 3.4.0 ###Summary This feature rolls up several important features, the biggest being PostGIS handling and allowing `port` to be set on postgresql::server in order to change the port that Postgres listens on. We've added support for RHEL7 and Ubuntu 14.04, as well as allowing you to manage the service via `service_ensure` finally. ####Features - Added `perl_package_name` for installing bindings. - Added `service_ensure` for allowing control of services. - Added `postgis_version` and postgis class for installing postgis. - Added `port` for selecting the port Postgres runs on. - Add support for RHEL7 and Ubuntu 14.04. - Add `default_db` to postgresql::server::database. - Widen the selection of unquoted parameters in postgresql_conf{} - Require the service within postgresql::server::reload for RHEL7. - Add `inherit` to postgresql::server::role. ####Bugfixes ##2014-03-04 - Supported Release 3.3.3 ###Summary This is a supported release. This release removes a testing symlink that can cause trouble on systems where /var is on a seperate filesystem from the modulepath. ####Features ####Bugfixes ####Known Bugs * SLES is not supported. ##2014-03-04 - Supported Release 3.3.2 ###Summary This is a supported release. It fixes a problem with updating passwords on postgresql.org distributed versions of PostgreSQL. ####Bugfixes - Correct psql path when setting password on custom versions. - Documentation updates - Test updates ####Known Bugs * SLES is not supported. ##2014-02-12 - Version 3.3.1 ####Bugfix: - Allow dynamic rubygems host ##2014-01-28 - Version 3.3.0 ###Summary This release rolls up a bunch of bugfixes our users have found and fixed for us over the last few months. This improves things for 9.1 users, and makes this module usable on FreeBSD. This release is dedicated to 'bma', who's suffering with Puppet 3.4.1 issues thanks to Puppet::Util::SUIDManager.run_and_capture. ####Features - Add lc_ config entry settings - Can pass template at database creation. - Add FreeBSD support. - Add support for customer `xlogdir` parameter. - Switch tests from rspec-system to beaker. (This isn't really a feature) ####Bugfixes - Properly fix the deprecated Puppet::Util::SUIDManager.run_and_capture errors. - Fix NOREPLICATION option for Postgres 9.1 - Wrong parameter name: manage_pg_conf -> manage_pg_hba_conf - Add $postgresql::server::client_package_name, referred to by install.pp - Add missing service_provider/service_name descriptions in ::globals. - Fix several smaller typos/issues throughout. - Exec['postgresql_initdb'] needs to be done after $datadir exists - Prevent defined resources from floating in the catalog. - Fix granting all privileges on a table. - Add some missing privileges. - Remove deprecated and unused concat::fragment parameters. ##2013-11-05 - Version 3.2.0 ###Summary Add's support for Ubuntu 13.10 (and 14.04) as well as x, y, z. ####Features - Add versions for Ubuntu 13.10 and 14.04. - Use default_database in validate_db_connection instead of a hardcoded 'postgres' - Add globals/params layering for default_database. - Allow specification of default database name. ####Bugs - Fixes to the README. ##2013-10-25 - Version 3.1.0 ###Summary This is a minor feature and bug fix release. Firstly, the postgresql_psql type now includes a new parameter `search_path` which is equivalent to using `set search_path` which allows you to change the default schema search path. The default version of Fedora 17 has now been added, so that Fedora 17 users can enjoy the module. And finally we've extended the capabilities of the defined type postgresql::validate_db_connection so that now it can handle retrying and sleeping between retries. This feature has been monopolized to fix a bug we were seeing with startup race conditions, but it can also be used by remote systems to 'wait' for PostgreSQL to start before their Puppet run continues. ####Features - Defined $default_version for Fedora 17 (Bret Comnes) - add search_path attribute to postgresql_psql resource (Jeremy Kitchen) - (GH-198) Add wait and retry capability to validate_db_connection (Ken Barber) ####Bugs - enabling defined postgres user password without resetting on every puppet run (jonoterc) - periods are valid in configuration variables also (Jeremy Kitchen) - Add zero length string to join() function (Jarl Stefansson) - add require of install to reload class (cdenneen) - (GH-198) Fix race condition on postgresql startup (Ken Barber) - Remove concat::setup for include in preparation for the next concat release (Ken Barber) ##2013-10-14 - Version 3.0.0 Final release of 3.0, enjoy! ##2013-10-14 - Version 3.0.0-rc3 ###Summary Add a parameter to unmanage pg_hba.conf to fix a regression from 2.5, as well as allowing owner to be passed into x. ####Features - `manage_pg_hba_conf` parameter added to control pg_hba.conf management. - `owner` parameter added to server::db. ##2013-10-09 - Version 3.0.0-rc2 ###Summary A few bugfixes have been found since -rc1. ####Fixes - Special case for $datadir on Amazon - Fix documentation about username/password for the postgresql_hash function ##2013-10-01 - Version 3.0.0-rc1 ###Summary Version 3 was a major rewrite to fix some internal dependency issues, and to make the new Public API more clear. As a consequence a lot of things have changed for version 3 and older revisions that we will try to outline here. (NOTE: The format of this CHANGELOG differs to normal in an attempt to explain the scope of changes) * Server specific objects now moved under `postgresql::server::` namespace: To restructure server specific elements under the `postgresql::server::` namespaces the following objects were renamed as such: `postgresql::database` -> `postgresql::server::database` `postgresql::database_grant` -> `postgresql::server::database_grant` `postgresql::db` -> `postgresql::server::db` `postgresql::grant` -> `postgresql::server::grant` `postgresql::pg_hba_rule` -> `postgresql::server::pg_hba_rule` `postgresql::plperl` -> `postgresql::server::plperl` `postgresql::contrib` -> `postgresql::server::contrib` `postgresql::role` -> `postgresql::server::role` `postgresql::table_grant` -> `postgresql::server::table_grant` `postgresql::tablespace` -> `postgresql::server::tablespace` * New `postgresql::server::config_entry` resource for managing configuration: Previously we used the `file_line` resource to modify `postgresql.conf`. This new revision now adds a new resource named `postgresql::server::config_entry` for managing this file. For example: ```puppet postgresql::server::config_entry { 'check_function_bodies': value => 'off', } ``` If you were using `file_line` for this purpose, you should change to this new methodology. * `postgresql_puppet_extras.conf` has been removed: Now that we have a methodology for managing `postgresql.conf`, and due to concerns over the file management methodology using an `exec { 'touch ...': }` as a way to create an empty file the existing postgresql\_puppet\_extras.conf file is no longer managed by this module. If you wish to recreate this methodology yourself, use this pattern: ```puppet class { 'postgresql::server': } $extras = "/tmp/include.conf" file { $extras: content => 'max_connections = 123', notify => Class['postgresql::server::service'], }-> postgresql::server::config_entry { 'include': value => $extras, } ``` * All uses of the parameter `charset` changed to `encoding`: Since PostgreSQL uses the terminology `encoding` not `charset` the parameter has been made consisent across all classes and resources. * The `postgresql` base class is no longer how you set globals: The old global override pattern was less then optimal so it has been fixed, however we decided to demark this properly by specifying these overrides in the class `postgresql::global`. Consult the documentation for this class now to see what options are available. Also, some parameter elements have been moved between this and the `postgresql::server` class where it made sense. * `config_hash` parameter collapsed for the `postgresql::server` class: Because the `config_hash` was really passing data through to what was in effect an internal class (`postgresql::config`). And since we don't want this kind of internal exposure the parameters were collapsed up into the `postgresql::server` class directly. * Lots of changes to 'private' or 'undocumented' classes: If you were using these before, these have changed names. You should only use what is documented in this README.md, and if you don't have what you need you should raise a patch to add that feature to a public API. All internal classes now have a comment at the top indicating them as private to make sure the message is clear that they are not supported as Public API. * `pg_hba_conf_defaults` parameter included to turn off default pg\_hba rules: The defaults should be good enough for most cases (if not raise a bug) but if you simply need an escape hatch, this setting will turn off the defaults. If you want to do this, it may affect the rest of the module so make sure you replace the rules with something that continues operation. * `postgresql::database_user` has now been removed: Use `postgresql::server::role` instead. * `postgresql::psql` resource has now been removed: Use `postgresql_psql` instead. In the future we may recreate this as a wrapper to add extra capability, but it will not match the old behaviour. * `postgresql_default_version` fact has now been removed: It didn't make sense to have this logic in a fact any more, the logic has been moved into `postgresql::params`. * `ripienaar/concat` is no longer used, instead we use `puppetlabs/concat`: The older concat module is now deprecated and moved into the `puppetlabs/concat` namespace. Functionality is more or less identical, but you may need to intervene during the installing of this package - as both use the same `concat` namespace. --- ##2013-09-09 Release 2.5.0 ###Summary The focus of this release is primarily to capture the fixes done to the types and providers to make sure refreshonly works properly and to set the stage for the large scale refactoring work of 3.0.0. ####Features ####Bugfixes - Use boolean for refreshonly. - Fix postgresql::plperl documentation. - Add two missing parameters to config::beforeservice - Style fixes ##2013-08-01 Release 2.4.1 ###Summary This minor bugfix release solves an idempotency issue when using plain text passwords for the password_hash parameter for the postgresql::role defined type. Without this, users would continually see resource changes everytime your run Puppet. ####Bugfixes - Alter role call not idempotent with cleartext passwords (Ken Barber) ##2013-07-19 Release 2.4.0 ###Summary This updates adds the ability to change permissions on tables, create template databases from normal databases, manage PL-Perl's postgres package, and disable the management of `pg_hba.conf`. ####Features - Add `postgresql::table_grant` defined resource - Add `postgresql::plperl` class - Add `manage_pg_hba_conf` parameter to the `postgresql::config` class - Add `istemplate` parameter to the `postgresql::database` define ####Bugfixes - Update `postgresql::role` class to be able to update roles when modified instead of only on creation. - Update tests - Fix documentation of `postgresql::database_grant` ##2.3.0 This feature release includes the following changes: * Add a new parameter `owner` to the `database` type. This can be used to grant ownership of a new database to a specific user. (Bruno Harbulot) * Add support for operating systems other than Debian/RedHat, as long as the user supplies custom values for all of the required paths, package names, etc. (Chris Price) * Improved integration testing (Ken Barber) ##2.2.1 This release fixes a bug whereby one of our shell commands (psql) were not ran from a globally accessible directory. This was causing permission denied errors when the command attempted to change user without changing directory. Users of previous versions might have seen this error: Error: Error executing SQL; psql returned 256: 'could not change directory to "/root" This patch should correct that. #### Detail Changes * Set /tmp as default CWD for postgresql_psql ##2.2.0 This feature release introduces a number of new features and bug fixes. First of all it includes a new class named `postgresql::python` which provides you with a convenient way of install the python Postgresql client libraries. class { 'postgresql::python': } You are now able to use `postgresql::database_user` without having to specify a password_hash, useful for different authentication mechanisms that do not need passwords (ie. cert, local etc.). We've also provided a lot more advanced custom parameters now for greater control of your Postgresql installation. Consult the class documentation for PuppetDB in the README. This release in particular has largely been contributed by the community members below, a big thanks to one and all. #### Detailed Changes * Add support for psycopg installation (Flaper Fesp and Dan Prince) * Added default PostgreSQL version for Ubuntu 13.04 (Kamil Szymanski) * Add ability to create users without a password (Bruno Harbulot) * Three Puppet 2.6 fixes (Dominic Cleal) * Add explicit call to concat::setup when creating concat file (Dominic Cleal) * Fix readme typo (Jordi Boggiano) * Update postgres_default_version for Ubuntu (Kamil Szymanski) * Allow to set connection for noew role (Kamil Szymanski) * Fix pg_hba_rule for postgres local access (Kamil Szymanski) * Fix versions for travis-ci (Ken Barber) * Add replication support (Jordi Boggiano) * Cleaned up and added unit tests (Ken Barber) * Generalization to provide more flexability in postgresql configuration (Karel Brezina) * Create dependent directory for sudoers so tests work on Centos 5 (Ken Barber) * Allow SQL commands to be run against a specific DB (Carlos Villela) * Drop trailing comma to support Puppet 2.6 (Michael Arnold) ##2.1.1 This release provides a bug fix for RHEL 5 and Centos 5 systems, or specifically systems using PostgreSQL 8.1 or older. On those systems one would have received the error: Error: Could not start Service[postgresqld]: Execution of ‘/sbin/service postgresql start’ returned 1: And the postgresql log entry: FATAL: unrecognized configuration parameter "include" This bug is due to a new feature we had added in 2.1.0, whereby the `include` directive in `postgresql.conf` was not compatible. As a work-around we have added checks in our code to make sure systems running PostgreSQL 8.1 or older do not have this directive added. #### Detailed Changes 2013-01-21 - Ken Barber * Only install `include` directive and included file on PostgreSQL >= 8.2 * Add system tests for Centos 5 ##2.1.0 This release is primarily a feature release, introducing some new helpful constructs to the module. For starters, we've added the line `include 'postgresql_conf_extras.conf'` by default so extra parameters not managed by the module can be added by other tooling or by Puppet itself. This provides a useful escape-hatch for managing settings that are not currently managed by the module today. We've added a new defined resource for managing your tablespace, so you can now create new tablespaces using the syntax: postgresql::tablespace { 'dbspace': location => '/srv/dbspace', } We've added a locale parameter to the `postgresql` class, to provide a default. Also the parameter has been added to the `postgresql::database` and `postgresql::db` defined resources for changing the locale per database: postgresql::db { 'mydatabase': user => 'myuser', password => 'mypassword', encoding => 'UTF8', locale => 'en_NG', } There is a new class for installing the necessary packages to provide the PostgreSQL JDBC client jars: class { 'postgresql::java': } And we have a brand new defined resource for managing fine-grained rule sets within your pg_hba.conf access lists: postgresql::pg_hba { 'Open up postgresql for access from 200.1.2.0/24': type => 'host', database => 'app', user => 'app', address => '200.1.2.0/24', auth_method => 'md5', } Finally, we've also added Travis-CI support and unit tests to help us iterate faster with tests to reduce regression. The current URL for these tests is here: https://travis-ci.org/puppetlabs/puppet-postgresql. Instructions on how to run the unit tests available are provided in the README for the module. A big thanks to all those listed below who made this feature release possible :-). #### Detailed Changes 2013-01-18 - Simão Fontes & Flaper Fesp * Remove trailing commas from params.pp property definition for Puppet 2.6.0 compatibility 2013-01-18 - Lauren Rother * Updated README.md to conform with best practices template 2013-01-09 - Adrien Thebo * Update postgresql_default_version to 9.1 for Debian 7.0 2013-01-28 - Karel Brezina * Add support for tablespaces 2013-01-16 - Chris Price & Karel Brezina * Provide support for an 'include' config file 'postgresql_conf_extras.conf' that users can modify manually or outside of the module. 2013-01-31 - jv * Fix typo in README.pp for postgresql::db example 2013-02-03 - Ken Barber * Add unit tests and travis-ci support 2013-02-02 - Ken Barber * Add locale parameter support to the 'postgresql' class 2013-01-21 - Michael Arnold * Add a class for install the packages containing the PostgreSQL JDBC jar 2013-02-06 - fhrbek * Coding style fixes to reduce warnings in puppet-lint and Geppetto 2013-02-10 - Ken Barber * Provide new defined resource for managing pg_hba.conf 2013-02-11 - Ken Barber * Fix bug with reload of Postgresql on Redhat/Centos 2013-02-15 - Erik Dalén * Fix more style issues to reduce warnings in puppet-lint and Geppetto 2013-02-15 - Erik Dalén * Fix case whereby we were modifying a hash after creation ##2.0.1 Minor bugfix release. 2013-01-16 - Chris Price * Fix revoke command in database.pp to support postgres 8.1 (43ded42) 2013-01-15 - Jordi Boggiano * Add support for ubuntu 12.10 status (3504405) ##2.0.0 Many thanks to the following people who contributed patches to this release: * Adrien Thebo * Albert Koch * Andreas Ntaflos * Brett Porter * Chris Price * dharwood * Etienne Pelletier * Florin Broasca * Henrik * Hunter Haugen * Jari Bakken * Jordi Boggiano * Ken Barber * nzakaria * Richard Arends * Spenser Gilliland * stormcrow * William Van Hevelingen Notable features: * Add support for versions of postgres other than the system default version (which varies depending on OS distro). This includes optional support for automatically managing the package repo for the "official" postgres yum/apt repos. (Major thanks to Etienne Pelletier and Ken Barber for their tireless efforts and patience on this feature set!) For example usage see `tests/official-postgresql-repos.pp`. * Add some support for Debian Wheezy and Ubuntu Quantal * Add new `postgres_psql` type with a Ruby provider, to replace the old exec-based `psql` type. This gives us much more flexibility around executing SQL statements and controlling their logging / reports output. * Major refactor of the "spec" tests--which are actually more like acceptance tests. We now support testing against multiple OS distros via vagrant, and the framework is in place to allow us to very easily add more distros. Currently testing against Cent6 and Ubuntu 10.04. * Fixed a bug that was preventing multiple databases from being owned by the same user (9adcd182f820101f5e4891b9f2ff6278dfad495c - Etienne Pelletier ) * Add support for ACLs for finer-grained control of user/interface access (b8389d19ad78b4fb66024897097b4ed7db241930 - dharwood ) * Many other bug fixes and improvements! --- ##1.0.0 2012-09-17 - Version 0.3.0 released 2012-09-14 - Chris Price * Add a type for validating a postgres connection (ce4a049) 2012-08-25 - Jari Bakken * Remove trailing commas. (e6af5e5) 2012-08-16 - Version 0.2.0 released [5.4.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/5.3.0...5.4.0 [5.3.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/5.2.1...5.3.0 puppetlabs-postgresql-6.7.0/LICENSE0100644000076700000240000002613613627456423014116 0ustar00 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. puppetlabs-postgresql-6.7.0/NOTICE0100644000076700000240000000177413627456423014016 0ustar00postgresql puppet module Copyright (C) 2012-2016 Puppet Labs, Inc. Copyright (C) 2012 Inkling Systems Inc Copyright (C) 2012-2013 Camptocamp SA. This product includes software developed by: The Puppet Labs Inc (http://www.puppetlabs.com/). This product includes also software developed by: Camptocamp SA (http://www.camptocamp.com/) This product includes also software developed by: Inkling Systems Inc (https://www.inkling.com/) Puppet Labs can be contacted at: info@puppetlabs.com Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. puppetlabs-postgresql-6.7.0/README.md0100644000076700000240000003312113722205065014346 0ustar00# postgresql #### Table of Contents 1. [Module Description - What does the module do?](#module-description) 2. [Setup - The basics of getting started with postgresql module](#setup) * [What postgresql affects](#what-postgresql-affects) * [Getting started with postgresql](#getting-started-with-postgresql) 3. [Usage - Configuration options and additional functionality](#usage) * [Configure a server](#configure-a-server) * [Create a database](#create-a-database) * [Manage users, roles, and permissions](#manage-users-roles-and-permissions) * [Manage ownership of DB objects](#manage-ownership-of-db-objects) * [Override defaults](#override-defaults) * [Create an access rule for pg_hba.conf](#create-an-access-rule-for-pg_hbaconf) * [Create user name maps for pg_ident.conf](#create-user-name-maps-for-pg_identconf) * [Validate connectivity](#validate-connectivity) 4. [Reference - An under-the-hood peek at what the module is doing and how](#reference) 5. [Limitations - OS compatibility, etc.](#limitations) 6. [Development - Guide for contributing to the module](#development) * [Contributors - List of module contributors](#contributors) 7. [Tests](#tests) 8. [Contributors - List of module contributors](#contributors) ## Module description The postgresql module allows you to manage PostgreSQL databases with Puppet. PostgreSQL is a high-performance, free, open-source relational database server. The postgresql module allows you to manage packages, services, databases, users, and common security settings in PostgreSQL. ## Setup ### What postgresql affects * Package, service, and configuration files for PostgreSQL * Listened-to ports * IP and mask (optional) ### Getting started with postgresql To configure a basic default PostgreSQL server, declare the `postgresql::server` class. ```puppet class { 'postgresql::server': } ``` ## Usage ### Configure a server For default settings, declare the `postgresql::server` class as above. To customize PostgreSQL server settings, specify the [parameters](#postgresqlserver) you want to change: ```puppet class { 'postgresql::server': ip_mask_deny_postgres_user => '0.0.0.0/32', ip_mask_allow_all_users => '0.0.0.0/0', ipv4acls => ['hostssl all johndoe 192.168.0.0/24 cert'], postgres_password => 'TPSrep0rt!', } ``` After configuration, test your settings from the command line: ```shell psql -h localhost -U postgres psql -h my.postgres.server -U ``` If you get an error message from these commands, your permission settings restrict access from the location you're trying to connect from. Depending on whether you want to allow connections from that location, you might need to adjust your permissions. For more details about server configuration parameters, consult the [PostgreSQL Runtime Configuration documentation](http://www.postgresql.org/docs/current/static/runtime-config.html). ### Create a database You can set up a variety of PostgreSQL databases with the `postgresql::server::db` defined type. For instance, to set up a database for PuppetDB: ```puppet class { 'postgresql::server': } postgresql::server::db { 'mydatabasename': user => 'mydatabaseuser', password => postgresql::postgresql_password('mydatabaseuser', 'mypassword'), } ``` ### Manage users, roles, and permissions To manage users, roles, and permissions: ```puppet class { 'postgresql::server': } postgresql::server::role { 'marmot': password_hash => postgresql::postgresql_password('marmot', 'mypasswd'), } postgresql::server::database_grant { 'test1': privilege => 'ALL', db => 'test1', role => 'marmot', } postgresql::server::table_grant { 'my_table of test2': privilege => 'ALL', table => 'my_table', db => 'test2', role => 'marmot', } ``` This example grants **all** privileges on the test1 database and on the `my_table` table of the test2 database to the specified user or group. After the values are added into the PuppetDB config file, this database would be ready for use. ### Manage ownership of DB objects To change the ownership of all objects within a database using REASSIGN OWNED: ```puppet postgresql::server::reassign_owned_by { 'new owner is meerkat': db => 'test_db', old_role => 'marmot', new_role => 'meerkat', } ``` This would run the PostgreSQL statement 'REASSIGN OWNED' to update to ownership of all tables, sequences, functions and views currently owned by the role 'marmot' to be owned by the role 'meerkat' instead. This applies to objects within the nominated database, 'test_db' only. For Postgresql >= 9.3, the ownership of the database is also updated. ### Override defaults The `postgresql::globals` class allows you to configure the main settings for this module globally, so that other classes and defined resources can use them. By itself, it does nothing. For example, to overwrite the default `locale` and `encoding` for all classes, use the following: ```puppet class { 'postgresql::globals': encoding => 'UTF-8', locale => 'en_US.UTF-8', } class { 'postgresql::server': } ``` To use a specific version of the PostgreSQL package: ```puppet class { 'postgresql::globals': manage_package_repo => true, version => '9.2', } class { 'postgresql::server': } ``` ### Manage remote users, roles, and permissions Remote SQL objects are managed using the same Puppet resources as local SQL objects, along with a [`connect_settings`](#connect_settings) hash. This provides control over how Puppet connects to the remote Postgres instances and which version is used for generating SQL commands. The `connect_settings` hash can contain environment variables to control Postgres client connections, such as 'PGHOST', 'PGPORT', 'PGPASSWORD', and 'PGSSLKEY'. See the [PostgreSQL Environment Variables](http://www.postgresql.org/docs/9.4/static/libpq-envars.html) documentation for a complete list of variables. Additionally, you can specify the target database version with the special value of 'DBVERSION'. If the `connect_settings` hash is omitted or empty, then Puppet connects to the local PostgreSQL instance. You can provide a `connect_settings` hash for each of the Puppet resources, or you can set a default `connect_settings` hash in `postgresql::globals`. Configuring `connect_settings` per resource allows SQL objects to be created on multiple databases by multiple users. ```puppet $connection_settings_super2 = { 'PGUSER' => 'super2', 'PGPASSWORD' => 'foobar2', 'PGHOST' => '127.0.0.1', 'PGPORT' => '5432', 'PGDATABASE' => 'postgres', } include postgresql::server # Connect with no special settings, i.e domain sockets, user postgres postgresql::server::role { 'super2': password_hash => 'foobar2', superuser => true, connect_settings => {}, } # Now using this new user connect via TCP postgresql::server::database { 'db1': connect_settings => $connection_settings_super2, require => Postgresql::Server::Role['super2'], } ``` ### Create an access rule for pg_hba.conf To create an access rule for `pg_hba.conf`: ```puppet postgresql::server::pg_hba_rule { 'allow application network to access app database': description => 'Open up PostgreSQL for access from 200.1.2.0/24', type => 'host', database => 'app', user => 'app', address => '200.1.2.0/24', auth_method => 'md5', } ``` This would create a ruleset in `pg_hba.conf` similar to: ``` # Rule Name: allow application network to access app database # Description: Open up PostgreSQL for access from 200.1.2.0/24 # Order: 150 host app app 200.1.2.0/24 md5 ``` By default, `pg_hba_rule` requires that you include `postgresql::server`. However, you can override that behavior by setting target and postgresql_version when declaring your rule. That might look like the following: ```puppet postgresql::server::pg_hba_rule { 'allow application network to access app database': description => 'Open up postgresql for access from 200.1.2.0/24', type => 'host', database => 'app', user => 'app', address => '200.1.2.0/24', auth_method => 'md5', target => '/path/to/pg_hba.conf', postgresql_version => '9.4', } ``` ### Create user name maps for pg_ident.conf To create a user name map for the pg_ident.conf: ```puppet postgresql::server::pg_ident_rule { 'Map the SSL certificate of the backup server as a replication user': map_name => 'sslrepli', system_username => 'repli1.example.com', database_username => 'replication', } ``` This would create a user name map in `pg_ident.conf` similar to: ``` #Rule Name: Map the SSL certificate of the backup server as a replication user #Description: none #Order: 150 sslrepli repli1.example.com replication ``` ### Create recovery configuration To create the recovery configuration file (`recovery.conf`): ```puppet postgresql::server::recovery { 'Create a recovery.conf file with the following defined parameters': restore_command => 'cp /mnt/server/archivedir/%f %p', archive_cleanup_command => undef, recovery_end_command => undef, recovery_target_name => 'daily backup 2015-01-26', recovery_target_time => '2015-02-08 22:39:00 EST', recovery_target_xid => undef, recovery_target_inclusive => true, recovery_target => 'immediate', recovery_target_timeline => 'latest', pause_at_recovery_target => true, standby_mode => 'on', primary_conninfo => 'host=localhost port=5432', primary_slot_name => undef, trigger_file => undef, recovery_min_apply_delay => 0, } ``` The above creates this `recovery.conf` config file: ``` restore_command = 'cp /mnt/server/archivedir/%f %p' recovery_target_name = 'daily backup 2015-01-26' recovery_target_time = '2015-02-08 22:39:00 EST' recovery_target_inclusive = true recovery_target = 'immediate' recovery_target_timeline = 'latest' pause_at_recovery_target = true standby_mode = 'on' primary_conninfo = 'host=localhost port=5432' recovery_min_apply_delay = 0 ``` Only the specified parameters are recognized in the template. The `recovery.conf` is only created if at least one parameter is set **and** [manage_recovery_conf](#manage_recovery_conf) is set to true. ### Validate connectivity To validate client connections to a remote PostgreSQL database before starting dependent tasks, use the `postgresql_conn_validator` resource. You can use this on any node where the PostgreSQL client software is installed. It is often chained to other tasks such as starting an application server or performing a database migration. Example usage: ```puppet postgresql_conn_validator { 'validate my postgres connection': host => 'my.postgres.host', db_username => 'mydbuser', db_password => 'mydbpassword', db_name => 'mydbname', }-> exec { 'rake db:migrate': cwd => '/opt/myrubyapp', } ``` ## Reference For information on the classes and types, see the [REFERENCE.md](https://github.com/puppetlabs/puppetlabs-postgresql/blob/master/REFERENCE.md) ## Limitations Works with versions of PostgreSQL on supported OSes. For an extensive list of supported operating systems, see [metadata.json](https://github.com/puppetlabs/puppetlabs-postgresql/blob/master/metadata.json) ### Apt module support While this module supports both 1.x and 2.x versions of the 'puppetlabs-apt' module, it does not support 'puppetlabs-apt' 2.0.0 or 2.0.1. ### PostGIS support PostGIS is currently considered an unsupported feature, as it doesn't work on all platforms correctly. ### All versions of RHEL/CentOS with manage_selinux => false If you have SELinux enabled and you are *not* using the selinux module to manage SELinux (this is the default configuration) you will need to label any custom ports you use with the `postgresql_port_t` context. The postgresql service will not start until this is done. To label a port use the semanage command as follows: ```shell semanage port -a -t postgresql_port_t -p tcp $customport ``` ## Development Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad hardware, software, and deployment configurations that Puppet is intended to serve. We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. For more information, see our [module contribution guide](https://puppet.com/docs/puppet/latest/contributing.html). ### Tests There are two types of tests distributed with this module. Unit tests with `rspec-puppet` and system tests using `rspec-system`. For unit testing, make sure you have: * rake * bundler Install the necessary gems: ```shell bundle install --path=vendor ``` And then run the unit tests: ```shell bundle exec rake spec ``` The unit tests are run in Travis-CI as well. If you want to see the results of your own tests, register the service hook through Travis-CI via the accounts section for your GitHub clone of this project. To run the system tests, make sure you also have: * Vagrant > 1.2.x * VirtualBox > 4.2.10 Then run the tests using: ```shell bundle exec rspec spec/acceptance ``` To run the tests on different operating systems, see the sets available in `.nodeset.yml` and run the specific set with the following syntax: ```shell RSPEC_SET=debian-607-x64 bundle exec rspec spec/acceptance ``` ### Contributors View the full list of contributors on [Github](https://github.com/puppetlabs/puppetlabs-postgresql/graphs/contributors). puppetlabs-postgresql-6.7.0/REFERENCE.md0100644000076700000240000017575613722221521014727 0ustar00# Reference ## Table of Contents ### Classes #### Public Classes * [`postgresql::client`](#postgresqlclient): Installs PostgreSQL client software. Set the following parameters if you have a custom version you would like to install. * [`postgresql::globals`](#postgresqlglobals): Class for setting cross-class global overrides. * [`postgresql::lib::devel`](#postgresqllibdevel): This class installs postgresql development libraries. * [`postgresql::lib::docs`](#postgresqllibdocs): Installs PostgreSQL bindings for Postgres-Docs. Set the following parameters if you have a custom version you would like to install. * [`postgresql::lib::java`](#postgresqllibjava): This class installs the postgresql jdbc connector. * [`postgresql::lib::perl`](#postgresqllibperl): This class installs the perl libs for postgresql. * [`postgresql::lib::python`](#postgresqllibpython): This class installs the python libs for postgresql. * [`postgresql::server`](#postgresqlserver): This installs a PostgreSQL server * [`postgresql::server::contrib`](#postgresqlservercontrib): Install the contrib postgresql packaging. * [`postgresql::server::plperl`](#postgresqlserverplperl): This class installs the PL/Perl procedural language for postgresql. * [`postgresql::server::plpython`](#postgresqlserverplpython): This class installs the PL/Python procedural language for postgresql. * [`postgresql::server::postgis`](#postgresqlserverpostgis): Install the postgis postgresql packaging. #### Private Classes * `postgresql::params` * `postgresql::repo` * `postgresql::repo::apt_postgresql_org` * `postgresql::repo::yum_postgresql_org` * `postgresql::server::config` * `postgresql::server::initdb` * `postgresql::server::install` * `postgresql::server::passwd` * `postgresql::server::reload` * `postgresql::server::service` ### Defined types * [`postgresql::server::config_entry`](#postgresqlserverconfig_entry): Manage a postgresql.conf entry. * [`postgresql::server::database`](#postgresqlserverdatabase): Define for creating a database. * [`postgresql::server::database_grant`](#postgresqlserverdatabase_grant): Manage a database grant. * [`postgresql::server::db`](#postgresqlserverdb): Define for conveniently creating a role, database and assigning the correctpermissions. * [`postgresql::server::extension`](#postgresqlserverextension): Activate an extension on a postgresql database. * [`postgresql::server::grant`](#postgresqlservergrant): Define for granting permissions to roles. * [`postgresql::server::grant_role`](#postgresqlservergrant_role): Define for granting membership to a role. * [`postgresql::server::pg_hba_rule`](#postgresqlserverpg_hba_rule): This resource manages an individual rule that applies to the file defined in target. * [`postgresql::server::pg_ident_rule`](#postgresqlserverpg_ident_rule): This resource manages an individual rule that applies to the file defined in target. * [`postgresql::server::reassign_owned_by`](#postgresqlserverreassign_owned_by): Define for reassigning the ownership of objects within a database. * [`postgresql::server::recovery`](#postgresqlserverrecovery): This resource manages the parameters that applies to the recovery.conf template. * [`postgresql::server::role`](#postgresqlserverrole): Define for creating a database role. * [`postgresql::server::schema`](#postgresqlserverschema): Create a new schema. * [`postgresql::server::table_grant`](#postgresqlservertable_grant): This resource wraps the grant resource to manage table grants specifically. * [`postgresql::server::tablespace`](#postgresqlservertablespace): This module creates tablespace. * [`postgresql::validate_db_connection`](#postgresqlvalidate_db_connection): This type validates that a successful postgres connection. ### Resource types * [`postgresql_conf`](#postgresql_conf): This type allows puppet to manage postgresql.conf parameters. * [`postgresql_conn_validator`](#postgresql_conn_validator): Verify if a connection can be successfully established * [`postgresql_psql`](#postgresql_psql): An arbitrary tag for your own reference; the name of the message. * [`postgresql_replication_slot`](#postgresql_replication_slot): Manages Postgresql replication slots. ### Functions #### Public Functions * [`postgresql::default`](#postgresqldefault): This function pull default values from the `params` class or `globals` class if the value is not present in `params`. * [`postgresql::postgresql_escape`](#postgresqlpostgresql_escape): This function escapes a string using [Dollar Quoting](https://www.postgresql.org/docs/12/sql-syntax-lexical.html#SQL-SYNTAX-DOLLAR-QUOTING) using a randomly generated tag if required. * [`postgresql::postgresql_password`](#postgresqlpostgresql_password): This function returns the postgresql password hash from the clear text username / password * [`postgresql_escape`](#postgresql_escape): DEPRECATED. Use the namespaced function [`postgresql::postgresql_escape`](#postgresqlpostgresql_escape) instead. * [`postgresql_password`](#postgresql_password): DEPRECATED. Use the namespaced function [`postgresql::postgresql_password`](#postgresqlpostgresql_password) instead. #### Private Functions * `postgresql::postgresql_acls_to_resources_hash`: This internal function translates the ipv(4|6)acls format into a resource suitable for create_resources. ### Tasks * [`sql`](#sql): Allows you to execute arbitary SQL ## Classes ### `postgresql::client` Installs PostgreSQL client software. Set the following parameters if you have a custom version you would like to install. * **Note** Make sure to add any necessary yum or apt repositories if specifying a custom version. #### Parameters The following parameters are available in the `postgresql::client` class. ##### `file_ensure` Data type: `Enum['file', 'absent']` Ensure the connection validation script is present Default value: `'file'` ##### `validcon_script_path` Data type: `Stdlib::Absolutepath` Optional. Absolute path for the postgresql connection validation script. Default value: `$postgresql::params::validcon_script_path` ##### `package_name` Data type: `String[1]` Sets the name of the PostgreSQL client package. Default value: `$postgresql::params::client_package_name` ##### `package_ensure` Data type: `String[1]` Ensure the client package is installed Default value: `'present'` ### `postgresql::globals` Class for setting cross-class global overrides. * **Note** Most server-specific defaults should be overridden in the postgresql::server class. This class should be used only if you are using a non-standard OS, or if you are changing elements that can only be changed here, such as version or manage_package_repo. #### Parameters The following parameters are available in the `postgresql::globals` class. ##### `client_package_name` Data type: `Any` Overrides the default PostgreSQL client package name. Default value: ``undef`` ##### `server_package_name` Data type: `Any` Overrides the default PostgreSQL server package name. Default value: ``undef`` ##### `contrib_package_name` Data type: `Any` Overrides the default PostgreSQL contrib package name. Default value: ``undef`` ##### `devel_package_name` Data type: `Any` Overrides the default PostgreSQL devel package name. Default value: ``undef`` ##### `java_package_name` Data type: `Any` Overrides the default PostgreSQL java package name. Default value: ``undef`` ##### `docs_package_name` Data type: `Any` Overrides the default PostgreSQL docs package name. Default value: ``undef`` ##### `perl_package_name` Data type: `Any` Overrides the default PostgreSQL Perl package name. Default value: ``undef`` ##### `plperl_package_name` Data type: `Any` Overrides the default PostgreSQL PL/Perl package name. Default value: ``undef`` ##### `plpython_package_name` Data type: `Any` Overrides the default PostgreSQL PL/Python package name. Default value: ``undef`` ##### `python_package_name` Data type: `Any` Overrides the default PostgreSQL Python package name. Default value: ``undef`` ##### `postgis_package_name` Data type: `Any` Overrides the default PostgreSQL PostGIS package name. Default value: ``undef`` ##### `service_name` Data type: `Any` Overrides the default PostgreSQL service name. Default value: ``undef`` ##### `service_provider` Data type: `Any` Overrides the default PostgreSQL service provider. Default value: ``undef`` ##### `service_status` Data type: `Any` Overrides the default status check command for your PostgreSQL service. Default value: ``undef`` ##### `default_database` Data type: `Any` Specifies the name of the default database to connect with. Default value: ``undef`` ##### `validcon_script_path` Data type: `Any` Scipt path for the connection validation check. Default value: ``undef`` ##### `initdb_path` Data type: `Any` Path to the initdb command. Default value: ``undef`` ##### `createdb_path` Data type: `Any` Deprecated. Path to the createdb command. Default value: ``undef`` ##### `psql_path` Data type: `Any` Sets the path to the psql command. Default value: ``undef`` ##### `pg_hba_conf_path` Data type: `Any` Specifies the path to your pg_hba.conf file. Default value: ``undef`` ##### `pg_ident_conf_path` Data type: `Any` Specifies the path to your pg_ident.conf file. Default value: ``undef`` ##### `postgresql_conf_path` Data type: `Any` Sets the path to your postgresql.conf file. Default value: ``undef`` ##### `recovery_conf_path` Data type: `Any` Path to your recovery.conf file. Default value: ``undef`` ##### `default_connect_settings` Data type: `Any` Default connection settings. Default value: `{}` ##### `pg_hba_conf_defaults` Data type: `Any` Disables the defaults supplied with the module for pg_hba.conf if set to false. Default value: ``undef`` ##### `datadir` Data type: `Any` Overrides the default PostgreSQL data directory for the target platform. Changing the datadir after installation causes the server to come to a full stop before making the change. For Red Hat systems, the data directory must be labeled appropriately for SELinux. On Ubuntu, you must explicitly set needs_initdb = true to allow Puppet to initialize the database in the new datadir (needs_initdb defaults to true on other systems). Warning! If datadir is changed from the default, Puppet does not manage purging of the original data directory, which causes it to fail if the data directory is changed back to the original Default value: ``undef`` ##### `confdir` Data type: `Any` Overrides the default PostgreSQL configuration directory for the target platform. Default value: ``undef`` ##### `bindir` Data type: `Any` Overrides the default PostgreSQL binaries directory for the target platform. Default value: ``undef`` ##### `xlogdir` Data type: `Any` Overrides the default PostgreSQL xlog directory. Default value: ``undef`` ##### `logdir` Data type: `Any` Overrides the default PostgreSQL log directory. Default value: ``undef`` ##### `log_line_prefix` Data type: `Any` Overrides the default PostgreSQL log prefix. Default value: ``undef`` ##### `user` Data type: `Any` Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. Default value: ``undef`` ##### `group` Data type: `Any` Overrides the default postgres user group to be used for related files in the file system. Default value: ``undef`` ##### `version` Data type: `Any` The version of PostgreSQL to install and manage. Default value: ``undef`` ##### `postgis_version` Data type: `Any` Defines the version of PostGIS to install, if you install PostGIS. Default value: ``undef`` ##### `repo_proxy` Data type: `Any` Sets the proxy option for the official PostgreSQL yum-repositories only. Default value: ``undef`` ##### `repo_baseurl` Data type: `Any` Sets the baseurl for the PostgreSQL repository. Useful if you host your own mirror of the repository. Default value: ``undef`` ##### `needs_initdb` Data type: `Any` Explicitly calls the initdb operation after the server package is installed and before the PostgreSQL service is started. Default value: ``undef`` ##### `encoding` Data type: `Any` Sets the default encoding for all databases created with this module. On certain operating systems, this is also used during the template1 initialization, so it becomes a default outside of the module as well. Default value: ``undef`` ##### `locale` Data type: `Any` Sets the default database locale for all databases created with this module. On certain operating systems, this is also used during the template1 initialization, so it becomes a default outside of the module as well. On Debian, you'll need to ensure that the 'locales-all' package is installed for full functionality of PostgreSQL. Default value: ``undef`` ##### `data_checksums` Data type: `Any` Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. Warning: This option is used during initialization by initdb, and cannot be changed later. Default value: ``undef`` ##### `timezone` Data type: `Any` Sets the default timezone of the postgresql server. The postgresql built-in default is taking the systems timezone information. Default value: ``undef`` ##### `manage_pg_hba_conf` Data type: `Any` Allow Puppet to manage the pg_hba.conf file. Default value: ``undef`` ##### `manage_pg_ident_conf` Data type: `Any` Allow Puppet to manage the pg_ident.conf file. Default value: ``undef`` ##### `manage_recovery_conf` Data type: `Any` Allow Puppet to manage the recovery.conf file. Default value: ``undef`` ##### `manage_datadir` Data type: `Any` Set to false if you have file{ $datadir: } already defined Default value: ``undef`` ##### `manage_logdir` Data type: `Any` Set to false if you have file{ $logdir: } already defined Default value: ``undef`` ##### `manage_xlogdir` Data type: `Any` Set to false if you have file{ $xlogdir: } already defined Default value: ``undef`` ##### `manage_package_repo` Data type: `Any` Sets up official PostgreSQL repositories on your host if set to true. Default value: ``undef`` ##### `module_workdir` Data type: `Any` Specifies working directory under which the psql command should be executed. May need to specify if '/tmp' is on volume mounted with noexec option. Default value: ``undef`` ##### `manage_selinux` Data type: `Any` Default value: ``undef`` ### `postgresql::lib::devel` This class installs postgresql development libraries. #### Parameters The following parameters are available in the `postgresql::lib::devel` class. ##### `package_name` Data type: `String` Override devel package name Default value: `$postgresql::params::devel_package_name` ##### `package_ensure` Data type: `String[1]` Ensure the development libraries are installed Default value: `'present'` ##### `link_pg_config` Data type: `Boolean` If the bin directory used by the PostgreSQL page is not /usr/bin or /usr/local/bin, symlinks pg_config from the package's bin dir into usr/bin (not applicable to Debian systems). Set to false to disable this behavior. Default value: `$postgresql::params::link_pg_config` ### `postgresql::lib::docs` Installs PostgreSQL bindings for Postgres-Docs. Set the following parameters if you have a custom version you would like to install. * **Note** Make sure to add any necessary yum or apt repositories if specifying a custom version. #### Parameters The following parameters are available in the `postgresql::lib::docs` class. ##### `package_name` Data type: `String` Specifies the name of the PostgreSQL docs package. Default value: `$postgresql::params::docs_package_name` ##### `package_ensure` Data type: `String[1]` Whether the PostgreSQL docs package resource should be present. Default value: `'present'` ### `postgresql::lib::java` This class installs the postgresql jdbc connector. * **Note** Make sure to add any necessary yum or apt repositories if specifying a custom version. #### Parameters The following parameters are available in the `postgresql::lib::java` class. ##### `package_name` Data type: `String` Specifies the name of the PostgreSQL java package. Default value: `$postgresql::params::java_package_name` ##### `package_ensure` Data type: `String[1]` Specifies whether the package is present. Default value: `'present'` ### `postgresql::lib::perl` This class installs the perl libs for postgresql. #### Parameters The following parameters are available in the `postgresql::lib::perl` class. ##### `package_name` Data type: `String` Specifies the name of the PostgreSQL perl package to install. Default value: `$postgresql::params::perl_package_name` ##### `package_ensure` Data type: `String[1]` Ensure the perl libs for postgresql are installed. Default value: `'present'` ### `postgresql::lib::python` This class installs the python libs for postgresql. #### Parameters The following parameters are available in the `postgresql::lib::python` class. ##### `package_name` Data type: `String[1]` The name of the PostgreSQL Python package. Default value: `$postgresql::params::python_package_name` ##### `package_ensure` Data type: `String[1]` Ensure the python libs for postgresql are installed. Default value: `'present'` ### `postgresql::server` This installs a PostgreSQL server #### Parameters The following parameters are available in the `postgresql::server` class. ##### `postgres_password` Data type: `Any` Sets the password for the postgres user to your specified value. By default, this setting uses the superuser account in the Postgres database, with a user called postgres and no password. Default value: ``undef`` ##### `package_name` Data type: `Any` Specifies the name of the package to use for installing the server software. Default value: `$postgresql::params::server_package_name` ##### `package_ensure` Data type: `Any` Passes a value through to the package resource when creating the server instance. Default value: `$postgresql::params::package_ensure` ##### `plperl_package_name` Data type: `Any` Sets the default package name for the PL/Perl extension. Default value: `$postgresql::params::plperl_package_name` ##### `plpython_package_name` Data type: `Any` Sets the default package name for the PL/Python extension. Default value: `$postgresql::params::plpython_package_name` ##### `service_ensure` Data type: `Any` Ensure service is installed Default value: `$postgresql::params::service_ensure` ##### `service_enable` Data type: `Any` Enable the PostgreSQL service Default value: `$postgresql::params::service_enable` ##### `service_manage` Data type: `Any` Defines whether or not Puppet should manage the service. Default value: `$postgresql::params::service_manage` ##### `service_name` Data type: `Any` Overrides the default PostgreSQL service name. Default value: `$postgresql::params::service_name` ##### `service_restart_on_change` Data type: `Any` Overrides the default behavior to restart your PostgreSQL service when a config entry has been changed that requires a service restart to become active. Default value: `$postgresql::params::service_restart_on_change` ##### `service_provider` Data type: `Any` Overrides the default PostgreSQL service provider. Default value: `$postgresql::params::service_provider` ##### `service_reload` Data type: `Any` Overrides the default reload command for your PostgreSQL service. Default value: `$postgresql::params::service_reload` ##### `service_status` Data type: `Any` Overrides the default status check command for your PostgreSQL service. Default value: `$postgresql::params::service_status` ##### `default_database` Data type: `Any` Specifies the name of the default database to connect with. On most systems this is 'postgres'. Default value: `$postgresql::params::default_database` ##### `default_connect_settings` Data type: `Any` Specifies a hash of environment variables used when connecting to a remote server. Becomes the default for other defined types, such as postgresql::server::role. Default value: `$postgresql::globals::default_connect_settings` ##### `listen_addresses` Data type: `Any` Address list on which the PostgreSQL service will listen Default value: `$postgresql::params::listen_addresses` ##### `port` Data type: `Any` Specifies the port for the PostgreSQL server to listen on. Note: The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, changing the port causes the server to come to a full stop before being able to make the change. Default value: 5432. Meaning the Postgres server listens on TCP port 5432. Default value: `$postgresql::params::port` ##### `ip_mask_deny_postgres_user` Data type: `Any` Specifies the IP mask from which remote connections should be denied for the postgres superuser. Default value: '0.0.0.0/0', which denies any remote connection. Default value: `$postgresql::params::ip_mask_deny_postgres_user` ##### `ip_mask_allow_all_users` Data type: `Any` Overrides PostgreSQL defaults for remote connections. By default, PostgreSQL does not allow database user accounts to connect via TCP from remote machines. If you'd like to allow this, you can override this setting. Set to '0.0.0.0/0' to allow database users to connect from any remote machine, or '192.168.0.0/1' to allow connections from any machine on your local '192.168' subnet. Default value: '127.0.0.1/32'. Default value: `$postgresql::params::ip_mask_allow_all_users` ##### `ipv4acls` Data type: `Array[String[1]]` Lists strings for access control for connection method, users, databases, IPv4 addresses; Default value: `$postgresql::params::ipv4acls` ##### `ipv6acls` Data type: `Array[String[1]]` Lists strings for access control for connection method, users, databases, IPv6 addresses. Default value: `$postgresql::params::ipv6acls` ##### `initdb_path` Data type: `Any` Specifies the path to the initdb command. Default value: `$postgresql::params::initdb_path` ##### `createdb_path` Data type: `Any` Deprecated. Specifies the path to the createdb command. Default value: `$postgresql::params::createdb_path` ##### `psql_path` Data type: `Any` Specifies the path to the psql command. Default value: `$postgresql::params::psql_path` ##### `pg_hba_conf_path` Data type: `Any` Specifies the path to your pg_hba.conf file. Default value: `$postgresql::params::pg_hba_conf_path` ##### `pg_ident_conf_path` Data type: `Any` Specifies the path to your pg_ident.conf file. Default value: `$postgresql::params::pg_ident_conf_path` ##### `postgresql_conf_path` Data type: `Any` Specifies the path to your postgresql.conf file. Default value: `$postgresql::params::postgresql_conf_path` ##### `recovery_conf_path` Data type: `Any` Specifies the path to your recovery.conf file. Default value: `$postgresql::params::recovery_conf_path` ##### `datadir` Data type: `Any` PostgreSQL data directory Default value: `$postgresql::params::datadir` ##### `xlogdir` Data type: `Any` PostgreSQL xlog directory Default value: `$postgresql::params::xlogdir` ##### `logdir` Data type: `Any` PostgreSQL log directory Default value: `$postgresql::params::logdir` ##### `log_line_prefix` Data type: `Any` PostgreSQL log line prefix Default value: `$postgresql::params::log_line_prefix` ##### `pg_hba_conf_defaults` Data type: `Any` If false, disables the defaults supplied with the module for pg_hba.conf. This is useful if you disagree with the defaults and wish to override them yourself. Be sure that your changes of course align with the rest of the module, as some access is required to perform basic psql operations for example. Default value: `$postgresql::params::pg_hba_conf_defaults` ##### `user` Data type: `Any` Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. Default value: `$postgresql::params::user` ##### `group` Data type: `Any` Overrides the default postgres user group to be used for related files in the file system. Default value: `$postgresql::params::group` ##### `needs_initdb` Data type: `Any` Explicitly calls the initdb operation after server package is installed, and before the PostgreSQL service is started. Default value: `$postgresql::params::needs_initdb` ##### `encoding` Data type: `Any` Sets the default encoding for all databases created with this module. On certain operating systems this is also used during the template1 initialization, so it becomes a default outside of the module as well. Default value: `$postgresql::params::encoding` ##### `locale` Data type: `Any` Sets the default database locale for all databases created with this module. On certain operating systems this is used during the template1 initialization as well, so it becomes a default outside of the module. Default value: `$postgresql::params::locale` ##### `data_checksums` Data type: `Any` Boolean. Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. Warning: This option is used during initialization by initdb, and cannot be changed later. If set, checksums are calculated for all objects, in all databases. Default value: `$postgresql::params::data_checksums` ##### `timezone` Data type: `Any` Set timezone for the PostgreSQL instance Default value: `$postgresql::params::timezone` ##### `manage_pg_hba_conf` Data type: `Any` Boolean. Whether to manage the pg_hba.conf. Default value: `$postgresql::params::manage_pg_hba_conf` ##### `manage_pg_ident_conf` Data type: `Any` Boolean. Overwrites the pg_ident.conf file. Default value: `$postgresql::params::manage_pg_ident_conf` ##### `manage_recovery_conf` Data type: `Any` Boolean. Specifies whether or not manage the recovery.conf. Default value: `$postgresql::params::manage_recovery_conf` ##### `module_workdir` Data type: `Any` Working directory for the PostgreSQL module Default value: `$postgresql::params::module_workdir` ##### `manage_datadir` Data type: `Any` Set to false if you have file{ $datadir: } already defined Default value: `$postgresql::params::manage_datadir` ##### `manage_logdir` Data type: `Any` Set to false if you have file{ $logdir: } already defined Default value: `$postgresql::params::manage_logdir` ##### `manage_xlogdir` Data type: `Any` Set to false if you have file{ $xlogdir: } already defined Default value: `$postgresql::params::manage_xlogdir` ##### `roles` Data type: `Hash[String, Hash]` Specifies a hash from which to generate postgresql::server::role resources. Default value: `{}` ##### `config_entries` Data type: `Hash[String, Any]` Specifies a hash from which to generate postgresql::server::config_entry resources. Default value: `{}` ##### `pg_hba_rules` Data type: `Hash[String, Hash]` Specifies a hash from which to generate postgresql::server::pg_hba_rule resources. Default value: `{}` ##### `version` Data type: `Any` Deprecated. Use postgresql::globals instead. Sets PostgreSQL version Default value: ``undef`` ##### `extra_systemd_config` Data type: `Any` Adds extra config to systemd config file, can for instance be used to add extra openfiles. This can be a multi line string Default value: `$postgresql::params::extra_systemd_config` ##### `manage_selinux` Data type: `Boolean` Default value: `$postgresql::params::manage_selinux` ##### `password_encryption` Data type: `Any` Default value: `$postgresql::params::password_encryption` ### `postgresql::server::contrib` Install the contrib postgresql packaging. #### Parameters The following parameters are available in the `postgresql::server::contrib` class. ##### `package_name` Data type: `String` The name of the PostgreSQL contrib package. Default value: `$postgresql::params::contrib_package_name` ##### `package_ensure` Data type: `String[1]` Ensure the contrib package is installed. Default value: `'present'` ### `postgresql::server::plperl` This class installs the PL/Perl procedural language for postgresql. #### Parameters The following parameters are available in the `postgresql::server::plperl` class. ##### `package_ensure` Data type: `Any` The ensure parameter passed on to PostgreSQL PL/Perl package resource. Default value: `'present'` ##### `package_name` Data type: `Any` The name of the PostgreSQL PL/Perl package. Default value: `$postgresql::server::plperl_package_name` ### `postgresql::server::plpython` This class installs the PL/Python procedural language for postgresql. #### Parameters The following parameters are available in the `postgresql::server::plpython` class. ##### `package_ensure` Data type: `Any` Specifies whether the package is present. Default value: `'present'` ##### `package_name` Data type: `Any` Specifies the name of the postgresql PL/Python package. Default value: `$postgresql::server::plpython_package_name` ### `postgresql::server::postgis` Install the postgis postgresql packaging. #### Parameters The following parameters are available in the `postgresql::server::postgis` class. ##### `package_name` Data type: `String` Sets the package name. Default value: `$postgresql::params::postgis_package_name` ##### `package_ensure` Data type: `String[1]` Specifies if the package is present or not. Default value: `'present'` ## Defined types ### `postgresql::server::config_entry` Manage a postgresql.conf entry. #### Parameters The following parameters are available in the `postgresql::server::config_entry` defined type. ##### `ensure` Data type: `Enum['present', 'absent']` Removes an entry if set to 'absent'. Default value: `'present'` ##### `value` Data type: `Any` Defines the value for the setting. Default value: ``undef`` ##### `path` Data type: `Any` Path for postgresql.conf Default value: ``false`` ### `postgresql::server::database` Define for creating a database. #### Parameters The following parameters are available in the `postgresql::server::database` defined type. ##### `comment` Data type: `Any` Sets a comment on the database. Default value: ``undef`` ##### `dbname` Data type: `Any` Sets the name of the database. Default value: `$title` ##### `owner` Data type: `Any` Sets name of the database owner. Default value: ``undef`` ##### `tablespace` Data type: `Any` Sets tablespace for where to create this database. Default value: ``undef`` ##### `template` Data type: `Any` Specifies the name of the template database from which to build this database. Default value: 'template0'. Default value: `'template0'` ##### `encoding` Data type: `Any` Overrides the character set during creation of the database. Default value: `$postgresql::server::encoding` ##### `locale` Data type: `Any` Overrides the locale during creation of the database. Default value: `$postgresql::server::locale` ##### `istemplate` Data type: `Any` Defines the database as a template if set to true. Default value: ``false`` ##### `connect_settings` Data type: `Any` Specifies a hash of environment variables used when connecting to a remote server. Default value: `$postgresql::server::default_connect_settings` ### `postgresql::server::database_grant` Manage a database grant. #### Parameters The following parameters are available in the `postgresql::server::database_grant` defined type. ##### `privilege` Data type: `Any` Specifies comma-separated list of privileges to grant. Valid options: 'ALL', 'CREATE', 'CONNECT', 'TEMPORARY', 'TEMP'. ##### `db` Data type: `Any` Specifies the database to which you are granting access. ##### `role` Data type: `Any` Specifies the role or user whom you are granting access to. ##### `ensure` Data type: `Any` Specifies whether to grant or revoke the privilege. Revoke or 'absent' works only in PostgreSQL version 9.1.24 or later. Default value: ``undef`` ##### `psql_db` Data type: `Any` Defines the database to execute the grant against. This should not ordinarily be changed from the default Default value: ``undef`` ##### `psql_user` Data type: `Any` Specifies the OS user for running psql. Default value: The default user for the module, usually 'postgres'. Default value: ``undef`` ##### `connect_settings` Data type: `Any` Specifies a hash of environment variables used when connecting to a remote server. Default value: ``undef`` ### `postgresql::server::db` Define for conveniently creating a role, database and assigning the correctpermissions. #### Parameters The following parameters are available in the `postgresql::server::db` defined type. ##### `user` Data type: `Any` User to create and assign access to the database upon creation. Mandatory. ##### `password` Data type: `Any` Required Sets the password for the created user. ##### `comment` Data type: `Any` Defines a comment to be stored about the database using the PostgreSQL COMMENT command. Default value: ``undef`` ##### `dbname` Data type: `Any` Sets the name of the database to be created. Default value: `$title` ##### `encoding` Data type: `Any` Overrides the character set during creation of the database. Default value: `$postgresql::server::encoding` ##### `locale` Data type: `Any` Overrides the locale during creation of the database. Default value: `$postgresql::server::locale` ##### `grant` Data type: `Any` Specifies the permissions to grant during creation. Default value: 'ALL'. Default value: `'ALL'` ##### `tablespace` Data type: `Any` Defines the name of the tablespace to allocate the created database to. Default value: ``undef`` ##### `template` Data type: `Any` Specifies the name of the template database from which to build this database. Defaults value: template0. Default value: `'template0'` ##### `istemplate` Data type: `Any` Specifies that the database is a template, if set to true. Default value: ``false`` ##### `owner` Data type: `Any` Sets a user as the owner of the database. Default value: ``undef`` ### `postgresql::server::extension` Activate an extension on a postgresql database. #### Parameters The following parameters are available in the `postgresql::server::extension` defined type. ##### `database` Data type: `Any` Specifies the database on which to activate the extension. ##### `extension` Data type: `Any` Specifies the extension to activate. If left blank, uses the name of the resource. Default value: `$name` ##### `schema` Data type: `Optional[String[1]]` Specifies the schema on which to activate the extension. Default value: ``undef`` ##### `version` Data type: `Optional[String[1]]` Specifies the version of the extension which the database uses. When an extension package is updated, this does not automatically change the effective version in each database. This needs be updated using the PostgreSQL-specific SQL ALTER EXTENSION... version may be set to latest, in which case the SQL ALTER EXTENSION "extension" UPDATE is applied to this database (only). version may be set to a specific version, in which case the extension is updated using ALTER EXTENSION "extension" UPDATE TO 'version' eg. If extension is set to postgis and version is set to 2.3.3, this will apply the SQL ALTER EXTENSION "postgis" UPDATE TO '2.3.3' to this database only. version may be omitted, in which case no ALTER EXTENSION... SQL is applied, and the version will be left unchanged. Default value: ``undef`` ##### `ensure` Data type: `String[1]` Specifies whether to activate or deactivate the extension. Valid options: 'present' or 'absent'. Default value: `'present'` ##### `package_name` Data type: `Any` Specifies a package to install prior to activating the extension. Default value: ``undef`` ##### `package_ensure` Data type: `Any` Overrides default package deletion behavior. By default, the package specified with package_name is installed when the extension is activated and removed when the extension is deactivated. To override this behavior, set the ensure value for the package. Default value: ``undef`` ##### `port` Data type: `Optional[Integer]` Port to use when connecting. Default value: ``undef`` ##### `connect_settings` Data type: `Any` Specifies a hash of environment variables used when connecting to a remote server. Default value: `postgresql::default('default_connect_settings')` ##### `database_resource_name` Data type: `Any` Specifies the resource name of the DB being managed. Defaults to the parameter $database, if left blank. Default value: `$database` ### `postgresql::server::grant` Define for granting permissions to roles. #### Parameters The following parameters are available in the `postgresql::server::grant` defined type. ##### `role` Data type: `String` Specifies the role or user whom you are granting access to. ##### `db` Data type: `String` Specifies the database to which you are granting access. ##### `privilege` Data type: `String` Specifies the privilege to grant. Valid options: 'ALL', 'ALL PRIVILEGES' or 'object_type' dependent string. Default value: `''` ##### `object_type` Data type: `Pattern[#/(?i:^COLUMN$)/, /(?i:^ALL SEQUENCES IN SCHEMA$)/, /(?i:^ALL TABLES IN SCHEMA$)/, /(?i:^DATABASE$)/, #/(?i:^FOREIGN DATA WRAPPER$)/, #/(?i:^FOREIGN SERVER$)/, /(?i:^FUNCTION$)/, /(?i:^LANGUAGE$)/, #/(?i:^PROCEDURAL LANGUAGE$)/, /(?i:^TABLE$)/, #/(?i:^TABLESPACE$)/, /(?i:^SCHEMA$)/, /(?i:^SEQUENCE$)/ #/(?i:^VIEW$)/ ]` Specifies the type of object to which you are granting privileges. Valid options: 'DATABASE', 'SCHEMA', 'SEQUENCE', 'ALL SEQUENCES IN SCHEMA', 'TABLE' or 'ALL TABLES IN SCHEMA'. Default value: `'database'` ##### `object_name` Data type: `Optional[Variant[ Array[String,2,2], String[1]] ]` Specifies name of object_type to which to grant access, can be either a string or a two element array. String: 'object_name' Array: ['schema_name', 'object_name'] Default value: ``undef`` ##### `psql_db` Data type: `String` Specifies the database to execute the grant against. This should not ordinarily be changed from the default Default value: `$postgresql::server::default_database` ##### `psql_user` Data type: `String` Sets the OS user to run psql. Default value: `$postgresql::server::user` ##### `port` Data type: `Integer` Port to use when connecting. Default value: `$postgresql::server::port` ##### `onlyif_exists` Data type: `Boolean` Create grant only if doesn't exist Default value: ``false`` ##### `connect_settings` Data type: `Hash` Specifies a hash of environment variables used when connecting to a remote server. Default value: `$postgresql::server::default_connect_settings` ##### `ensure` Data type: `Enum['present', 'absent' ]` Specifies whether to grant or revoke the privilege. Default is to grant the privilege. Valid values: 'present', 'absent'. Default value: `'present'` ##### `group` Data type: `String` Sets the OS group to run psql Default value: `$postgresql::server::group` ##### `psql_path` Data type: `String` Sets the path to psql command Default value: `$postgresql::server::psql_path` ##### `object_arguments` Data type: `Array[String[1],0]` Default value: `[]` ### `postgresql::server::grant_role` Define for granting membership to a role. #### Parameters The following parameters are available in the `postgresql::server::grant_role` defined type. ##### `group` Data type: `String[1]` Specifies the group role to which you are assigning a role. ##### `role` Data type: `String[1]` Specifies the role you want to assign to a group. If left blank, uses the name of the resource. Default value: `$name` ##### `ensure` Data type: `Enum['present', 'absent']` Specifies whether to grant or revoke the membership. Valid options: 'present' or 'absent'. Default value: `'present'` ##### `psql_db` Data type: `Any` Specifies the database to execute the grant against. This should not ordinarily be changed from the default Default value: `$postgresql::server::default_database` ##### `psql_user` Data type: `Any` Sets the OS user to run psql. Default value: `$postgresql::server::user` ##### `port` Data type: `Any` Port to use when connecting. Default value: `$postgresql::server::port` ##### `connect_settings` Data type: `Any` Specifies a hash of environment variables used when connecting to a remote server. Default value: `$postgresql::server::default_connect_settings` ### `postgresql::server::pg_hba_rule` This resource manages an individual rule that applies to the file defined in target. #### Parameters The following parameters are available in the `postgresql::server::pg_hba_rule` defined type. ##### `type` Data type: `Enum['local', 'host', 'hostssl', 'hostnossl']` Sets the type of rule. Enum['local','host','hostssl','hostnossl']. ##### `database` Data type: `String` Sets a comma-separated list of databases that this rule matches. ##### `user` Data type: `String` Sets a comma-separated list of users that this rule matches. ##### `auth_method` Data type: `String` Provides the method that is used for authentication for the connection that this rule matches. Described further in the PostgreSQL pg_hba.conf documentation. ##### `address` Data type: `Optional[String]` Sets a CIDR based address for this rule matching when the type is not 'local'. Default value: ``undef`` ##### `description` Data type: `String` Defines a longer description for this rule, if required. This description is placed in the comments above the rule in pg_hba.conf. Default value: 'none'. Default value: `'none'` ##### `auth_option` Data type: `Optional[String]` For certain auth_method settings there are extra options that can be passed. Consult the PostgreSQL pg_hba.conf documentation for further details. Default value: ``undef`` ##### `order` Data type: `Variant[String, Integer]` Sets an order for placing the rule in pg_hba.conf. This can be either a string or an integer. If it is an integer, it will be converted to a string by zero-padding it to three digits. E.g. 42 will be zero-padded to the string '042'. The pg_hba_rule fragments are sorted using the alpha sorting order. Default value: 150. Default value: `150` ##### `target` Data type: `Stdlib::Absolutepath` Provides the target for the rule, and is generally an internal only property. Use with caution. Default value: `$postgresql::server::pg_hba_conf_path` ##### `postgresql_version` Data type: `String` Manages pg_hba.conf without managing the entire PostgreSQL instance. Default value: `$postgresql::server::_version` ### `postgresql::server::pg_ident_rule` This resource manages an individual rule that applies to the file defined in target. #### Parameters The following parameters are available in the `postgresql::server::pg_ident_rule` defined type. ##### `map_name` Data type: `Any` Sets the name of the user map that is used to refer to this mapping in pg_hba.conf. ##### `system_username` Data type: `Any` Specifies the operating system user name (the user name used to connect to the database). ##### `database_username` Data type: `Any` Specifies the user name of the database user. The system_username is mapped to this user name. ##### `description` Data type: `Any` Sets a longer description for this rule if required. This description is placed in the comments above the rule in pg_ident.conf. Default value: 'none'. Default value: `'none'` ##### `order` Data type: `Any` Defines an order for placing the mapping in pg_ident.conf. Default value: 150. Default value: `'150'` ##### `target` Data type: `Any` Provides the target for the rule and is generally an internal only property. Use with caution. Default value: `$postgresql::server::pg_ident_conf_path` ### `postgresql::server::reassign_owned_by` Define for reassigning the ownership of objects within a database. * **Note** This enables us to force the a particular ownership for objects within a database #### Parameters The following parameters are available in the `postgresql::server::reassign_owned_by` defined type. ##### `old_role` Data type: `String` Specifies the role or user who is the current owner of the objects in the specified db ##### `new_role` Data type: `String` Specifies the role or user who will be the new owner of these objects ##### `db` Data type: `String` Specifies the database to which the 'REASSIGN OWNED' will be applied ##### `psql_user` Data type: `String` Specifies the OS user for running psql. Default value: `$postgresql::server::user` ##### `port` Data type: `Integer` Port to use when connecting. Default value: `$postgresql::server::port` ##### `connect_settings` Data type: `Hash` Specifies a hash of environment variables used when connecting to a remote server. Default value: `$postgresql::server::default_connect_settings` ### `postgresql::server::recovery` This resource manages the parameters that applies to the recovery.conf template. * **Note** Allows you to create the content for recovery.conf. For more details see the usage example and the PostgreSQL documentation. Every parameter value is a string set in the template except recovery_target_inclusive, pause_at_recovery_target, standby_mode and recovery_min_apply_delay. A detailed description of all listed parameters can be found in the PostgreSQL documentation. Only the specified parameters are recognized in the template. The recovery.conf is only created if at least one parameter is set and manage_recovery_conf is set to true. #### Parameters The following parameters are available in the `postgresql::server::recovery` defined type. ##### `restore_command` Data type: `Any` The shell command to execute to retrieve an archived segment of the WAL file series. Default value: ``undef`` ##### `archive_cleanup_command` Data type: `Any` This optional parameter specifies a shell command that will be executed at every restartpoint. Default value: ``undef`` ##### `recovery_end_command` Data type: `Any` This parameter specifies a shell command that will be executed once only at the end of recovery. Default value: ``undef`` ##### `recovery_target_name` Data type: `Any` This parameter specifies the named restore point (created with pg_create_restore_point()) to which recovery will proceed. Default value: ``undef`` ##### `recovery_target_time` Data type: `Any` This parameter specifies the time stamp up to which recovery will proceed. Default value: ``undef`` ##### `recovery_target_xid` Data type: `Any` This parameter specifies the transaction ID up to which recovery will proceed. Default value: ``undef`` ##### `recovery_target_inclusive` Data type: `Any` Specifies whether to stop just after the specified recovery target (true), or just before the recovery target (false). Default value: ``undef`` ##### `recovery_target` Data type: `Any` This parameter specifies that recovery should end as soon as a consistent state is reached, i.e. as early as possible. Default value: ``undef`` ##### `recovery_target_timeline` Data type: `Any` Specifies recovering into a particular timeline. Default value: ``undef`` ##### `pause_at_recovery_target` Data type: `Any` Specifies whether recovery should pause when the recovery target is reached. Default value: ``undef`` ##### `standby_mode` Data type: `Any` Specifies whether to start the PostgreSQL server as a standby. Default value: ``undef`` ##### `primary_conninfo` Data type: `Any` Specifies a connection string to be used for the standby server to connect with the primary. Default value: ``undef`` ##### `primary_slot_name` Data type: `Any` Optionally specifies an existing replication slot to be used when connecting to the primary via streaming replication to control resource removal on the upstream node. Default value: ``undef`` ##### `trigger_file` Data type: `Any` Specifies a trigger file whose presence ends recovery in the standby. Default value: ``undef`` ##### `recovery_min_apply_delay` Data type: `Any` This parameter allows you to delay recovery by a fixed period of time, measured in milliseconds if no unit is specified. Default value: ``undef`` ##### `target` Data type: `Any` Provides the target for the rule, and is generally an internal only property. Use with caution. Default value: `$postgresql::server::recovery_conf_path` ### `postgresql::server::role` Define for creating a database role. #### Parameters The following parameters are available in the `postgresql::server::role` defined type. ##### `update_password` Data type: `Any` If set to true, updates the password on changes. Set this to false to not modify the role's password after creation. Default value: ``true`` ##### `password_hash` Data type: `Any` Sets the hash to use during password creation. Default value: ``false`` ##### `createdb` Data type: `Any` Specifies whether to grant the ability to create new databases with this role. Default value: ``false`` ##### `createrole` Data type: `Any` Specifies whether to grant the ability to create new roles with this role. Default value: ``false`` ##### `db` Data type: `Any` Database used to connect to. Default value: `$postgresql::server::default_database` ##### `port` Data type: `Any` Port to use when connecting. Default value: ``undef`` ##### `login` Data type: `Any` Specifies whether to grant login capability for the new role. Default value: ``true`` ##### `inherit` Data type: `Any` Specifies whether to grant inherit capability for the new role. Default value: ``true`` ##### `superuser` Data type: `Any` Specifies whether to grant super user capability for the new role. Default value: ``false`` ##### `replication` Data type: `Any` Provides provides replication capabilities for this role if set to true. Default value: ``false`` ##### `connection_limit` Data type: `Any` Specifies how many concurrent connections the role can make. Default value: '-1', meaning no limit. Default value: `'-1'` ##### `username` Data type: `Any` Defines the username of the role to create. Default value: `$title` ##### `connect_settings` Data type: `Any` Specifies a hash of environment variables used when connecting to a remote server. Default value: `$postgresql::server::default_connect_settings` ##### `ensure` Data type: `Enum['present', 'absent']` Specify whether to create or drop the role. Specifying 'present' creates the role. Specifying 'absent' drops the role. Default value: `'present'` ##### `psql_user` Data type: `Any` Sets the OS user to run psql Default value: `$postgresql::server::user` ##### `psql_group` Data type: `Any` Sets the OS group to run psql Default value: `$postgresql::server::group` ##### `psql_path` Data type: `Any` Sets path to psql command Default value: `$postgresql::server::psql_path` ##### `module_workdir` Data type: `Any` Specifies working directory under which the psql command should be executed. May need to specify if '/tmp' is on volume mounted with noexec option. Default value: `$postgresql::server::module_workdir` ### `postgresql::server::schema` Create a new schema. * **Note** The database must exist and the PostgreSQL user should have enough privileges #### Examples ##### ```puppet postgresql::server::schema {'private': db => 'template1', } ``` #### Parameters The following parameters are available in the `postgresql::server::schema` defined type. ##### `db` Data type: `Any` Required. Sets the name of the database in which to create this schema. Default value: `$postgresql::server::default_database` ##### `owner` Data type: `Any` Sets the default owner of the schema. Default value: ``undef`` ##### `schema` Data type: `Any` Sets the name of the schema. Default value: `$title` ##### `connect_settings` Data type: `Any` Specifies a hash of environment variables used when connecting to a remote server. Default value: `$postgresql::server::default_connect_settings` ### `postgresql::server::table_grant` This resource wraps the grant resource to manage table grants specifically. #### Parameters The following parameters are available in the `postgresql::server::table_grant` defined type. ##### `privilege` Data type: `Any` Specifies comma-separated list of privileges to grant. Valid options: 'ALL', 'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER'. ##### `table` Data type: `Any` Specifies the table to which you are granting access. ##### `db` Data type: `Any` Specifies which database the table is in. ##### `role` Data type: `Any` Specifies the role or user to whom you are granting access. ##### `ensure` Data type: `Any` Specifies whether to grant or revoke the privilege. Default is to grant the privilege. Default value: ``undef`` ##### `port` Data type: `Any` Port to use when connecting. Default value: ``undef`` ##### `psql_db` Data type: `Any` Specifies the database to execute the grant against. This should not ordinarily be changed from the default. Default value: ``undef`` ##### `psql_user` Data type: `Any` Specifies the OS user for running psql. Default value: ``undef`` ##### `connect_settings` Data type: `Any` Specifies a hash of environment variables used when connecting to a remote server. Default value: ``undef`` ##### `onlyif_exists` Data type: `Any` Create grant only if it doesn't exist. Default value: ``false`` ### `postgresql::server::tablespace` This module creates tablespace. #### Parameters The following parameters are available in the `postgresql::server::tablespace` defined type. ##### `location` Data type: `Any` Specifies the path to locate this tablespace. ##### `manage_location` Data type: `Any` Set to false if you have file{ $location: } already defined Default value: ``true`` ##### `owner` Data type: `Any` Specifies the default owner of the tablespace. Default value: ``undef`` ##### `spcname` Data type: `Any` Specifies the name of the tablespace. Default value: `$title` ##### `connect_settings` Data type: `Any` Specifies a hash of environment variables used when connecting to a remote server. Default value: `$postgresql::server::default_connect_settings` ### `postgresql::validate_db_connection` This validated if the postgres connection can be established between the node on which this resource is run and a specified postgres instance (host/port/user/password/database name). #### Parameters The following parameters are available in the `postgresql::validate_db_connection` defined type. ##### `database_host` Data type: `Any` Database host address Default value: ``undef`` ##### `database_name` Data type: `Any` Specifies the name of the database you wish to test. Default value: ``undef`` ##### `database_password` Data type: `Any` Specifies the password to connect with. Default value: ``undef`` ##### `database_username` Data type: `Any` Specifies the username to connect with. Default value: ``undef`` ##### `database_port` Data type: `Any` Defines the port to use when connecting. Default value: ``undef`` ##### `connect_settings` Data type: `Any` Specifies a hash of environment variables used when connecting to a remote server. Default value: ``undef`` ##### `run_as` Data type: `Any` Specifies the user to run the psql command as. Default value: ``undef`` ##### `sleep` Data type: `Any` Sets the number of seconds to sleep for before trying again after a failure. Default value: `2` ##### `tries` Data type: `Any` Sets the number of attempts after failure before giving up and failing the resource. Default value: `10` ##### `create_db_first` Data type: `Any` Creates the database when obtaining a successful connection. Default value: ``true`` ## Resource types ### `postgresql_conf` This type allows puppet to manage postgresql.conf parameters. #### Properties The following properties are available in the `postgresql_conf` type. ##### `ensure` Valid values: `present`, `absent` The basic property that the resource should be in. Default value: `present` ##### `target` The path to postgresql.conf ##### `value` The value to set for this parameter. #### Parameters The following parameters are available in the `postgresql_conf` type. ##### `name` Valid values: `%r{^[\w\.]+$}` namevar The postgresql parameter name to manage. ##### `provider` The specific backend to use for this `postgresql_conf` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform. ### `postgresql_conn_validator` Verify that a connection can be successfully established between a node and the PostgreSQL server. Its primary use is as a precondition to prevent configuration changes from being applied if the PostgreSQL server cannot be reached, but it could potentially be used for other purposes such as monitoring. #### Properties The following properties are available in the `postgresql_conn_validator` type. ##### `ensure` Valid values: `present`, `absent` Ensure connection validation Default value: `present` #### Parameters The following parameters are available in the `postgresql_conn_validator` type. ##### `command` Command to run against target database. Default value: `SELECT 1` ##### `connect_settings` Hash of environment variables for connection to a db. ##### `db_name` The name of the database you are trying to validate a connection with. ##### `db_password` The password required to access the target PostgreSQL database. ##### `db_username` A user that has access to the target PostgreSQL database. ##### `host` The DNS name or IP address of the server where PostgreSQL should be running. ##### `name` namevar An arbitrary name used as the identity of the resource. ##### `port` The port that the PostgreSQL server should be listening on. ##### `provider` The specific backend to use for this `postgresql_conn_validator` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform. ##### `psql_path` Path to the psql command. ##### `run_as` System user that will run the psql command. ##### `sleep` The length of sleep time between connection tries. Default value: `2` ##### `tries` The number of tries to validate the connection to the target PostgreSQL database. Default value: `10` ### `postgresql_psql` An arbitrary tag for your own reference; the name of the message. #### Properties The following properties are available in the `postgresql_psql` type. ##### `command` The SQL command to execute via psql. #### Parameters The following parameters are available in the `postgresql_psql` type. ##### `connect_settings` Connection settings that will be used when connecting to postgres ##### `cwd` The working directory under which the psql command should be executed. Default value: `/tmp` ##### `db` The name of the database to execute the SQL command against, this overrides any PGDATABASE value in connect_settings ##### `environment` Any additional environment variables you want to set for a SQL command. Multiple environment variables should be specified as an array. ##### `name` namevar An arbitrary tag for your own reference; the name of the message. ##### `onlyif` An optional SQL command to execute prior to the main :command; this is generally intended to be used for idempotency, to check for the existence of an object in the database to determine whether or not the main SQL command needs to be executed at all. ##### `port` The port of the database server to execute the SQL command against, this overrides any PGPORT value in connect_settings. ##### `provider` The specific backend to use for this `postgresql_psql` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform. ##### `psql_group` The system user group account under which the psql command should be executed. Default value: `postgres` ##### `psql_path` The path to psql executable. Default value: `psql` ##### `psql_user` The system user account under which the psql command should be executed. Default value: `postgres` ##### `refreshonly` Valid values: ``true``, ``false`` If 'true', then the SQL will only be executed via a notify/subscribe event. Default value: ``false`` ##### `search_path` The schema search path to use when executing the SQL command ##### `unless` An optional SQL command to execute prior to the main :command; this is generally intended to be used for idempotency, to check for the existence of an object in the database to determine whether or not the main SQL command needs to be executed at all.' ### `postgresql_replication_slot` This type allows to create and destroy replication slots to register warm standby replication on a Postgresql master server. #### Properties The following properties are available in the `postgresql_replication_slot` type. ##### `ensure` Valid values: `present`, `absent` The basic property that the resource should be in. Default value: `present` #### Parameters The following parameters are available in the `postgresql_replication_slot` type. ##### `name` Valid values: `%r{^[a-z0-9_]+$}` namevar The name of the slot to create. Must be a valid replication slot name. ##### `provider` The specific backend to use for this `postgresql_replication_slot` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform. ## Functions ### `postgresql::default` Type: Puppet Language This function pull default values from the `params` class or `globals` class if the value is not present in `params`. #### Examples ##### ```puppet postgresql::default('variable') ``` #### `postgresql::default(String $parameter_name)` The postgresql::default function. Returns: `Any` ##### Examples ###### ```puppet postgresql::default('variable') ``` ##### `parameter_name` Data type: `String` ### `postgresql::postgresql_escape` Type: Ruby 4.x API This function escapes a string using [Dollar Quoting](https://www.postgresql.org/docs/12/sql-syntax-lexical.html#SQL-SYNTAX-DOLLAR-QUOTING) using a randomly generated tag if required. #### `postgresql::postgresql_escape(String[1] $input_string)` The postgresql::postgresql_escape function. Returns: `String` A `Dollar Quoted` string ##### `input_string` Data type: `String[1]` The unescaped string you want to escape using `dollar quoting` ### `postgresql::postgresql_password` Type: Ruby 4.x API This function returns the postgresql password hash from the clear text username / password #### `postgresql::postgresql_password(Variant[String[1],Integer] $username, Variant[String[1],Integer] $password)` The postgresql::postgresql_password function. Returns: `String` The postgresql password hash from the clear text username / password. ##### `username` Data type: `Variant[String[1],Integer]` The clear text `username` ##### `password` Data type: `Variant[String[1],Integer]` The clear text `password` ### `postgresql_escape` Type: Ruby 4.x API DEPRECATED. Use the namespaced function [`postgresql::postgresql_escape`](#postgresqlpostgresql_escape) instead. #### `postgresql_escape(Any *$args)` The postgresql_escape function. Returns: `Any` ##### `*args` Data type: `Any` ### `postgresql_password` Type: Ruby 4.x API DEPRECATED. Use the namespaced function [`postgresql::postgresql_password`](#postgresqlpostgresql_password) instead. #### `postgresql_password(Any *$args)` The postgresql_password function. Returns: `Any` ##### `*args` Data type: `Any` ## Tasks ### `sql` Allows you to execute arbitary SQL **Supports noop?** false #### Parameters ##### `database` Data type: `Optional[String[1]]` Database to connect to ##### `host` Data type: `Optional[String[1]]` Hostname to connect to ##### `password` Data type: `Optional[String[1]]` The password ##### `port` Data type: `Optional[String[1]]` The port ##### `sql` Data type: `String[1]` The SQL you want to execute ##### `user` Data type: `Optional[String[1]]` The user puppetlabs-postgresql-6.7.0/files0040755000076700000240000000000013722221531014111 5ustar00puppetlabs-postgresql-6.7.0/files/RPM-GPG-KEY-PGDG0100644000076700000240000000327613627456423016354 0ustar00-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.7 (GNU/Linux) mQGiBEeD8koRBACC1VBRsUwGr9gxFFRho9kZpdRUjBJoPhkeOTvp9LzkdAQMFngr BFi6N0ov1kCX7LLwBmDG+JPR7N+XcH9YR1coSHpLVg+JNy2kFDd4zAyWxJafjZ3a 9zFg9Yx+0va1BJ2t4zVcmKS4aOfbgQ5KwIOWUujalQW5Y+Fw39Gn86qjbwCg5dIo tkM0l19h2sx50D027pV5aPsD/2c9pfcFTbMhB0CcKS836GH1qY+NCAdUwPs646ee Ex/k9Uy4qMwhl3HuCGGGa+N6Plyon7V0TzZuRGp/1742dE8IO+I/KLy2L1d1Fxrn XOTBZd8qe6nBwh12OMcKrsPBVBxn+iSkaG3ULsgOtx+HHLfa1/p22L5+GzGdxizr peBuA/90cCp+lYcEwdYaRoFVR501yDOTmmzBc1DrsyWP79QMEGzMqa393G0VnqXt L4pGmunq66Agw2EhPcIt3pDYiCmEt/obdVtSJH6BtmSDB/zYhbE8u3vLP3jfFDa9 KXxgtYj0NvuUVoRmxSKm8jtfmj1L7zoKNz3jl+Ba3L0WxIv4+bRBUG9zdGdyZVNR TCBSUE0gQnVpbGRpbmcgUHJvamVjdCA8cGdzcWxycG1zLWhhY2tlcnNAcGdmb3Vu ZHJ5Lm9yZz6IYAQTEQIAIAUCR4PySgIbIwYLCQgHAwIEFQIIAwQWAgMBAh4BAheA AAoJEB8W0uFELfD4jnkAoMqd6ZwwsgYHZ3hP9vt+DJt1uDW7AKDbRwP8ESKFhwdJ 8m91RPBeJW/tMLkCDQRHg/JKEAgA64+ZXgcERPYfZYo4p+yMTJAAa9aqnE3U4Ni6 ZMB57GPuEy8NfbNya+HiftO8hoozmJdcI6XFyRBCDUVCdZ8SE+PJdOx2FFqZVIu6 dKnr8ykhgLpNNEFDG3boK9UfLj/5lYQ3Y550Iym1QKOgyrJYeAp6sZ+Nx2PavsP3 nMFCSD67BqAbcLCVQN7a2dAUXfEbfXJjPHXTbo1/kxtzE+KCRTLdXEbSEe3nHO04 K/EgTBjeBUOxnciH5RylJ2oGy/v4xr9ed7R1jJtshsDKMdWApwoLlCBJ63jg/4T/ z/OtXmu4AvmWaJxaTl7fPf2GqSqqb6jLCrQAH7AIhXr9V0zPZwADBQgAlpptNQHl u7euIdIujFwwcxyQGfee6BG+3zaNSEHMVQMuc6bxuvYmgM9r7aki/b0YMfjJBk8v OJ3Eh1vDH/woJi2iJ13vQ21ot+1JP3fMd6NPR8/qEeDnmVXu7QAtlkmSKI9Rdnjz FFSUJrQPHnKsH4V4uvAM+njwYD+VFiwlBPTKNeL8cdBb4tPN2cdVJzoAp57wkZAN VA2tKxNsTJKBi8wukaLWX8+yPHiWCNWItvyB4WCEp/rZKG4A868NM5sZQMAabpLd l4fTiGu68OYgK9qUPZvhEAL2C1jPDVHPkLm+ZsD+90Pe66w9vB00cxXuHLzm8Pad GaCXCY8h3xi6VIhJBBgRAgAJBQJHg/JKAhsMAAoJEB8W0uFELfD4K4cAoJ4yug8y 1U0cZEiF5W25HDzMTtaDAKCaM1m3Cbd+AZ0NGWNg/VvIX9MsPA== =au6K -----END PGP PUBLIC KEY BLOCK----- puppetlabs-postgresql-6.7.0/files/validate_postgresql_connection.sh0100644000076700000240000000054513627456423023036 0ustar00#!/bin/sh # usage is: validate_db_connection 2 50 psql SLEEP=$1 TRIES=$2 PSQL=$3 STATE=1 c=1 while [ $c -le $TRIES ] do echo $c if [ $c -gt 1 ] then echo 'sleeping' sleep $SLEEP fi /bin/echo "SELECT 1" | $PSQL STATE=$? if [ $STATE -eq 0 ] then exit 0 fi c=$((c+1)) done echo 'Unable to connect to postgresql' exit 1 puppetlabs-postgresql-6.7.0/functions0040755000076700000240000000000013722221531015017 5ustar00puppetlabs-postgresql-6.7.0/functions/default.pp0100644000076700000240000000072013627456566017105 0ustar00# @summary This function pull default values from the `params` class or `globals` class if the value is not present in `params`. # # @example # postgresql::default('variable') # function postgresql::default( String $parameter_name ){ include postgresql::params #search for the variable name in params first #then fall back to globals if not found pick( getvar("postgresql::params::${parameter_name}"), "postgresql::globals::${parameter_name}") } puppetlabs-postgresql-6.7.0/lib0040755000076700000240000000000013722221531013555 5ustar00puppetlabs-postgresql-6.7.0/lib/puppet0040755000076700000240000000000013722221531015072 5ustar00puppetlabs-postgresql-6.7.0/lib/puppet/functions0040755000076700000240000000000013722221531017102 5ustar00puppetlabs-postgresql-6.7.0/lib/puppet/functions/postgresql0040755000076700000240000000000013722221531021305 5ustar00puppetlabs-postgresql-6.7.0/lib/puppet/functions/postgresql/postgresql_acls_to_resources_hash.rb0100644000076700000240000000363513674331764030741 0ustar00# @summary This internal function translates the ipv(4|6)acls format into a resource suitable for create_resources. # @api private Puppet::Functions.create_function(:'postgresql::postgresql_acls_to_resources_hash') do # @param acls # An array of strings that are pg_hba.conf rules. # @param id # An identifier that will be included in the namevar to provide uniqueness. # @param offset # An order offset, so you can start the order at an arbitrary starting point. # # @return [Hash] # A hash that can be fed into create_resources to create multiple individual pg_hba_rule resources. dispatch :default_impl do param 'Array[String]', :acls param 'String[1]', :id param 'Integer[0]', :offset end def default_impl(acls, id, offset) resources = {} acls.each do |acl| index = acls.index(acl) parts = acl.split unless parts.length >= 4 raise(Puppet::ParseError, "postgresql::postgresql_acls_to_resources_hash(): acl line #{index} does not " \ 'have enough parts') end resource = { 'type' => parts[0], 'database' => parts[1], 'user' => parts[2], 'order' => '%03d' % (offset + index), } if parts[0] == 'local' resource['auth_method'] = parts[3] if parts.length > 4 resource['auth_option'] = parts.last(parts.length - 4).join(' ') end elsif parts[4] =~ %r{^\d} resource['address'] = parts[3] + ' ' + parts[4] resource['auth_method'] = parts[5] resource['auth_option'] = parts.last(parts.length - 6).join(' ') if parts.length > 6 else resource['address'] = parts[3] resource['auth_method'] = parts[4] resource['auth_option'] = parts.last(parts.length - 5).join(' ') if parts.length > 5 end resources["postgresql class generated rule #{id} #{index}"] = resource end resources end end puppetlabs-postgresql-6.7.0/lib/puppet/functions/postgresql/postgresql_escape.rb0100644000076700000240000000212213674331764025446 0ustar00require 'digest/md5' # @summary This function escapes a string using [Dollar Quoting](https://www.postgresql.org/docs/12/sql-syntax-lexical.html#SQL-SYNTAX-DOLLAR-QUOTING) using a randomly generated tag if required. Puppet::Functions.create_function(:'postgresql::postgresql_escape') do # @param input_string # The unescaped string you want to escape using `dollar quoting` # # @return [String] # A `Dollar Quoted` string dispatch :default_impl do param 'String[1]', :input_string end def default_impl(input_string) # Where allowed, just return the original string wrapped in `$$` return "$$#{input_string}$$" unless tag_needed?(input_string) # Keep generating possible values for tag until we find one that doesn't appear in the input string tag = Digest::MD5.hexdigest(input_string)[0..5].gsub(%r{\d}, '') until input_string !~ %r{#{tag}} tag = Digest::MD5.hexdigest(tag)[0..5].gsub(%r{\d}, '') end "$#{tag}$#{input_string}$#{tag}$" end def tag_needed?(input_string) input_string =~ %r{\$\$} || input_string.end_with?('$') end end puppetlabs-postgresql-6.7.0/lib/puppet/functions/postgresql/postgresql_password.rb0100644000076700000240000000116513674331764026056 0ustar00# @summary This function returns the postgresql password hash from the clear text username / password Puppet::Functions.create_function(:'postgresql::postgresql_password') do # @param username # The clear text `username` # @param password # The clear text `password` # # @return [String] # The postgresql password hash from the clear text username / password. dispatch :default_impl do param 'Variant[String[1],Integer]', :username param 'Variant[String[1],Integer]', :password end def default_impl(username, password) 'md5' + Digest::MD5.hexdigest(password.to_s + username.to_s) end end puppetlabs-postgresql-6.7.0/lib/puppet/functions/postgresql_escape.rb0100644000076700000240000000074213674331764023251 0ustar00# @summary DEPRECATED. Use the namespaced function [`postgresql::postgresql_escape`](#postgresqlpostgresql_escape) instead. Puppet::Functions.create_function(:postgresql_escape) do dispatch :deprecation_gen do repeated_param 'Any', :args end def deprecation_gen(*args) call_function('deprecation', 'postgresql_escape', 'This method is deprecated, please use postgresql::postgresql_escape instead.') call_function('postgresql::postgresql_escape', *args) end end puppetlabs-postgresql-6.7.0/lib/puppet/functions/postgresql_password.rb0100644000076700000240000000075613674331764023660 0ustar00# @summary DEPRECATED. Use the namespaced function [`postgresql::postgresql_password`](#postgresqlpostgresql_password) instead. Puppet::Functions.create_function(:postgresql_password) do dispatch :deprecation_gen do repeated_param 'Any', :args end def deprecation_gen(*args) call_function('deprecation', 'postgresql_password', 'This method is deprecated, please use postgresql::postgresql_password instead.') call_function('postgresql::postgresql_password', *args) end end puppetlabs-postgresql-6.7.0/lib/puppet/provider0040755000076700000240000000000013722221531016724 5ustar00puppetlabs-postgresql-6.7.0/lib/puppet/provider/postgresql_conf0040755000076700000240000000000013722221531022134 5ustar00puppetlabs-postgresql-6.7.0/lib/puppet/provider/postgresql_conf/parsed.rb0100644000076700000240000000276713627456423024045 0ustar00require 'puppet/provider/parsedfile' Puppet::Type.type(:postgresql_conf).provide( :parsed, parent: Puppet::Provider::ParsedFile, default_target: '/etc/postgresql.conf', filetype: :flat, ) do desc 'Set key/values in postgresql.conf.' text_line :comment, match: %r{^\s*#} text_line :blank, match: %r{^\s*$} record_line :parsed, fields: ['name', 'value', 'comment'], optional: ['comment'], match: %r{^\s*([\w\.]+)\s*=?\s*(.*?)(?:\s*#\s*(.*))?\s*$}, to_line: proc { |h| # simple string and numeric values don't need to be enclosed in quotes val = if h[:value].is_a?(Numeric) h[:value].to_s else h[:value] end dontneedquote = val.match(%r{^(\d+.?\d+|\w+)$}) dontneedequal = h[:name].match(%r{^(include|include_if_exists)$}i) str = h[:name].downcase # normalize case str += dontneedequal ? ' ' : ' = ' str += "'" unless dontneedquote && !dontneedequal str += val str += "'" unless dontneedquote && !dontneedequal str += " # #{h[:comment]}" unless h[:comment].nil? || h[:comment] == :absent str }, post_parse: proc { |h| h[:name].downcase! # normalize case h[:value].gsub!(%r{(^'|'$)}, '') # strip out quotes } end puppetlabs-postgresql-6.7.0/lib/puppet/provider/postgresql_conn_validator0040755000076700000240000000000013722221531024211 5ustar00puppetlabs-postgresql-6.7.0/lib/puppet/provider/postgresql_conn_validator/ruby.rb0100644000076700000240000000305613627456423025615 0ustar00$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', '..', '..')) require 'puppet/util/postgresql_validator' # This file contains a provider for the resource type `postgresql_conn_validator`, # which validates the puppetdb connection by attempting an https connection. Puppet::Type.type(:postgresql_conn_validator).provide(:ruby) do desc "A provider for the resource type `postgresql_conn_validator`, which validates the PostgreSQL connection by attempting a query to the target PostgreSQL server." # Test to see if the resource exists, returns true if it does, false if it # does not. # # Here we simply monopolize the resource API, to execute a test to see if the # database is connectable. When we return a state of `false` it triggers the # create method where we can return an error message. # # @return [bool] did the test succeed? def exists? validator.attempt_connection(resource[:sleep], resource[:tries]) end # This method is called when the exists? method returns false. # # @return [void] def create # If `#create` is called, that means that `#exists?` returned false, which # means that the connection could not be established... so we need to # cause a failure here. raise Puppet::Error, "Unable to connect to PostgreSQL server! (#{resource[:host]}:#{resource[:port]})" end # Returns the existing validator, if one exists otherwise creates a new object # from the class. # # @api private def validator @validator ||= Puppet::Util::PostgresqlValidator.new(resource) end end puppetlabs-postgresql-6.7.0/lib/puppet/provider/postgresql_psql0040755000076700000240000000000013722221531022166 5ustar00puppetlabs-postgresql-6.7.0/lib/puppet/provider/postgresql_psql/ruby.rb0100644000076700000240000000470113627456423023570 0ustar00Puppet::Type.type(:postgresql_psql).provide(:ruby) do desc 'Postgres psql provider' def run_unless_sql_command(sql) # for the 'unless' queries, we wrap the user's query in a 'SELECT COUNT', # which makes it easier to parse and process the output. run_sql_command('SELECT COUNT(*) FROM (' << sql << ') count') end def run_sql_command(sql) if resource[:search_path] sql = "set search_path to #{Array(resource[:search_path]).join(',')}; #{sql}" end command = [resource[:psql_path]] command.push('-d', resource[:db]) if resource[:db] command.push('-p', resource[:port]) if resource[:port] command.push('-t', '-X', '-c', '"' + sql.gsub('"', '\"') + '"') environment = get_environment if resource[:cwd] Dir.chdir resource[:cwd] do run_command(command, resource[:psql_user], resource[:psql_group], environment) end else run_command(command, resource[:psql_user], resource[:psql_group], environment) end end private def get_environment # rubocop:disable Style/AccessorMethodName : Refactor does not work correctly environment = (resource[:connect_settings] || {}).dup envlist = resource[:environment] return environment unless envlist envlist = [envlist] unless envlist.is_a? Array envlist.each do |setting| if setting =~ %r{^(\w+)=((.|\n)+)$} env_name = Regexp.last_match(1) value = Regexp.last_match(2) if environment.include?(env_name) || environment.include?(env_name.to_sym) if env_name == 'NEWPGPASSWD' warning "Overriding environment setting '#{env_name}' with '****'" else warning "Overriding environment setting '#{env_name}' with '#{value}'" end end environment[env_name] = value else warning "Cannot understand environment setting #{setting.inspect}" end end environment end def run_command(command, user, group, environment) command = command.join ' ' output = Puppet::Util::Execution.execute(command, uid: user, gid: group, failonfail: false, combine: true, override_locale: true, custom_environment: environment) [output, $CHILD_STATUS.dup] end end puppetlabs-postgresql-6.7.0/lib/puppet/provider/postgresql_replication_slot0040755000076700000240000000000013722221531024561 5ustar00puppetlabs-postgresql-6.7.0/lib/puppet/provider/postgresql_replication_slot/ruby.rb0100644000076700000240000000342113627456423026161 0ustar00Puppet::Type.type(:postgresql_replication_slot).provide(:ruby) do desc 'For confinement' commands psql: 'psql' def self.instances run_sql_command('SELECT * FROM pg_replication_slots;')[0].split("\n").select { |l| l =~ %r{\|} }.map do |l| name, *_others = l.strip.split(%r{\s+\|\s+}) new(name: name, ensure: :present) end end def self.prefetch(resources) instances.each do |i| slot = resources[i.name] if slot slot.provider = i end end end def exists? @property_hash[:ensure] == :present end def create output = self.class.run_sql_command("SELECT * FROM pg_create_physical_replication_slot('#{resource[:name]}');") raise Puppet::Error, "Failed to create replication slot #{resource[:name]}:\n#{output[0]}" unless output[1].success? @property_hash[:ensure] = :present end def destroy output = self.class.run_sql_command("SELECT pg_drop_replication_slot('#{resource[:name]}');") raise Puppet::Error, "Failed to destroy replication slot #{resource[:name]}:\n#{output[0]}" unless output[1].success? @property_hash[:ensure] = :absent end private def self.run_sql_command(sql) command = ['psql', '-t', '-c', sql] run_command(command, 'postgres', 'postgres') end def self.run_command(command, user, group) output = Puppet::Util::Execution.execute(command, uid: user, gid: group, failonfail: false, combine: true, override_locale: true, custom_environment: {}) [output, $CHILD_STATUS.dup] end end puppetlabs-postgresql-6.7.0/lib/puppet/type0040755000076700000240000000000013722221531016053 5ustar00puppetlabs-postgresql-6.7.0/lib/puppet/type/postgresql_conf.rb0100644000076700000240000000114313627456423021701 0ustar00Puppet::Type.newtype(:postgresql_conf) do @doc = 'This type allows puppet to manage postgresql.conf parameters.' ensurable newparam(:name) do desc 'The postgresql parameter name to manage.' isnamevar newvalues(%r{^[\w\.]+$}) end newproperty(:value) do desc 'The value to set for this parameter.' end newproperty(:target) do desc 'The path to postgresql.conf' defaultto do if @resource.class.defaultprovider.ancestors.include?(Puppet::Provider::ParsedFile) @resource.class.defaultprovider.default_target else nil end end end end puppetlabs-postgresql-6.7.0/lib/puppet/type/postgresql_conn_validator.rb0100644000076700000240000000421713627456423023763 0ustar00Puppet::Type.newtype(:postgresql_conn_validator) do @doc = <<-EOS @summary Verify if a connection can be successfully established Verify that a connection can be successfully established between a node and the PostgreSQL server. Its primary use is as a precondition to prevent configuration changes from being applied if the PostgreSQL server cannot be reached, but it could potentially be used for other purposes such as monitoring. EOS ensurable do desc 'Ensure connection validation' defaultvalues defaultto :present end newparam(:name, namevar: true) do desc 'An arbitrary name used as the identity of the resource.' end newparam(:db_name) do desc 'The name of the database you are trying to validate a connection with.' end newparam(:db_username) do desc 'A user that has access to the target PostgreSQL database.' end newparam(:db_password) do desc 'The password required to access the target PostgreSQL database.' end newparam(:host) do desc 'The DNS name or IP address of the server where PostgreSQL should be running.' end newparam(:port) do desc 'The port that the PostgreSQL server should be listening on.' validate do |value| Integer(value) end munge do |value| Integer(value) end end newparam(:connect_settings) do desc 'Hash of environment variables for connection to a db.' end newparam(:sleep) do desc 'The length of sleep time between connection tries.' validate do |value| Integer(value) end munge do |value| Integer(value) end defaultto 2 end newparam(:tries) do desc 'The number of tries to validate the connection to the target PostgreSQL database.' validate do |value| Integer(value) end munge do |value| Integer(value) end defaultto 10 end newparam(:psql_path) do desc 'Path to the psql command.' end newparam(:run_as) do desc 'System user that will run the psql command.' end newparam(:command) do desc 'Command to run against target database.' defaultto 'SELECT 1' end end puppetlabs-postgresql-6.7.0/lib/puppet/type/postgresql_psql.rb0100644000076700000240000001104413627456423021734 0ustar00Puppet::Type.newtype(:postgresql_psql) do newparam(:name) do desc 'An arbitrary tag for your own reference; the name of the message.' isnamevar end newproperty(:command) do desc 'The SQL command to execute via psql.' defaultto { @resource[:name] } # If needing to run the SQL command, return a fake value that will trigger # a sync, else return the expected SQL command so no sync takes place def retrieve if @resource.should_run_sql :notrun else should end end def sync output, status = provider.run_sql_command(value) raise("Error executing SQL; psql returned #{status}: '#{output}'") unless status == 0 # rubocop:disable Style/NumericPredicate end end newparam(:unless) do desc <<-DOC An optional SQL command to execute prior to the main :command; this is generally intended to be used for idempotency, to check for the existence of an object in the database to determine whether or not the main SQL command needs to be executed at all.' DOC # Return true if a matching row is found def matches(value) output, status = provider.run_unless_sql_command(value) # rubocop:disable Style/NumericPredicate fail("Error evaluating 'unless' clause, returned #{status}: '#{output}'") unless status == 0 # rubocop:disable Style/SignalException # rubocop:enable Style/NumericPredicate result_count = output.strip.to_i debug("Found #{result_count} row(s) executing 'unless' clause") result_count > 0 end end newparam(:onlyif) do desc <<-DOC An optional SQL command to execute prior to the main :command; this is generally intended to be used for idempotency, to check for the existence of an object in the database to determine whether or not the main SQL command needs to be executed at all. DOC # Return true if a matching row is found def matches(value) output, status = provider.run_unless_sql_command(value) status = output.exitcode if status.nil? raise("Error evaluating 'onlyif' clause, returned #{status}: '#{output}'") unless status == 0 # rubocop:disable Style/NumericPredicate result_count = output.strip.to_i debug("Found #{result_count} row(s) executing 'onlyif' clause") result_count > 0 end end newparam(:connect_settings) do desc 'Connection settings that will be used when connecting to postgres' end newparam(:db) do desc 'The name of the database to execute the SQL command against, this overrides any PGDATABASE value in connect_settings' end newparam(:port) do desc 'The port of the database server to execute the SQL command against, this overrides any PGPORT value in connect_settings.' end newparam(:search_path) do desc 'The schema search path to use when executing the SQL command' end newparam(:psql_path) do desc 'The path to psql executable.' defaultto('psql') end newparam(:psql_user) do desc 'The system user account under which the psql command should be executed.' defaultto('postgres') end newparam(:psql_group) do desc 'The system user group account under which the psql command should be executed.' defaultto('postgres') end newparam(:cwd, parent: Puppet::Parameter::Path) do desc 'The working directory under which the psql command should be executed.' defaultto('/tmp') end newparam(:environment) do desc "Any additional environment variables you want to set for a SQL command. Multiple environment variables should be specified as an array." validate do |values| Array(values).each do |value| unless value =~ %r{\w+=} raise ArgumentError, "Invalid environment setting '#{value}'" end end end end newparam(:refreshonly, boolean: true) do desc "If 'true', then the SQL will only be executed via a notify/subscribe event." defaultto(:false) newvalues(:true, :false) end autorequire(:class) { ['Postgresql::Server::Service'] } def should_run_sql(refreshing = false) onlyif_param = @parameters[:onlyif] unless_param = @parameters[:unless] return false if !onlyif_param.nil? && !onlyif_param.value.nil? && !onlyif_param.matches(onlyif_param.value) return false if !unless_param.nil? && !unless_param.value.nil? && unless_param.matches(unless_param.value) return false if !refreshing && @parameters[:refreshonly].value == :true true end def refresh property(:command).sync if should_run_sql(true) end end puppetlabs-postgresql-6.7.0/lib/puppet/type/postgresql_replication_slot.rb0100644000076700000240000000064313627456423024332 0ustar00Puppet::Type.newtype(:postgresql_replication_slot) do @doc = <<-EOS @summary Manages Postgresql replication slots. This type allows to create and destroy replication slots to register warm standby replication on a Postgresql master server. EOS ensurable newparam(:name) do desc 'The name of the slot to create. Must be a valid replication slot name.' isnamevar newvalues %r{^[a-z0-9_]+$} end end puppetlabs-postgresql-6.7.0/lib/puppet/util0040755000076700000240000000000013722221531016047 5ustar00puppetlabs-postgresql-6.7.0/lib/puppet/util/postgresql_validator.rb0100644000076700000240000000357313627456423022746 0ustar00module Puppet::Util # postgresql_validator.rb class PostgresqlValidator attr_reader :resource def initialize(resource) @resource = resource end def build_psql_cmd final_cmd = [] cmd_init = "#{@resource[:psql_path]} --tuples-only --quiet --no-psqlrc" final_cmd.push cmd_init cmd_parts = { host: "--host #{@resource[:host]}", port: "--port #{@resource[:port]}", db_username: "--username #{@resource[:db_username]}", db_name: "--dbname #{@resource[:db_name]}", command: "--command '#{@resource[:command]}'", } cmd_parts.each do |k, v| final_cmd.push v if @resource[k] end final_cmd.join ' ' end def parse_connect_settings c_settings = @resource[:connect_settings] || {} c_settings['PGPASSWORD'] = @resource[:db_password] if @resource[:db_password] c_settings.map { |k, v| "#{k}=#{v}" } end def attempt_connection(sleep_length, tries) (0..tries - 1).each do |_try| Puppet.debug "PostgresqlValidator.attempt_connection: Attempting connection to #{@resource[:db_name]}" Puppet.debug "PostgresqlValidator.attempt_connection: #{build_validate_cmd}" result = execute_command if result && !result.empty? Puppet.debug "PostgresqlValidator.attempt_connection: Connection to #{@resource[:db_name] || parse_connect_settings.select { |elem| elem.match %r{PGDATABASE} }} successful!" return true else Puppet.warning "PostgresqlValidator.attempt_connection: Sleeping for #{sleep_length} seconds" sleep sleep_length end end false end private def execute_command Execution.execute(build_validate_cmd, uid: @resource[:run_as]) end def build_validate_cmd "#{parse_connect_settings.join(' ')} #{build_psql_cmd} " end end end puppetlabs-postgresql-6.7.0/locales0040755000076700000240000000000013722221531014431 5ustar00puppetlabs-postgresql-6.7.0/locales/config.yaml0100644000076700000240000000205413627456423016655 0ustar00--- # This is the project-specific configuration file for setting up # fast_gettext for your project. gettext: # This is used for the name of the .pot and .po files; they will be # called .pot? project_name: puppetlabs-postgresql # This is used in comments in the .pot and .po files to indicate what # project the files belong to and should bea little more desctiptive than # package_name: puppetlabs-postgresql # The locale that the default messages in the .pot file are in default_locale: en # The email used for sending bug reports. bugs_address: docs@puppet.com # The holder of the copyright. copyright_holder: Puppet, Inc. # This determines which comments in code should be eligible for translation. # Any comments that start with this string will be externalized. (Leave # empty to include all.) comments_tag: TRANSLATOR # Patterns for +Dir.glob+ used to find all files that might contain # translatable content, relative to the project root directory source_files: - './lib/**/*.rb' puppetlabs-postgresql-6.7.0/locales/ja0040755000076700000240000000000013722221531015023 5ustar00puppetlabs-postgresql-6.7.0/locales/ja/puppetlabs-postgresql.po0100644000076700000240000000132713627456423022040 0ustar00# #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2017-03-21 14:19+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: Eriko Kashiwagi , 2017\n" "Language-Team: Japanese (Japan) (https://www.transifex.com/puppet/teams/29089/ja_JP/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Language: ja_JP\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: Translate Toolkit 2.0.0\n" #. metadata.json #: .summary msgid "Offers support for basic management of PostgreSQL databases." msgstr "PostgreSQLデータベースの基本的な管理を支援します。" puppetlabs-postgresql-6.7.0/locales/puppetlabs-postgresql.pot0100644000076700000240000000101313627456423021622 0ustar00#, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2017-03-21 14:19+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Translate Toolkit 2.0.0\n" #. metadata.json #: .summary msgid "Offers support for basic management of PostgreSQL databases." msgstr "" puppetlabs-postgresql-6.7.0/manifests0040755000076700000240000000000013722221531015000 5ustar00puppetlabs-postgresql-6.7.0/manifests/client.pp0100644000076700000240000000242213627456423016711 0ustar00# @summary Installs PostgreSQL client software. Set the following parameters if you have a custom version you would like to install. # # @note # Make sure to add any necessary yum or apt repositories if specifying a custom version. # # @param file_ensure # Ensure the connection validation script is present # @param validcon_script_path # Optional. Absolute path for the postgresql connection validation script. # @param package_name # Sets the name of the PostgreSQL client package. # @param package_ensure # Ensure the client package is installed class postgresql::client ( Enum['file', 'absent'] $file_ensure = 'file', Stdlib::Absolutepath $validcon_script_path = $postgresql::params::validcon_script_path, String[1] $package_name = $postgresql::params::client_package_name, String[1] $package_ensure = 'present' ) inherits postgresql::params { if $package_name != 'UNSET' { package { 'postgresql-client': ensure => $package_ensure, name => $package_name, tag => 'puppetlabs-postgresql', } } file { $validcon_script_path: ensure => $file_ensure, source => 'puppet:///modules/postgresql/validate_postgresql_connection.sh', owner => 0, group => 0, mode => '0755', } } puppetlabs-postgresql-6.7.0/manifests/globals.pp0100644000076700000240000002533713674331764017072 0ustar00# @summary Class for setting cross-class global overrides. # # @note # Most server-specific defaults should be overridden in the postgresql::server class. # This class should be used only if you are using a non-standard OS, or if you are changing elements that can only be changed here, such as version or manage_package_repo. # # # @param client_package_name Overrides the default PostgreSQL client package name. # @param server_package_name Overrides the default PostgreSQL server package name. # @param contrib_package_name Overrides the default PostgreSQL contrib package name. # @param devel_package_name Overrides the default PostgreSQL devel package name. # @param java_package_name Overrides the default PostgreSQL java package name. # @param docs_package_name Overrides the default PostgreSQL docs package name. # @param perl_package_name Overrides the default PostgreSQL Perl package name. # @param plperl_package_name Overrides the default PostgreSQL PL/Perl package name. # @param plpython_package_name Overrides the default PostgreSQL PL/Python package name. # @param python_package_name Overrides the default PostgreSQL Python package name. # @param postgis_package_name Overrides the default PostgreSQL PostGIS package name. # # @param service_name Overrides the default PostgreSQL service name. # @param service_provider Overrides the default PostgreSQL service provider. # @param service_status Overrides the default status check command for your PostgreSQL service. # @param default_database Specifies the name of the default database to connect with. # # @param validcon_script_path Scipt path for the connection validation check. # # @param initdb_path Path to the initdb command. # @param createdb_path Deprecated. Path to the createdb command. # @param psql_path Sets the path to the psql command. # @param pg_hba_conf_path Specifies the path to your pg_hba.conf file. # @param pg_ident_conf_path Specifies the path to your pg_ident.conf file. # @param postgresql_conf_path Sets the path to your postgresql.conf file. # @param recovery_conf_path Path to your recovery.conf file. # @param default_connect_settings Default connection settings. # # @param pg_hba_conf_defaults Disables the defaults supplied with the module for pg_hba.conf if set to false. # # @param datadir # Overrides the default PostgreSQL data directory for the target platform. # Changing the datadir after installation causes the server to come to a full stop before making the change. # For Red Hat systems, the data directory must be labeled appropriately for SELinux. # On Ubuntu, you must explicitly set needs_initdb = true to allow Puppet to initialize the database in the new datadir (needs_initdb defaults to true on other systems). # Warning! If datadir is changed from the default, Puppet does not manage purging of the original data directory, which causes it to fail if the data directory is changed back to the original # # @param confdir Overrides the default PostgreSQL configuration directory for the target platform. # @param bindir Overrides the default PostgreSQL binaries directory for the target platform. # @param xlogdir Overrides the default PostgreSQL xlog directory. # @param logdir Overrides the default PostgreSQL log directory. # @param log_line_prefix Overrides the default PostgreSQL log prefix. # # @param user Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. # @param group Overrides the default postgres user group to be used for related files in the file system. # # @param version The version of PostgreSQL to install and manage. # @param postgis_version Defines the version of PostGIS to install, if you install PostGIS. # @param repo_proxy Sets the proxy option for the official PostgreSQL yum-repositories only. # # @param repo_baseurl Sets the baseurl for the PostgreSQL repository. Useful if you host your own mirror of the repository. # # @param needs_initdb Explicitly calls the initdb operation after the server package is installed and before the PostgreSQL service is started. # # @param encoding # Sets the default encoding for all databases created with this module. # On certain operating systems, this is also used during the template1 initialization, so it becomes a default outside of the module as well. # @param locale # Sets the default database locale for all databases created with this module. # On certain operating systems, this is also used during the template1 initialization, so it becomes a default outside of the module as well. # On Debian, you'll need to ensure that the 'locales-all' package is installed for full functionality of PostgreSQL. # @param data_checksums # Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. # Warning: This option is used during initialization by initdb, and cannot be changed later. # # @param timezone Sets the default timezone of the postgresql server. The postgresql built-in default is taking the systems timezone information. # # @param manage_pg_hba_conf Allow Puppet to manage the pg_hba.conf file. # @param manage_pg_ident_conf Allow Puppet to manage the pg_ident.conf file. # @param manage_recovery_conf Allow Puppet to manage the recovery.conf file. # # @param manage_datadir Set to false if you have file{ $datadir: } already defined # @param manage_logdir Set to false if you have file{ $logdir: } already defined # @param manage_xlogdir Set to false if you have file{ $xlogdir: } already defined # # @param manage_package_repo Sets up official PostgreSQL repositories on your host if set to true. # @param module_workdir Specifies working directory under which the psql command should be executed. May need to specify if '/tmp' is on volume mounted with noexec option. # # class postgresql::globals ( $client_package_name = undef, $server_package_name = undef, $contrib_package_name = undef, $devel_package_name = undef, $java_package_name = undef, $docs_package_name = undef, $perl_package_name = undef, $plperl_package_name = undef, $plpython_package_name = undef, $python_package_name = undef, $postgis_package_name = undef, $service_name = undef, $service_provider = undef, $service_status = undef, $default_database = undef, $validcon_script_path = undef, $initdb_path = undef, $createdb_path = undef, $psql_path = undef, $pg_hba_conf_path = undef, $pg_ident_conf_path = undef, $postgresql_conf_path = undef, $recovery_conf_path = undef, $default_connect_settings = {}, $pg_hba_conf_defaults = undef, $datadir = undef, $confdir = undef, $bindir = undef, $xlogdir = undef, $logdir = undef, $log_line_prefix = undef, $manage_datadir = undef, $manage_logdir = undef, $manage_xlogdir = undef, $user = undef, $group = undef, $version = undef, $postgis_version = undef, $repo_proxy = undef, $repo_baseurl = undef, $needs_initdb = undef, $encoding = undef, $locale = undef, $data_checksums = undef, $timezone = undef, $manage_pg_hba_conf = undef, $manage_pg_ident_conf = undef, $manage_recovery_conf = undef, $manage_selinux = undef, $manage_package_repo = undef, $module_workdir = undef, ) { # We are determining this here, because it is needed by the package repo # class. $default_version = $::osfamily ? { /^(RedHat|Linux)/ => $::operatingsystem ? { 'Fedora' => $::operatingsystemrelease ? { /^(32)$/ => '12', /^(31)$/ => '11.6', /^(30)$/ => '11.2', /^(29)$/ => '10.6', /^(28)$/ => '10.4', /^(26|27)$/ => '9.6', /^(24|25)$/ => '9.5', /^(22|23)$/ => '9.4', /^(21)$/ => '9.3', /^(18|19|20)$/ => '9.2', /^(17)$/ => '9.1', default => undef, }, 'Amazon' => '9.2', default => $::operatingsystemrelease ? { /^8\./ => '10', /^7\./ => '9.2', /^6\./ => '8.4', /^5\./ => '8.1', default => undef, }, }, 'Debian' => $::operatingsystem ? { 'Debian' => $::operatingsystemrelease ? { /^(squeeze|6\.)/ => '8.4', /^(wheezy|7\.)/ => '9.1', /^(jessie|8\.)/ => '9.4', /^(stretch|9\.)/ => '9.6', /^(buster|10\.)/ => '11', default => undef, }, 'Ubuntu' => $::operatingsystemrelease ? { /^(10.04|10.10|11.04)$/ => '8.4', /^(11.10|12.04|12.10|13.04|13.10)$/ => '9.1', /^(14.04)$/ => '9.3', /^(14.10|15.04|15.10)$/ => '9.4', /^(16.04|16.10)$/ => '9.5', /^(17.04|17.10)$/ => '9.6', /^(18.04)$/ => '10', /^(20.04)$/ => '12', default => undef, }, default => undef, }, 'Archlinux' => $::operatingsystem ? { /Archlinux/ => '9.2', default => '9.2', }, 'Gentoo' => '9.5', 'FreeBSD' => '93', 'OpenBSD' => $::operatingsystemrelease ? { /5\.6/ => '9.3', /5\.[7-9]/ => '9.4', /6\.[0-9]/ => '9.5', }, 'Suse' => $::operatingsystem ? { 'SLES' => $::operatingsystemrelease ? { /11\.[0-3]/ => '91', /11\.4/ => '94', /12\.0/ => '93', /12\.[1-3]/ => '94', /12\.[4-5]/ => '10', /15\.0/ => '10', default => '96', }, 'OpenSuSE' => $::operatingsystemrelease ? { /42\.[1-2]/ => '94', default => '96', }, default => undef, }, default => undef, } $globals_version = pick($version, $default_version, 'unknown') if($globals_version == 'unknown') { fail('No preferred version defined or automatically detected.') } $default_postgis_version = $globals_version ? { '8.1' => '1.3.6', '8.4' => '2.0', '9.0' => '2.1', '9.1' => '2.1', '91' => '2.1', '9.2' => '2.3', '9.3' => '2.3', '93' => '2.3', '9.4' => '2.3', '9.5' => '2.3', '9.6' => '2.3', '10' => '2.4', '11' => '3.0', '12' => '3.0', default => undef, } $globals_postgis_version = $postgis_version ? { undef => $default_postgis_version, default => $postgis_version, } # Setup of the repo only makes sense globally, so we are doing this here. if($manage_package_repo) { class { 'postgresql::repo': version => $globals_version, proxy => $repo_proxy, baseurl => $repo_baseurl, } } } puppetlabs-postgresql-6.7.0/manifests/lib0040755000076700000240000000000013722221531015546 5ustar00puppetlabs-postgresql-6.7.0/manifests/lib/devel.pp0100644000076700000240000000233013627456423017276 0ustar00# @summary This class installs postgresql development libraries. # # @param package_name # Override devel package name # @param package_ensure # Ensure the development libraries are installed # @param link_pg_config # If the bin directory used by the PostgreSQL page is not /usr/bin or /usr/local/bin, symlinks pg_config from the package's bin dir into usr/bin (not applicable to Debian systems). Set to false to disable this behavior. # # class postgresql::lib::devel( String $package_name = $postgresql::params::devel_package_name, String[1] $package_ensure = 'present', Boolean $link_pg_config = $postgresql::params::link_pg_config ) inherits postgresql::params { if $::osfamily == 'Gentoo' { fail('osfamily Gentoo does not have a separate "devel" package, postgresql::lib::devel is not supported') } package { 'postgresql-devel': ensure => $package_ensure, name => $package_name, tag => 'puppetlabs-postgresql', } if $link_pg_config { if ( $postgresql::params::bindir != '/usr/bin' and $postgresql::params::bindir != '/usr/local/bin') { file { '/usr/bin/pg_config': ensure => link, target => "${postgresql::params::bindir}/pg_config", } } } } puppetlabs-postgresql-6.7.0/manifests/lib/docs.pp0100644000076700000240000000133413627456423017132 0ustar00# @summary Installs PostgreSQL bindings for Postgres-Docs. Set the following parameters if you have a custom version you would like to install. # # @note # Make sure to add any necessary yum or apt repositories if specifying a custom version. # # @param package_name # Specifies the name of the PostgreSQL docs package. # @param package_ensure # Whether the PostgreSQL docs package resource should be present. # # class postgresql::lib::docs ( String $package_name = $postgresql::params::docs_package_name, String[1] $package_ensure = 'present', ) inherits postgresql::params { package { 'postgresql-docs': ensure => $package_ensure, name => $package_name, tag => 'puppetlabs-postgresql', } } puppetlabs-postgresql-6.7.0/manifests/lib/java.pp0100644000076700000240000000115613627456423017125 0ustar00# @summary This class installs the postgresql jdbc connector. # # @note # Make sure to add any necessary yum or apt repositories if specifying a custom version. # # @param package_name # Specifies the name of the PostgreSQL java package. # @param package_ensure # Specifies whether the package is present. # class postgresql::lib::java ( String $package_name = $postgresql::params::java_package_name, String[1] $package_ensure = 'present' ) inherits postgresql::params { package { 'postgresql-jdbc': ensure => $package_ensure, name => $package_name, tag => 'puppetlabs-postgresql', } } puppetlabs-postgresql-6.7.0/manifests/lib/perl.pp0100644000076700000240000000103113627456423017136 0ustar00# @summary This class installs the perl libs for postgresql. # # @param package_name # Specifies the name of the PostgreSQL perl package to install. # @param package_ensure # Ensure the perl libs for postgresql are installed. # class postgresql::lib::perl( String $package_name = $postgresql::params::perl_package_name, String[1] $package_ensure = 'present' ) inherits postgresql::params { package { 'perl-DBD-Pg': ensure => $package_ensure, name => $package_name, tag => 'puppetlabs-postgresql', } } puppetlabs-postgresql-6.7.0/manifests/lib/python.pp0100644000076700000240000000102013627456423017513 0ustar00# @summary This class installs the python libs for postgresql. # # @param package_name # The name of the PostgreSQL Python package. # @param package_ensure # Ensure the python libs for postgresql are installed. # class postgresql::lib::python( String[1] $package_name = $postgresql::params::python_package_name, String[1] $package_ensure = 'present' ) inherits postgresql::params { package { 'python-psycopg2': ensure => $package_ensure, name => $package_name, tag => 'puppetlabs-postgresql', } } puppetlabs-postgresql-6.7.0/manifests/params.pp0100644000076700000240000004433513674331764016731 0ustar00# @api private class postgresql::params inherits postgresql::globals { $version = $postgresql::globals::globals_version $postgis_version = $postgresql::globals::globals_postgis_version $listen_addresses = undef $port = 5432 $log_line_prefix = undef $ip_mask_deny_postgres_user = '0.0.0.0/0' $ip_mask_allow_all_users = '127.0.0.1/32' $ipv4acls = [] $ipv6acls = [] $encoding = $postgresql::globals::encoding $locale = $postgresql::globals::locale $data_checksums = $postgresql::globals::data_checksums $timezone = $postgresql::globals::timezone $service_ensure = 'running' $service_enable = true $service_manage = true $service_restart_on_change = true $service_provider = $postgresql::globals::service_provider $manage_pg_hba_conf = pick($manage_pg_hba_conf, true) $manage_pg_ident_conf = pick($manage_pg_ident_conf, true) $manage_recovery_conf = pick($manage_recovery_conf, false) $manage_selinux = pick($manage_selinux, false) $package_ensure = 'present' $module_workdir = pick($module_workdir,'/tmp') $password_encryption = undef $extra_systemd_config = '' $manage_datadir = true $manage_logdir = true $manage_xlogdir = true # Amazon Linux's OS Family is 'Linux', operating system 'Amazon'. case $::osfamily { 'RedHat', 'Linux': { $link_pg_config = true $user = pick($user, 'postgres') $group = pick($group, 'postgres') $needs_initdb = pick($needs_initdb, true) $version_parts = split($version, '[.]') $package_version = "${version_parts[0]}${version_parts[1]}" if $version == $postgresql::globals::default_version and $::operatingsystem != 'Amazon' { $client_package_name = pick($client_package_name, 'postgresql') $server_package_name = pick($server_package_name, 'postgresql-server') $contrib_package_name = pick($contrib_package_name,'postgresql-contrib') $devel_package_name = pick($devel_package_name, 'postgresql-devel') $java_package_name = pick($java_package_name, 'postgresql-jdbc') $docs_package_name = pick($docs_package_name, 'postgresql-docs') $plperl_package_name = pick($plperl_package_name, 'postgresql-plperl') $plpython_package_name = pick($plpython_package_name, 'postgresql-plpython') $service_name = pick($service_name, 'postgresql') $bindir = pick($bindir, '/usr/bin') $datadir = $::operatingsystem ? { 'Amazon' => pick($datadir, "/var/lib/pgsql${package_version}/data"), default => pick($datadir, '/var/lib/pgsql/data'), } $confdir = pick($confdir, $datadir) } else { $client_package_name = pick($client_package_name, "postgresql${package_version}") $server_package_name = pick($server_package_name, "postgresql${package_version}-server") $contrib_package_name = pick($contrib_package_name,"postgresql${package_version}-contrib") $devel_package_name = pick($devel_package_name, "postgresql${package_version}-devel") $java_package_name = pick($java_package_name, "postgresql${package_version}-jdbc") $docs_package_name = pick($docs_package_name, "postgresql${package_version}-docs") $plperl_package_name = pick($plperl_package_name, "postgresql${package_version}-plperl") $plpython_package_name = pick($plpython_package_name, "postgresql${package_version}-plpython") $service_name = $::operatingsystem ? { 'Amazon' => pick($service_name, "postgresql${version_parts[0]}${version_parts[1]}"), default => pick($service_name, "postgresql-${version}"), } $bindir = $::operatingsystem ? { 'Amazon' => pick($bindir, '/usr/bin'), default => pick($bindir, "/usr/pgsql-${version}/bin"), } $datadir = $::operatingsystem ? { 'Amazon' => pick($datadir, "/var/lib/pgsql${package_version}/data"), default => pick($datadir, "/var/lib/pgsql/${version}/data"), } $confdir = pick($confdir, $datadir) } case $::operatingsystem { 'Amazon': { $service_reload = "service ${service_name} reload" $service_status = "service ${service_name} status" } # RHEL 5 uses SysV init, RHEL 6 uses upstart. RHEL 7 and 8 both use systemd. 'RedHat', 'CentOS', 'Scientific', 'OracleLinux': { if $::operatingsystemrelease =~ /^[78].*/ { $service_reload = "systemctl reload ${service_name}" $service_status = "systemctl status ${service_name}" } else { $service_reload = "service ${service_name} reload" $service_status = "service ${service_name} status" } } # Default will catch Fedora which uses systemd default: { $service_reload = "systemctl reload ${service_name}" $service_status = "systemctl status ${service_name}" } } $psql_path = pick($psql_path, "${bindir}/psql") $perl_package_name = pick($perl_package_name, 'perl-DBD-Pg') $python_package_name = pick($python_package_name, 'python-psycopg2') if $postgresql::globals::postgis_package_name { $postgis_package_name = $postgresql::globals::postgis_package_name } elsif $::operatingsystemrelease =~ /^5\./ { $postgis_package_name = 'postgis' } elsif $postgis_version and versioncmp($postgis_version, '2') < 0 { $postgis_package_name = "postgis${package_version}" } else { $postgis_package_name = "postgis2_${package_version}" } } 'Archlinux': { $link_pg_config = true $needs_initdb = pick($needs_initdb, true) $user = pick($user, 'postgres') $group = pick($group, 'postgres') # Archlinux doesn't have a client-package but has a libs package which # pulls in postgresql server $client_package_name = pick($client_package_name, 'postgresql') $server_package_name = pick($server_package_name, 'postgresql-libs') $java_package_name = pick($java_package_name, 'postgresql-jdbc') # Archlinux doesn't have develop packages $devel_package_name = pick($devel_package_name, 'postgresql-devel') # Archlinux does have postgresql-contrib but it isn't maintained $contrib_package_name = pick($contrib_package_name,'undef') # Archlinux postgresql package provides plperl $plperl_package_name = pick($plperl_package_name, 'undef') $plpython_package_name = pick($plpython_package_name, 'undef') $service_name = pick($service_name, 'postgresql') $bindir = pick($bindir, '/usr/bin') $datadir = pick($datadir, '/var/lib/postgres/data') $confdir = pick($confdir, $datadir) $psql_path = pick($psql_path, "${bindir}/psql") $service_status = $service_status $service_reload = "systemctl reload ${service_name}" $python_package_name = pick($python_package_name, 'python-psycopg2') # Archlinux does not have a perl::DBD::Pg package $perl_package_name = pick($perl_package_name, 'undef') } 'Debian': { $link_pg_config = false $user = pick($user, 'postgres') $group = pick($group, 'postgres') if $postgresql::globals::manage_package_repo == true { $needs_initdb = pick($needs_initdb, true) $service_name = pick($service_name, 'postgresql') } else { $needs_initdb = pick($needs_initdb, false) $service_name = $::operatingsystem ? { 'Debian' => pick($service_name, 'postgresql'), 'Ubuntu' => $::lsbmajdistrelease ? { /^10/ => pick($service_name, "postgresql-${version}"), default => pick($service_name, 'postgresql'), }, default => undef } } $client_package_name = pick($client_package_name, "postgresql-client-${version}") $server_package_name = pick($server_package_name, "postgresql-${version}") $contrib_package_name = pick($contrib_package_name, "postgresql-contrib-${version}") if $postgis_version and versioncmp($postgis_version, '2') < 0 { $postgis_package_name = pick($postgis_package_name, "postgresql-${version}-postgis") } elsif $postgis_version and versioncmp($postgis_version, '3') >= 0 { $postgis_package_name = pick($postgis_package_name, "postgresql-${version}-postgis-3") } else { $postgis_package_name = pick($postgis_package_name, "postgresql-${version}-postgis-${postgis_version}") } $devel_package_name = pick($devel_package_name, 'libpq-dev') $java_package_name = $::operatingsystem ? { 'Debian' => $::operatingsystemrelease ? { /^6/ => pick($java_package_name, 'libpg-java'), default => pick($java_package_name, 'libpostgresql-jdbc-java'), }, default => pick($java_package_name, 'libpostgresql-jdbc-java'), } $perl_package_name = pick($perl_package_name, 'libdbd-pg-perl') $plperl_package_name = pick($plperl_package_name, "postgresql-plperl-${version}") $plpython_package_name = pick($plpython_package_name, "postgresql-plpython-${version}") $python_package_name = pick($python_package_name, 'python-psycopg2') $bindir = pick($bindir, "/usr/lib/postgresql/${version}/bin") $datadir = pick($datadir, "/var/lib/postgresql/${version}/main") $confdir = pick($confdir, "/etc/postgresql/${version}/main") if $::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8.0') >= 0 { # Jessie uses systemd $service_status = pick($service_status, "/usr/sbin/service ${service_name}@*-main status") } elsif $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '15.04') >= 0 { # Ubuntu releases since vivid use systemd $service_status = pick($service_status, "/usr/sbin/service ${service_name} status") } else { $service_status = pick($service_status, "/etc/init.d/${service_name} status | /bin/egrep -q 'Running clusters: .+|online'") } $service_reload = "service ${service_name} reload" $psql_path = pick($psql_path, '/usr/bin/psql') } 'Gentoo': { $user = pick($user, 'postgres') $group = pick($group, 'postgres') $client_package_name = pick($client_package_name, 'UNSET') $server_package_name = pick($server_package_name, 'postgresql') $contrib_package_name = pick_default($contrib_package_name, undef) $devel_package_name = pick_default($devel_package_name, undef) $java_package_name = pick($java_package_name, 'jdbc-postgresql') $perl_package_name = pick($perl_package_name, 'DBD-Pg') $plperl_package_name = undef $python_package_name = pick($python_package_name, 'psycopg') $service_name = pick($service_name, "postgresql-${version}") $bindir = pick($bindir, "/usr/lib/postgresql-${version}/bin") $datadir = pick($datadir, "/var/lib/postgresql/${version}_data") $confdir = pick($confdir, "/etc/postgresql-${version}") $service_status = pick($service_status, "systemctl status ${service_name}") $service_reload = "systemctl reload ${service_name}" $psql_path = pick($psql_path, "${bindir}/psql") $needs_initdb = pick($needs_initdb, true) } 'FreeBSD': { case $version { '94', '95': { $user = pick($user, 'pgsql') $group = pick($group, 'pgsql') $datadir = pick($datadir, '/usr/local/pgsql/data') } default: { $user = pick($user, 'postgres') $group = pick($group, 'postgres') $datadir = pick($datadir, "/var/db/postgres/data${version}") } } $link_pg_config = true $client_package_name = pick($client_package_name, "databases/postgresql${version}-client") $server_package_name = pick($server_package_name, "databases/postgresql${version}-server") $contrib_package_name = pick($contrib_package_name, "databases/postgresql${version}-contrib") $devel_package_name = pick($devel_package_name, 'databases/postgresql-libpqxx3') $java_package_name = pick($java_package_name, 'databases/postgresql-jdbc') $perl_package_name = pick($plperl_package_name, 'databases/p5-DBD-Pg') $plperl_package_name = pick($plperl_package_name, "databases/postgresql${version}-plperl") $python_package_name = pick($python_package_name, 'databases/py-psycopg2') $service_name = pick($service_name, 'postgresql') $bindir = pick($bindir, '/usr/local/bin') $confdir = pick($confdir, $datadir) $service_status = pick($service_status, "/usr/local/etc/rc.d/${service_name} onestatus") $service_reload = "service ${service_name} reload" $psql_path = pick($psql_path, "${bindir}/psql") $needs_initdb = pick($needs_initdb, true) } 'OpenBSD': { $user = pick($user, '_postgresql') $group = pick($group, '_postgresql') $client_package_name = pick($client_package_name, 'postgresql-client') $server_package_name = pick($server_package_name, 'postgresql-server') $contrib_package_name = pick($contrib_package_name, 'postgresql-contrib') $devel_package_name = pick($devel_package_name, 'postgresql-client') $java_package_name = pick($java_package_name, 'postgresql-jdbc') $perl_package_name = pick($perl_package_name, 'databases/p5-DBD-Pg') $plperl_package_name = undef $python_package_name = pick($python_package_name, 'py-psycopg2') $service_name = pick($service_name, 'postgresql') $bindir = pick($bindir, '/usr/local/bin') $datadir = pick($datadir, '/var/postgresql/data') $confdir = pick($confdir, $datadir) $service_status = pick($service_status, "/etc/rc.d/${service_name} check") $service_reload = "/etc/rc.d/${service_name} reload" $psql_path = pick($psql_path, "${bindir}/psql") $needs_initdb = pick($needs_initdb, true) } 'Suse': { $link_pg_config = true $user = pick($user, 'postgres') $group = pick($group, 'postgres') $client_package_name = pick($client_package_name, "postgresql${version}") $server_package_name = pick($server_package_name, "postgresql${version}-server") $contrib_package_name = pick($contrib_package_name, "postgresql${version}-contrib") $devel_package_name = pick($devel_package_name, "postgresql${version}-devel") $java_package_name = pick($java_package_name, "postgresql${version}-jdbc") $perl_package_name = pick($plperl_package_name, 'perl-DBD-Pg') $plperl_package_name = pick($plperl_package_name, "postgresql${version}-plperl") $python_package_name = pick($python_package_name, 'python-psycopg2') $service_name = pick($service_name, 'postgresql') $bindir = pick($bindir, "/usr/lib/postgresql${version}/bin") $datadir = pick($datadir, '/var/lib/pgsql/data') $confdir = pick($confdir, $datadir) if $::operatingsystem == 'SLES' and versioncmp($::operatingsystemrelease, '11.4') <= 0 { $service_status = pick($service_status, "/etc/init.d/${service_name} status") $service_reload = "/etc/init.d/${service_name} reload" } else { $service_status = pick($service_status, "systemctl status ${service_name}") $service_reload = "systemctl reload ${service_name}" } $psql_path = pick($psql_path, "${bindir}/psql") $needs_initdb = pick($needs_initdb, true) } default: { $link_pg_config = true $psql_path = pick($psql_path, "${bindir}/psql") # Since we can't determine defaults on our own, we rely on users setting # parameters with the postgresql::globals class. Here we are checking # that the mandatory minimum is set for the module to operate. $err_prefix = "Module ${module_name} does not provide defaults for osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}; please specify a value for ${module_name}::globals::" if ($needs_initdb == undef) { fail("${err_prefix}needs_initdb") } if ($service_name == undef) { fail("${err_prefix}service_name") } if ($client_package_name == undef) { fail("${err_prefix}client_package_name") } if ($server_package_name == undef) { fail("${err_prefix}server_package_name") } if ($bindir == undef) { fail("${err_prefix}bindir") } if ($datadir == undef) { fail("${err_prefix}datadir") } if ($confdir == undef) { fail("${err_prefix}confdir") } } } if($data_checksums and versioncmp($version, '9.3') < 0) { fail('data_checksums require version 9.3 or greater') } $validcon_script_path = pick($validcon_script_path, '/usr/local/bin/validate_postgresql_connection.sh') $initdb_path = pick($initdb_path, "${bindir}/initdb") $pg_hba_conf_path = pick($pg_hba_conf_path, "${confdir}/pg_hba.conf") $pg_hba_conf_defaults = pick($pg_hba_conf_defaults, true) $pg_ident_conf_path = pick($pg_ident_conf_path, "${confdir}/pg_ident.conf") $postgresql_conf_path = pick($postgresql_conf_path, "${confdir}/postgresql.conf") $recovery_conf_path = pick($recovery_conf_path, "${datadir}/recovery.conf") $default_database = pick($default_database, 'postgres') } puppetlabs-postgresql-6.7.0/manifests/repo0040755000076700000240000000000013722221531015745 5ustar00puppetlabs-postgresql-6.7.0/manifests/repo/apt_postgresql_org.pp0100644000076700000240000000174313627456423022323 0ustar00# @api private class postgresql::repo::apt_postgresql_org inherits postgresql::repo { include ::apt # Here we have tried to replicate the instructions on the PostgreSQL site: # # http://www.postgresql.org/download/linux/debian/ # $default_baseurl = 'https://apt.postgresql.org/pub/repos/apt/' $_baseurl = pick($postgresql::repo::baseurl, $default_baseurl) apt::pin { 'apt_postgresql_org': originator => 'apt.postgresql.org', priority => 500, } -> apt::source { 'apt.postgresql.org': location => $_baseurl, release => "${::lsbdistcodename}-pgdg", repos => "main ${postgresql::repo::version}", key => { id => 'B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8', source => 'https://www.postgresql.org/media/keys/ACCC4CF8.asc', }, include => { src => false, }, } Apt::Source['apt.postgresql.org']->Package<|tag == 'puppetlabs-postgresql'|> Class['Apt::Update'] -> Package<|tag == 'puppetlabs-postgresql'|> } puppetlabs-postgresql-6.7.0/manifests/repo/yum_postgresql_org.pp0100644000076700000240000000231613627456423022346 0ustar00# @api private class postgresql::repo::yum_postgresql_org inherits postgresql::repo { $version_parts = split($postgresql::repo::version, '[.]') $package_version = "${version_parts[0]}${version_parts[1]}" $gpg_key_path = "/etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-${package_version}" file { $gpg_key_path: source => 'puppet:///modules/postgresql/RPM-GPG-KEY-PGDG', owner => 'root', group => 'root', mode => '0644', before => Yumrepo['yum.postgresql.org'] } if($::operatingsystem == 'Fedora') { $label1 = 'fedora' $label2 = $label1 } else { $label1 = 'redhat' $label2 = 'rhel' } $default_baseurl = "https://download.postgresql.org/pub/repos/yum/${postgresql::repo::version}/${label1}/${label2}-\$releasever-\$basearch" $_baseurl = pick($postgresql::repo::baseurl, $default_baseurl) yumrepo { 'yum.postgresql.org': descr => "PostgreSQL ${postgresql::repo::version} \$releasever - \$basearch", baseurl => $_baseurl, enabled => 1, gpgcheck => 1, gpgkey => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-${package_version}", proxy => $postgresql::repo::proxy, } Yumrepo['yum.postgresql.org'] -> Package<|tag == 'puppetlabs-postgresql'|> } puppetlabs-postgresql-6.7.0/manifests/repo.pp0100644000076700000240000000126713627456423016406 0ustar00# @api private class postgresql::repo ( $version = undef, $proxy = undef, $baseurl = undef, ) { case $::osfamily { 'RedHat', 'Linux': { if $version == undef { fail("The parameter 'version' for 'postgresql::repo' is undefined. You must always define it when osfamily == Redhat or Linux") } class { 'postgresql::repo::yum_postgresql_org': } } 'Debian': { class { 'postgresql::repo::apt_postgresql_org': } } default: { fail("Unsupported managed repository for osfamily: ${::osfamily}, operatingsystem: ${::operatingsystem}, module ${module_name} currently only supports managing repos for osfamily RedHat and Debian") } } } puppetlabs-postgresql-6.7.0/manifests/server0040755000076700000240000000000013722221531016306 5ustar00puppetlabs-postgresql-6.7.0/manifests/server/config.pp0100644000076700000240000002041013674331764020205 0ustar00# @api private class postgresql::server::config { $ip_mask_deny_postgres_user = $postgresql::server::ip_mask_deny_postgres_user $ip_mask_allow_all_users = $postgresql::server::ip_mask_allow_all_users $listen_addresses = $postgresql::server::listen_addresses $port = $postgresql::server::port $ipv4acls = $postgresql::server::ipv4acls $ipv6acls = $postgresql::server::ipv6acls $pg_hba_conf_path = $postgresql::server::pg_hba_conf_path $pg_ident_conf_path = $postgresql::server::pg_ident_conf_path $postgresql_conf_path = $postgresql::server::postgresql_conf_path $recovery_conf_path = $postgresql::server::recovery_conf_path $pg_hba_conf_defaults = $postgresql::server::pg_hba_conf_defaults $user = $postgresql::server::user $group = $postgresql::server::group $version = $postgresql::server::_version $manage_pg_hba_conf = $postgresql::server::manage_pg_hba_conf $manage_pg_ident_conf = $postgresql::server::manage_pg_ident_conf $manage_recovery_conf = $postgresql::server::manage_recovery_conf $datadir = $postgresql::server::datadir $logdir = $postgresql::server::logdir $service_name = $postgresql::server::service_name $log_line_prefix = $postgresql::server::log_line_prefix $timezone = $postgresql::server::timezone $password_encryption = $postgresql::server::password_encryption $extra_systemd_config = $postgresql::server::extra_systemd_config if ($manage_pg_hba_conf == true) { # Prepare the main pg_hba file concat { $pg_hba_conf_path: owner => $user, group => $group, mode => '0640', warn => true, notify => Class['postgresql::server::reload'], } if $pg_hba_conf_defaults { Postgresql::Server::Pg_hba_rule { database => 'all', user => 'all', } # Lets setup the base rules $local_auth_option = $version ? { '8.1' => 'sameuser', default => undef, } postgresql::server::pg_hba_rule { 'local access as postgres user': type => 'local', user => $user, auth_method => 'ident', auth_option => $local_auth_option, order => 1, } postgresql::server::pg_hba_rule { 'local access to database with same name': type => 'local', auth_method => 'ident', auth_option => $local_auth_option, order => 2, } postgresql::server::pg_hba_rule { 'allow localhost TCP access to postgresql user': type => 'host', user => $user, address => '127.0.0.1/32', auth_method => 'md5', order => 3, } postgresql::server::pg_hba_rule { 'deny access to postgresql user': type => 'host', user => $user, address => $ip_mask_deny_postgres_user, auth_method => 'reject', order => 4, } postgresql::server::pg_hba_rule { 'allow access to all users': type => 'host', address => $ip_mask_allow_all_users, auth_method => 'md5', order => 100, } postgresql::server::pg_hba_rule { 'allow access to ipv6 localhost': type => 'host', address => '::1/128', auth_method => 'md5', order => 101, } } # $ipv4acls and $ipv6acls are arrays of rule strings # They are converted into hashes we can iterate over to create postgresql::server::pg_hba_rule resources. ( postgresql::postgresql_acls_to_resources_hash($ipv4acls, 'ipv4acls', 10) + postgresql::postgresql_acls_to_resources_hash($ipv6acls, 'ipv6acls', 102) ).each | String $key, Hash $attrs| { postgresql::server::pg_hba_rule { $key: * => $attrs, } } } if $listen_addresses { postgresql::server::config_entry { 'listen_addresses': value => $listen_addresses, } } # ensure that SELinux has a proper label for the port defined if $postgresql::server::manage_selinux == true and $facts['selinux'] == true { case $facts['osfamily'] { 'RedHat', 'Linux': { if $facts['operatingsystem'] == 'Amazon' { $package_name = 'policycoreutils' } else { $package_name = $facts['operatingsystemmajrelease'] ? { '5' => 'policycoreutils', '6' => 'policycoreutils-python', '7' => 'policycoreutils-python', default => 'policycoreutils-python-utils', } } } default: { $package_name = 'policycoreutils' } } ensure_packages([$package_name]) exec { "/usr/sbin/semanage port -a -t postgresql_port_t -p tcp ${port}": unless => "/usr/sbin/semanage port -l | grep -qw ${port}", before => Postgresql::Server::Config_entry['port'], require => Package[$package_name], } } postgresql::server::config_entry { 'port': value => $port, } if ($password_encryption) and (versioncmp($version, '10') >= 0){ postgresql::server::config_entry { 'password_encryption': value => $password_encryption, } } postgresql::server::config_entry { 'data_directory': value => $datadir, } if $timezone { postgresql::server::config_entry { 'timezone': value => $timezone, } } if $logdir { postgresql::server::config_entry { 'log_directory': value => $logdir, } } # Allow timestamps in log by default if $log_line_prefix { postgresql::server::config_entry {'log_line_prefix': value => $log_line_prefix, } } # RedHat-based systems hardcode some PG* variables in the init script, and need to be overriden # in /etc/sysconfig/pgsql/postgresql. Create a blank file so we can manage it with augeas later. if ($::osfamily == 'RedHat') and ($::operatingsystemrelease !~ /^7|^8/) and ($::operatingsystem != 'Fedora') { file { '/etc/sysconfig/pgsql/postgresql': ensure => present, replace => false, } # The init script from the packages of the postgresql.org repository # sources an alternate sysconfig file. # I. e. /etc/sysconfig/pgsql/postgresql-9.3 for PostgreSQL 9.3 # Link to the sysconfig file set by this puppet module file { "/etc/sysconfig/pgsql/postgresql-${version}": ensure => link, target => '/etc/sysconfig/pgsql/postgresql', require => File[ '/etc/sysconfig/pgsql/postgresql' ], } } if ($manage_pg_ident_conf == true) { concat { $pg_ident_conf_path: owner => $user, group => $group, mode => '0640', warn => true, notify => Class['postgresql::server::reload'], } } if $::osfamily == 'RedHat' { if $::operatingsystemrelease =~ /^7|^8/ or $::operatingsystem == 'Fedora' { # Template uses: # - $::operatingsystem # - $service_name # - $port # - $datadir file { 'systemd-override': ensure => present, path => "/etc/systemd/system/${service_name}.service", owner => root, group => root, content => template('postgresql/systemd-override.erb'), notify => [ Exec['restart-systemd'], Class['postgresql::server::service'] ], before => Class['postgresql::server::reload'], } exec { 'restart-systemd': command => 'systemctl daemon-reload', refreshonly => true, path => '/bin:/usr/bin:/usr/local/bin' } } } elsif $::osfamily == 'Gentoo' { # Template uses: # - $::operatingsystem # - $service_name # - $port # - $datadir file { 'systemd-override': ensure => present, path => "/etc/systemd/system/${service_name}.service", owner => root, group => root, content => template('postgresql/systemd-override.erb'), notify => [ Exec['restart-systemd'], Class['postgresql::server::service'] ], before => Class['postgresql::server::reload'], } exec { 'restart-systemd': command => 'systemctl daemon-reload', refreshonly => true, path => '/bin:/usr/bin:/usr/local/bin' } } } puppetlabs-postgresql-6.7.0/manifests/server/config_entry.pp0100644000076700000240000001707513722205065021427 0ustar00# @summary Manage a postgresql.conf entry. # # @param ensure Removes an entry if set to 'absent'. # @param value Defines the value for the setting. # @param path Path for postgresql.conf # define postgresql::server::config_entry ( Enum['present', 'absent'] $ensure = 'present', $value = undef, $path = false ) { $postgresql_conf_path = $postgresql::server::postgresql_conf_path $target = $path ? { false => $postgresql_conf_path, default => $path, } # Those are the variables that are marked as "(change requires restart)" # on postgresql.conf. Items are ordered as on postgresql.conf. # # XXX: This resource supports setting other variables without knowing # their names. Do not add them here. $requires_restart_until = { 'data_directory' => undef, 'hba_file' => undef, 'ident_file' => undef, 'external_pid_file' => undef, 'listen_addresses' => undef, 'port' => undef, 'max_connections' => undef, 'superuser_reserved_connections' => undef, 'unix_socket_directory' => '9.3', # Turned into "unix_socket_directories" 'unix_socket_directories' => undef, 'unix_socket_group' => undef, 'unix_socket_permissions' => undef, 'bonjour' => undef, 'bonjour_name' => undef, 'ssl' => '10', 'ssl_ciphers' => '10', 'ssl_prefer_server_ciphers' => '10', # New on 9.4 'ssl_ecdh_curve' => '10', # New on 9.4 'ssl_cert_file' => '10', # New on 9.2 'ssl_key_file' => '10', # New on 9.2 'ssl_ca_file' => '10', # New on 9.2 'ssl_crl_file' => '10', # New on 9.2 'shared_buffers' => undef, 'huge_pages' => undef, # New on 9.4 'max_prepared_transactions' => undef, 'max_files_per_process' => undef, 'shared_preload_libraries' => undef, 'max_worker_processes' => undef, # New on 9.4 'old_snapshot_threshold' => undef, # New on 9.6 'wal_level' => undef, 'wal_log_hints' => undef, # New on 9.4 'wal_buffers' => undef, 'archive_mode' => undef, 'max_wal_senders' => undef, 'max_replication_slots' => undef, # New on 9.4 'track_commit_timestamp' => undef, # New on 9.5 'hot_standby' => undef, 'logging_collector' => undef, 'cluster_name' => undef, # New on 9.5 'silent_mode' => '9.2', # Removed 'track_activity_query_size' => undef, 'autovacuum_max_workers' => undef, 'autovacuum_freeze_max_age' => undef, 'autovacuum_multixact_freeze_max_age' => undef, # New on 9.5 'max_locks_per_transaction' => undef, 'max_pred_locks_per_transaction' => undef, } Exec { logoutput => 'on_failure', } if ! ($name in $requires_restart_until and ( ! $requires_restart_until[$name] or versioncmp($postgresql::server::_version, $requires_restart_until[$name]) < 0 )) { Postgresql_conf { notify => Class['postgresql::server::reload'], } } elsif $postgresql::server::service_restart_on_change { Postgresql_conf { notify => Class['postgresql::server::service'], } } else { Postgresql_conf { before => Class['postgresql::server::service'], } } # We have to handle ports and the data directory in a weird and # special way. On early Debian and Ubuntu and RHEL we have to ensure # we stop the service completely. On RHEL 7 we either have to create # a systemd override for the port or update the sysconfig file, but this # is managed for us in postgresql::server::config. if $::operatingsystem == 'Debian' or $::operatingsystem == 'Ubuntu' { if $name == 'port' and ( $::operatingsystemrelease =~ /^6/ or $::operatingsystemrelease =~ /^10\.04/ ) { exec { "postgresql_stop_${name}": command => "service ${::postgresql::server::service_name} stop", onlyif => "service ${::postgresql::server::service_name} status", unless => "grep 'port = ${value}' ${::postgresql::server::postgresql_conf_path}", path => '/usr/sbin:/sbin:/bin:/usr/bin:/usr/local/bin', before => Postgresql_conf[$name], } } elsif $name == 'data_directory' { exec { "postgresql_stop_${name}": command => "service ${::postgresql::server::service_name} stop", onlyif => "service ${::postgresql::server::service_name} status", unless => "grep \"data_directory = '${value}'\" ${::postgresql::server::postgresql_conf_path}", path => '/usr/sbin:/sbin:/bin:/usr/bin:/usr/local/bin', before => Postgresql_conf[$name], } } } if $::osfamily == 'RedHat' { if ! ($::operatingsystemrelease =~ /^7|^8/ or $::operatingsystem == 'Fedora') { if $name == 'port' { # We need to force postgresql to stop before updating the port # because puppet becomes confused and is unable to manage the # service appropriately. exec { "postgresql_stop_${name}": command => "service ${::postgresql::server::service_name} stop", onlyif => "service ${::postgresql::server::service_name} status", unless => "grep 'PGPORT=${value}' /etc/sysconfig/pgsql/postgresql", path => '/sbin:/bin:/usr/bin:/usr/local/bin', require => File['/etc/sysconfig/pgsql/postgresql'], } -> augeas { 'override PGPORT in /etc/sysconfig/pgsql/postgresql': lens => 'Shellvars.lns', incl => '/etc/sysconfig/pgsql/postgresql', context => '/files/etc/sysconfig/pgsql/postgresql', changes => "set PGPORT ${value}", require => File['/etc/sysconfig/pgsql/postgresql'], notify => Class['postgresql::server::service'], before => Class['postgresql::server::reload'], } } elsif $name == 'data_directory' { # We need to force postgresql to stop before updating the data directory # otherwise init script breaks exec { "postgresql_${name}": command => "service ${::postgresql::server::service_name} stop", onlyif => "service ${::postgresql::server::service_name} status", unless => "grep 'PGDATA=${value}' /etc/sysconfig/pgsql/postgresql", path => '/sbin:/bin:/usr/bin:/usr/local/bin', require => File['/etc/sysconfig/pgsql/postgresql'], } -> augeas { 'override PGDATA in /etc/sysconfig/pgsql/postgresql': lens => 'Shellvars.lns', incl => '/etc/sysconfig/pgsql/postgresql', context => '/files/etc/sysconfig/pgsql/postgresql', changes => "set PGDATA ${value}", require => File['/etc/sysconfig/pgsql/postgresql'], notify => Class['postgresql::server::service'], before => Class['postgresql::server::reload'], } } } } postgresql_conf { $name: ensure => $ensure, target => $target, value => $value, require => Class['postgresql::server::initdb'], } } puppetlabs-postgresql-6.7.0/manifests/server/contrib.pp0100644000076700000240000000157113627456423020405 0ustar00# @summary Install the contrib postgresql packaging. # # @param package_name # The name of the PostgreSQL contrib package. # @param package_ensure # Ensure the contrib package is installed. class postgresql::server::contrib ( String $package_name = $postgresql::params::contrib_package_name, String[1] $package_ensure = 'present' ) inherits postgresql::params { if $::osfamily == 'Gentoo' { fail('osfamily Gentoo does not have a separate "contrib" package, postgresql::server::contrib is not supported.') } package { 'postgresql-contrib': ensure => $package_ensure, name => $package_name, tag => 'puppetlabs-postgresql', } anchor { 'postgresql::server::contrib::start': } -> Class['postgresql::server::install'] -> Package['postgresql-contrib'] -> Class['postgresql::server::service'] anchor { 'postgresql::server::contrib::end': } } puppetlabs-postgresql-6.7.0/manifests/server/database.pp0100644000076700000240000001255013627456423020510 0ustar00# @summary Define for creating a database. # # @param comment Sets a comment on the database. # @param dbname Sets the name of the database. # @param owner Sets name of the database owner. # @param tablespace Sets tablespace for where to create this database. # @param template Specifies the name of the template database from which to build this database. Default value: 'template0'. # @param encoding Overrides the character set during creation of the database. # @param locale Overrides the locale during creation of the database. # @param istemplate Defines the database as a template if set to true. # @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. define postgresql::server::database( $comment = undef, $dbname = $title, $owner = undef, $tablespace = undef, $template = 'template0', $encoding = $postgresql::server::encoding, $locale = $postgresql::server::locale, $istemplate = false, $connect_settings = $postgresql::server::default_connect_settings, ) { $createdb_path = $postgresql::server::createdb_path $user = $postgresql::server::user $group = $postgresql::server::group $psql_path = $postgresql::server::psql_path $default_db = $postgresql::server::default_database # If possible use the version of the remote database, otherwise # fallback to our local DB version if $connect_settings != undef and has_key( $connect_settings, 'DBVERSION') { $version = $connect_settings['DBVERSION'] } else { $version = $postgresql::server::_version } # If the connection settings do not contain a port, then use the local server port if $connect_settings != undef and has_key( $connect_settings, 'PGPORT') { $port = undef } else { $port = $postgresql::server::port } # Set the defaults for the postgresql_psql resource Postgresql_psql { db => $default_db, psql_user => $user, psql_group => $group, psql_path => $psql_path, port => $port, connect_settings => $connect_settings, } # Optionally set the locale switch. Older versions of createdb may not accept # --locale, so if the parameter is undefined its safer not to pass it. if ($version != '8.1') { $locale_option = $locale ? { undef => '', default => "LC_COLLATE = '${locale}' LC_CTYPE = '${locale}'", } $public_revoke_privilege = 'CONNECT' } else { $locale_option = '' $public_revoke_privilege = 'ALL' } $template_option = $template ? { undef => '', default => "TEMPLATE = \"${template}\"", } $encoding_option = $encoding ? { undef => '', default => "ENCODING = '${encoding}'", } $tablespace_option = $tablespace ? { undef => '', default => "TABLESPACE \"${tablespace}\"", } if $createdb_path != undef { warning('Passing "createdb_path" to postgresql::database is deprecated, it can be removed safely for the same behaviour') } postgresql_psql { "CREATE DATABASE \"${dbname}\"": command => "CREATE DATABASE \"${dbname}\" WITH ${template_option} ${encoding_option} ${locale_option} ${tablespace_option}", unless => "SELECT 1 FROM pg_database WHERE datname = '${dbname}'", require => Class['postgresql::server::service'] } # This will prevent users from connecting to the database unless they've been # granted privileges. ~> postgresql_psql { "REVOKE ${public_revoke_privilege} ON DATABASE \"${dbname}\" FROM public": refreshonly => true, } Postgresql_psql["CREATE DATABASE \"${dbname}\""] -> postgresql_psql { "UPDATE pg_database SET datistemplate = ${istemplate} WHERE datname = '${dbname}'": unless => "SELECT 1 FROM pg_database WHERE datname = '${dbname}' AND datistemplate = ${istemplate}", } if $comment { # The shobj_description function was only introduced with 8.2 $comment_information_function = $version ? { '8.1' => 'obj_description', default => 'shobj_description', } Postgresql_psql["CREATE DATABASE \"${dbname}\""] -> postgresql_psql { "COMMENT ON DATABASE \"${dbname}\" IS '${comment}'": unless => "SELECT 1 FROM pg_catalog.pg_database d WHERE datname = '${dbname}' AND pg_catalog.${comment_information_function}(d.oid, 'pg_database') = '${comment}'", db => $dbname, } } if $owner { postgresql_psql { "ALTER DATABASE \"${dbname}\" OWNER TO \"${owner}\"": unless => "SELECT 1 FROM pg_database JOIN pg_roles rol ON datdba = rol.oid WHERE datname = '${dbname}' AND rolname = '${owner}'", require => Postgresql_psql["CREATE DATABASE \"${dbname}\""], } if defined(Postgresql::Server::Role[$owner]) { Postgresql::Server::Role[$owner]->Postgresql_psql["ALTER DATABASE \"${dbname}\" OWNER TO \"${owner}\""] } } if $tablespace { postgresql_psql { "ALTER DATABASE \"${dbname}\" SET ${tablespace_option}": unless => "SELECT 1 FROM pg_database JOIN pg_tablespace spc ON dattablespace = spc.oid WHERE datname = '${dbname}' AND spcname = '${tablespace}'", require => Postgresql_psql["CREATE DATABASE \"${dbname}\""], } if defined(Postgresql::Server::Tablespace[$tablespace]) { # The tablespace must be there, before we create the database. Postgresql::Server::Tablespace[$tablespace]->Postgresql_psql["CREATE DATABASE \"${dbname}\""] } } } puppetlabs-postgresql-6.7.0/manifests/server/database_grant.pp0100644000076700000240000000253313627456423021703 0ustar00# @summary Manage a database grant. # # @param privilege Specifies comma-separated list of privileges to grant. Valid options: 'ALL', 'CREATE', 'CONNECT', 'TEMPORARY', 'TEMP'. # @param db Specifies the database to which you are granting access. # @param role Specifies the role or user whom you are granting access to. # @param ensure Specifies whether to grant or revoke the privilege. Revoke or 'absent' works only in PostgreSQL version 9.1.24 or later. # @param psql_db Defines the database to execute the grant against. This should not ordinarily be changed from the default # @param psql_user Specifies the OS user for running psql. Default value: The default user for the module, usually 'postgres'. # @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. define postgresql::server::database_grant( $privilege, $db, $role, $ensure = undef, $psql_db = undef, $psql_user = undef, $connect_settings = undef, ) { postgresql::server::grant { "database:${name}": ensure => $ensure, role => $role, db => $db, privilege => $privilege, object_type => 'DATABASE', object_name => $db, psql_db => $psql_db, psql_user => $psql_user, connect_settings => $connect_settings, } } puppetlabs-postgresql-6.7.0/manifests/server/db.pp0100644000076700000240000000445513627456423017336 0ustar00# @summary Define for conveniently creating a role, database and assigning the correctpermissions. # # @param user User to create and assign access to the database upon creation. Mandatory. # @param password Required Sets the password for the created user. # @param comment Defines a comment to be stored about the database using the PostgreSQL COMMENT command. # @param dbname Sets the name of the database to be created. # @param encoding Overrides the character set during creation of the database. # @param locale Overrides the locale during creation of the database. # @param grant Specifies the permissions to grant during creation. Default value: 'ALL'. # @param tablespace Defines the name of the tablespace to allocate the created database to. # @param template Specifies the name of the template database from which to build this database. Defaults value: template0. # @param istemplate Specifies that the database is a template, if set to true. # @param owner Sets a user as the owner of the database. define postgresql::server::db ( $user, $password, $comment = undef, $dbname = $title, $encoding = $postgresql::server::encoding, $locale = $postgresql::server::locale, $grant = 'ALL', $tablespace = undef, $template = 'template0', $istemplate = false, $owner = undef ) { if ! defined(Postgresql::Server::Database[$dbname]) { postgresql::server::database { $dbname: comment => $comment, encoding => $encoding, tablespace => $tablespace, template => $template, locale => $locale, istemplate => $istemplate, owner => $owner, } } if ! defined(Postgresql::Server::Role[$user]) { postgresql::server::role { $user: password_hash => $password, before => Postgresql::Server::Database[$dbname], } } if ! defined(Postgresql::Server::Database_grant["GRANT ${user} - ${grant} - ${dbname}"]) { postgresql::server::database_grant { "GRANT ${user} - ${grant} - ${dbname}": privilege => $grant, db => $dbname, role => $user, } -> Postgresql_conn_validator<| db_name == $dbname |> } if($tablespace != undef and defined(Postgresql::Server::Tablespace[$tablespace])) { Postgresql::Server::Tablespace[$tablespace]->Postgresql::Server::Database[$name] } } puppetlabs-postgresql-6.7.0/manifests/server/extension.pp0100644000076700000240000001445113674331764020764 0ustar00# @summary Activate an extension on a postgresql database. # # @param database Specifies the database on which to activate the extension. # @param extension Specifies the extension to activate. If left blank, uses the name of the resource. # @param schema Specifies the schema on which to activate the extension. # @param version Specifies the version of the extension which the database uses. When an extension package is updated, this does not automatically change the effective version in each database. # This needs be updated using the PostgreSQL-specific SQL ALTER EXTENSION... # version may be set to latest, in which case the SQL ALTER EXTENSION "extension" UPDATE is applied to this database (only). # version may be set to a specific version, in which case the extension is updated using ALTER EXTENSION "extension" UPDATE TO 'version' # eg. If extension is set to postgis and version is set to 2.3.3, this will apply the SQL ALTER EXTENSION "postgis" UPDATE TO '2.3.3' to this database only. # version may be omitted, in which case no ALTER EXTENSION... SQL is applied, and the version will be left unchanged. # # @param ensure Specifies whether to activate or deactivate the extension. Valid options: 'present' or 'absent'. # @param package_name Specifies a package to install prior to activating the extension. # @param package_ensure Overrides default package deletion behavior. By default, the package specified with package_name is installed when the extension is activated and removed when the extension is deactivated. To override this behavior, set the ensure value for the package. # @param port Port to use when connecting. # @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. # @param database_resource_name Specifies the resource name of the DB being managed. Defaults to the parameter $database, if left blank. define postgresql::server::extension ( $database, $extension = $name, Optional[String[1]] $schema = undef, Optional[String[1]] $version = undef, String[1] $ensure = 'present', $package_name = undef, $package_ensure = undef, Optional[Integer] $port = undef, $connect_settings = postgresql::default('default_connect_settings'), $database_resource_name = $database, ) { $user = postgresql::default('user') $group = postgresql::default('group') $psql_path = postgresql::default('psql_path') if( $database != 'postgres' ) { # The database postgres cannot managed by this module, so it is exempt from this dependency $default_psql_require = Postgresql::Server::Database[$database_resource_name] Postgresql_psql { require => $default_psql_require, } } else { $default_psql_require = undef } case $ensure { 'present': { $command = "CREATE EXTENSION \"${extension}\"" $unless_mod = undef $psql_cmd_require = $package_name ? { undef => $default_psql_require, default => [$default_psql_require, Package[$package_name]], } $psql_cmd_before = [] } 'absent': { $command = "DROP EXTENSION \"${extension}\"" $unless_mod = 'NOT ' $psql_cmd_require = $default_psql_require $psql_cmd_before = $package_name ? { undef => [], default => Package[$package_name], } } default: { fail("Unknown value for ensure '${ensure}'.") } } # # Port, order of precedence: $port parameter, $connect_settings[PGPORT], $postgresql::server::port # if $port != undef { $port_override = $port } elsif $connect_settings != undef and has_key( $connect_settings, 'PGPORT') { $port_override = undef } else { $port_override = $postgresql::server::port } postgresql_psql { "${database}: ${command}": psql_user => $user, psql_group => $group, psql_path => $psql_path, connect_settings => $connect_settings, db => $database, port => $port_override, command => $command, unless => "SELECT 1 WHERE ${unless_mod}EXISTS (SELECT 1 FROM pg_extension WHERE extname = '${extension}')", require => $psql_cmd_require, before => $psql_cmd_before, } if $ensure == 'present' and $schema { $set_schema_command = "ALTER EXTENSION \"${extension}\" SET SCHEMA \"${schema}\"" postgresql_psql { "${database}: ${set_schema_command}": command => $set_schema_command, unless => @("END") SELECT 1 WHERE EXISTS ( SELECT 1 FROM pg_extension e JOIN pg_namespace n ON e.extnamespace = n.oid WHERE e.extname = '${extension}' AND n.nspname = '${schema}' ) |-END , psql_user => $user, psql_group => $group, psql_path => $psql_path, connect_settings => $connect_settings, db => $database, port => $port_override, require => Postgresql_psql["${database}: ${command}"], } Postgresql::Server::Schema <| db == $database and schema == $schema |> -> Postgresql_psql["${database}: ${set_schema_command}"] } if $package_name { $_package_ensure = $package_ensure ? { undef => $ensure, default => $package_ensure, } ensure_packages($package_name, { ensure => $_package_ensure, tag => 'puppetlabs-postgresql', }) } if $version { if $version == 'latest' { $alter_extension_sql = "ALTER EXTENSION \"${extension}\" UPDATE" $update_unless = "SELECT 1 FROM pg_available_extensions WHERE name = '${extension}' AND default_version = installed_version" } else { $alter_extension_sql = "ALTER EXTENSION \"${extension}\" UPDATE TO '${version}'" $update_unless = "SELECT 1 FROM pg_extension WHERE extname='${extension}' AND extversion='${version}'" } postgresql_psql { "${database}: ${alter_extension_sql}": db => $database, port => $port_override, psql_user => $user, psql_group => $group, psql_path => $psql_path, connect_settings => $connect_settings, command => $alter_extension_sql, unless => $update_unless, } } } puppetlabs-postgresql-6.7.0/manifests/server/grant.pp0100644000076700000240000004334413674331764020066 0ustar00# @summary Define for granting permissions to roles. # # @param role Specifies the role or user whom you are granting access to. # @param db Specifies the database to which you are granting access. # @param privilege Specifies the privilege to grant. Valid options: 'ALL', 'ALL PRIVILEGES' or 'object_type' dependent string. # @param object_type Specifies the type of object to which you are granting privileges. Valid options: 'DATABASE', 'SCHEMA', 'SEQUENCE', 'ALL SEQUENCES IN SCHEMA', 'TABLE' or 'ALL TABLES IN SCHEMA'. # @param object_name Specifies name of object_type to which to grant access, can be either a string or a two element array. String: 'object_name' Array: ['schema_name', 'object_name'] # @param psql_db Specifies the database to execute the grant against. This should not ordinarily be changed from the default # @param psql_user Sets the OS user to run psql. # @param port Port to use when connecting. # @param onlyif_exists Create grant only if doesn't exist # @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. # @param ensure Specifies whether to grant or revoke the privilege. Default is to grant the privilege. Valid values: 'present', 'absent'. # @param group Sets the OS group to run psql # @param psql_path Sets the path to psql command define postgresql::server::grant ( String $role, String $db, String $privilege = '', Pattern[#/(?i:^COLUMN$)/, /(?i:^ALL SEQUENCES IN SCHEMA$)/, /(?i:^ALL TABLES IN SCHEMA$)/, /(?i:^DATABASE$)/, #/(?i:^FOREIGN DATA WRAPPER$)/, #/(?i:^FOREIGN SERVER$)/, /(?i:^FUNCTION$)/, /(?i:^LANGUAGE$)/, #/(?i:^PROCEDURAL LANGUAGE$)/, /(?i:^TABLE$)/, #/(?i:^TABLESPACE$)/, /(?i:^SCHEMA$)/, /(?i:^SEQUENCE$)/ #/(?i:^VIEW$)/ ] $object_type = 'database', Optional[Variant[ Array[String,2,2], String[1]] ] $object_name = undef, Array[String[1],0] $object_arguments = [], String $psql_db = $postgresql::server::default_database, String $psql_user = $postgresql::server::user, Integer $port = $postgresql::server::port, Boolean $onlyif_exists = false, Hash $connect_settings = $postgresql::server::default_connect_settings, Enum['present', 'absent' ] $ensure = 'present', String $group = $postgresql::server::group, String $psql_path = $postgresql::server::psql_path, ) { case $ensure { default: { # default is 'present' $sql_command = 'GRANT %s ON %s "%s%s" TO "%s"' $sql_command_unquoted = 'GRANT %s ON %s %s%s TO "%s"' $unless_is = true } 'absent': { $sql_command = 'REVOKE %s ON %s "%s%s" FROM "%s"' $sql_command_unquoted = 'REVOKE %s ON %s %s%s FROM "%s"' $unless_is = false } } if ! $object_name { $_object_name = $db } else { $_object_name = $object_name } # # Port, order of precedence: $port parameter, $connect_settings[PGPORT], $postgresql::server::port # if $port != undef { $port_override = $port } elsif $connect_settings != undef and has_key( $connect_settings, 'PGPORT') { $port_override = undef } else { $port_override = $postgresql::server::port } ## Munge the input values $_object_type = upcase($object_type) $_privilege = upcase($privilege) # You can use ALL TABLES IN SCHEMA by passing schema_name to object_name # You can use ALL SEQUENCES IN SCHEMA by passing schema_name to object_name ## Validate that the object type's privilege is acceptable # TODO: this is a terrible hack; if they pass "ALL" as the desired privilege, # we need a way to test for it--and has_database_privilege does not # recognize 'ALL' as a valid privilege name. So we probably need to # hard-code a mapping between 'ALL' and the list of actual privileges that # it entails, and loop over them to check them. That sort of thing will # probably need to wait until we port this over to ruby, so, for now, we're # just going to assume that if they have "CREATE" privileges on a database, # then they have "ALL". (I told you that it was terrible!) case $_object_type { 'DATABASE': { $unless_privilege = $_privilege ? { 'ALL' => 'CREATE', 'ALL PRIVILEGES' => 'CREATE', Pattern[ /^$/, /^CONNECT$/, /^CREATE$/, /^TEMP$/, /^TEMPORARY$/ ] => $_privilege, default => fail('Illegal value for $privilege parameter'), } $unless_function = 'has_database_privilege' $on_db = $psql_db $onlyif_function = $ensure ? { default => undef, 'absent' => 'role_exists', } $arguments = '' $_enquote_object = true } 'SCHEMA': { $unless_privilege = $_privilege ? { 'ALL' => 'CREATE', 'ALL PRIVILEGES' => 'CREATE', Pattern[ /^$/, /^CREATE$/, /^USAGE$/ ] => $_privilege, default => fail('Illegal value for $privilege parameter'), } $unless_function = 'has_schema_privilege' $on_db = $db $onlyif_function = undef $arguments = '' $_enquote_object = true } 'SEQUENCE': { $unless_privilege = $_privilege ? { 'ALL' => 'USAGE', Pattern[ /^$/, /^ALL PRIVILEGES$/, /^SELECT$/, /^UPDATE$/, /^USAGE$/ ] => $_privilege, default => fail('Illegal value for $privilege parameter'), } $unless_function = 'has_sequence_privilege' $on_db = $db $onlyif_function = undef $arguments = '' $_enquote_object = true } 'ALL SEQUENCES IN SCHEMA': { case $_privilege { Pattern[ /^$/, /^ALL$/, /^ALL PRIVILEGES$/, /^SELECT$/, /^UPDATE$/, /^USAGE$/ ]: { } default: { fail('Illegal value for $privilege parameter') } } $unless_function = 'custom' $on_db = $db $onlyif_function = undef $arguments = '' $_enquote_object = true $schema = $object_name $custom_privilege = $_privilege ? { 'ALL' => 'USAGE', 'ALL PRIVILEGES' => 'USAGE', default => $_privilege, } # This checks if there is a difference between the sequences in the # specified schema and the sequences for which the role has the specified # privilege. It uses the EXCEPT clause which computes the set of rows # that are in the result of the first SELECT statement but not in the # result of the second one. It then counts the number of rows from this # operation. If this number is zero then the role has the specified # privilege for all sequences in the schema and the whole query returns a # single row, which satisfies the `unless` parameter of Postgresql_psql. # If this number is not zero then there is at least one sequence for which # the role does not have the specified privilege, making it necessary to # execute the GRANT statement. if $ensure == 'present' { $custom_unless = "SELECT 1 WHERE NOT EXISTS ( SELECT sequence_name FROM information_schema.sequences WHERE sequence_schema='${schema}' EXCEPT DISTINCT SELECT object_name as sequence_name FROM ( SELECT object_schema, object_name, grantee, CASE privs_split WHEN 'r' THEN 'SELECT' WHEN 'w' THEN 'UPDATE' WHEN 'U' THEN 'USAGE' END AS privilege_type FROM ( SELECT DISTINCT object_schema, object_name, regexp_replace((regexp_split_to_array(regexp_replace(privs,E'/.*',''),'='))[1],'\"','','g') AS grantee, regexp_split_to_table((regexp_split_to_array(regexp_replace(privs,E'/.*',''),'='))[2],E'\\s*') AS privs_split FROM ( SELECT n.nspname as object_schema, c.relname as object_name, regexp_split_to_table(array_to_string(c.relacl,','),',') AS privs FROM pg_catalog.pg_class c LEFT JOIN pg_catalog.pg_namespace n ON c.relnamespace = n.oid WHERE c.relkind = 'S' AND n.nspname NOT IN ( 'pg_catalog', 'information_schema' ) ) P1 ) P2 ) P3 WHERE grantee='${role}' AND object_schema='${schema}' AND privilege_type='${custom_privilege}' )" } else { # ensure == absent $custom_unless = "SELECT 1 WHERE NOT EXISTS ( SELECT object_name as sequence_name FROM ( SELECT object_schema, object_name, grantee, CASE privs_split WHEN 'r' THEN 'SELECT' WHEN 'w' THEN 'UPDATE' WHEN 'U' THEN 'USAGE' END AS privilege_type FROM ( SELECT DISTINCT object_schema, object_name, regexp_replace((regexp_split_to_array(regexp_replace(privs,E'/.*',''),'='))[1],'\"','','g') AS grantee, regexp_split_to_table((regexp_split_to_array(regexp_replace(privs,E'/.*',''),'='))[2],E'\\s*') AS privs_split FROM ( SELECT n.nspname as object_schema, c.relname as object_name, regexp_split_to_table(array_to_string(c.relacl,','),',') AS privs FROM pg_catalog.pg_class c LEFT JOIN pg_catalog.pg_namespace n ON c.relnamespace = n.oid WHERE c.relkind = 'S' AND n.nspname NOT IN ( 'pg_catalog', 'information_schema' ) ) P1 ) P2 ) P3 WHERE grantee='${role}' AND object_schema='${schema}' AND privilege_type='${custom_privilege}' )" } } 'TABLE': { $unless_privilege = $_privilege ? { 'ALL' => 'INSERT', Pattern[ /^$/, /^ALL$/, /^ALL PRIVILEGES$/, /^DELETE$/, /^INSERT$/, /^REFERENCES$/, /^SELECT$/, /^TRIGGER$/, /^TRUNCATE$/, /^UPDATE$/ ] => $_privilege, default => fail('Illegal value for $privilege parameter'), } $unless_function = 'has_table_privilege' $on_db = $db $onlyif_function = $onlyif_exists ? { true => 'table_exists', default => undef, } $arguments = '' $_enquote_object = true } 'ALL TABLES IN SCHEMA': { case $_privilege { Pattern[ /^$/, /^ALL$/, /^ALL PRIVILEGES$/, /^DELETE$/, /^INSERT$/, /^REFERENCES$/, /^SELECT$/, /^TRIGGER$/, /^TRUNCATE$/, /^UPDATE$/ ]: { } default: { fail('Illegal value for $privilege parameter') } } $unless_function = 'custom' $on_db = $db $onlyif_function = undef $arguments = '' $_enquote_object = true $schema = $object_name # Again there seems to be no easy way in plain SQL to check if ALL # PRIVILEGES are granted on a table. # There are currently 7 possible priviliges: # ('SELECT','UPDATE','INSERT','DELETE','TRIGGER','REFERENCES','TRUNCATE') # This list is consistant from Postgresql 8.0 # # There are 4 cases to cover, each with it's own distinct unless clause: # grant ALL # grant SELECT (or INSERT or DELETE ...) # revoke ALL # revoke SELECT (or INSERT or DELETE ...) if $ensure == 'present' { if $_privilege == 'ALL' or $_privilege == 'ALL PRIVILEGES' { # GRANT ALL $custom_unless = "SELECT 1 WHERE NOT EXISTS ( SELECT 1 FROM ( SELECT t.tablename,count(privilege_type) AS priv_count FROM pg_catalog.pg_tables AS t LEFT JOIN information_schema.role_table_grants AS g ON t.tablename = g.table_name AND g.grantee = '${role}' AND g.table_schema = '${schema}' WHERE t.schemaname = '${schema}' AND ( g.grantee = '${role}' AND privilege_type IN ('SELECT','UPDATE','INSERT','DELETE','TRIGGER','REFERENCES','TRUNCATE') OR privilege_type IS NULL ) GROUP BY t.tablename ) AS j WHERE j.priv_count < 7 )" } else { # GRANT $_privilege $custom_unless = "SELECT 1 WHERE NOT EXISTS ( SELECT 1 FROM pg_catalog.pg_tables AS t LEFT JOIN information_schema.role_table_grants AS g ON t.tablename = g.table_name AND g.grantee = '${role}' AND g.table_schema = '${schema}' AND g.privilege_type = '${_privilege}' WHERE t.schemaname = '${schema}' AND g.table_name IS NULL )" } } else { if $_privilege == 'ALL' or $_privilege == 'ALL PRIVILEGES' { # REVOKE ALL $custom_unless = "SELECT 1 WHERE NOT EXISTS ( SELECT table_name FROM information_schema.role_table_grants WHERE grantee = '${role}' AND table_schema ='${schema}' )" } else { # REVOKE $_privilege $custom_unless = "SELECT 1 WHERE NOT EXISTS ( SELECT table_name FROM information_schema.role_table_grants WHERE grantee = '${role}' AND table_schema ='${schema}' AND privilege_type = '${_privilege}' )" } } } 'LANGUAGE': { $unless_privilege = $_privilege ? { 'ALL' => 'USAGE', 'ALL PRIVILEGES' => 'USAGE', Pattern[ /^$/, /^CREATE$/, /^USAGE$/ ] => $_privilege, default => fail('Illegal value for $privilege parameter'), } $unless_function = 'has_language_privilege' $on_db = $db $onlyif_function = $onlyif_exists ? { true => 'language_exists', default => undef, } $arguments = '' $_enquote_object = false } 'FUNCTION': { $unless_privilege = $_privilege ? { 'ALL' => 'EXECUTE', 'ALL PRIVILEGES' => 'EXECUTE', Pattern[ /^$/, /^EXECUTE$/, ] => $_privilege, default => fail('Illegal value for $privilege parameter'), } $unless_function = 'has_function_privilege' $on_db = $db $onlyif_function = $onlyif_exists ? { true => 'function_exists', default => undef, } $_joined_args = join($object_arguments, ',') $arguments = "(${_joined_args})" $_enquote_object = false } default: { fail("Missing privilege validation for object type ${_object_type}") } } # This is used to give grant to "schemaname"."tablename" # If you need such grant, use: # postgresql::grant { 'table:foo': # role => 'joe', # ... # object_type => 'TABLE', # object_name => [$schema, $table], # } case $_object_name { Array: { $_togrant_object = $_enquote_object ? { false => join($_object_name, '.'), default => join($_object_name, '"."'), } # Never put double quotes into has_*_privilege function $_granted_object = join($_object_name, '.') } default: { $_granted_object = $_object_name $_togrant_object = $_object_name } } # Function like has_database_privilege() refer the PUBLIC pseudo role as 'public' # So we need to replace 'PUBLIC' by 'public'. $_unless = $unless_function ? { false => undef, 'custom' => $custom_unless, default => $role ? { 'PUBLIC' => "SELECT 1 WHERE ${unless_function}('public', '${_granted_object}${arguments}', '${unless_privilege}') = ${unless_is}", default => "SELECT 1 WHERE ${unless_function}('${role}', '${_granted_object}${arguments}', '${unless_privilege}') = ${unless_is}", } } $_onlyif = $onlyif_function ? { 'table_exists' => "SELECT true FROM pg_tables WHERE tablename = '${_togrant_object}'", 'language_exists' => "SELECT true from pg_language WHERE lanname = '${_togrant_object}'", 'role_exists' => "SELECT 1 FROM pg_roles WHERE rolname = '${role}' or '${role}' = 'PUBLIC'", 'function_exists' => "SELECT true FROM pg_proc WHERE (oid::regprocedure)::text = '${_togrant_object}${arguments}'", default => undef, } $grant_cmd = $_enquote_object ? { false => sprintf($sql_command_unquoted, $_privilege, $_object_type, $_togrant_object, $arguments, $role), default => sprintf($sql_command, $_privilege, $_object_type, $_togrant_object, $arguments, $role), } postgresql_psql { "grant:${name}": command => $grant_cmd, db => $on_db, port => $port_override, connect_settings => $connect_settings, psql_user => $psql_user, psql_group => $group, psql_path => $psql_path, unless => $_unless, onlyif => $_onlyif, } if($role != undef and defined(Postgresql::Server::Role[$role])) { Postgresql::Server::Role[$role]->Postgresql_psql["grant:${name}"] } if($db != undef and defined(Postgresql::Server::Database[$db])) { Postgresql::Server::Database[$db]->Postgresql_psql["grant:${name}"] } } puppetlabs-postgresql-6.7.0/manifests/server/grant_role.pp0100644000076700000240000000440713627456423021102 0ustar00# @summary Define for granting membership to a role. # # @param group Specifies the group role to which you are assigning a role. # @param role Specifies the role you want to assign to a group. If left blank, uses the name of the resource. # @param ensure Specifies whether to grant or revoke the membership. Valid options: 'present' or 'absent'. # @param psql_db Specifies the database to execute the grant against. This should not ordinarily be changed from the default # @param psql_user Sets the OS user to run psql. # @param port Port to use when connecting. # @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. define postgresql::server::grant_role ( String[1] $group, String[1] $role = $name, Enum['present', 'absent'] $ensure = 'present', $psql_db = $postgresql::server::default_database, $psql_user = $postgresql::server::user, $port = $postgresql::server::port, $connect_settings = $postgresql::server::default_connect_settings, ) { case $ensure { 'present': { $command = "GRANT \"${group}\" TO \"${role}\"" $unless_comp = '=' } 'absent': { $command = "REVOKE \"${group}\" FROM \"${role}\"" $unless_comp = '!=' } default: { fail("Unknown value for ensure '${ensure}'.") } } postgresql_psql { "grant_role:${name}": command => $command, unless => "SELECT 1 WHERE EXISTS (SELECT 1 FROM pg_roles AS r_role JOIN pg_auth_members AS am ON r_role.oid = am.member JOIN pg_roles AS r_group ON r_group.oid = am.roleid WHERE r_group.rolname = '${group}' AND r_role.rolname = '${role}') ${unless_comp} true", db => $psql_db, psql_user => $psql_user, port => $port, connect_settings => $connect_settings, } if ! $connect_settings or empty($connect_settings) { Class['postgresql::server']->Postgresql_psql["grant_role:${name}"] } if defined(Postgresql::Server::Role[$role]) { Postgresql::Server::Role[$role]->Postgresql_psql["grant_role:${name}"] } if defined(Postgresql::Server::Role[$group]) { Postgresql::Server::Role[$group]->Postgresql_psql["grant_role:${name}"] } } puppetlabs-postgresql-6.7.0/manifests/server/initdb.pp0100644000076700000240000001403413627456423020214 0ustar00# @api private class postgresql::server::initdb { $needs_initdb = $postgresql::server::needs_initdb $initdb_path = $postgresql::server::initdb_path $datadir = $postgresql::server::datadir $xlogdir = $postgresql::server::xlogdir $logdir = $postgresql::server::logdir $manage_datadir = $postgresql::server::manage_datadir $manage_logdir = $postgresql::server::manage_logdir $manage_xlogdir = $postgresql::server::manage_xlogdir $encoding = $postgresql::server::encoding $locale = $postgresql::server::locale $data_checksums = $postgresql::server::data_checksums $group = $postgresql::server::group $user = $postgresql::server::user $psql_path = $postgresql::server::psql_path $port = $postgresql::server::port $module_workdir = $postgresql::server::module_workdir # Set the defaults for the postgresql_psql resource Postgresql_psql { psql_user => $user, psql_group => $group, psql_path => $psql_path, port => $port, cwd => $module_workdir, } if $::osfamily == 'RedHat' and $::selinux == true { $seltype = 'postgresql_db_t' $logdir_type = 'postgresql_log_t' } else { $seltype = undef $logdir_type = undef } if($manage_datadir) { # Make sure the data directory exists, and has the correct permissions. file { $datadir: ensure => directory, owner => $user, group => $group, mode => '0700', seltype => $seltype, } } else { # changes an already defined datadir File <| title == $datadir |> { ensure => directory, owner => $user, group => $group, mode => '0700', seltype => $seltype, } } if($xlogdir) { if($manage_xlogdir) { # Make sure the xlog directory exists, and has the correct permissions. file { $xlogdir: ensure => directory, owner => $user, group => $group, mode => '0700', seltype => $seltype, } } else { # changes an already defined xlogdir File <| title == $xlogdir |> { ensure => directory, owner => $user, group => $group, mode => '0700', seltype => $seltype, } } } if($logdir) { if($manage_logdir) { # Make sure the log directory exists, and has the correct permissions. file { $logdir: ensure => directory, owner => $user, group => $group, seltype => $logdir_type, } } else { # changes an already defined logdir File <| title == $logdir |> { ensure => directory, owner => $user, group => $group, seltype => $logdir_type, } } } if($needs_initdb) { # Build up the initdb command. # # We optionally add the locale switch if specified. Older versions of the # initdb command don't accept this switch. So if the user didn't pass the # parameter, lets not pass the switch at all. $ic_base = "${initdb_path} --pgdata '${datadir}'" $ic_xlog = $xlogdir ? { undef => $ic_base, default => "${ic_base} -X '${xlogdir}'" } # The xlogdir need to be present before initdb runs. # If xlogdir is default it's created by package installer if($xlogdir) { $require_before_initdb = [$datadir, $xlogdir] } else { $require_before_initdb = [$datadir] } # PostgreSQL 11 no longer allows empty encoding $ic_encoding = $encoding ? { undef => $ic_xlog, default => "${ic_xlog} --encoding '${encoding}'" } $ic_locale = $locale ? { undef => $ic_encoding, default => "${ic_encoding} --locale '${locale}'" } $initdb_command = $data_checksums ? { undef => $ic_locale, false => $ic_locale, default => "${ic_locale} --data-checksums" } # This runs the initdb command, we use the existance of the PG_VERSION # file to ensure we don't keep running this command. exec { 'postgresql_initdb': command => $initdb_command, creates => "${datadir}/PG_VERSION", user => $user, group => $group, logoutput => on_failure, require => File[$require_before_initdb], cwd => $module_workdir, } # The package will take care of this for us the first time, but if we # ever need to init a new db we need to copy these files explicitly if $::operatingsystem == 'Debian' or $::operatingsystem == 'Ubuntu' { if $::operatingsystemrelease =~ /^6/ or $::operatingsystemrelease =~ /^7/ or $::operatingsystemrelease =~ /^10\.04/ or $::operatingsystemrelease =~ /^12\.04/ { file { 'server.crt': ensure => file, path => "${datadir}/server.crt", source => 'file:///etc/ssl/certs/ssl-cert-snakeoil.pem', owner => $::postgresql::server::user, group => $::postgresql::server::group, mode => '0644', require => Exec['postgresql_initdb'], } file { 'server.key': ensure => file, path => "${datadir}/server.key", source => 'file:///etc/ssl/private/ssl-cert-snakeoil.key', owner => $::postgresql::server::user, group => $::postgresql::server::group, mode => '0600', require => Exec['postgresql_initdb'], } } } } elsif $encoding != undef { # [workaround] # by default pg_createcluster encoding derived from locale # but it do does not work by installing postgresql via puppet because puppet # always override LANG to 'C' postgresql_psql { "Set template1 encoding to ${encoding}": command => "UPDATE pg_database SET datistemplate = FALSE WHERE datname = 'template1' ; UPDATE pg_database SET encoding = pg_char_to_encoding('${encoding}'), datistemplate = TRUE WHERE datname = 'template1'", unless => "SELECT datname FROM pg_database WHERE datname = 'template1' AND encoding = pg_char_to_encoding('${encoding}')", } } } puppetlabs-postgresql-6.7.0/manifests/server/install.pp0100644000076700000240000000110413627456423020403 0ustar00# @api private class postgresql::server::install { $package_ensure = $postgresql::server::package_ensure $package_name = $postgresql::server::package_name $_package_ensure = $package_ensure ? { true => 'present', false => 'purged', 'absent' => 'purged', default => $package_ensure, } package { 'postgresql-server': ensure => $_package_ensure, name => $package_name, # This is searched for to create relationships with the package repos, be # careful about its removal tag => 'puppetlabs-postgresql', } } puppetlabs-postgresql-6.7.0/manifests/server/passwd.pp0100644000076700000240000000370613674331764020252 0ustar00# @api private class postgresql::server::passwd { $postgres_password = $postgresql::server::postgres_password $user = $postgresql::server::user $group = $postgresql::server::group $psql_path = $postgresql::server::psql_path $port = $postgresql::server::port $database = $postgresql::server::default_database $module_workdir = $postgresql::server::module_workdir # psql will default to connecting as $user if you don't specify name $_datbase_user_same = $database == $user $_dboption = $_datbase_user_same ? { false => " --dbname ${database}", default => '' } if $postgres_password { # NOTE: this password-setting logic relies on the pg_hba.conf being # configured to allow the postgres system user to connect via psql # without specifying a password ('ident' or 'trust' security). This is # the default for pg_hba.conf. $escaped = postgresql::postgresql_escape($postgres_password) exec { 'set_postgres_postgrespw': # This command works w/no password because we run it as postgres system # user command => "${psql_path}${_dboption} -c \"ALTER ROLE \\\"${user}\\\" PASSWORD \${NEWPASSWD_ESCAPED}\"", user => $user, group => $group, logoutput => true, cwd => $module_workdir, environment => [ "PGPASSWORD=${postgres_password}", "PGPORT=${port}", "NEWPASSWD_ESCAPED=${escaped}", ], # With this command we're passing -h to force TCP authentication, which # does require a password. We specify the password via the PGPASSWORD # environment variable. If the password is correct (current), this # command will exit with an exit code of 0, which will prevent the main # command from running. unless => "${psql_path} -h localhost -p ${port} -c 'select 1' > /dev/null", path => '/usr/bin:/usr/local/bin:/bin', } } } puppetlabs-postgresql-6.7.0/manifests/server/pg_hba_rule.pp0100644000076700000240000001115513627456423021213 0ustar00# @summary This resource manages an individual rule that applies to the file defined in target. # # @param type Sets the type of rule. # Enum['local','host','hostssl','hostnossl']. # @param database Sets a comma-separated list of databases that this rule matches. # @param user Sets a comma-separated list of users that this rule matches. # @param auth_method Provides the method that is used for authentication for the connection that this rule matches. Described further in the PostgreSQL pg_hba.conf documentation. # @param address Sets a CIDR based address for this rule matching when the type is not 'local'. # @param description Defines a longer description for this rule, if required. This description is placed in the comments above the rule in pg_hba.conf. Default value: 'none'. # @param auth_option For certain auth_method settings there are extra options that can be passed. Consult the PostgreSQL pg_hba.conf documentation for further details. # @param order Sets an order for placing the rule in pg_hba.conf. This can be either a string or an integer. If it is an integer, it will be converted to a string by zero-padding it to three digits. E.g. 42 will be zero-padded to the string '042'. The pg_hba_rule fragments are sorted using the alpha sorting order. Default value: 150. # @param target Provides the target for the rule, and is generally an internal only property. Use with caution. # @param postgresql_version Manages pg_hba.conf without managing the entire PostgreSQL instance. define postgresql::server::pg_hba_rule( Enum['local', 'host', 'hostssl', 'hostnossl'] $type, String $database, String $user, String $auth_method, Optional[String] $address = undef, String $description = 'none', Optional[String] $auth_option = undef, Variant[String, Integer] $order = 150, # Needed for testing primarily, support for multiple files is not really # working. Stdlib::Absolutepath $target = $postgresql::server::pg_hba_conf_path, String $postgresql_version = $postgresql::server::_version ) { #Allow users to manage pg_hba.conf even if they are not managing the whole PostgreSQL instance if !defined( 'postgresql::server' ) { $manage_pg_hba_conf = true } else { $manage_pg_hba_conf = $postgresql::server::manage_pg_hba_conf } if $manage_pg_hba_conf == false { fail('postgresql::server::manage_pg_hba_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests') } else { if($type =~ /^host/ and $address == undef) { fail('You must specify an address property when type is host based') } if $order =~ Integer { $_order = sprintf('%03d', $order) } else { $_order = $order } $allowed_auth_methods = $postgresql_version ? { '10' => ['trust', 'reject', 'scram-sha-256', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'], '9.6' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'], '9.5' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'], '9.4' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'], '9.3' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'], '9.2' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'], '9.1' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'], '9.0' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'radius', 'cert', 'pam'], '8.4' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'cert', 'pam'], '8.3' => ['trust', 'reject', 'md5', 'crypt', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'pam'], '8.2' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'ldap', 'pam'], '8.1' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'pam'], default => ['trust', 'reject', 'scram-sha-256', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'crypt', 'bsd'] } assert_type(Enum[$allowed_auth_methods], $auth_method) # Create a rule fragment $fragname = "pg_hba_rule_${name}" concat::fragment { $fragname: target => $target, content => template('postgresql/pg_hba_rule.conf'), order => $_order, } } } puppetlabs-postgresql-6.7.0/manifests/server/pg_ident_rule.pp0100644000076700000240000000307613627456423021567 0ustar00# @summary This resource manages an individual rule that applies to the file defined in target. # # @param map_name Sets the name of the user map that is used to refer to this mapping in pg_hba.conf. # @param system_username Specifies the operating system user name (the user name used to connect to the database). # @param database_username Specifies the user name of the database user. The system_username is mapped to this user name. # @param description Sets a longer description for this rule if required. This description is placed in the comments above the rule in pg_ident.conf. Default value: 'none'. # @param order Defines an order for placing the mapping in pg_ident.conf. Default value: 150. # @param target Provides the target for the rule and is generally an internal only property. Use with caution. define postgresql::server::pg_ident_rule( $map_name, $system_username, $database_username, $description = 'none', $order = '150', # Needed for testing primarily, support for multiple files is not really # working. $target = $postgresql::server::pg_ident_conf_path ) { if $postgresql::server::manage_pg_ident_conf == false { fail('postgresql::server::manage_pg_ident_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests') } else { # Create a rule fragment $fragname = "pg_ident_rule_${name}" concat::fragment { $fragname: target => $target, content => template('postgresql/pg_ident_rule.conf'), order => $order, } } } puppetlabs-postgresql-6.7.0/manifests/server/plperl.pp0100644000076700000240000000133113627456423020235 0ustar00# @summary This class installs the PL/Perl procedural language for postgresql. # # @param package_ensure The ensure parameter passed on to PostgreSQL PL/Perl package resource. # @param package_name The name of the PostgreSQL PL/Perl package. class postgresql::server::plperl( $package_ensure = 'present', $package_name = $postgresql::server::plperl_package_name ) { package { 'postgresql-plperl': ensure => $package_ensure, name => $package_name, tag => 'puppetlabs-postgresql', } anchor { 'postgresql::server::plperl::start': } -> Class['postgresql::server::install'] -> Package['postgresql-plperl'] -> Class['postgresql::server::service'] anchor { 'postgresql::server::plperl::end': } } puppetlabs-postgresql-6.7.0/manifests/server/plpython.pp0100644000076700000240000000134213627456423020616 0ustar00# @summary This class installs the PL/Python procedural language for postgresql. # # @param package_ensure # Specifies whether the package is present. # @param package_name # Specifies the name of the postgresql PL/Python package. class postgresql::server::plpython( $package_ensure = 'present', $package_name = $postgresql::server::plpython_package_name, ) { package { 'postgresql-plpython': ensure => $package_ensure, name => $package_name, tag => 'puppetlabs-postgresql', } anchor { 'postgresql::server::plpython::start': } -> Class['postgresql::server::install'] -> Package['postgresql-plpython'] -> Class['postgresql::server::service'] -> anchor { 'postgresql::server::plpython::end': } } puppetlabs-postgresql-6.7.0/manifests/server/postgis.pp0100644000076700000240000000150113627456423020426 0ustar00# @summary Install the postgis postgresql packaging. # # @param package_name Sets the package name. # @param package_ensure Specifies if the package is present or not. class postgresql::server::postgis ( String $package_name = $postgresql::params::postgis_package_name, String[1] $package_ensure = 'present' ) inherits postgresql::params { package { 'postgresql-postgis': ensure => $package_ensure, name => $package_name, tag => 'puppetlabs-postgresql', } anchor { 'postgresql::server::postgis::start': } -> Class['postgresql::server::install'] -> Package['postgresql-postgis'] -> Class['postgresql::server::service'] -> anchor { 'postgresql::server::postgis::end': } if $postgresql::globals::manage_package_repo { Class['postgresql::repo'] -> Package['postgresql-postgis'] } } puppetlabs-postgresql-6.7.0/manifests/server/reassign_owned_by.pp0100644000076700000240000000566513627456423022456 0ustar00# @summary Define for reassigning the ownership of objects within a database. # @note # This enables us to force the a particular ownership for objects within a database # # @param old_role Specifies the role or user who is the current owner of the objects in the specified db # @param new_role Specifies the role or user who will be the new owner of these objects # @param db Specifies the database to which the 'REASSIGN OWNED' will be applied # @param psql_user Specifies the OS user for running psql. # @param port Port to use when connecting. # @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. define postgresql::server::reassign_owned_by ( String $old_role, String $new_role, String $db, String $psql_user = $postgresql::server::user, Integer $port = $postgresql::server::port, Hash $connect_settings = $postgresql::server::default_connect_settings, ) { $sql_command = "REASSIGN OWNED BY \"${old_role}\" TO \"${new_role}\"" $group = $postgresql::server::group $psql_path = $postgresql::server::psql_path # # Port, order of precedence: $port parameter, $connect_settings[PGPORT], $postgresql::server::port # if $port != undef { $port_override = $port } elsif $connect_settings != undef and has_key( $connect_settings, 'PGPORT') { $port_override = undef } else { $port_override = $postgresql::server::port } $onlyif = "SELECT tablename FROM pg_catalog.pg_tables WHERE schemaname NOT IN ('pg_catalog', 'information_schema') AND tableowner = '${old_role}' UNION ALL SELECT proname FROM pg_catalog.pg_proc WHERE pg_get_userbyid(proowner) = '${old_role}' UNION ALL SELECT viewname FROM pg_catalog.pg_views WHERE pg_views.schemaname NOT IN ('pg_catalog', 'information_schema') AND viewowner = '${old_role}' UNION ALL SELECT relname FROM pg_catalog.pg_class WHERE relkind='S' AND pg_get_userbyid(relowner) = '${old_role}'" postgresql_psql { "reassign_owned_by:${db}:${sql_command}": command => $sql_command, db => $db, port => $port_override, connect_settings => $connect_settings, psql_user => $psql_user, psql_group => $group, psql_path => $psql_path, onlyif => $onlyif, } if($old_role != undef and defined(Postgresql::Server::Role[$old_role])) { Postgresql::Server::Role[$old_role]->Postgresql_psql["reassign_owned_by:${db}:${sql_command}"] } if($new_role != undef and defined(Postgresql::Server::Role[$new_role])) { Postgresql::Server::Role[$new_role]->Postgresql_psql["reassign_owned_by:${db}:${sql_command}"] } if($db != undef and defined(Postgresql::Server::Database[$db])) { Postgresql::Server::Database[$db]->Postgresql_psql["reassign_owned_by:${db}:${sql_command}"] } } puppetlabs-postgresql-6.7.0/manifests/server/recovery.pp0100644000076700000240000001136013627456423020600 0ustar00# @summary This resource manages the parameters that applies to the recovery.conf template. # # @note # Allows you to create the content for recovery.conf. For more details see the usage example and the PostgreSQL documentation. # Every parameter value is a string set in the template except recovery_target_inclusive, pause_at_recovery_target, standby_mode and recovery_min_apply_delay. # A detailed description of all listed parameters can be found in the PostgreSQL documentation. # Only the specified parameters are recognized in the template. The recovery.conf is only created if at least one parameter is set and manage_recovery_conf is set to true. # # @param restore_command The shell command to execute to retrieve an archived segment of the WAL file series. # @param archive_cleanup_command This optional parameter specifies a shell command that will be executed at every restartpoint. # @param recovery_end_command This parameter specifies a shell command that will be executed once only at the end of recovery. # @param recovery_target_name This parameter specifies the named restore point (created with pg_create_restore_point()) to which recovery will proceed. # @param recovery_target_time This parameter specifies the time stamp up to which recovery will proceed. # @param recovery_target_xid This parameter specifies the transaction ID up to which recovery will proceed. # @param recovery_target_inclusive Specifies whether to stop just after the specified recovery target (true), or just before the recovery target (false). # @param recovery_target This parameter specifies that recovery should end as soon as a consistent state is reached, i.e. as early as possible. # @param recovery_target_timeline Specifies recovering into a particular timeline. # @param pause_at_recovery_target Specifies whether recovery should pause when the recovery target is reached. # @param standby_mode Specifies whether to start the PostgreSQL server as a standby. # @param primary_conninfo Specifies a connection string to be used for the standby server to connect with the primary. # @param primary_slot_name Optionally specifies an existing replication slot to be used when connecting to the primary via streaming replication to control resource removal on the upstream node. # @param trigger_file Specifies a trigger file whose presence ends recovery in the standby. # @param recovery_min_apply_delay This parameter allows you to delay recovery by a fixed period of time, measured in milliseconds if no unit is specified. # @param target Provides the target for the rule, and is generally an internal only property. Use with caution. define postgresql::server::recovery( $restore_command = undef, $archive_cleanup_command = undef, $recovery_end_command = undef, $recovery_target_name = undef, $recovery_target_time = undef, $recovery_target_xid = undef, $recovery_target_inclusive = undef, $recovery_target = undef, $recovery_target_timeline = undef, $pause_at_recovery_target = undef, $standby_mode = undef, $primary_conninfo = undef, $primary_slot_name = undef, $trigger_file = undef, $recovery_min_apply_delay = undef, $target = $postgresql::server::recovery_conf_path ) { if $postgresql::server::manage_recovery_conf == false { fail('postgresql::server::manage_recovery_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests') } else { if($restore_command == undef and $archive_cleanup_command == undef and $recovery_end_command == undef and $recovery_target_name == undef and $recovery_target_time == undef and $recovery_target_xid == undef and $recovery_target_inclusive == undef and $recovery_target == undef and $recovery_target_timeline == undef and $pause_at_recovery_target == undef and $standby_mode == undef and $primary_conninfo == undef and $primary_slot_name == undef and $trigger_file == undef and $recovery_min_apply_delay == undef) { fail('postgresql::server::recovery use this resource but do not pass a parameter will avoid creating the recovery.conf, because it makes no sense.') } concat { $target: owner => $::postgresql::server::config::user, group => $::postgresql::server::config::group, force => true, # do not crash if there is no recovery conf file mode => '0640', warn => true, notify => Class['postgresql::server::reload'], } # Create the recovery.conf content concat::fragment { 'recovery.conf': target => $target, content => template('postgresql/recovery.conf.erb'), } } } puppetlabs-postgresql-6.7.0/manifests/server/reload.pp0100644000076700000240000000071313627456423020210 0ustar00# @api private class postgresql::server::reload { $service_name = $postgresql::server::service_name $service_status = $postgresql::server::service_status $service_reload = $postgresql::server::service_reload exec { 'postgresql_reload': path => '/usr/bin:/usr/sbin:/bin:/sbin', command => $service_reload, onlyif => $service_status, refreshonly => true, require => Class['postgresql::server::service'], } } puppetlabs-postgresql-6.7.0/manifests/server/role.pp0100644000076700000240000001523713674331764017714 0ustar00# @summary Define for creating a database role. # # @param update_password If set to true, updates the password on changes. Set this to false to not modify the role's password after creation. # @param password_hash Sets the hash to use during password creation. # @param createdb Specifies whether to grant the ability to create new databases with this role. # @param createrole Specifies whether to grant the ability to create new roles with this role. # @param db Database used to connect to. # @param port Port to use when connecting. # @param login Specifies whether to grant login capability for the new role. # @param inherit Specifies whether to grant inherit capability for the new role. # @param superuser Specifies whether to grant super user capability for the new role. # @param replication Provides provides replication capabilities for this role if set to true. # @param connection_limit Specifies how many concurrent connections the role can make. Default value: '-1', meaning no limit. # @param username Defines the username of the role to create. # @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. # @param ensure Specify whether to create or drop the role. Specifying 'present' creates the role. Specifying 'absent' drops the role. # @param psql_user Sets the OS user to run psql # @param psql_group Sets the OS group to run psql # @param psql_path Sets path to psql command # @param module_workdir Specifies working directory under which the psql command should be executed. May need to specify if '/tmp' is on volume mounted with noexec option. define postgresql::server::role( $update_password = true, $password_hash = false, $createdb = false, $createrole = false, $db = $postgresql::server::default_database, $port = undef, $login = true, $inherit = true, $superuser = false, $replication = false, $connection_limit = '-1', $username = $title, $connect_settings = $postgresql::server::default_connect_settings, $psql_user = $postgresql::server::user, $psql_group = $postgresql::server::group, $psql_path = $postgresql::server::psql_path, $module_workdir = $postgresql::server::module_workdir, Enum['present', 'absent'] $ensure = 'present', ) { # # Port, order of precedence: $port parameter, $connect_settings[PGPORT], $postgresql::server::port # if $port != undef { $port_override = $port } elsif $connect_settings != undef and has_key( $connect_settings, 'PGPORT') { $port_override = undef } else { $port_override = $postgresql::server::port } # If possible use the version of the remote database, otherwise # fallback to our local DB version if $connect_settings != undef and has_key( $connect_settings, 'DBVERSION') { $version = $connect_settings['DBVERSION'] } else { $version = $postgresql::server::_version } Postgresql_psql { db => $db, port => $port_override, psql_user => $psql_user, psql_group => $psql_group, psql_path => $psql_path, connect_settings => $connect_settings, cwd => $module_workdir, require => Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"], } if $ensure == 'present' { $login_sql = $login ? { true => 'LOGIN', default => 'NOLOGIN' } $inherit_sql = $inherit ? { true => 'INHERIT', default => 'NOINHERIT' } $createrole_sql = $createrole ? { true => 'CREATEROLE', default => 'NOCREATEROLE' } $createdb_sql = $createdb ? { true => 'CREATEDB', default => 'NOCREATEDB' } $superuser_sql = $superuser ? { true => 'SUPERUSER', default => 'NOSUPERUSER' } $replication_sql = $replication ? { true => 'REPLICATION', default => '' } if ($password_hash != false) { $environment = "NEWPGPASSWD=${password_hash}" $password_sql = "ENCRYPTED PASSWORD '\$NEWPGPASSWD'" } else { $password_sql = '' $environment = [] } postgresql_psql { "CREATE ROLE ${username} ENCRYPTED PASSWORD ****": command => "CREATE ROLE \"${username}\" ${password_sql} ${login_sql} ${createrole_sql} ${createdb_sql} ${superuser_sql} ${replication_sql} CONNECTION LIMIT ${connection_limit}", unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}'", environment => $environment, require => undef, } postgresql_psql {"ALTER ROLE \"${username}\" ${superuser_sql}": unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolsuper = ${superuser}", } postgresql_psql {"ALTER ROLE \"${username}\" ${createdb_sql}": unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolcreatedb = ${createdb}", } postgresql_psql {"ALTER ROLE \"${username}\" ${createrole_sql}": unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolcreaterole = ${createrole}", } postgresql_psql {"ALTER ROLE \"${username}\" ${login_sql}": unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolcanlogin = ${login}", } postgresql_psql {"ALTER ROLE \"${username}\" ${inherit_sql}": unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolinherit = ${inherit}", } if(versioncmp($version, '9.1') >= 0) { if $replication_sql == '' { postgresql_psql {"ALTER ROLE \"${username}\" NOREPLICATION": unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolreplication = ${replication}", } } else { postgresql_psql {"ALTER ROLE \"${username}\" ${replication_sql}": unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolreplication = ${replication}", } } } postgresql_psql {"ALTER ROLE \"${username}\" CONNECTION LIMIT ${connection_limit}": unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolconnlimit = ${connection_limit}", } if $password_hash and $update_password { if($password_hash =~ /^md5.+/) { $pwd_hash_sql = $password_hash } else { $pwd_md5 = md5("${password_hash}${username}") $pwd_hash_sql = "md5${pwd_md5}" } postgresql_psql { "ALTER ROLE ${username} ENCRYPTED PASSWORD ****": command => "ALTER ROLE \"${username}\" ${password_sql}", unless => "SELECT 1 FROM pg_shadow WHERE usename = '${username}' AND passwd = '${pwd_hash_sql}'", environment => $environment, } } } else { # ensure == absent postgresql_psql { "DROP ROLE \"${username}\"": onlyif => "SELECT 1 FROM pg_roles WHERE rolname = '${username}'", require => undef, } } } puppetlabs-postgresql-6.7.0/manifests/server/schema.pp0100644000076700000240000000442013627456423020201 0ustar00# @summary # Create a new schema. # # @note # The database must exist and the PostgreSQL user should have enough privileges # # @param db Required. Sets the name of the database in which to create this schema. # @param owner Sets the default owner of the schema. # @param schema Sets the name of the schema. # @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. # @example # postgresql::server::schema {'private': # db => 'template1', # } define postgresql::server::schema( $db = $postgresql::server::default_database, $owner = undef, $schema = $title, $connect_settings = $postgresql::server::default_connect_settings, ) { $user = $postgresql::server::user $group = $postgresql::server::group $psql_path = $postgresql::server::psql_path $version = $postgresql::server::_version $module_workdir = $postgresql::server::module_workdir Postgresql::Server::Db <| dbname == $db |> -> Postgresql::Server::Schema[$name] # If the connection settings do not contain a port, then use the local server port if $connect_settings != undef and has_key( $connect_settings, 'PGPORT') { $port = undef } else { $port = $postgresql::server::port } Postgresql_psql { db => $db, psql_user => $user, psql_group => $group, psql_path => $psql_path, port => $port, cwd => $module_workdir, connect_settings => $connect_settings, } postgresql_psql { "${db}: CREATE SCHEMA \"${schema}\"": command => "CREATE SCHEMA \"${schema}\"", unless => "SELECT 1 FROM pg_namespace WHERE nspname = '${schema}'", require => Class['postgresql::server'], } if $owner { postgresql_psql { "${db}: ALTER SCHEMA \"${schema}\" OWNER TO \"${owner}\"": command => "ALTER SCHEMA \"${schema}\" OWNER TO \"${owner}\"", unless => "SELECT 1 FROM pg_namespace JOIN pg_roles rol ON nspowner = rol.oid WHERE nspname = '${schema}' AND rolname = '${owner}'", require => Postgresql_psql["${db}: CREATE SCHEMA \"${schema}\""], } if defined(Postgresql::Server::Role[$owner]) { Postgresql::Server::Role[$owner]->Postgresql_psql["${db}: ALTER SCHEMA \"${schema}\" OWNER TO \"${owner}\""] } } } puppetlabs-postgresql-6.7.0/manifests/server/service.pp0100644000076700000240000000365313674331764020412 0ustar00# @api private class postgresql::server::service { $service_ensure = $postgresql::server::service_ensure $service_enable = $postgresql::server::service_enable $service_manage = $postgresql::server::service_manage $service_name = $postgresql::server::service_name $service_provider = $postgresql::server::service_provider $service_status = $postgresql::server::service_status $user = $postgresql::server::user $port = $postgresql::server::port $default_database = $postgresql::server::default_database $psql_path = $postgresql::server::psql_path $connect_settings = $postgresql::server::default_connect_settings anchor { 'postgresql::server::service::begin': } if $service_manage { service { 'postgresqld': ensure => $service_ensure, enable => $service_enable, name => $service_name, provider => $service_provider, hasstatus => true, status => $service_status, } if $service_ensure in ['running', true] { # This blocks the class before continuing if chained correctly, making # sure the service really is 'up' before continuing. # # Without it, we may continue doing more work before the database is # prepared leading to a nasty race condition. postgresql_conn_validator{ 'validate_service_is_running': run_as => $user, db_name => $default_database, port => $port, connect_settings => $connect_settings, sleep => 1, tries => 60, psql_path => $psql_path, require => Service['postgresqld'], before => Anchor['postgresql::server::service::end'] } Postgresql::Server::Database <| title == $default_database |> -> Postgresql_conn_validator['validate_service_is_running'] } } anchor { 'postgresql::server::service::end': } } puppetlabs-postgresql-6.7.0/manifests/server/table_grant.pp0100644000076700000240000000316213627456423021225 0ustar00# @summary This resource wraps the grant resource to manage table grants specifically. # # @param privilege Specifies comma-separated list of privileges to grant. Valid options: 'ALL', 'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER'. # @param table Specifies the table to which you are granting access. # @param db Specifies which database the table is in. # @param role Specifies the role or user to whom you are granting access. # @param ensure Specifies whether to grant or revoke the privilege. Default is to grant the privilege. # @param port Port to use when connecting. # @param psql_db Specifies the database to execute the grant against. This should not ordinarily be changed from the default. # @param psql_user Specifies the OS user for running psql. # @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. # @param onlyif_exists Create grant only if it doesn't exist. define postgresql::server::table_grant( $privilege, $table, $db, $role, $ensure = undef, $port = undef, $psql_db = undef, $psql_user = undef, $connect_settings = undef, $onlyif_exists = false, ) { postgresql::server::grant { "table:${name}": ensure => $ensure, role => $role, db => $db, port => $port, privilege => $privilege, object_type => 'TABLE', object_name => $table, psql_db => $psql_db, psql_user => $psql_user, onlyif_exists => $onlyif_exists, connect_settings => $connect_settings, } } puppetlabs-postgresql-6.7.0/manifests/server/tablespace.pp0100644000076700000240000000506313627456423021050 0ustar00# @summary This module creates tablespace. # # @param location Specifies the path to locate this tablespace. # @param manage_location Set to false if you have file{ $location: } already defined # @param owner Specifies the default owner of the tablespace. # @param spcname Specifies the name of the tablespace. # @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. define postgresql::server::tablespace( $location, $manage_location = true, $owner = undef, $spcname = $title, $connect_settings = $postgresql::server::default_connect_settings, ) { $user = $postgresql::server::user $group = $postgresql::server::group $psql_path = $postgresql::server::psql_path $module_workdir = $postgresql::server::module_workdir # If the connection settings do not contain a port, then use the local server port if $connect_settings != undef and has_key( $connect_settings, 'PGPORT') { $port = undef } else { $port = $postgresql::server::port } Postgresql_psql { psql_user => $user, psql_group => $group, psql_path => $psql_path, port => $port, connect_settings => $connect_settings, cwd => $module_workdir, } if($manage_location) { file { $location: ensure => directory, owner => $user, group => $group, mode => '0700', seluser => 'system_u', selrole => 'object_r', seltype => 'postgresql_db_t', require => Class['postgresql::server'], } } else { File <| title == $location |> { ensure => directory, owner => $user, group => $group, mode => '0700', seluser => 'system_u', selrole => 'object_r', seltype => 'postgresql_db_t', require => Class['postgresql::server'], } } postgresql_psql { "CREATE TABLESPACE \"${spcname}\"": command => "CREATE TABLESPACE \"${spcname}\" LOCATION '${location}'", unless => "SELECT 1 FROM pg_tablespace WHERE spcname = '${spcname}'", require => File[$location], } if $owner { postgresql_psql { "ALTER TABLESPACE \"${spcname}\" OWNER TO \"${owner}\"": unless => "SELECT 1 FROM pg_tablespace JOIN pg_roles rol ON spcowner = rol.oid WHERE spcname = '${spcname}' AND rolname = '${owner}'", require => Postgresql_psql["CREATE TABLESPACE \"${spcname}\""], } if defined(Postgresql::Server::Role[$owner]) { Postgresql::Server::Role[$owner]->Postgresql_psql["ALTER TABLESPACE \"${spcname}\" OWNER TO \"${owner}\""] } } } puppetlabs-postgresql-6.7.0/manifests/server.pp0100644000076700000240000002604513674331764016752 0ustar00# @summary This installs a PostgreSQL server # # @param postgres_password Sets the password for the postgres user to your specified value. By default, this setting uses the superuser account in the Postgres database, with a user called postgres and no password. # @param package_name Specifies the name of the package to use for installing the server software. # @param package_ensure Passes a value through to the package resource when creating the server instance. # # @param plperl_package_name Sets the default package name for the PL/Perl extension. # @param plpython_package_name Sets the default package name for the PL/Python extension. # # @param service_ensure Ensure service is installed # @param service_enable Enable the PostgreSQL service # @param service_manage Defines whether or not Puppet should manage the service. # @param service_name Overrides the default PostgreSQL service name. # @param service_restart_on_change Overrides the default behavior to restart your PostgreSQL service when a config entry has been changed that requires a service restart to become active. # @param service_provider Overrides the default PostgreSQL service provider. # @param service_reload Overrides the default reload command for your PostgreSQL service. # @param service_status Overrides the default status check command for your PostgreSQL service. # @param default_database Specifies the name of the default database to connect with. On most systems this is 'postgres'. # @param default_connect_settings Specifies a hash of environment variables used when connecting to a remote server. Becomes the default for other defined types, such as postgresql::server::role. # # @param listen_addresses Address list on which the PostgreSQL service will listen # @param port Specifies the port for the PostgreSQL server to listen on. Note: The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, changing the port causes the server to come to a full stop before being able to make the change. # Default value: 5432. Meaning the Postgres server listens on TCP port 5432. # # @param ip_mask_deny_postgres_user Specifies the IP mask from which remote connections should be denied for the postgres superuser. # Default value: '0.0.0.0/0', which denies any remote connection. # # @param ip_mask_allow_all_users Overrides PostgreSQL defaults for remote connections. By default, PostgreSQL does not allow database user accounts to connect via TCP from remote machines. If you'd like to allow this, you can override this setting. # Set to '0.0.0.0/0' to allow database users to connect from any remote machine, or '192.168.0.0/1' to allow connections from any machine on your local '192.168' subnet. # Default value: '127.0.0.1/32'. # # @param ipv4acls Lists strings for access control for connection method, users, databases, IPv4 addresses; # @param ipv6acls Lists strings for access control for connection method, users, databases, IPv6 addresses. # # @param initdb_path Specifies the path to the initdb command. # @param createdb_path Deprecated. Specifies the path to the createdb command. # @param psql_path Specifies the path to the psql command. # @param pg_hba_conf_path Specifies the path to your pg_hba.conf file. # @param pg_ident_conf_path Specifies the path to your pg_ident.conf file. # @param postgresql_conf_path Specifies the path to your postgresql.conf file. # @param recovery_conf_path Specifies the path to your recovery.conf file. # # @param datadir PostgreSQL data directory # @param xlogdir PostgreSQL xlog directory # @param logdir PostgreSQL log directory # # @param log_line_prefix PostgreSQL log line prefix # # @param pg_hba_conf_defaults If false, disables the defaults supplied with the module for pg_hba.conf. This is useful if you disagree with the defaults and wish to override them yourself. Be sure that your changes of course align with the rest of the module, as some access is required to perform basic psql operations for example. # # @param user Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. # @param group Overrides the default postgres user group to be used for related files in the file system. # # @param needs_initdb Explicitly calls the initdb operation after server package is installed, and before the PostgreSQL service is started. # # @param encoding Sets the default encoding for all databases created with this module. On certain operating systems this is also used during the template1 initialization, so it becomes a default outside of the module as well. # @param locale Sets the default database locale for all databases created with this module. On certain operating systems this is used during the template1 initialization as well, so it becomes a default outside of the module. # @param data_checksums Boolean. Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. # Warning: This option is used during initialization by initdb, and cannot be changed later. If set, checksums are calculated for all objects, in all databases. # # @param timezone Set timezone for the PostgreSQL instance # # @param manage_pg_hba_conf Boolean. Whether to manage the pg_hba.conf. # @param manage_pg_ident_conf Boolean. Overwrites the pg_ident.conf file. # @param manage_recovery_conf Boolean. Specifies whether or not manage the recovery.conf. # @param module_workdir Working directory for the PostgreSQL module # # @param manage_datadir Set to false if you have file{ $datadir: } already defined # @param manage_logdir Set to false if you have file{ $logdir: } already defined # @param manage_xlogdir Set to false if you have file{ $xlogdir: } already defined # # @param roles Specifies a hash from which to generate postgresql::server::role resources. # @param config_entries Specifies a hash from which to generate postgresql::server::config_entry resources. # @param pg_hba_rules Specifies a hash from which to generate postgresql::server::pg_hba_rule resources. # # @param version Deprecated. Use postgresql::globals instead. Sets PostgreSQL version # # @param extra_systemd_config Adds extra config to systemd config file, can for instance be used to add extra openfiles. This can be a multi line string # class postgresql::server ( $postgres_password = undef, $package_name = $postgresql::params::server_package_name, $package_ensure = $postgresql::params::package_ensure, $plperl_package_name = $postgresql::params::plperl_package_name, $plpython_package_name = $postgresql::params::plpython_package_name, $service_ensure = $postgresql::params::service_ensure, $service_enable = $postgresql::params::service_enable, $service_manage = $postgresql::params::service_manage, $service_name = $postgresql::params::service_name, $service_restart_on_change = $postgresql::params::service_restart_on_change, $service_provider = $postgresql::params::service_provider, $service_reload = $postgresql::params::service_reload, $service_status = $postgresql::params::service_status, $default_database = $postgresql::params::default_database, $default_connect_settings = $postgresql::globals::default_connect_settings, $listen_addresses = $postgresql::params::listen_addresses, $port = $postgresql::params::port, $ip_mask_deny_postgres_user = $postgresql::params::ip_mask_deny_postgres_user, $ip_mask_allow_all_users = $postgresql::params::ip_mask_allow_all_users, Array[String[1]] $ipv4acls = $postgresql::params::ipv4acls, Array[String[1]] $ipv6acls = $postgresql::params::ipv6acls, $initdb_path = $postgresql::params::initdb_path, $createdb_path = $postgresql::params::createdb_path, $psql_path = $postgresql::params::psql_path, $pg_hba_conf_path = $postgresql::params::pg_hba_conf_path, $pg_ident_conf_path = $postgresql::params::pg_ident_conf_path, $postgresql_conf_path = $postgresql::params::postgresql_conf_path, $recovery_conf_path = $postgresql::params::recovery_conf_path, $datadir = $postgresql::params::datadir, $xlogdir = $postgresql::params::xlogdir, $logdir = $postgresql::params::logdir, $log_line_prefix = $postgresql::params::log_line_prefix, $pg_hba_conf_defaults = $postgresql::params::pg_hba_conf_defaults, $user = $postgresql::params::user, $group = $postgresql::params::group, $needs_initdb = $postgresql::params::needs_initdb, $encoding = $postgresql::params::encoding, $locale = $postgresql::params::locale, $data_checksums = $postgresql::params::data_checksums, $timezone = $postgresql::params::timezone, $manage_pg_hba_conf = $postgresql::params::manage_pg_hba_conf, $manage_pg_ident_conf = $postgresql::params::manage_pg_ident_conf, $manage_recovery_conf = $postgresql::params::manage_recovery_conf, Boolean $manage_selinux = $postgresql::params::manage_selinux, $module_workdir = $postgresql::params::module_workdir, $manage_datadir = $postgresql::params::manage_datadir, $manage_logdir = $postgresql::params::manage_logdir, $manage_xlogdir = $postgresql::params::manage_xlogdir, $password_encryption = $postgresql::params::password_encryption, $extra_systemd_config = $postgresql::params::extra_systemd_config, Hash[String, Hash] $roles = {}, Hash[String, Any] $config_entries = {}, Hash[String, Hash] $pg_hba_rules = {}, #Deprecated $version = undef, ) inherits postgresql::params { if $version != undef { warning('Passing "version" to postgresql::server is deprecated; please use postgresql::globals instead.') $_version = $version } else { $_version = $postgresql::params::version } if $createdb_path != undef{ warning('Passing "createdb_path" to postgresql::server is deprecated, it can be removed safely for the same behaviour') } # Reload has its own ordering, specified by other defines class { 'postgresql::server::reload': require => Class['postgresql::server::install'], } contain postgresql::server::install contain postgresql::server::initdb contain postgresql::server::config contain postgresql::server::service contain postgresql::server::passwd Class['postgresql::server::install'] -> Class['postgresql::server::initdb'] -> Class['postgresql::server::config'] -> Class['postgresql::server::service'] -> Class['postgresql::server::passwd'] $roles.each |$rolename, $role| { postgresql::server::role { $rolename: * => $role, } } $config_entries.each |$entry, $value| { postgresql::server::config_entry { $entry: value => $value, } } $pg_hba_rules.each |$rule_name, $rule| { postgresql::server::pg_hba_rule { $rule_name: * => $rule, } } } puppetlabs-postgresql-6.7.0/manifests/validate_db_connection.pp0100644000076700000240000001024313627456423022110 0ustar00# @summary This type validates that a successful postgres connection. # # @note # This validated if the postgres connection can be established # between the node on which this resource is run and a specified postgres # instance (host/port/user/password/database name). # # # @param database_host Database host address # @param database_name Specifies the name of the database you wish to test. # @param database_password Specifies the password to connect with. # @param database_username Specifies the username to connect with. # @param database_port Defines the port to use when connecting. # @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. # @param run_as Specifies the user to run the psql command as. # @param sleep Sets the number of seconds to sleep for before trying again after a failure. # @param tries Sets the number of attempts after failure before giving up and failing the resource. # @param create_db_first Creates the database when obtaining a successful connection. # define postgresql::validate_db_connection( $database_host = undef, $database_name = undef, $database_password = undef, $database_username = undef, $database_port = undef, $connect_settings = undef, $run_as = undef, $sleep = 2, $tries = 10, $create_db_first = true ) { include postgresql::client include postgresql::params warning('postgresql::validate_db_connection is deprecated, please use postgresql_conn_validator.') $psql_path = $postgresql::params::psql_path $module_workdir = $postgresql::params::module_workdir $validcon_script_path = $postgresql::client::validcon_script_path $cmd_init = "${psql_path} --tuples-only --quiet " $cmd_host = $database_host ? { undef => '', default => "-h ${database_host} ", } $cmd_user = $database_username ? { undef => '', default => "-U ${database_username} ", } $cmd_port = $database_port ? { undef => '', default => "-p ${database_port} ", } $cmd_dbname = $database_name ? { undef => "--dbname ${postgresql::params::default_database} ", default => "--dbname ${database_name} ", } $pass_env = $database_password ? { undef => undef, default => "PGPASSWORD=${database_password}", } $cmd = join([$cmd_init, $cmd_host, $cmd_user, $cmd_port, $cmd_dbname], ' ') $validate_cmd = "${validcon_script_path} ${sleep} ${tries} '${cmd}'" # This is more of a safety valve, we add a little extra to compensate for the # time it takes to run each psql command. $timeout = (($sleep + 2) * $tries) # Combine $database_password and $connect_settings into an array of environment # variables, ensure $database_password is last, allowing it to override a password # from the $connect_settings hash if $connect_settings != undef { if $pass_env != undef { $env = concat(join_keys_to_values( $connect_settings, '='), $pass_env) } else { $env = join_keys_to_values( $connect_settings, '=') } } else { $env = $pass_env } $exec_name = "validate postgres connection for ${database_username}@${database_host}:${database_port}/${database_name}" exec { $exec_name: command => "echo 'Unable to connect to defined database using: ${cmd}' && false", unless => $validate_cmd, cwd => $module_workdir, environment => $env, logoutput => 'on_failure', user => $run_as, path => '/bin:/usr/bin:/usr/local/bin', timeout => $timeout, require => Class['postgresql::client'], } # This is a little bit of puppet magic. What we want to do here is make # sure that if the validation and the database instance creation are being # applied on the same machine, then the database resource is applied *before* # the validation resource. Otherwise, the validation is guaranteed to fail # on the first run. # # We accomplish this by using Puppet's resource collection syntax to search # for the Database resource in our current catalog; if it exists, the # appropriate relationship is created here. if($create_db_first) { Postgresql::Server::Database<|title == $database_name|> -> Exec[$exec_name] } } puppetlabs-postgresql-6.7.0/metadata.json0100644000076700000240000000364013722221521015540 0ustar00{ "name": "puppetlabs-postgresql", "version": "6.7.0", "author": "Inkling/Puppet Labs", "summary": "Offers support for basic management of PostgreSQL databases.", "license": "Apache-2.0", "source": "https://github.com/puppetlabs/puppetlabs-postgresql", "project_page": "https://github.com/puppetlabs/puppetlabs-postgresql", "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", "dependencies": [ { "name": "puppetlabs/stdlib", "version_requirement": ">= 4.13.1 < 7.0.0" }, { "name": "puppetlabs/apt", "version_requirement": ">= 2.0.0 < 8.0.0" }, { "name": "puppetlabs/concat", "version_requirement": ">= 4.1.0 < 7.0.0" } ], "operatingsystem_support": [ { "operatingsystem": "RedHat", "operatingsystemrelease": [ "5", "6", "7", "8" ] }, { "operatingsystem": "CentOS", "operatingsystemrelease": [ "5", "6", "7", "8" ] }, { "operatingsystem": "OracleLinux", "operatingsystemrelease": [ "5", "6", "7" ] }, { "operatingsystem": "Scientific", "operatingsystemrelease": [ "6", "7" ] }, { "operatingsystem": "Debian", "operatingsystemrelease": [ "8", "9", "10" ] }, { "operatingsystem": "SLES", "operatingsystemrelease": [ "11", "12", "15" ] }, { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ "14.04", "16.04", "18.04", "20.04" ] } ], "requirements": [ { "name": "puppet", "version_requirement": ">= 5.5.10 < 7.0.0" } ], "pdk-version": "1.18.1", "template-url": "https://github.com/puppetlabs/pdk-templates#master", "template-ref": "heads/master-0-gd610ead" } puppetlabs-postgresql-6.7.0/provision.yaml0100644000076700000240000000334613674331764016025 0ustar00--- default: provisioner: docker images: ['litmusimage/centos7'] vagrant: provisioner: vagrant images: ['centos/7', 'generic/ubuntu1804'] travis_deb: provisioner: docker images: ['litmusimage/debian:8', 'litmusimage/debian:9', 'litmusimage/debian:10'] travis_ub_5: provisioner: docker images: ['litmusimage/ubuntu:14.04', 'litmusimage/ubuntu:16.04', 'litmusimage/ubuntu:18.04'] travis_ub_6: provisioner: docker images: ['litmusimage/ubuntu:14.04', 'litmusimage/ubuntu:16.04', 'litmusimage/ubuntu:18.04', 'litmusimage/ubuntu:20.04'] travis_el6: provisioner: docker images: ['litmusimage/centos:6', 'litmusimage/scientificlinux:6'] travis_el7: provisioner: docker images: ['litmusimage/centos:7', 'litmusimage/oraclelinux:7', 'litmusimage/scientificlinux:7'] travis_el8: provisioner: docker images: ['litmusimage/centos:8'] release_checks_5: provisioner: abs images: ['redhat-5-x86_64', 'redhat-6-x86_64', 'redhat-7-x86_64', 'redhat-8-x86_64', 'centos-5-x86_64', 'centos-6-x86_64', 'centos-7-x86_64', 'centos-8-x86_64', 'oracle-5-x86_64', 'oracle-6-x86_64', 'oracle-7-x86_64', 'scientific-6-x86_64', 'scientific-7-x86_64', 'debian-8-x86_64', 'debian-9-x86_64', 'debian-10-x86_64', 'sles-12-x86_64', 'ubuntu-1404-x86_64', 'ubuntu-1604-x86_64', 'ubuntu-1804-x86_64'] release_checks_6: provisioner: abs images: ['redhat-5-x86_64', 'redhat-6-x86_64', 'redhat-7-x86_64', 'redhat-8-x86_64', 'centos-5-x86_64', 'centos-6-x86_64', 'centos-7-x86_64', 'centos-8-x86_64', 'oracle-5-x86_64', 'oracle-6-x86_64', 'oracle-7-x86_64', 'scientific-6-x86_64', 'scientific-7-x86_64', 'debian-8-x86_64', 'debian-9-x86_64', 'debian-10-x86_64', 'sles-12-x86_64', 'ubuntu-1404-x86_64', 'ubuntu-1604-x86_64', 'ubuntu-1804-x86_64', 'ubuntu-2004-x86_64'] puppetlabs-postgresql-6.7.0/readmes0040755000076700000240000000000013722221531014427 5ustar00puppetlabs-postgresql-6.7.0/readmes/README_ja_JP.md0100644000076700000240000021576613627456423017064 0ustar00# postgresql #### 目次 1. [モジュールの概要 - モジュールの機能](#module-description) 2. [セットアップ - postgresqlモジュール導入の基本](#setup) * [postgresqlの影響](#what-postgresql-affects) * [postgresqlの導入](#getting-started-with-postgresql) 3. [使用方法 - 設定オプションと追加機能](#usage) * [サーバーの設定](#configure-a-server) * [データベースの作成](#create-a-database) * [ユーザ、ロール、パーミッションの管理](#manage-users-roles-and-permissions) * [DBオブジェクトの所有権の管理](#manage-ownership-of-db-objects) * [デフォルトのオーバーライド](#override-defaults) * [pg_hba.confのアクセスルールの作成](#create-an-access-rule-for-pg_hbaconf) * [pg_ident.confのユーザ名マップの作成](#create-user-name-maps-for-pg_identconf) * [接続の検証](#validate-connectivity) 4. [参考 - モジュールの機能と動作について](#reference) * [クラス](#classes) * [定義できるタイプ](#defined-types) * [タイプ](#types) * [関数](#functions) * [タスク](#tasks) 5. [制約事項 - OSの互換性など](#limitations) 6. [開発 - モジュール貢献についてのガイド](#development) * [コントリビュータ - モジュール貢献者の一覧](#contributors) 7. [テスト](#tests) 8. [コントリビュータ - モジュール貢献者の一覧](#contributors) ## モジュールの概要 postgresqlモジュールを使用すると、PuppetでPostgreSQLを管理できます。 PostgreSQLは、高性能な無償のオープンソースリレーショナルデータベースサーバーです。postgresqlモジュールを使用すると、PostgreSQLのパッケージ、サービス、データベース、ユーザ、一般的なセキュリティ設定を管理できるようになります。 ## セットアップ ### postgresqlの影響 * PostgreSQLのパッケージ、サービス、設定ファイル * リッスンするポート * IPおよびマスク(オプション) ### postgresqlの導入 基本的なデフォルトのPostgreSQLサーバーを設定するには、`postgresql::server`クラスを宣言します。 ```puppet class { 'postgresql::server': } ``` ## 使用方法 ### サーバーの設定 デフォルト設定を使用する場合は、上記のように`postgresql::server`クラスを宣言します。PostgreSQLサーバーの設定をカスタマイズするには、次のように、変更する[パラメータ](#postgresqlserver)を指定します。 ```puppet class { 'postgresql::server': ip_mask_deny_postgres_user => '0.0.0.0/32', ip_mask_allow_all_users => '0.0.0.0/0', ipv4acls => ['hostssl all johndoe 192.168.0.0/24 cert'], postgres_password => 'TPSrep0rt!', } ``` 設定後、コマンドラインで設定をテストします。 ```shell psql -h localhost -U postgres psql -h my.postgres.server -U ``` 上記のコマンドでエラーメッセージが返ってくる場合は、パーミッションの設定によって現在の接続元からのアクセスが制限されています。その場所からの接続を許可するかどうかに応じて、パーミッション設定の変更が必要な場合があります。 サーバー設定パラメータの詳細については、[PostgreSQLランタイム設定マニュアル](http://www.postgresql.org/docs/current/static/runtime-config.html)を参照してください。 ### データベースの作成 さまざまなPostgreSQLデータベースを定義タイプ`postgresql::server::db`を使用してセットアップできます。例えば、PuppetDBのデータベースをセットアップするには、次のように記述します。 ```puppet class { 'postgresql::server': } postgresql::server::db { 'mydatabasename': user => 'mydatabaseuser', password => postgresql_password('mydatabaseuser', 'mypassword'), } ``` ### ユーザ、ロール、パーミッションの管理 ユーザ、ロール、パーミッションを管理するには、次のようにします。 ```puppet class { 'postgresql::server': } postgresql::server::role { 'marmot': password_hash => postgresql_password('marmot', 'mypasswd'), } postgresql::server::database_grant { 'test1': privilege => 'ALL', db => 'test1', role => 'marmot', } postgresql::server::table_grant { 'my_table of test2': privilege => 'ALL', table => 'my_table', db => 'test2', role => 'marmot', } ``` この例では、test1データベース上とtest2データベースの`my_table`テーブル上の**すべての**権限を、指定したユーザまたはグループに付与します。値がPuppetDB設定ファイルに追加されると、このデータベースは使用可能になります。 ### DBオブジェクトの所有権の管理 REASSIGN OWNEDを使用して、データベース内にあるすべてのオブジェクトの所有権を変更するには、次のようにします。 ```puppet postgresql::server::reassign_owned_by { 'new owner is meerkat': db => 'test_db', old_role => 'marmot', new_role => 'meerkat', } ``` この例では、PostgreSQLの'REASSIGN OWNED'ステートメントを実行して所有権を更新し、現在、ロール'marmot'が所有しているすべてのテーブル、シーケンス、関数、ビューが、ロール'meerkat'に所有されるようにします。 これは、指定された'test_db'内のオブジェクトに対してのみ適用されます。 バージョン9.3以上のPostgresqlでは、データベースの所有権も更新されます。 ### デフォルトのオーバーライド `postgresql::globals`クラスを使用すると、このモジュールの主な設定をグローバルに構成できます。この設定は、他のクラスや定義済みリソースから使用できます。単独では機能しません。 例えば、すべてのクラスのデフォルトの`locale`と`encoding`をオーバーライドするには、次のように記述します。 ```puppet class { 'postgresql::globals': encoding => 'UTF-8', locale => 'en_US.UTF-8', } class { 'postgresql::server': } ``` 特定のバージョンのPostgreSQLパッケージを使用するには、次のように記述します。 ```puppet class { 'postgresql::globals': manage_package_repo => true, version => '9.2', } class { 'postgresql::server': } ``` ### リモートのユーザ、ロール、パーミッションの管理 リモートのSQLオブジェクトは、ローカルのSQLオブジェクトと同じPuppetリソースと、[`connect_settings`](#connect_settings)ハッシュを使用して管理します。これは、PuppetがリモートのPostgresインスタンスに接続する方法と、SQLコマンドの生成に使用されるバージョンを制御します。 `connect_settings`ハッシュには、'PGHOST'、'PGPORT'、'PGPASSWORD'、'PGSSLKEY'など、Postgresクライアント接続を制御する環境変数を含めることができます。変数の全リストについては、[PostgreSQL環境変数](http://www.postgresql.org/docs/9.4/static/libpq-envars.html)マニュアルを参照してください。 さらに、特殊値の'DBVERSION'により、ターゲットデータベースのバージョンを指定できます。`connect_settings`ハッシュが省略されているか空の場合、PuppetはローカルのPostgreSQLインスタンスに接続します。 Puppetリソースごとに`connect_settings`ハッシュを設定するか、`postgresql::globals`にデフォルトの`connect_settings`ハッシュを設定できます。リソースごとに`connect_settings`を設定すると、SQLオブジェクトが複数のユーザによって複数のデータベース上に作成できるようになります。 ```puppet $connection_settings_super2 = { 'PGUSER' => 'super2', 'PGPASSWORD' => 'foobar2', 'PGHOST' => '127.0.0.1', 'PGPORT' => '5432', 'PGDATABASE' => 'postgres', } include postgresql::server # Connect with no special settings, i.e domain sockets, user postgres postgresql::server::role { 'super2': password_hash => 'foobar2', superuser => true, connect_settings => {}, } # Now using this new user connect via TCP postgresql::server::database { 'db1': connect_settings => $connection_settings_super2, require => Postgresql::Server::Role['super2'], } ``` ### pg_hba.confのアクセスルールの作成 `pg_hba.conf`のアクセスルールを作成するには、次のように記述します。 ```puppet postgresql::server::pg_hba_rule { 'allow application network to access app database': description => 'Open up PostgreSQL for access from 200.1.2.0/24', type => 'host', database => 'app', user => 'app', address => '200.1.2.0/24', auth_method => 'md5', } ``` これにより、以下のようなルールセットが`pg_hba.conf`内に作成されます。 ``` # Rule Name: allow application network to access app database # Description: Open up PostgreSQL for access from 200.1.2.0/24 # Order: 150 host app app 200.1.2.0/24 md5 ``` デフォルトでは、`pg_hba_rule`に`postgresql::server`を含める必要がありますが、ルールを宣言する際にtargetおよびpostgresql_versionを設定することで、その動作をオーバーライドできます。例えば次のようになります。 ```puppet postgresql::server::pg_hba_rule { 'allow application network to access app database': description => 'Open up postgresql for access from 200.1.2.0/24', type => 'host', database => 'app', user => 'app', address => '200.1.2.0/24', auth_method => 'md5', target => '/path/to/pg_hba.conf', postgresql_version => '9.4', } ``` ### pg_ident.confのユーザ名マップの作成 pg_ident.confのユーザ名マップを作成するには、次のように記述します。 ```puppet postgresql::server::pg_ident_rule { 'Map the SSL certificate of the backup server as a replication user': map_name => 'sslrepli', system_username => 'repli1.example.com', database_username => 'replication', } ``` これにより、次のようなユーザ名マップが`pg_ident.conf`に作成されます。 ``` #Rule Name: Map the SSL certificate of the backup server as a replication user #Description: none #Order: 150 sslrepli repli1.example.com replication ``` ### リカバリ設定の作成 リカバリ設定ファイル(`recovery.conf`)を作成するには、次のように記述します。 ```puppet postgresql::server::recovery { 'Create a recovery.conf file with the following defined parameters': restore_command => 'cp /mnt/server/archivedir/%f %p', archive_cleanup_command => undef, recovery_end_command => undef, recovery_target_name => 'daily backup 2015-01-26', recovery_target_time => '2015-02-08 22:39:00 EST', recovery_target_xid => undef, recovery_target_inclusive => true, recovery_target => 'immediate', recovery_target_timeline => 'latest', pause_at_recovery_target => true, standby_mode => 'on', primary_conninfo => 'host=localhost port=5432', primary_slot_name => undef, trigger_file => undef, recovery_min_apply_delay => 0, } ``` これにより、次の`recovery.conf`設定ファイルが作成されます。 ``` restore_command = 'cp /mnt/server/archivedir/%f %p' recovery_target_name = 'daily backup 2015-01-26' recovery_target_time = '2015-02-08 22:39:00 EST' recovery_target_inclusive = true recovery_target = 'immediate' recovery_target_timeline = 'latest' pause_at_recovery_target = true standby_mode = 'on' primary_conninfo = 'host=localhost port=5432' recovery_min_apply_delay = 0 ``` テンプレートでは、指定されたパラメータのみが認識されます。`recovery.conf`は、少なくとも1つのパラメータが設定済みで、**かつ**、[manage_recovery_conf](#manage_recovery_conf)がtrueの場合のみ作成されます。 ### 接続の検証 従属タスクを開始する前に、リモートのPostgreSQLデータベースへのクライアント接続を検証するには、`postgresql_conn_validator`リソースを使用します。このリソースは、PostgreSQLクライアントソフトウェアがインストールされている任意のノード上で使用できます。アプリケーションサーバーの起動や、データベース移行の実行など、他のタスクと結合されることがよくあります。 使用例: ```puppet postgresql_conn_validator { 'validate my postgres connection': host => 'my.postgres.host', db_username => 'mydbuser', db_password => 'mydbpassword', db_name => 'mydbname', }-> exec { 'rake db:migrate': cwd => '/opt/myrubyapp', } ``` ## リファレンス postgresqlモジュールには、サーバー設定用に多数のオプションがあります。以下の設定をすべて使うことはないかもしれませんが、これらを使用することで、セキュリティ設定をかなり制御することができます。 **クラス:** * [postgresql::client](#postgresqlclient) * [postgresql::globals](#postgresqlglobals) * [postgresql::lib::devel](#postgresqllibdevel) * [postgresql::lib::java](#postgresqllibjava) * [postgresql::lib::perl](#postgresqllibperl) * [postgresql::lib::python](#postgresqllibpython) * [postgresql::server](#postgresqlserver) * [postgresql::server::plperl](#postgresqlserverplperl) * [postgresql::server::contrib](#postgresqlservercontrib) * [postgresql::server::postgis](#postgresqlserverpostgis) **定義できるタイプ:** * [postgresql::server::config_entry](#postgresqlserverconfig_entry) * [postgresql::server::database](#postgresqlserverdatabase) * [postgresql::server::database_grant](#postgresqlserverdatabase_grant) * [postgresql::server::db](#postgresqlserverdb) * [postgresql::server::extension](#postgresqlserverextension) * [postgresql::server::grant](#postgresqlservergrant) * [postgresql::server::grant_role](#postgresqlservergrant_role) * [postgresql::server::pg_hba_rule](#postgresqlserverpg_hba_rule) * [postgresql::server::pg_ident_rule](#postgresqlserverpg_ident_rule) * [postgresql::server::reassign_owned_by](#postgresqlserverreassign_owned_by) * [postgresql::server::recovery](#postgresqlserverrecovery) * [postgresql::server::role](#postgresqlserverrole) * [postgresql::server::schema](#postgresqlserverschema) * [postgresql::server::table_grant](#postgresqlservertable_grant) * [postgresql::server::tablespace](#postgresqlservertablespace) **タイプ:** * [postgresql_psql](#custom-resource-postgresql_psql) * [postgresql_replication_slot](#custom-resource-postgresql_replication_slot) * [postgresql_conf](#custom-resource-postgresql_conf) * [postgresql_conn_validator](#custom-resource-postgresql_conn_validator) **関数:** * [postgresql_password](#function-postgresql_password) * [postgresql_acls_to_resources_hash](#function-postgresql_acls_to_resources_hashacl_array-id-order_offset) **タスク:** * [`sql`](#tasks) ### クラス #### postgresql::client PostgreSQLクライアントソフトウェアをインストールします。カスタムのバージョンをインストールするには、次のパラメータを設定します。 >**注意:** カスタムのバージョンを指定する場合、必要なyumまたはaptリポジトリを忘れずに追加してください。 ##### `package_ensure` PostgreSQLクライアントパッケージリソースが存在する必要があるかどうかを指定します。 有効な値: 'present'、'absent'。 デフォルト値: 'present'。 ##### `package_name` PostgreSQLクライアントパッケージの名前を設定します。 デフォルト値: 'file'。 #### postgresql::lib::docs Postgres-Docs向けのPostgreSQLバインディングをインストールします。カスタムのバージョンをインストールするには、次のパラメータを設定します。 **注意:** カスタムのバージョンを指定する場合、必要なyumまたはaptリポジトリを忘れずに追加してください。 ##### `package_name` PostgreSQL docsパッケージの名前を指定します。 ##### `package_ensure` PostgreSQL docsパッケージリソースが存在する必要があるかどうかを指定します。 有効な値: 'present'、'absent'。 デフォルト値: 'present'。 #### postgresql::globals **注意:** ほとんどのサーバー固有のデフォルト値は、`postgresql::server`クラスでオーバーライドする必要があります。このクラスは、標準以外のOSを使用している場合か、ここでしか変更できない要素(`version`や`manage_package_repo`)を変更する場合のみ使用します。 ##### `bindir` ターゲットプラットフォームのデフォルトのPostgreSQLバイナリディレクトリをオーバーライドします。 デフォルト値: OSによって異なります。 ##### `client_package_name` デフォルトのPostgreSQLクライアントパッケージ名をオーバーライドします。 デフォルト値: OSによって異なります。 ##### `confdir`  ターゲットプラットフォームのデフォルトのPostgreSQL設定ディレクトリをオーバーライドします。 デフォルト値: OSによって異なります。 ##### `contrib_package_name` デフォルトのPostgreSQL contribパッケージ名をオーバーライドします。 デフォルト値: OSによって異なります。 ##### `createdb_path` **非推奨** `createdb`コマンドへのパス。 デフォルト値: '${bindir}/createdb'。 ##### `datadir` ターゲットプラットフォームのデフォルトのPostgreSQLデータディレクトリをオーバーライドします。 デフォルト値: OSによって異なります。 **注意:** インストール後にdatadirを変更すると、変更が実行される前にサーバーが完全に停止します。Red Hatシステムでは、データディレクトリはSELinuxに適切にラベル付けする必要があります。Ubuntuでは、明示的に`needs_initdb = true`に設定して、Puppetが新しいdatadir内のデータベースを初期化できるようにする必要があります(他のシステムでは、`needs_initdb`はデフォルトでtrueになっています)。 **警告:** datadirがデフォルトから変更された場合、Puppetは元のデータディレクトリのパージを管理しません。そのため、データディレクトリが元のディレクトリに戻ったときにエラーが発生します。 ##### `data_checksums` オプションです。 データタイプ: 真偽値(boolean) データページに対してチェックサムを使用すると、その他の方法では発見の難しいI/Oシステムによる破損を検出するのに役立ちます。 有効な値: `true`、`false`。 デフォルト値: initdbのデフォルト値(`false`)。 **警告:** このオプションは、initdbによって初期化中に使用され、後から変更することはできません。設定された時点で、すべてのデータベース内のすべてのオブジェクトに対してチェックサムが計算されます。 ##### `default_database` 接続するデフォルトのデータベースの名前を指定します。 デフォルト値: (ほとんどのシステムにおいて) 'postgres'。 ##### `devel_package_name` デフォルトのPostgreSQL develパッケージ名をオーバーライドします。 デフォルト値: OSによって異なります。 ##### `docs_package_name` オプションです。 デフォルトのPostgreSQL docsパッケージ名をオーバーライドします。 デフォルト値: OSによって異なります。 ##### `encoding` このモジュールで作成されるすべてのデータベースのデフォルトエンコーディングを設定します。オペレーティングシステムによっては、`template1` の初期化にも使用されます。その場合、モジュール外部のデフォルトにもなります。 デフォルト値: オペレーティングシステムのデフォルトエンコーディングによって決まります。 ##### `group` ファイルシステムの関連ファイルに使用されるデフォルトのpostgresユーザグループをオーバーライドします。 デフォルト値: 'postgres'。 ##### `initdb_path` `initdb`コマンドへのパス。 ##### `java_package_name` デフォルトのPostgreSQL javaパッケージ名をオーバーライドします。 デフォルト値: OSによって異なります。 ##### `locale` このモジュールで作成されるすべてのデータベースのデフォルトのデータベースロケールを設定します。オペレーティングシステムによっては、`template1` の初期化にも使用されます。その場合、モジュール外部のデフォルトにもなります。 デフォルト値: `undef`、実質的には'C'。 **Debianでは、PostgreSQLのフル機能が使用できるように'locales-all'パッケージがインストールされていることを確認する必要があります。** ##### `timezone` postgresqlサーバーのデフォルトタイムゾーンを設定します。postgresqlのビルトインのデフォルト値は、システムのタイムゾーン情報を取得しています。 ##### `logdir` デフォルトのPostgreSQL logディレクトリをオーバーライドします。 デフォルト値: initdbのデフォルトパス。 ##### `manage_package_repo` `true`に設定されている場合、お使いのホスト上に公式なPostgreSQLリポジトリをセットアップします。 デフォルト値: `false`。 ##### `module_workdir` psqlコマンドを実行する作業ディレクトリを指定します。'/tmp'がnoexecオプションでマウントされたボリューム上にあるときに、指定が必要になる場合があります。 デフォルト値: '/tmp'。 ##### `needs_initdb` サーバーパッケージをインストール後、PostgreSQLサービスを開始する前に、initdb動作を明示的に呼び出します。 デフォルト値: OSによって異なります。 ##### `perl_package_name` デフォルトのPostgreSQL Perlパッケージ名をオーバーライドします。 デフォルト値: OSによって異なります。 ##### `pg_hba_conf_defaults` `false`に設定すると、`pg_hba.conf`についてモジュールに設定されたデフォルト値を無効にします。デフォルト値をオーバーライドするときに役立ちます。ただし、基本的な`psql`動作など、一定の動作を行うためには一定のアクセスが要求されるので、ここでの変更内容がその他のモジュールと矛盾しないように注意してください。 デフォルト値: `postgresql::globals::manage_pg_hba_conf`に設定されたグローバル値。デフォルトは`true`。 ##### `pg_hba_conf_path` `pg_hba.conf`ファイルへのパスを指定します。 デフォルト値: '${confdir}/pg_hba.conf'。 ##### `pg_ident_conf_path` `pg_ident.conf`ファイルへのパスを指定します。 デフォルト値: '${confdir}/pg_ident.conf'。 ##### `plperl_package_name` デフォルトのPostgreSQL PL/Perlパッケージ名をオーバーライドします。 デフォルト値: OSによって異なります。 ##### `plpython_package_name` デフォルトのPostgreSQL PL/Pythonパッケージ名をオーバーライドします。 デフォルト値: OSによって異なります。 ##### `postgis_version` PostGISをインストールする場合に、インストールするPostGISのバージョンを定義します。 デフォルト値: インストールするPostgreSQLで利用可能な最下位のバージョン。 ##### `postgresql_conf_path` `postgresql.conf`ファイルへのパスを設定します。 デフォルト値: '${confdir}/postgresql.conf'。 ##### `psql_path` `psql`コマンドへのパスを設定します。 ##### `python_package_name` デフォルトのPostgreSQL Pythonパッケージ名をオーバーライドします。 デフォルト値: OSによって異なります。 ##### `recovery_conf_path` `recovery.conf`ファイルへのパス。 ##### `repo_proxy` 公式のPostgreSQL yumリポジトリのみのプロキシオプションを設定します。これは、サーバーが企業のファイアウォール内にあり、外部への接続にプロキシを使用する必要がある場合に役立ちます。 Debianは現在サポートされていません。 ##### `repo_baseurl` PostgreSQLリポジトリのbaseurlを設定します。リポジトリのミラーを所有している場合に便利です。 デフォルト値: 公式なPostgreSQLリポジトリ。 ##### `server_package_name` デフォルトのPostgreSQLサーバーパッケージ名をオーバーライドします。 デフォルト値: OSによって異なります。 ##### `service_name` デフォルトのPostgreSQLサービス名をオーバーライドします。 デフォルト値: OSによって異なります。 ##### `service_provider` デフォルトのPostgreSQLサービスプロバイダをオーバーライドします。 デフォルト値: OSによって異なります。 ##### `service_status` PostgreSQLサービスのデフォルトのステータスチェックコマンドをオーバーライドします。 デフォルト値: OSによって異なります。 ##### `user` ファイルシステム内のPostgreSQL関連ファイルのデフォルトのPostgreSQLスーパーユーザおよび所有者をオーバーライドします。 デフォルト値: 'postgres'。 ##### `version` インストールおよび管理するPostgreSQLのバージョン。 デフォルト値: OSシステムのデフォルト値。 ##### `xlogdir` デフォルトのPostgreSQL xlogディレクトリをオーバーライドします。 デフォルト値: initdbのデフォルトパス。 #### postgresql::lib::devel PostgreSQLの開発ライブラリとシンボリックリンク`pg_config`を含むパッケージを`/usr/bin`にインストールします(`/usr/bin`または`/usr/local/bin`に存在しない場合)。 ##### `link_pg_config` PostgreSQLページが使用するbinディレクトリが`/usr/bin`でも`/usr/local/bin`でもない場合、パッケージのbinディレクトリから`usr/bin`に`pg_config`をシンボリックリンクします(Debianシステムには適用されません)。この動作を無効にするには、`false`に設定します。 有効な値: `true`、`false`。 デフォルト値: `true`。 ##### `package_ensure` パッケージのインストール中に'ensure'パラメータをオーバーライドします。 デフォルト値: 'present'。 ##### `package_name` インストール先のディストリビューションのデフォルトパッケージ名をオーバーライドします。 デフォルト値: ディストリビューションに応じて、'postgresql-devel'または'postgresql-devel'。 #### postgresql::lib::java Java (JDBC)向けのPostgreSQLバインディングをインストールします。カスタムのバージョンをインストールするには、次のパラメータを設定します。 **注意:** カスタムのバージョンを指定する場合、必要なyumまたはaptリポジトリを忘れずに追加してください。 ##### `package_ensure` パッケージが存在するかどうかを指定します。 有効な値: 'present'、'absent'。 デフォルト値: 'present'。 ##### `package_name` PostgreSQL javaパッケージの名前を指定します。 #### postgresql::lib::perl PostgreSQL Perlライブラリをインストールします。 ##### `package_ensure` パッケージが存在するかどうかを指定します。 有効な値: 'present'、'absent'。 デフォルト値: 'present'。 ##### `package_name` インストールするPostgreSQL perlパッケージの名前を指定します。 #### postgresql::server::plpython PostgreSQLのPL/Python手続き型言語をインストールします。 ##### `package_name` postgresql PL/Pythonパッケージの名前を指定します。 ##### `package_ensure` パッケージが存在するかどうかを指定します。 有効な値: 'present'、'absent'。 デフォルト値: 'present'。 #### postgresql::lib::python PostgreSQL Pythonライブラリをインストールします。 ##### `package_ensure` パッケージが存在するかどうかを指定します。 有効な値: 'present'、'absent'。 デフォルト値: 'present'。 ##### `package_name` PostgreSQL Pythonパッケージの名前。 #### postgresql::server ##### `config_entries` `postgresql::server::config_entry` のリソースを構築するハッシュを指定します。 デフォルト値: `{}` ##### `createdb_path` **非推奨** `createdb`コマンドへのパスを指定します。 デフォルト値: '${bindir}/createdb'。 ##### `data_checksums` オプションです。 データタイプ: 真偽値(boolean) データページに対してチェックサムを使用すると、その他の方法では発見の難しいI/Oシステムによる破損を検出するのに役立ちます。 有効な値: `true`、`false`。 デフォルト値: initdbのデフォルト値(`false`)。 **警告:** このオプションは、initdbによって初期化中に使用され、後から変更することはできません。設定された時点で、すべてのデータベース内のすべてのオブジェクトに対してチェックサムが計算されます。 ##### `default_database` 接続するデフォルトのデータベースの名前を指定します。ほとんどのシステムで、'postgres'になります。 ##### `default_connect_settings` リモートサーバーに接続する際に使用される環境変数のハッシュを指定します。他の定義タイプのデフォルトとして使用されます(`postgresql::server::role`など)。 ##### `encoding` このモジュールで作成されるすべてのデータベースのデフォルトエンコーディングを設定します。オペレーティングシステムによっては、`template1` の初期化にも使用されます。その場合、モジュール外部のデフォルトにもなります。 デフォルト値: `undef`。 ##### `group` ファイルシステムの関連ファイルに使用されるデフォルトのpostgresユーザグループをオーバーライドします。 デフォルト値: OSによって異なります。 ##### `initdb_path` `initdb`コマンドへのパスを指定します。 デフォルト値: '${bindir}/initdb'。 ##### `ipv4acls` 接続方法、ユーザ、データベース、IPv4アドレスのアクセス制御のための文字列を一覧表示します。 詳細については、[PostgreSQLマニュアル](http://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html)の`pg_hba.conf`の項を参照してください。 ##### `ipv6acls` 接続方法、ユーザ、データベース、IPv6アドレスのアクセス制御のための文字列を一覧表示します。 詳細については、[PostgreSQLマニュアル](http://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html)の`pg_hba.conf`の項を参照してください。 ##### `ip_mask_allow_all_users` リモート接続に関するPostgreSQLのデフォルト動作をオーバーライドします。デフォルトでは、PostgreSQLは、データベースユーザアカウントがリモートマシンからTCP経由で接続することを許可しません。許可するには、この設定をオーバーライドします。 データベースユーザによる任意のリモートマシンからの接続を許可するには、'0.0.0.0/0'に設定します。ローカルの'192.168'サブネット内の任意のマシンからの接続を許可するには、'192.168.0.0/1'に設定します。 デフォルト値: '127.0.0.1/32'。 ##### `ip_mask_deny_postgres_user` postgresスーパーユーザについて、リモート接続を拒否するためのIPマスクを指定します。 デフォルト値: '0.0.0.0/0'。デフォルト値ではリモート接続はすべて拒否されます。 ##### `locale` このモジュールで作成されるすべてのデータベースのデフォルトのデータベースロケールを設定します。オペレーティングシステムによっては、`template1` の初期化にも使用されます。その場合、モジュール外部のデフォルトになります。 デフォルト値: `undef`、実質的には'C'。 **Debianでは、PostgreSQLの全機能を使用できるよう、'locales-all'パッケージがインストールされていることを確認してください。** ##### `manage_pg_hba_conf` `pg_hba.conf`を管理するかどうかを指定します。 `true`に設定すると、Puppetはこのファイルを上書きします。 `false`に設定すると、Puppetはこのファイルに変更を加えません。 有効な値: `true`、`false`。 デフォルト値: `true` ##### `manage_pg_ident_conf` pg_ident.confファイルを上書きします。 `true`に設定すると、Puppetはこのファイルを上書きします。 `false`に設定すると、Puppetはこのファイルに変更を加えません。 有効な値: `true`、`false`。 デフォルト値: `true`。 ##### `manage_recovery_conf` `recovery.conf`を管理するかどうかを指定します。 `true`に設定すると、Puppetはこのファイルを上書きします。 有効な値: `true`、`false`。 デフォルト値: `false`。 ##### `needs_initdb` サーバーパッケージをインストール後、PostgreSQLサービスを開始する前に、`initdb`動作を明示的に呼び出します。 デフォルト値: OSによって異なります。 ##### `package_ensure` サーバーインスタンスを作成するときに、`package`リソースに値を受け渡します。 デフォルト値: `undef`。 ##### `package_name` サーバーソフトウェアをインストールするときに使用するパッケージの名前を指定します。 デフォルト値: OSによって異なります。 ##### `pg_hba_conf_defaults` `false`に設定すると、`pg_hba.conf`についてモジュールに設定されたデフォルト値を無効にします。これは、デフォルト値を使用せずにオーバーライドするときに役立ちます。だし、基本的な`psql`動作などを実行するには一定のアクセスが要求されるので、ここでの変更内容がその他のモジュールと矛盾しないように注意してください。 ##### `pg_hba_conf_path` `pg_hba.conf`ファイルへのパスを指定します。 ##### `pg_hba_rules` `postgresql::server::pg_hba_rule` のリソースを構築するハッシュを指定します。 デフォルト値: `{}` ##### `pg_ident_conf_path` `pg_ident.conf`ファイルへのパスを指定します。 デフォルト値: '${confdir}/pg_ident.conf'。 ##### `plperl_package_name` PL/Perl拡張のデフォルトパッケージ名を設定します。 デフォルト値: OSによって異なります。 ##### `plpython_package_name` PL/Python拡張のデフォルトパッケージ名を設定します。 デフォルト値: OSによって異なります。 ##### `port` PostgreSQLサーバーがリッスンするポートを指定します。**注意:** サーバーがリッスンする全IPアドレスで、同一のポート番号が使用されます。また、Red Hatシステムと初期のDebianシステムでは、ポート番号を変更するとき、変更実行前にサーバーが完全停止します。 デフォルト値: 5432。これは、PostgresサーバーがTCPポート5432をリッスンすることを意味します。 ##### `postgres_password` postgresユーザのパスワードを特定の値に設定します。デフォルトでは、この設定はPostgresデータベース内のスーパーユーザアカウント(ユーザ名`postgres`、パスワードなし)を使用します。 デフォルト値: `undef`。 ##### `postgresql_conf_path` `postgresql.conf`ファイルへのパスを指定します。 デフォルト値: '${confdir}/postgresql.conf'。 ##### `psql_path` `psql`コマンドへのパスを指定します。 デフォルト値: OSによって異なります。 ##### `roles` `postgresql::server::role` のリソースを構築するハッシュを指定します。 デフォルト値: `{}` ##### `service_manage` Puppetがサービスを管理するかどうかを定義します。 デフォルト値: `true`。 ##### `service_name` デフォルトのPostgreSQLサービス名をオーバーライドします。 デフォルト値: OSによって異なります。 ##### `service_provider` デフォルトのPostgreSQLサービスプロバイダをオーバーライドします。 デフォルト値: `undef`。 ##### `service_reload` PostgreSQLサービスのデフォルトのリロードコマンドをオーバーライドします。 デフォルト値: OSによって異なります。 ##### `service_restart_on_change` 設定変更をアクティブにするためにサービスの再起動が必要な設定エントリが変更された場合に、PostgreSQLサービスを再起動する際のデフォルト動作をオーバーライドします。 デフォルト値: `true`。 ##### `service_status` PostgreSQLサービスのデフォルトのステータスチェックコマンドをオーバーライドします。 デフォルト値: OSによって異なります。 ##### `user` ファイルシステム内のPostgreSQL関連ファイルのデフォルトのPostgreSQLスーパーユーザおよび所有者をオーバーライドします。 デフォルト値: 'postgres'。 #### postgresql::server::contrib PostgreSQL contribパッケージをインストールします。 ##### `package_ensure` PostgreSQL contribパッケージリソースに受け渡されたensureパラメータを設定します。 ##### `package_name` PostgreSQL contribパッケージの名前。 #### postgresql::server::plperl postgresqlのPL/Perl手続き型言語をインストールします。 ##### `package_ensure` PostgreSQL PL/Perlパッケージリソースに受け渡されたensureパラメータ。 ##### `package_name` PostgreSQL PL/Perlパッケージの名前。 #### postgresql::server::postgis PostgreSQL postgisパッケージをインストールします。 ### 定義できるタイプ #### postgresql::server::config_entry `postgresql.conf`設定ファイルを変更します。 各リソースは、次の例のようにファイル内の各行にマッピングされています。 ```puppet postgresql::server::config_entry { 'check_function_bodies': value => 'off', } ``` ##### `ensure` 'absent'に設定した場合、エントリを削除します。 有効な値: 'present'、'absent'。 デフォルト値: 'present'。 ##### `value` 設定の値を定義します。 #### postgresql::server::db ローカルのデータベース、ユーザを作成し、必要なパーミッションを割り当てます。 ##### `comment` PostgreSQLのCOMMENTコマンドを使用して、データベースについて保存するコメントを定義します。 ##### `connect_settings` リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。 デフォルト値: ローカルのPostgresインスタンスに接続します。 ##### `dbname` 作成するデータベースの名前を設定します。 デフォルト値: namevar。 ##### `encoding` データベースの作成中の文字セットをオーバーライドします。 デフォルト値: インストール時に定義されたデフォルト値。 ##### `grant` 作成中に付与するパーミッションを指定します。 デフォルト値: 'ALL'。 ##### `istemplate` `true`に設定すると、そのデータベースをテンプレートとして指定します。 デフォルト値: `false`。 ##### `locale` データベース作成中にロケールをオーバーライドします。 デフォルト値: インストール時に定義されたデフォルト値。 ##### `owner` ユーザをデータベースの所有者として設定します。 デフォルト値: `postgresql::server`または`postgresql::globals`で設定された'$user'変数。 ##### `password` **必須** 作成されたユーザのパスワードを設定します。 ##### `tablespace` 作成したデータベースを割り当てるテーブル空間の名前を定義します。 デフォルト値: PostgreSQLのデフォルト値。 ##### `template` このデータベースを構築する際にテンプレートとして使用するデータベースの名前を指定します。 デフォルト値: `template0`。 ##### `user` データベースを作成し、作成後にデータベースへのアクセスを割り当てるユーザ。必須指定です。 #### postgresql::server::database ユーザなし、パーミッションなしのデータベースを作成します。 ##### `dbname` データベースの名前を設定します。 デフォルト値: namevar。 ##### `encoding` データベースの作成中の文字セットをオーバーライドします。 デフォルト値: インストール時に定義されたデフォルト値。 ##### `istemplate` `true`に設定すると、そのデータベースをテンプレートとして定義します。 デフォルト値: `false`。 ##### `locale` データベース作成中にロケールをオーバーライドします。 デフォルト値: インストール時に定義されたデフォルト値。 ##### `owner` データベース所有者の名前を設定します。 デフォルト値: `postgresql::server`または`postgresql::globals`で設定された'$user'変数。 ##### `tablespace` このデータベースを作成するテーブル空間を設定します。 デフォルト値: インストール時に定義されたデフォルト値。 ##### `template` このデータベースを構築する際にテンプレートとして使用するデータベースの名前を指定します。 デフォルト値: 'template0'。 #### postgresql::server::database_grant データベース固有のパーミッションについて`postgresql::server::database_grant`をラッピングして、grantベースのユーザアクセス権を管理します。詳細については、[PostgreSQLマニュアルの`grant`](http://www.postgresql.org/docs/current/static/sql-grant.html)を参照してください。 ##### `ensure` 権限を付与するか、無効化するかを指定します。無効化する'absent'はPostgreSQLバージョン9.1.24以降でのみ機能します。 有効な値: 'present'、'absent'。 * 権限を付与するには'present'を指定します。 * 権限を無効化するには'absent'を指定します。 デフォルト値: 'present'。 #### `connect_settings` リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。 デフォルト値: ローカルのPostgresインスタンスに接続します。 ##### `db` アクセス権を付与するデータベースを指定します。 ##### `privilege` 付与する権限のコンマ区切りリストを指定します。 有効なオプション: 'ALL'、'CREATE'、'CONNECT'、'TEMPORARY'、'TEMP'。 ##### `psql_db` 権限付与を実行するデータベースを定義します。 **通常、デフォルトを変更しないでください。** デフォルト値: 'postgres'。 ##### `psql_user` `psql`を実行するOSユーザを指定します。 デフォルト値: モジュールのデフォルトユーザ。通常、'postgres'。 ##### `role` アクセスを付与するロールまたはユーザを指定します。 #### postgresql::server::extension PostgreSQL拡張を管理します。 ##### `database` 拡張を有効化するデータベースを指定します。 ##### `schema` 拡張を有効化するスキーマを指定します。 ##### `ensure` 拡張を有効化するか無効化するかを指定します。 有効なオプション: 'present'または'absent'。 #### `extension` 有効化する拡張を指定します。空欄にした場合、リソースの名前が使用されます。 #### `version` データベースが使用するエクステンションのバージョンを指定します。 拡張パッケージが更新された場合、各データベースで有効なバージョンを自動的に変更することはありません。 そのためには、PostgreSQLに固有のSQL `ALTER EXTENSION...`を使用して更新する必要があります `version`は`latest`に設定できます。この場合、SQL `ALTER EXTENSION "extension" UPDATE`がこのデータベースのみに適用されます。 `version`は特定のバージョンに設定できます。この場合、拡張は`ALTER EXTENSION "extension" UPDATE TO 'version'`を使用して更新されます 例えば、拡張を`postgis`、バージョンを`2.3.3`に設定した場合、SQL `ALTER EXTENSION "postgis" UPDATE TO '2.3.3'`がこのデータベースのみに適用されます。 `version`は省略される場合もあります。この場合、SQL `ALTER EXTENSION...`は適用されません。バージョンは変更されず、そのままになります。 ##### `package_name` 拡張を有効化する前にインストールするパッケージを指定します。 ##### `package_ensure` デフォルトのパッケージ削除動作をオーバーライドします。 デフォルトでは、`package_name`で指定されたパッケージが、拡張が有効のときインストールされ、拡張が無効のとき削除されます。この動作をオーバーライドするには、そのパッケージに`ensure`の値を設定してください。 #### postgresql::server::grant ロールのgrantベースのアクセス権を管理します。詳細については、[PostgreSQLマニュアルの`grant`](http://www.postgresql.org/docs/current/static/sql-grant.html)を参照してください。 ##### `ensure` 権限を付与するか、無効化するかを指定します。デフォルトでは権限を付与します。 有効な値: 'present'、'absent'。 * 権限を付与するには'present'を指定します。 * 権限を無効化するには'absent'を指定します。 デフォルト値: 'present'。 ##### `db` アクセス権を付与するデータベースを指定します。 ##### `object_type` 権限を付与するオブジェクトのタイプを指定します。 有効なオプション: 'DATABASE'、'SCHEMA'、'SEQUENCE'、'ALL SEQUENCES IN SCHEMA'、'TABLE'、または'ALL TABLES IN SCHEMA'。 ##### `object_name` アクセス権を付与する`object_type`の名前を、文字列または2要素の配列で指定します。 String: 'object_name' Array: ['schema_name', 'object_name'] ##### `port` 接続に使用するポート。 デフォルト値: `undef`。PostgreSQLのパッケージングに応じて、通常、デフォルトでポート5432になります。 ##### `privilege` 付与する権限を指定します。 有効なオプション: 'ALL'、'ALL PRIVILEGES'、または'object_type'依存の文字列。 ##### `psql_db` 権限付与を実行するデータベースを指定します。 **通常、デフォルトを変更しないでください。** デフォルト値: 'postgres'。 ##### `psql_user` `psql`を実行するOSユーザを設定します。 デフォルト値: モジュールのデフォルトユーザ。通常、'postgres'。 ##### `role` アクセスを付与するロールまたはユーザを指定します。 #### postgresql::server::grant_role ロールを(グループ)ロールに割り当てられるようにします。詳細については、[PostgreSQLマニュアルの`Role Membership`](http://www.postgresql.org/docs/current/static/role-membership.html)を参照してください。 ##### `group` ロールを割り当てるグループロールを指定します。 ##### `role` グループに割り当てるロールを指定します。空欄にした場合、リソースの名前が使用されます。 ##### `ensure` メンバーシップを付与するか、無効化するかを指定します。 有効なオプション: 'present'または'absent'。 デフォルト値: 'present'。 ##### `port` 接続に使用するポート。 デフォルト値: `undef`。PostgreSQLのパッケージングに応じて、通常、デフォルトでポート5432になります。 ##### `psql_db` 権限付与を実行するデータベースを指定します。 **通常、デフォルトを変更しないでください。** デフォルト値: 'postgres'。 ##### `psql_user` `psql`を実行するOSユーザを設定します。 デフォルト値: モジュールのデフォルトユーザ。通常、`postgres`。 ##### `connect_settings` リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。 デフォルト値: ローカルのPostgresインスタンスに接続します。 #### postgresql::server::pg_hba_rule `pg_hba.conf`のアクセスルールを作成できるようにします。詳細については、[使用例](#create-an-access-rule-for-pghba.conf)および[PostgreSQLマニュアル](http://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html)を参照してください。 ##### `address` タイプが'local'ではないとき、このルール一致に対するCIDRベースのアドレスを設定します。 ##### `auth_method` このルールが一致する接続の認証に使用される方法を提供します。詳細な説明は、PostgreSQL `pg_hba.conf`のマニュアルに記載されています。 ##### `auth_option` 特定の`auth_method`設定については、受け渡し可能な追加オプションがあります。詳細については、PostgreSQL `pg_hba.conf`マニュアルを参照してください。 ##### `database` このルールが一致するデータベースのコンマ区切りリストを設定します。 ##### `description` 必要に応じて、このルールの長めの説明を定義します。この説明は、`pg_hba.conf`のルール上部のコメント内に挿入されます。 デフォルト値: 'none'。 そのリソースを一意に識別するための方法を指定しますが、機能的には何も実行しません。 ##### `order` `pg_hba.conf`にルールを配置する順序を設定します。 文字列または整数を使用できます。 整数の場合、ゼロパディングで3桁にして文字列に変換します。 例えば`42`はゼロパディングされて文字列`'042'`になります。 `pg_hba_rule`フラグメントのソートでは、[順序]を`alpha`に設定します(https://forge.puppet.com/puppetlabs/concat/reference#order)。 デフォルト値: 150。 #### `postgresql_version` PostgreSQLインスタンス全体を管理することなく、`pg_hba.conf`を管理します。 デフォルト値: `postgresql::server`に設定されたバージョン。 ##### `target` ルールのターゲットを提供します。通常、内部使用のみのプロパティです。 **注意して使用してください。** ##### `type` ルールのタイプを設定します。 有効なオプション: 'local'、'host'、'hostssl'、または'hostnossl'。 ##### `user` このルールが一致するユーザのコンマ区切りリストを設定します。 #### postgresql::server::pg_ident_rule `pg_ident.conf`のユーザ名マップを作成可能にします。詳細については、上述の[使用例](#create-user-name-maps-for-pgidentconf)および[PostgreSQLマニュアル](http://www.postgresql.org/docs/current/static/auth-username-maps.html)を参照してください。 ##### `database_username` データベースユーザのユーザ名を指定します。このユーザ名には`system_username`がマッピングされています。 ##### `description` 必要に応じて、このルールの長めの説明を設定します。この説明は、`pg_ident.conf`のルール上部のコメント内に挿入されます。 デフォルト値: 'none'。 ##### `map_name` `pg_hba.conf`でこのマッピングを参照するために使用されるユーザマップの名前を設定します。 ##### `order` `pg_ident.conf`にマッピングを配置する際の順序を定義します。 デフォルト値: 150。 ##### `system_username` オペレーティングシステムのユーザ名(データベースへの接続に使用するユーザ名)を指定します。 ##### `target` ルールのターゲットを提供します。通常、内部使用のみのプロパティです。 **注意して使用してください。** #### postgresql::server::reassign_owned_by PostgreSQLコマンド'REASSIGN OWNED'をデータベースに対して実行し、既存オブジェクトの所有権を別のデータベースロールに移します。 ##### `db`  'REASSIGN OWNED'コマンドを適用するデータベースを指定します。 ##### `old_role` 指定したデータベース内のオブジェクトを現在所有しているロールまたはユーザを指定します。 ##### `new_role` 対象オブジェクトの新しい所有者となるロールまたはユーザを指定します。 ##### `psql_user` `psql`を実行するOSユーザを指定します。 デフォルト値: モジュールのデフォルトユーザ。通常、'postgres'。 ##### `port` 接続に使用するポート。 デフォルト値: `undef`。PostgreSQLのパッケージングに応じて、通常、デフォルトでポート5432になります。 ##### `connect_settings` リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。 デフォルト値: ローカルのPostgresインスタンスに接続します。 #### postgresql::server::recovery `recovery.conf`の内容を作成可能にします。詳細については、[使用例](#create-recovery-configuration)および[PostgreSQLマニュアル](http://www.postgresql.org/docs/current/static/recovery-config.html)を参照してください。 `recovery_target_inclusive`、 `pause_at_recovery_target`、`standby_mode`、`recovery_min_apply_delay`を除くすべてのパラメータ値は、テンプレートに含まれる文字列セットです。 全パラメータリストの詳細な説明は、[PostgreSQLマニュアル](http://www.postgresql.org/docs/current/static/recovery-config.html)にあります。 テンプレートでは、指定されたパラメータのみが認識されます。`recovery.conf`は、少なくとも1つのパラメータが設定済みで、**かつ**、[manage_recovery_conf](#manage_recovery_conf)がtrueの場合のみ作成されます。 パラメータは、次の3つのセクションにグループ分けされています。 ##### [アーカイブリカバリパラメータ](http://www.postgresql.org/docs/current/static/archive-recovery-settings.html) * `restore_command` * `archive_cleanup_command` * `recovery_end_command` ##### [Recovery Target Settings](http://www.postgresql.org/docs/current/static/recovery-target-settings.html) * `recovery_target_name` * `recovery_target_time` * `recovery_target_xid` * `recovery_target_inclusive` * `recovery_target` * `recovery_target_timeline` * `pause_at_recovery_target` ##### [Standby Server Settings](http://www.postgresql.org/docs/current/static/standby-settings.html) * `standby_mode`: 文字列('on'/'off')またはブール値(`true`/`false`)で指定できます。 * `primary_conninfo` * `primary_slot_name` * `trigger_file` * `recovery_min_apply_delay` ##### `target` ルールのターゲットを提供します。通常、内部使用のみのプロパティです。 **注意して使用してください。** #### postgresql::server::role PostgreSQLのロールまたはユーザを作成もしくは削除します。 ##### `ensure` ロールを作成するか削除するかを指定します。 'present'を指定するとロールが作成され、'absent'を指定するとロールが削除されます。 デフォルト値: 'present'。 ##### `connection_limit` ロールが同時に接続可能な数を指定します。 デフォルト値: '-1'。これは、無制限を意味します。 ##### `connect_settings` リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。 デフォルト値: ローカルのPostgresインスタンスに接続します。 ##### `createdb` このロールに新しいデータベースを作成する能力を付与するかどうかを指定します。 デフォルト値: `false`。 ##### `createrole` このロールに新しいロールを作成する権限を付与するかどうかを指定します。 デフォルト値: `false`。 ##### `inherit` 新しいロールに継承権限を付与するかどうかを指定します。 デフォルト値: `true`。 ##### `login` 新しいロールにログイン権限を付与するかどうかを指定します。 デフォルト値: `true`。 ##### `password_hash` パスワード作成中に使用するハッシュを設定します。PostgreSQLがサポートする形式でパスワードが暗号化されていない場合、ここで、`postgresql_password`関数を使用して、MD5ハッシュを提供します。例は次のとおりです。 ##### `update_password` trueに設定すると、変更時にパスワードが更新されます。作成後にロールのパスワードを変更しない場合は、falseに設定してください。 ```puppet postgresql::server::role { 'myusername': password_hash => postgresql_password('myusername', 'mypassword'), } ``` ##### `replication` `true`に設定すると、このロールにレプリケーション機能が提供されます。 デフォルト値: `false`。 ##### `superuser` 新しいロールにスーパーユーザ権限を付与するかどうかを指定します。 デフォルト値: `false`。 ##### `username` 作成するロールのユーザ名を定義します。 デフォルト値: namevar。 #### postgresql::server::schema スキーマを作成します。 ##### `connect_settings` リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。 デフォルト値: ローカルのPostgresインスタンスに接続します。 ##### `db` 必須。 このスキーマを作成するデータベースの名前を設定します。 ##### `owner` スキーマのデフォルト所有者を設定します。 ##### `schema` スキーマの名前を設定します。 デフォルト値: namevar。 #### postgresql::server::table_grant ユーザのgrantベースのアクセス権を管理します。詳細については、PostgreSQLマニュアルの`grant`の項を参照してください。 ##### `ensure` 権限を付与するか、無効化するかを指定します。デフォルトでは権限を付与します。 有効な値: 'present'、'absent'。 * 権限を付与するには'present'を指定します。 * 権限を無効化するには'absent'を指定します。 デフォルト値: 'present'。 ##### `connect_settings` リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。 デフォルト値: ローカルのPostgresインスタンスに接続します。 ##### `db` そのテーブルが存在するデータベースを指定します。 ##### `privilege` 付与する権限のコンマ区切りリストを指定します。有効なオプション: 'ALL'、'SELECT'、'INSERT'、'UPDATE'、'DELETE'、'TRUNCATE'、'REFERENCES'、'TRIGGER'。 ##### `psql_db` 権限付与を実行するデータベースを指定します。 通常、デフォルトを変更しないでください。 デフォルト値: 'postgres'。 ##### `psql_user` `psql`を実行するOSユーザを指定します。 デフォルト値: モジュールのデフォルトユーザ。通常、'postgres'。 ##### `role` アクセスを付与するロールまたはユーザを指定します。 ##### `table` アクセス権を付与するテーブルを指定します。 #### postgresql::server::tablespace テーブル空間を作成します。必要な場合、場所も作成し、PostgreSQLサーバーと同じパーミッションを割り当てます。 ##### `connect_settings` リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。 デフォルト値: ローカルのPostgresインスタンスに接続します。 ##### `location` このテーブル空間へのパスを指定します。 ##### `owner` そのテーブル空間のデフォルト所有者を指定します。 ##### `spcname` テーブル空間の名前を指定します。 デフォルト値: namevar。 ### タイプ #### postgresql_psql Puppetがpsqlステートメントを実行できるようにします。 ##### `command` 必須。 psqlを介して実行するSQLコマンドを指定します。 ##### `cwd` psqlコマンドが実行される作業ディレクトリを指定します。 デフォルト値: '/tmp'。 ##### `db` SQLコマンドを実行するデータベースの名前を指定します。 ##### `environment` SQLコマンドに対して追加の環境変数を設定する場合に指定します。複数の環境変数を使用する場合は、配列として指定します。 ##### `name` 自身の参考用の任意のタグ、すなわちメッセージの名前を設定します。これはnamevarです。 ##### `onlyif` メインのコマンドの前に実行するオプションのSQLコマンドを設定します。通常、これはべき等性に基づいて、データベース内のオブジェクトの存在を確認し、メインのSQLコマンドを実行する必要があるかどうかを判断するため使用されます。 ##### `port` SQLコマンドを実行するデータベースサーバーのポートを指定します。 ##### `psql_group` psqlコマンドを実行するシステムユーザグループアカウントを指定します。 デフォルト値: 'postgres'。 ##### `psql_path` psql実行ファイルへのパスを指定します。 デフォルト値: 'psql'。 ##### `psql_user` psqlコマンドを実行するシステムユーザアカウントを指定します。 デフォルト値: 'postgres'。 ##### `refreshonly` notifyイベントまたはsubscribeイベントが発生したときのみSQLを実行するかどうかを指定します。 有効な値: `true`、`false`。 デフォルト値: `false`。 ##### `search_path` SQLコマンドを実行するときに使用するスキーマ検索パスを定義します。 ##### `unless` `onlyif`の逆です。 #### postgresql_conf Puppetが`postgresql.conf`パラメータを管理できるようにします。 ##### `name` 管理するPostgreSQLパラメータ名を指定します。 これはnamevarです。 ##### `target` `postgresql.conf`へのパスを指定します。 デフォルト値: '/etc/postgresql.conf'。 ##### `value` このパラメータに設定する値を指定します。 #### postgresql_replication_slot PostgreSQLマスターサーバー上でウォームスタンバイレプリケーションを登録するためのレプリケーションスロットを作成および消去できるようにします。 ##### `name` 作成するスロットの名前を指定します。有効なレプリケーションスロット名である必要があります。 これはnamevarです。 ##### `ensure` 必須。 指定されたスロットに対して、作成または消去のいずれかのアクションを指定します。 有効な値: 'present'、'absent'。 デフォルト値: 'present'。 #### postgresql_conn_validator このタイプを使用するローカルまたはリモートのPostgreSQLデータベースへの接続を検証します。 ##### `connect_settings` リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。個々のパラメータ(`host`など)を設定する代わりに使用されますが、個々のパラメータが設定されている場合は個々のパラメータが優先されます。 デフォルト値: {} ##### `db_name` テストするデータベースの名前を指定します。Specifies the name of the database you wish to test. デフォルト値: '' ##### `db_password` 接続するパスワードを指定します。`.pgpass`が使用されている場合は空欄にできます。それ以外の場合、空欄にすることは推奨されません。 デフォルト値: '' ##### `db_username` 接続するユーザ名を指定します。 デフォルト値: '' Unixソケットとident認証を使用するとき、このユーザとして実行されます。 ##### `command` 接続性を検証するためにターゲットデータベースで実行されるコマンドです。 デフォルト値: 'SELECT 1' ##### `host` テストするデータベースのホスト名を設定します。 デフォルト値: ''。これは、通常指定されたローカルUnixソケットを使用します。 **ホストがリモートの場合、ユーザ名を指定する必要があります。** ##### `port` 接続するときに使用するポートを定義します。 デフォルト値: '' ##### `run_as` `psql`コマンドの実行ユーザを指定します。これは、Unixソケットと`ident`認証を使用してローカルにデータベースに接続するときに重要です。リモートテストには必要ありません。 ##### `sleep` 失敗した後、再試行する前にスリープする時間を秒単位で設定します。 ##### `tries` 失敗した後、リソースを失敗とみなすまで再試行する回数を設定します。 ### 関数 #### postgresql_password PostgreSQL暗号化パスワードを生成します。次のように、`postgresql_password`をコマンドラインから呼び出し、暗号化されたパスワードをマニフェストにコピーペーストします。 ```shell puppet apply --execute 'notify { 'test': message => postgresql_password('username', 'password') }' ``` 本番マニフェストからこの関数を呼び出すことも可能ですが、その場合、マニフェストには暗号化していない平文のパスワードを含める必要があります。 #### postgresql_acls_to_resources_hash(acl_array, id, order_offset) この内部関数は、`pg_hba.conf`ベースのACLのリスト(文字列の配列として受け渡されたもの)を`postgresql::pg_hba_rule`リソースと互換性のある形式に変換します。 **この関数は、モジュールによる内部的な使用のみ可能です。** ### タスク Postgresqlモジュールにはサンプルタスクがあり、ユーザはデータベースに対して任意のSQLを実行できます。[PEマニュアル](https://puppet.com/docs/pe/2017.3/orchestrator/running_tasks.html)または[Boltマニュアル](https://puppet.com/docs/bolt/latest/bolt.html) で、タスクを実行する方法に関する情報を参照してください。 ## 制約事項 PostgreSQLのバージョン8.1~9.5で動作します。 サポートされているオペレーティングシステムの一覧については、[metadata.json](https://github.com/puppetlabs/puppetlabs-postgresql/blob/master/metadata.json)を参照してください。 ### Aptモジュールのサポート このモジュールは1.xと2.x両方のバージョンの'puppetlabs-apt'モジュールをサポートしていますが、'puppetlabs-apt'の2.0.0と2.0.1はサポートしていません。 ### PostGISのサポート PostGISは、現時点ではすべてのプラットフォームで正常に動作するわけではないため、サポート対象外の機能とみなします。 ### すべてのバージョンのRHEL/CentOS SELinuxが有効化されている場合、次の方法で`postgresql_port_t`コンテキストに使用中のカスタムポートを追加する必要があります。 ```shell semanage port -a -t postgresql_port_t -p tcp $customport ``` ## 開発 Puppet Forgeに公開されているPuppet Labsモジュールはオープンプロジェクトのため、維持するにはコミュニティの貢献が不可欠です。Puppetは、現在私たちがアクセスできない無数のプラットフォームやハードウェア、ソフトウェア、デプロイ構成にも利用されることを目的としています。私たちの目標は、できる限り簡単に変更に貢献し、みなさまの環境で私たちのモジュールが機能できるようにすることです。最高の状態を維持するため、コントリビュータにはいくつかのガイドラインを守っていただく必要があります。詳細については、[モジュールコントリビューションガイド](https://docs.puppetlabs.com/forge/contributing.html)を参照してください。 ### テスト このモジュールには、2種類のテストが配布されています。`rspec-puppet`のユニットテストと、`rspec-system`を使用したシステムテストです。 ユニットテストを実行するには、以下がインストールされていることを確認してください。 * rake * bundler 次のように、必要なgemをインストールします。 ```shell bundle install --path=vendor ``` そして、次のように記述して、ユニットテストを実行します。 ```shell bundle exec rake spec ``` ユニットテストは、Travis-CIでも実行されます。自身のテスト結果を確認するには、このプロジェクトのご自身のGitHubクローンのアカウントセクションから、Travis-CIを介してサービスフックを登録してください。 システムテストを実行するには、以下のツールもインストールされていることを確認してください。 * Vagrant > 1.2.x * VirtualBox > 4.2.10 次の記述を使用してテストを実行します。 ```shell bundle exec rspec spec/acceptance ``` 異なるオペレーティングシステムでテストを実行するには、`.nodeset.yml`で利用可能なセットを確認して、次の構文で特定のセットを実行します。 ```shell RSPEC_SET=debian-607-x64 bundle exec rspec spec/acceptance ``` ### コントリビュータ 貢献してくださった方々の一覧を[Github](https://github.com/puppetlabs/puppetlabs-postgresql/graphs/contributors)でご覧いただけます。 puppetlabs-postgresql-6.7.0/tasks0040755000076700000240000000000013722221531014134 5ustar00puppetlabs-postgresql-6.7.0/tasks/sql.json0100644000076700000240000000127013627456423015720 0ustar00{ "description": "Allows you to execute arbitary SQL", "input_method": "stdin", "parameters": { "database": { "description": "Database to connect to", "type": "Optional[String[1]]" }, "host": { "description": "Hostname to connect to", "type": "Optional[String[1]]" }, "password": { "description": "The password", "type": "Optional[String[1]]" }, "port": { "description": "The port", "type": "Optional[String[1]]" }, "sql": { "description": "The SQL you want to execute", "type": "String[1]" }, "user": { "description": "The user", "type": "Optional[String[1]]" } } } puppetlabs-postgresql-6.7.0/tasks/sql.rb0100755000076700000240000000170113627456423015354 0ustar00#!/opt/puppetlabs/puppet/bin/ruby require 'json' require 'open3' require 'puppet' def get(sql, database, user, port, password, host) env_hash = { 'PGPASSWORD' => password } unless password.nil? cmd_string = "psql -c \"#{sql}\"" cmd_string << " --dbname=#{database}" unless database.nil? cmd_string << " --username=#{user}" unless user.nil? cmd_string << " --port=#{port}" unless port.nil? cmd_string << " --host=#{host}" unless host.nil? stdout, stderr, status = Open3.capture3(env_hash, cmd_string) raise Puppet::Error, stderr if status != 0 { status: stdout.strip } end params = JSON.parse(STDIN.read) database = params['database'] host = params['host'] password = params['password'] port = params['port'] sql = params['sql'] user = params['user'] begin result = get(sql, database, user, port, password, host) puts result.to_json exit 0 rescue Puppet::Error => e puts({ status: 'failure', error: e.message }.to_json) exit 1 end puppetlabs-postgresql-6.7.0/templates0040755000076700000240000000000013722221531015005 5ustar00puppetlabs-postgresql-6.7.0/templates/pg_hba_rule.conf0100644000076700000240000000024613627456423020217 0ustar00 # Rule Name: <%=@name%> # Description: <%=@description%> # Order: <%=@order%> <%=@type%> <%=@database%> <%=@user%> <%=@address%> <%=@auth_method%> <%=@auth_option%> puppetlabs-postgresql-6.7.0/templates/pg_ident_rule.conf0100644000076700000240000000021413627456423020563 0ustar00 # Rule Name: <%=@name%> # Description: <%=@description%> # Order: <%=@order%> <%=@map_name%> <%=@system_username%> <%=@database_username%> puppetlabs-postgresql-6.7.0/templates/recovery.conf.erb0100644000076700000240000000260013627456423020351 0ustar00<% if @restore_command -%> restore_command = '<%= @restore_command %>' <% end -%> <% if @archive_cleanup_command -%> archive_cleanup_command = '<%= @archive_cleanup_command %>' <% end -%> <% if @recovery_end_command -%> recovery_end_command = '<%= @recovery_end_command %>' <% end -%> <% if @recovery_target_name -%> recovery_target_name = '<%= @recovery_target_name %>' <% end -%> <% if @recovery_target_time -%> recovery_target_time = '<%= @recovery_target_time %>' <% end -%> <% if @recovery_target_xid -%> recovery_target_xid = '<%= @recovery_target_xid %>' <% end -%> <% if @recovery_target_inclusive -%> recovery_target_inclusive = <%= @recovery_target_inclusive %> <% end -%> <% if @recovery_target -%> recovery_target = '<%= @recovery_target %>' <% end -%> <% if @recovery_target_timeline -%> recovery_target_timeline = '<%= @recovery_target_timeline %>' <% end -%> <% if @pause_at_recovery_target -%> pause_at_recovery_target = <%= @pause_at_recovery_target %> <% end -%> <% if @standby_mode -%> standby_mode = <%= @standby_mode %> <% end -%> <% if @primary_conninfo -%> primary_conninfo = '<%= @primary_conninfo %>' <% end -%> <% if @primary_slot_name -%> primary_slot_name = '<%= @primary_slot_name %>' <% end -%> <% if @trigger_file -%> trigger_file = '<%= @trigger_file %>' <% end -%> <% if @recovery_min_apply_delay -%> recovery_min_apply_delay = <%= @recovery_min_apply_delay %> <% end -%> puppetlabs-postgresql-6.7.0/templates/systemd-override.erb0100644000076700000240000000104013674331764021073 0ustar00<%- if scope.lookupvar('::osfamily') == 'Gentoo' -%> .include /usr/lib64/systemd/system/<%= @service_name %>.service <%- elsif scope.lookupvar('::operatingsystem') == 'Fedora' -%> .include /lib/systemd/system/<%= @service_name %>.service <% else -%> .include /usr/lib/systemd/system/<%= @service_name %>.service <% end -%> [Service] Environment=PGPORT=<%= @port %> <%- if scope.lookupvar('::osfamily') == 'Gentoo' -%> Environment=DATA_DIR=<%= @datadir %> <%- else -%> Environment=PGDATA=<%= @datadir %> <%- end -%> <%= @extra_systemd_config %>