1 # Class: postgresql::config::afterservice
5 # [*postgres_password*] - postgres db user password.
12 # This class is not intended to be used directly; it is
13 # managed by postgresl::config. It contains resources
14 # that should be handled *after* the postgres service
15 # has been started up.
17 # class { 'postgresql::config::afterservice':
18 # postgres_password => 'postgres'
21 class postgresql::config::afterservice(
22 $postgres_password = undef
23 ) inherits postgresql::params {
24 if ($postgres_password != undef) {
25 # NOTE: this password-setting logic relies on the pg_hba.conf being configured
26 # to allow the postgres system user to connect via psql without specifying
27 # a password ('ident' or 'trust' security). This is the default
29 exec { 'set_postgres_postgrespw':
30 # This command works w/no password because we run it as postgres system user
31 command => "psql -c \"ALTER ROLE ${postgresql::params::user} PASSWORD '${postgres_password}'\"",
32 user => $postgresql::params::user,
33 group => $postgresql::params::group,
36 # With this command we're passing -h to force TCP authentication, which does require
37 # a password. We specify the password via the PGPASSWORD environment variable. If
38 # the password is correct (current), this command will exit with an exit code of 0,
39 # which will prevent the main command from running.
40 unless => "env PGPASSWORD=\"${postgres_password}\" psql -h localhost -c 'select 1' > /dev/null",
41 path => '/usr/bin:/usr/local/bin:/bin',