X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=3rdparty%2Fmodules%2Fpostgresql%2Fmanifests%2Fconfig%2Fafterservice.pp;fp=3rdparty%2Fmodules%2Fpostgresql%2Fmanifests%2Fconfig%2Fafterservice.pp;h=a06444e787328c0094e27633cec4fc31c9083002;hb=a29c0d1b4d2420aeb3ef6acf66feb00709dd2652;hp=0000000000000000000000000000000000000000;hpb=d98d8ae49a60547132c555f3669f3b9ae6a666bd;p=mirror%2Fdsa-puppet.git

diff --git a/3rdparty/modules/postgresql/manifests/config/afterservice.pp b/3rdparty/modules/postgresql/manifests/config/afterservice.pp
new file mode 100644
index 000000000..a06444e78
--- /dev/null
+++ b/3rdparty/modules/postgresql/manifests/config/afterservice.pp
@@ -0,0 +1,44 @@
+# Class: postgresql::config::afterservice
+#
+# Parameters:
+#
+#   [*postgres_password*]     - postgres db user password.
+#
+# Actions:
+#
+# Requires:
+#
+# Usage:
+#   This class is not intended to be used directly; it is
+#   managed by postgresl::config.  It contains resources
+#   that should be handled *after* the postgres service
+#   has been started up.
+#
+#   class { 'postgresql::config::afterservice':
+#     postgres_password     => 'postgres'
+#   }
+#
+class postgresql::config::afterservice(
+  $postgres_password        = undef
+) inherits postgresql::params {
+  if ($postgres_password != undef) {
+    # NOTE: this password-setting logic relies on the pg_hba.conf being configured
+    #  to allow the postgres system user to connect via psql without specifying
+    #  a password ('ident' or 'trust' security).  This is the default
+    #  for pg_hba.conf.
+    exec { 'set_postgres_postgrespw':
+        # This command works w/no password because we run it as postgres system user
+        command     => "psql -c \"ALTER ROLE ${postgresql::params::user} PASSWORD '${postgres_password}'\"",
+        user        => $postgresql::params::user,
+        group       => $postgresql::params::group,
+        logoutput   => true,
+        cwd         => '/tmp',
+        # With this command we're passing -h to force TCP authentication, which does require
+        #  a password.  We specify the password via the PGPASSWORD environment variable.  If
+        #  the password is correct (current), this command will exit with an exit code of 0,
+        #  which will prevent the main command from running.
+        unless      => "env PGPASSWORD=\"${postgres_password}\" psql -h localhost -c 'select 1' > /dev/null",
+        path        => '/usr/bin:/usr/local/bin:/bin',
+    }
+  }
+}