From: Peter Palfrader Date: Thu, 31 Aug 2017 18:26:59 +0000 (+0200) Subject: Add actual postgresl module from puppetlabs X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=a29c0d1b4d2420aeb3ef6acf66feb00709dd2652;p=mirror%2Fdsa-puppet.git Add actual postgresl module from puppetlabs --- diff --git a/3rdparty/modules/postgresql/Changelog b/3rdparty/modules/postgresql/Changelog new file mode 100644 index 000000000..f1bbda159 --- /dev/null +++ b/3rdparty/modules/postgresql/Changelog @@ -0,0 +1,265 @@ +2013-07-19 Release 2.4.0 +======================== + +Summary +------- +This updates adds the ability to change permissions on tables, create template +databases from normal databases, manage PL-Perl's postgres package, and +disable the management of `pg_hba.conf`. + +Features +-------- +- Add `postgresql::table_grant` defined resource +- Add `postgresql::plperl` class +- Add `manage_pg_hba_conf` parameter to the `postgresql::config` class +- Add `istemplate` parameter to the `postgresql::database` define + +Bugfixes +-------- +- Update `postgresql::role` class to be able to update roles when modified +instead of only on creation. +- Update tests +- Fix documentation of `postgresql::database_grant` + +2.3.0 +===== + +This feature release includes the following changes: + +* Add a new parameter `owner` to the `database` type. This can be used to + grant ownership of a new database to a specific user. (Bruno Harbulot) +* Add support for operating systems other than Debian/RedHat, as long as the + user supplies custom values for all of the required paths, package names, etc. + (Chris Price) +* Improved integration testing (Ken Barber) + +2.2.1 +===== + +This release fixes a bug whereby one of our shell commands (psql) were not ran from a globally accessible directory. This was causing permission denied errors when the command attempted to change user without changing directory. + +Users of previous versions might have seen this error: + + Error: Error executing SQL; psql returned 256: 'could not change directory to "/root" + +This patch should correct that. + +#### Detail Changes + +* Set /tmp as default CWD for postgresql_psql + +2.2.0 +===== + +This feature release introduces a number of new features and bug fixes. + +First of all it includes a new class named `postgresql::python` which provides you with a convenient way of install the python Postgresql client libraries. + + class { 'postgresql::python': + } + +You are now able to use `postgresql::database_user` without having to specify a password_hash, useful for different authentication mechanisms that do not need passwords (ie. cert, local etc.). + +We've also provided a lot more advanced custom parameters now for greater control of your Postgresql installation. Consult the class documentation for PuppetDB in the README. + +This release in particular has largely been contributed by the community members below, a big thanks to one and all. + +#### Detailed Changes + +* Add support for psycopg installation (Flaper Fesp and Dan Prince) +* Added default PostgreSQL version for Ubuntu 13.04 (Kamil Szymanski) +* Add ability to create users without a password (Bruno Harbulot) +* Three Puppet 2.6 fixes (Dominic Cleal) +* Add explicit call to concat::setup when creating concat file (Dominic Cleal) +* Fix readme typo (Jordi Boggiano) +* Update postgres_default_version for Ubuntu (Kamil Szymanski) +* Allow to set connection for noew role (Kamil Szymanski) +* Fix pg_hba_rule for postgres local access (Kamil Szymanski) +* Fix versions for travis-ci (Ken Barber) +* Add replication support (Jordi Boggiano) +* Cleaned up and added unit tests (Ken Barber) +* Generalization to provide more flexability in postgresql configuration (Karel Brezina) +* Create dependent directory for sudoers so tests work on Centos 5 (Ken Barber) +* Allow SQL commands to be run against a specific DB (Carlos Villela) +* Drop trailing comma to support Puppet 2.6 (Michael Arnold) + +2.1.1 +===== + +This release provides a bug fix for RHEL 5 and Centos 5 systems, or specifically systems using PostgreSQL 8.1 or older. On those systems one would have received the error: + + Error: Could not start Service[postgresqld]: Execution of ‘/sbin/service postgresql start’ returned 1: + +And the postgresql log entry: + + FATAL: unrecognized configuration parameter "include" + +This bug is due to a new feature we had added in 2.1.0, whereby the `include` directive in `postgresql.conf` was not compatible. As a work-around we have added checks in our code to make sure systems running PostgreSQL 8.1 or older do not have this directive added. + +#### Detailed Changes + +2013-01-21 - Ken Barber +* Only install `include` directive and included file on PostgreSQL >= 8.2 +* Add system tests for Centos 5 + +2.1.0 +===== + +This release is primarily a feature release, introducing some new helpful constructs to the module. + +For starters, we've added the line `include 'postgresql_conf_extras.conf'` by default so extra parameters not managed by the module can be added by other tooling or by Puppet itself. This provides a useful escape-hatch for managing settings that are not currently managed by the module today. + +We've added a new defined resource for managing your tablespace, so you can now create new tablespaces using the syntax: + + postgresql::tablespace { 'dbspace': + location => '/srv/dbspace', + } + +We've added a locale parameter to the `postgresql` class, to provide a default. Also the parameter has been added to the `postgresql::database` and `postgresql::db` defined resources for changing the locale per database: + + postgresql::db { 'mydatabase': + user => 'myuser', + password => 'mypassword', + encoding => 'UTF8', + locale => 'en_NG', + } + +There is a new class for installing the necessary packages to provide the PostgreSQL JDBC client jars: + + class { 'postgresql::java': } + +And we have a brand new defined resource for managing fine-grained rule sets within your pg_hba.conf access lists: + + postgresql::pg_hba { 'Open up postgresql for access from 200.1.2.0/24': + type => 'host', + database => 'app', + user => 'app', + address => '200.1.2.0/24', + auth_method => 'md5', + } + +Finally, we've also added Travis-CI support and unit tests to help us iterate faster with tests to reduce regression. The current URL for these tests is here: https://travis-ci.org/puppetlabs/puppet-postgresql. Instructions on how to run the unit tests available are provided in the README for the module. + +A big thanks to all those listed below who made this feature release possible :-). + +#### Detailed Changes + +2013-01-18 - Simão Fontes & Flaper Fesp +* Remove trailing commas from params.pp property definition for Puppet 2.6.0 compatibility + +2013-01-18 - Lauren Rother +* Updated README.md to conform with best practices template + +2013-01-09 - Adrien Thebo +* Update postgresql_default_version to 9.1 for Debian 7.0 + +2013-01-28 - Karel Brezina +* Add support for tablespaces + +2013-01-16 - Chris Price & Karel Brezina +* Provide support for an 'include' config file 'postgresql_conf_extras.conf' that users can modify manually or outside of the module. + +2013-01-31 - jv +* Fix typo in README.pp for postgresql::db example + +2013-02-03 - Ken Barber +* Add unit tests and travis-ci support + +2013-02-02 - Ken Barber +* Add locale parameter support to the 'postgresql' class + +2013-01-21 - Michael Arnold +* Add a class for install the packages containing the PostgreSQL JDBC jar + +2013-02-06 - fhrbek +* Coding style fixes to reduce warnings in puppet-lint and Geppetto + +2013-02-10 - Ken Barber +* Provide new defined resource for managing pg_hba.conf + +2013-02-11 - Ken Barber +* Fix bug with reload of Postgresql on Redhat/Centos + +2013-02-15 - Erik Dalén +* Fix more style issues to reduce warnings in puppet-lint and Geppetto + +2013-02-15 - Erik Dalén +* Fix case whereby we were modifying a hash after creation + +2.0.1 +===== + +Minor bugfix release. + +2013-01-16 - Chris Price + * Fix revoke command in database.pp to support postgres 8.1 (43ded42) + +2013-01-15 - Jordi Boggiano + * Add support for ubuntu 12.10 status (3504405) + +2.0.0 +===== + +Many thanks to the following people who contributed patches to this +release: + +* Adrien Thebo +* Albert Koch +* Andreas Ntaflos +* Brett Porter +* Chris Price +* dharwood +* Etienne Pelletier +* Florin Broasca +* Henrik +* Hunter Haugen +* Jari Bakken +* Jordi Boggiano +* Ken Barber +* nzakaria +* Richard Arends +* Spenser Gilliland +* stormcrow +* William Van Hevelingen + +Notable features: + + * Add support for versions of postgres other than the system default version + (which varies depending on OS distro). This includes optional support for + automatically managing the package repo for the "official" postgres yum/apt + repos. (Major thanks to Etienne Pelletier and + Ken Barber for their tireless efforts and patience on this + feature set!) For example usage see `tests/official-postgresql-repos.pp`. + + * Add some support for Debian Wheezy and Ubuntu Quantal + + * Add new `postgres_psql` type with a Ruby provider, to replace the old + exec-based `psql` type. This gives us much more flexibility around + executing SQL statements and controlling their logging / reports output. + + * Major refactor of the "spec" tests--which are actually more like + acceptance tests. We now support testing against multiple OS distros + via vagrant, and the framework is in place to allow us to very easily add + more distros. Currently testing against Cent6 and Ubuntu 10.04. + + * Fixed a bug that was preventing multiple databases from being owned by the + same user + (9adcd182f820101f5e4891b9f2ff6278dfad495c - Etienne Pelletier ) + + * Add support for ACLs for finer-grained control of user/interface access + (b8389d19ad78b4fb66024897097b4ed7db241930 - dharwood ) + + * Many other bug fixes and improvements! + + +1.0.0 +===== +2012-09-17 - Version 0.3.0 released + +2012-09-14 - Chris Price + * Add a type for validating a postgres connection (ce4a049) + +2012-08-25 - Jari Bakken + * Remove trailing commas. (e6af5e5) + +2012-08-16 - Version 0.2.0 released diff --git a/3rdparty/modules/postgresql/Gemfile b/3rdparty/modules/postgresql/Gemfile new file mode 100644 index 000000000..1e210775e --- /dev/null +++ b/3rdparty/modules/postgresql/Gemfile @@ -0,0 +1,17 @@ +source 'https://rubygems.org' + +group :development, :test do + gem 'rake' + gem 'puppetlabs_spec_helper', :require => false + gem 'rspec-system-puppet', '~>1.0' + gem 'rspec-system', '>=1.2.1' + gem 'puppet-lint', '~> 0.3.2' +end + +if puppetversion = ENV['PUPPET_GEM_VERSION'] + gem 'puppet', puppetversion, :require => false +else + gem 'puppet', :require => false +end + +# vim:ft=ruby diff --git a/3rdparty/modules/postgresql/Gemfile.lock b/3rdparty/modules/postgresql/Gemfile.lock new file mode 100644 index 000000000..e07589c4b --- /dev/null +++ b/3rdparty/modules/postgresql/Gemfile.lock @@ -0,0 +1,66 @@ +GEM + remote: https://rubygems.org/ + specs: + builder (3.2.2) + diff-lcs (1.2.4) + facter (1.7.2) + hiera (1.2.1) + json_pure + json_pure (1.8.0) + kwalify (0.7.2) + metaclass (0.0.1) + mocha (0.14.0) + metaclass (~> 0.0.1) + net-scp (1.1.2) + net-ssh (>= 2.6.5) + net-ssh (2.6.8) + nokogiri (1.5.10) + puppet (3.2.3) + facter (~> 1.6) + hiera (~> 1.0) + rgen (~> 0.6.5) + puppet-lint (0.3.2) + puppetlabs_spec_helper (0.4.1) + mocha (>= 0.10.5) + rake + rspec (>= 2.9.0) + rspec-puppet (>= 0.1.1) + rake (10.1.0) + rbvmomi (1.6.0) + builder + nokogiri (>= 1.4.1) + trollop + rgen (0.6.5) + rspec (2.14.1) + rspec-core (~> 2.14.0) + rspec-expectations (~> 2.14.0) + rspec-mocks (~> 2.14.0) + rspec-core (2.14.4) + rspec-expectations (2.14.0) + diff-lcs (>= 1.1.3, < 2.0) + rspec-mocks (2.14.1) + rspec-puppet (0.1.6) + rspec + rspec-system (1.7.1) + kwalify (~> 0.7.2) + net-scp (~> 1.1) + net-ssh (~> 2.6) + nokogiri (~> 1.5.9) + rbvmomi (~> 1.6) + rspec (~> 2.13) + systemu (~> 2.5) + rspec-system-puppet (1.2.0) + rspec-system (~> 1.5, >= 1.5.0) + systemu (2.5.2) + trollop (2.0) + +PLATFORMS + ruby + +DEPENDENCIES + puppet + puppet-lint (~> 0.3.2) + puppetlabs_spec_helper + rake + rspec-system (>= 1.2.1) + rspec-system-puppet (~> 1.0) diff --git a/3rdparty/modules/postgresql/LICENSE b/3rdparty/modules/postgresql/LICENSE new file mode 100644 index 000000000..f717e2bff --- /dev/null +++ b/3rdparty/modules/postgresql/LICENSE @@ -0,0 +1,16 @@ +PostgreSQL Puppet Module + +Copyright 2012 Inkling Systems, Inc. +Copyright 2012-2013 Puppetlabs Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/3rdparty/modules/postgresql/Modulefile b/3rdparty/modules/postgresql/Modulefile new file mode 100644 index 000000000..dab2249c3 --- /dev/null +++ b/3rdparty/modules/postgresql/Modulefile @@ -0,0 +1,13 @@ +name 'puppetlabs-postgresql' +version '2.4.0' +source 'git://github.com/puppetlabs/puppet-postgresql.git' +author 'Inkling/Puppet Labs' +description 'PostgreSQL defined resource types' +summary 'PostgreSQL defined resource types' +license 'Apache' +project_page 'https://github.com/puppetlabs/puppet-postgresql' + +dependency 'puppetlabs/stdlib', '>=3.2.0 <5.0.0' +dependency 'puppetlabs/firewall', '>= 0.0.4' +dependency 'puppetlabs/apt', '>=1.1.0 <2.0.0' +dependency 'ripienaar/concat', '>= 0.2.0' diff --git a/3rdparty/modules/postgresql/README.md b/3rdparty/modules/postgresql/README.md new file mode 100644 index 000000000..d4942cc23 --- /dev/null +++ b/3rdparty/modules/postgresql/README.md @@ -0,0 +1,615 @@ +postgresql +=========== + +Table of Contents +----------------- + +1. [Overview - What is the PostgreSQL module?](#overview) +2. [Module Description - What does the module do?](#module-description) +3. [Setup - The basics of getting started with PostgreSQL module](#setup) +4. [Usage - How to use the module for various tasks](#usage) +5. [Reference - The classes, defines,functions and facts available in this module](#reference) +6. [Limitations - OS compatibility, etc.](#limitations) +7. [Development - Guide for contributing to the module](#development) +8. [Disclaimer - Licensing information](#disclaimer) +9. [Transfer Notice - Notice of authorship change](#transfer-notice) +10. [Contributors - List of module contributors](#contributors) + +Overview +-------- + +The PostgreSQL module allows you to easily manage postgres databases with Puppet. + +Module Description +------------------- + +PostgreSQL is a high-performance, free, open-source relational database server. The postgresql module allows you to manage PostgreSQL packages and services on several operating systems, while also supporting basic management of PostgreSQL databases and users. The module offers support for managing firewall for postgres ports on RedHat-based distros, as well as support for basic management of common security settings. + +Setup +----- + +**What puppetlabs-PostgreSQL affects:** + +* package/service/configuration files for PostgreSQL +* listened-to ports +* system firewall (optional) +* IP and mask (optional) + +**Introductory Questions** + +The postgresql module offers many security configuration settings. Before getting started, you will want to consider: + +* Do you want/need to allow remote connections? + * If yes, what about TCP connections? +* Would you prefer to work around your current firewall settings or overwrite some of them? +* How restrictive do you want the database superuser's permissions to be? + +Your answers to these questions will determine which of the module's parameters you'll want to specify values for. + +###Configuring the server + +The main configuration you’ll need to do will be around the `postgresql::server` class. The default parameters are reasonable, but fairly restrictive regarding permissions for who can connect and from where. To manage a PostgreSQL server with sane defaults: + + include postgresql::server + +For a more customized, less restrictive configuration: + + class { 'postgresql::server': + config_hash => { + 'ip_mask_deny_postgres_user' => '0.0.0.0/32', + 'ip_mask_allow_all_users' => '0.0.0.0/0', + 'listen_addresses' => '*', + 'ipv4acls' => ['hostssl all johndoe 192.168.0.0/24 cert'], + 'manage_redhat_firewall' => true, + 'manage_pg_hba_conf' => false, + 'postgres_password' => 'TPSrep0rt!', + }, + } + +Once you've completed your configuration of `postgresql::server`, you can test out your settings from the command line: + + $ psql -h localhost -U postgres + $ psql -h my.postgres.server -U + +If you get an error message from these commands, it means that your permissions are set in a way that restricts access from where you’re trying to connect. That might be a good thing or a bad thing, depending on your goals. + +Advanced configuration setting parameters can be placed into `postgresql_puppet_extras.conf` (located in the same folder as `postgresql.conf`). You can manage that file as a normal puppet file resource, or however you see fit; which gives you complete control over the settings. Any value you specify in that file will override any existing value set in the templated version. + +For more details about server configuration parameters consult the [PostgreSQL Runtime Configuration docs](http://www.postgresql.org/docs/9.2/static/runtime-config.html). + +Usage +----- + +###Creating a database + +There are many ways to set up a postgres database using the `postgresql::db` class. For instance, to set up a database for PuppetDB (this assumes you’ve already got the `postgresql::server` set up to your liking in your manifest, as discussed above): + + postgresql::db { 'mydatabasename': + user => 'mydatabaseuser', + password => 'mypassword' + } + +###Managing users, roles and permissions + +To manage users, roles and permissions: + + postgresql::database_user{'marmot': + password_hash => 'foo', + } + + postgresql::database_grant { 'test1': + privilege => 'ALL', + db => 'test1', + role => 'dan', + } + + postgresql::table_grant { 'my_table of test2': + privilege => 'ALL', + table => 'my_table', + db => 'test2', + role => 'dan', + } + + +In this example, you would grant ALL privileges on the test1 database and on the `my_table` table of the test2 database to the user or group specified by dan. + +At this point, you would just need to plunk these database name/username/password values into your PuppetDB config files, and you are good to go. + +Reference +--------- + +The postgresql module comes with many options for configuring the server. While you are unlikely to use all of the below settings, they allow you a decent amount of control over your security settings. + +Classes: + +* [postgresql](#class-postgresql) +* [postgresql::server](#class-postgresqlserver) +* [postgresql::client](#class-postgresqlclient) +* [postgresql::contrib](#class-postgresqlcontrib) +* [postgresql::devel](#class-postgresqldevel) +* [postgresql::java](#class-postgresqljava) +* [postgresql::python](#class-postgresqlpython) + +Resources: + +* [postgresql::db](#resource-postgresqldb) +* [postgresql::database](#resource-postgresqldatabase) +* [postgresql::database_grant](#resource-postgresqldatabasegrant) +* [postgresql::table_grant](#resource-postgresqltablegrant) +* [postgresql::role](#resource-postgresqlrole) +* [postgresql::tablespace](#resource-postgresqltablespace) +* [postgresql::validate_db_connection](#resource-postgresqlvalidatedbconnection) +* [postgresql::pg_hba_rule](#resource-postgresqlpghbarule) + +Functions: + +* [postgresql\_password](#function-postgresqlpassword) +* [postgresql\_acls\_to\_resources\_hash](#function-postgresqlaclstoresourceshashaclarray-id-orderoffset) + +Facts: + +* [postgres\_default\_version](#fact-postgresdefaultversion) + +###Class: postgresql +This class is used to configure the main settings for this module, to be used by the other classes and defined resources. On its own it does nothing. + +For example, if you wanted to overwrite the default `locale` and `charset` you could use the following combination: + + class { 'postgresql': + charset => 'UTF8', + locale => 'en_NG', + }-> + class { 'postgresql::server': + } + +That would make the `charset` and `locale` the default for all classes and defined resources in this module. + +####`version` +The version of PostgreSQL to install/manage. Defaults to your operating system default. + +####`manage_package_repo` +If `true` this will setup the official PostgreSQL repositories on your host. Defaults to `false`. + +####`locale` +This will set the default database locale for all databases created with this module. On certain operating systems this will be used during the `template1` initialization as well so it becomes a default outside of the module as well. Defaults to `undef` which is effectively `C`. + +####`charset` +This will set the default charset for all databases created with this module. On certain operating systems this will be used during the `template1` initialization as well so it becomes a default outside of the module as well. Defaults to `UTF8`. + +####`datadir` +This setting can be used to override the default postgresql data directory for the target platform. If not specified, the module will use whatever directory is the default for your OS distro. + +####`confdir` +This setting can be used to override the default postgresql configuration directory for the target platform. If not specified, the module will use whatever directory is the default for your OS distro. + +####`bindir` +This setting can be used to override the default postgresql binaries directory for the target platform. If not specified, the module will use whatever directory is the default for your OS distro. + +####`client_package_name` +This setting can be used to override the default postgresql client package name. If not specified, the module will use whatever package name is the default for your OS distro. + +####`server_package_name` +This setting can be used to override the default postgresql server package name. If not specified, the module will use whatever package name is the default for your OS distro. + +####`contrib_package_name` +This setting can be used to override the default postgresql contrib package name. If not specified, the module will use whatever package name is the default for your OS distro. + +####`devel_package_name` +This setting can be used to override the default postgresql devel package name. If not specified, the module will use whatever package name is the default for your OS distro. + +####`java_package_name` +This setting can be used to override the default postgresql java package name. If not specified, the module will use whatever package name is the default for your OS distro. + +####`service_name` +This setting can be used to override the default postgresql service name. If not specified, the module will use whatever service name is the default for your OS distro. + +####`user` +This setting can be used to override the default postgresql super user and owner of postgresql related files in the file system. If not specified, the module will use the user name 'postgres'. + +####`group` +This setting can be used to override the default postgresql user group to be used for related files in the file system. If not specified, the module will use the group name 'postgres'. + +####`run_initdb` +This setting can be used to explicitly call the initdb operation after server package is installed and before the postgresql service is started. If not specified, the module will decide whether to call initdb or not depending on your OS distro. + +###Class: postgresql::server +Here are the options that you can set in the `config_hash` parameter of `postgresql::server`: + +####`ensure` +This value default to `present`. When set to `absent` it will remove all packages, configuration and data so use this with extreme caution. + +####`postgres_password` +This value defaults to `undef`, meaning the super user account in the postgres database is a user called `postgres` and this account does not have a password. If you provide this setting, the module will set the password for the `postgres` user to your specified value. + +####`listen_addresses` +This value defaults to `localhost`, meaning the postgres server will only accept connections from localhost. If you’d like to be able to connect to postgres from remote machines, you can override this setting. A value of `*` will tell postgres to accept connections from any remote machine. Alternately, you can specify a comma-separated list of hostnames or IP addresses. (For more info, have a look at the `postgresql.conf` file from your system’s postgres package). + +####`manage_redhat_firewall` +This value defaults to `false`. Many RedHat-based distros ship with a fairly restrictive firewall configuration which will block the port that postgres tries to listen on. If you’d like for the puppet module to open this port for you (using the [puppetlabs-firewall](http://forge.puppetlabs.com/puppetlabs/firewall) module), change this value to true. *[This parameter is likely to change in future versions. Possible changes include support for non-RedHat systems and finer-grained control over the firewall rule (currently, it simply opens up the postgres port to all TCP connections).]* + +####`manage_pg_hba_conf` +This value defaults to `true`. Whether or not manage the pg_hba.conf. If set to `true`, puppet will overwrite this file. If set to `false`, puppet will not modify the file. + +####`ip_mask_allow_all_users` +This value defaults to `127.0.0.1/32`. By default, Postgres does not allow any database user accounts to connect via TCP from remote machines. If you’d like to allow them to, you can override this setting. You might set it to `0.0.0.0/0` to allow database users to connect from any remote machine, or `192.168.0.0/16` to allow connections from any machine on your local 192.168 subnet. + +####`ip_mask_deny_postgres_user` +This value defaults to `0.0.0.0/0`. Sometimes it can be useful to block the superuser account from remote connections if you are allowing other database users to connect remotely. Set this to an IP and mask for which you want to deny connections by the postgres superuser account. So, e.g., the default value of `0.0.0.0/0` will match any remote IP and deny access, so the postgres user won’t be able to connect remotely at all. Conversely, a value of `0.0.0.0/32` would not match any remote IP, and thus the deny rule will not be applied and the postgres user will be allowed to connect. + +####`pg_hba_conf_path` +If, for some reason, your system stores the `pg_hba.conf` file in a non-standard location, you can override the path here. + +####`postgresql_conf_path` +If, for some reason, your system stores the `postgresql.conf` file in a non-standard location, you can override the path here. + +####`ipv4acls` +List of strings for access control for connection method, users, databases, IPv4 addresses; see [postgresql documentation](http://www.postgresql.org/docs/9.2/static/auth-pg-hba-conf.html) about `pg_hba.conf` for information (please note that the link will take you to documentation for the most recent version of Postgres, however links for earlier versions can be found on that page). + +####`ipv6acls` +List of strings for access control for connection method, users, databases, IPv6 addresses; see [postgresql documentation](http://www.postgresql.org/docs/9.2/static/auth-pg-hba-conf.html) about `pg_hba.conf` for information (please note that the link will take you to documentation for the most recent version of Postgres, however links for earlier versions can be found on that page). + +###Class: postgresql::client + +This class installs postgresql client software. Alter the following parameters if you have a custom version you would like to install (Note: don't forget to make sure to add any necessary yum or apt repositories if specifying a custom version): + +####`package_name` +The name of the postgresql client package. + +####`package_ensure` +The ensure parameter passed on to postgresql client package resource. + +###Class: postgresql::contrib +Installs the postgresql contrib package. + +####`package_name` +The name of the postgresql client package. + +####`package_ensure` +The ensure parameter passed on to postgresql contrib package resource. + +###Class: postgresql::devel +Installs the packages containing the development libraries for PostgreSQL. + +####`package_ensure` +Override for the `ensure` parameter during package installation. Defaults to `present`. + +####`package_name` +Overrides the default package name for the distribution you are installing to. Defaults to `postgresql-devel` or `postgresql-devel` depending on your distro. + +###Class: postgresql::java +This class installs postgresql bindings for Java (JDBC). Alter the following parameters if you have a custom version you would like to install (Note: don't forget to make sure to add any necessary yum or apt repositories if specifying a custom version): + +####`package_name` +The name of the postgresql java package. + +####`package_ensure` +The ensure parameter passed on to postgresql java package resource. + +###Class: postgresql::python +This class installs the postgresql Python libraries. For customer requirements you can customise the following parameters: + +####`package_name` +The name of the postgresql python package. + +####`package_ensure` +The ensure parameter passed on to postgresql python package resource. + +###Resource: postgresql::db +This is a convenience resource that creates a database, user and assigns necessary permissions in one go. + +For example, to create a database called `test1` with a corresponding user of the same name, you can use: + + postgresql::db { 'test1': + user => 'test1', + password => 'test1', + } + +####`namevar` +The namevar for the resource designates the name of the database. + +####`user` +User to create and assign access to the database upon creation. Mandatory. + +####`password` +Password for the created user. Mandatory. + +####`tablespace` +The name of the tablespace to allocate this database to. If not specifies, it defaults to the PostgreSQL default. + +####`charset` +Override the character set during creation of the database. Defaults to the default defined during installation. + +####`locale` +Override the locale during creation of the database. Defaults to the default defined during installation. + +####`grant` +Grant permissions during creation. Defaults to `ALL`. + +####`istemplate` +Define database as a template. Defaults to `false`. + +###Resource: postgresql::database +This defined type can be used to create a database with no users and no permissions, which is a rare use case. + +####`namevar` +Name of the database to create. + +####`owner` +Name of the database user who should be set as the owner of the database. Defaults to `$postgresql::params::user`. + +####`tablespace` +Tablespace for where to create this database. Defaults to the defaults defined during PostgreSQL installation. + +####`charset` +Override the character set during creation of the database. Defaults to the default defined during installation. + +####`locale` +Override the locale during creation of the database. Defaults to the default defined during installation. + +####`istemplate` +Define database as a template. Defaults to `false`. + +###Resource: postgresql::database\_grant +This defined type manages grant based access privileges for users. Consult the PostgreSQL documentation for `grant` for more information. + +####`namevar` +Used to uniquely identify this resource, but functionality not used during grant. + +####`privilege` +Can be one of `SELECT`, `TEMPORARY`, `TEMP`, `CONNECT`. `ALL` is used as a synonym for `CREATE`. If you need to add multiple privileges, a space delimited string can be used. + +####`db` +Database to grant access to. + +####`role` +Role or user whom you are granting access for. + +####`psql_db` +Database to execute the grant against. This should not ordinarily be changed from the default, which is `postgres`. + +####`psql_user` +OS user for running `psql`. Defaults to the default user for the module, usually `postgres`. + +###Resource: postgresql::table\_grant +This defined type manages grant based access privileges for users. Consult the PostgreSQL documentation for `grant` for more information. + +####`namevar` +Used to uniquely identify this resource, but functionality not used during grant. + +####`privilege` +Can be one of `SELECT`, `INSERT`, `UPDATE`, `REFERENCES`. `ALL` is used as a synonym for `CREATE`. If you need to add multiple privileges, a space delimited string can be used. + +####`table` +Table to grant access on. + +####`db` +Database of table. + +####`role` +Role or user whom you are granting access for. + +####`psql_db` +Database to execute the grant against. This should not ordinarily be changed from the default, which is `postgres`. + +####`psql_user` +OS user for running `psql`. Defaults to the default user for the module, usually `postgres`. + +###Resource: postgresql::role +This resource creates a role or user in PostgreSQL. + +####`namevar` +The role name to create. + +####`password_hash` +The hash to use during password creation. Use the `postgresql_password` function to provide an MD5 hash here. + +####`createdb` +Weither to grant the ability to create new databases with this role. Defaults to `false`. + +####`createrole` +Weither to grant the ability to create new roles with this role. Defaults to `false`. + +####`login` +Weither to grant login capability for the new role. Defaults to `false`. + +####`superuser` +Weither to grant super user capability for the new role. Defaults to `false`. + +####`replication` +If `true` provides replication capabilities for this role. Defaults to `false`. + +####`connection_limit` +Specifies how many concurrent connections the role can make. Defaults to `-1` meaning no limit. + +###Resource: postgresql::tablespace +This defined type can be used to create a tablespace. For example: + + postgresql::tablespace{ 'tablespace1': + location => '/srv/space1', + } + +It will create the location if necessary, assigning it the same permissions as your +PostgreSQL server. + +####`namevar` +The tablespace name to create. + +####`location` +The path to locate this tablespace. + +####`owner` +The default owner of the tablespace. + +###Resource: postgresql::validate\_db\_connection +This resource can be utilised inside composite manifests to validate that a client has a valid connection with a remote PostgreSQL database. It can be ran from any node where the PostgreSQL client software is installed to validate connectivity before commencing other dependent tasks in your Puppet manifests, so it is often used when chained to other tasks such as: starting an application server, performing a database migration. + +Example usage: + + postgresql::validate_db_connection { 'validate my postgres connection': + database_host => 'my.postgres.host', + database_username => 'mydbuser', + database_password => 'mydbpassword', + database_name => 'mydbname', + }-> + exec { 'rake db:migrate': + cwd => '/opt/myrubyapp', + } + +####`namevar` +Uniquely identify this resource, but functionally does nothing. + +####`database_host` +The hostname of the database you wish to test. + +####`database_port` +Port to use when connecting. + +####`database_name` +The name of the database you wish to test. + +####`database_username` +Username to connect with. + +####`database_password` +Password to connect with. Can be left blank, but that is not recommended. + +###Resource: postgresql::pg\_hba\_rule +This defined type allows you to create an access rule for `pg_hba.conf`. For more details see the [PostgreSQL documentation](http://www.postgresql.org/docs/8.2/static/auth-pg-hba-conf.html). + +For example: + + postgresql::pg_hba_rule { 'allow application network to access app database': + description => "Open up postgresql for access from 200.1.2.0/24", + type => 'host', + database => 'app', + user => 'app', + address => '200.1.2.0/24', + auth_method => 'md5', + } + +This would create a ruleset in `pg_hba.conf` similar to: + + # Rule Name: allow application network to access app database + # Description: Open up postgresql for access from 200.1.2.0/24 + # Order: 150 + host app app 200.1.2.0/24 md5 + +####`namevar` +A unique identifier or short description for this rule. The namevar doesn't provide any functional usage, but it is stored in the comments of the produced `pg_hba.conf` so the originating resource can be identified. + +####`description` +A longer description for this rule if required. Defaults to `none`. This description is placed in the comments above the rule in `pg_hba.conf`. + +####`type` +The type of rule, this is usually one of: `local`, `host`, `hostssl` or `hostnossl`. + +####`database` +A comma separated list of databases that this rule matches. + +####`user` +A comma separated list of database users that this rule matches. + +####`address` +If the type is not 'local' you can provide a CIDR based address here for rule matching. + +####`auth_method` +The `auth_method` is described further in the `pg_hba.conf` documentation, but it provides the method that is used for authentication for the connection that this rule matches. + +####`auth_option` +For certain `auth_method` settings there are extra options that can be passed. Consult the PostgreSQL `pg_hba.conf` documentation for further details. + +####`order` +An order for placing the rule in `pg_hba.conf`. Defaults to `150`. + +####`target` +This provides the target for the rule, and is generally an internal only property. Use with caution. + +###Function: postgresql\_password +If you need to generate a postgres encrypted password, use `postgresql_password`. You can call it from your production manifests if you don't mind them containing the clear text versions of your passwords, or you can call it from the command line and then copy and paste the encrypted password into your manifest: + + $ puppet apply --execute 'notify { "test": message => postgresql_password("username", "password") }' + +###Function: postgresql\_acls\_to\_resources\_hash(acl\_array, id, order\_offset) +This internal function converts a list of `pg_hba.conf` based acls (passed in as an array of strings) to a format compatible with the `postgresql::pg_hba_rule` resource. + +**This function should only be used internally by the module**. + +###Fact: postgres\_default\_version +The module provides a Facter fact that can be used to determine what the default version of postgres is for your operating system/distribution. Depending on the distribution, it might be 8.1, 8.4, 9.1, or possibly another version. This can be useful in a few cases, like when building path strings for the postgres directories. + +Limitations +------------ + +Works with versions of PostgreSQL from 8.1 through 9.2. + +Development +------------ + +Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can't access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve. + +We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. + +You can read the complete module contribution guide [on the Puppet Labs wiki.](http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing) + +### Tests + +There are two types of tests distributed with the module. Unit tests with rspec-puppet and system tests using rspec-system. + +For unit testing, make sure you have: + +* rake +* bundler + +Install the necessary gems: + + bundle install --path=vendor + +And then run the unit tests: + + bundle exec rake spec + +The unit tests are ran in Travis-CI as well, if you want to see the results of your own tests regsiter the service hook through Travis-CI via the accounts section for your Github clone of this project. + +If you want to run the system tests, make sure you also have: + +* vagrant > 1.2.x +* Virtualbox > 4.2.10 + +Then run the tests using: + + bundle exec rake spec:system + +To run the tests on different operating systems, see the sets available in .nodeset.yml and run the specific set with the following syntax: + + RSPEC_SET=debian-607-x64 bundle exec rake spec:system + +Transfer Notice +---------------- + +This Puppet module was originally authored by Inkling Systems. The maintainer preferred that Puppet Labs take ownership of the module for future improvement and maintenance as Puppet Labs is using it in the PuppetDB module. Existing pull requests and issues were transferred over, please fork and continue to contribute here instead of Inkling. + +Previously: [https://github.com/inkling/puppet-postgresql](https://github.com/inkling/puppet-postgresql) + +Contributors +------------ + + * Andrew Moon + * [Kenn Knowles](https://github.com/kennknowles) ([@kennknowles](https://twitter.com/KennKnowles)) + * Adrien Thebo + * Albert Koch + * Andreas Ntaflos + * Brett Porter + * Chris Price + * dharwood + * Etienne Pelletier + * Florin Broasca + * Henrik + * Hunter Haugen + * Jari Bakken + * Jordi Boggiano + * Ken Barber + * nzakaria + * Richard Arends + * Spenser Gilliland + * stormcrow + * William Van Hevelingen diff --git a/3rdparty/modules/postgresql/Rakefile b/3rdparty/modules/postgresql/Rakefile new file mode 100644 index 000000000..13af8671f --- /dev/null +++ b/3rdparty/modules/postgresql/Rakefile @@ -0,0 +1,12 @@ +require 'rubygems' +require 'bundler/setup' + +Bundler.require :default + +require 'puppetlabs_spec_helper/rake_tasks' +require 'rspec-system/rake_task' +require 'puppet-lint/tasks/puppet-lint' + +task :default do + sh %{rake -T} +end diff --git a/3rdparty/modules/postgresql/examples/init.pp b/3rdparty/modules/postgresql/examples/init.pp new file mode 100644 index 000000000..c1b443adb --- /dev/null +++ b/3rdparty/modules/postgresql/examples/init.pp @@ -0,0 +1 @@ +include postgresql::client diff --git a/3rdparty/modules/postgresql/examples/official-postgresql-repos.pp b/3rdparty/modules/postgresql/examples/official-postgresql-repos.pp new file mode 100644 index 000000000..3c48134f1 --- /dev/null +++ b/3rdparty/modules/postgresql/examples/official-postgresql-repos.pp @@ -0,0 +1,19 @@ +# This manifest shows an example of how you can use a newer version of +# postgres from yum.postgresql.org or apt.postgresql.org, rather than your +# system's default version. +# +# Note that it is important that you use the '->', or a +# before/require metaparameter to make sure that the `params` +# class is evaluated before any of the other classes in the module. +# +# Also note that this example includes automatic management of the yumrepo or +# apt resource. If you'd prefer to manage the repo yourself, simply pass +# 'false' or omit the 'manage_repo' parameter--it defaults to 'false'. You will +# still need to use the 'postgresql' class to specify the postgres version +# number, though, in order for the other classes to be able to find the +# correct paths to the postgres dirs. +class { 'postgresql': + version => '9.2', + manage_package_repo => true, +}-> +class { 'postgresql::server': } diff --git a/3rdparty/modules/postgresql/examples/postgresql_database.pp b/3rdparty/modules/postgresql/examples/postgresql_database.pp new file mode 100644 index 000000000..90cd941dc --- /dev/null +++ b/3rdparty/modules/postgresql/examples/postgresql_database.pp @@ -0,0 +1,22 @@ +class { 'postgresql::server': + config_hash => { + 'ip_mask_deny_postgres_user' => '0.0.0.0/32', + 'ip_mask_allow_all_users' => '0.0.0.0/0', + 'listen_addresses' => '*', + 'manage_redhat_firewall' => true, + 'postgres_password' => 'postgres', + }, +} + +postgresql::database{ ['test1', 'test2', 'test3']: + # TODO: ensure not yet supported + #ensure => present, + charset => 'utf8', + require => Class['postgresql::server'], +} +postgresql::database{ 'test4': + # TODO: ensure not yet supported + #ensure => present, + charset => 'latin1', + require => Class['postgresql::server'], +} diff --git a/3rdparty/modules/postgresql/examples/postgresql_db.pp b/3rdparty/modules/postgresql/examples/postgresql_db.pp new file mode 100644 index 000000000..4bbeb42b7 --- /dev/null +++ b/3rdparty/modules/postgresql/examples/postgresql_db.pp @@ -0,0 +1,30 @@ +class { 'postgresql::server': + config_hash => { + 'ip_mask_allow_all_users' => '0.0.0.0/0', + 'listen_addresses' => '*', + 'manage_redhat_firewall' => true, + + #'ip_mask_deny_postgres_user' => '0.0.0.0/32', + #'postgres_password' => 'puppet', + }, +} + +postgresql::db{ 'test1': + user => 'test1', + password => 'test1', + grant => 'all', +} + +postgresql::db{ 'test2': + user => 'test2', + password => postgresql_password('test2', 'test2'), + grant => 'all', +} + +postgresql::db{ 'test3': + user => 'test3', + # The password here is a copy/paste of the output of the 'postgresql_password' + # function from this module, with a u/p of 'test3', 'test3'. + password => 'md5e12234d4575a12bfd61d61294f32b086', + grant => 'all', +} diff --git a/3rdparty/modules/postgresql/examples/postgresql_grant.pp b/3rdparty/modules/postgresql/examples/postgresql_grant.pp new file mode 100644 index 000000000..05d87a47a --- /dev/null +++ b/3rdparty/modules/postgresql/examples/postgresql_grant.pp @@ -0,0 +1,14 @@ +# TODO: in mysql module, the grant resource name might look like this: 'user@host/dbname'; +# I think that the API for the resource type should split these up, because it's +# easier / safer to recombine them for mysql than it is to parse them for other +# databases. Also, in the mysql module, the hostname portion of that string +# affects the user's ability to connect from remote hosts. In postgres this is +# managed via pg_hba.conf; not sure if we want to try to reconcile that difference +# in the modules or not. +postgresql::database_grant{'test1': + # TODO: mysql supports an array of privileges here. We should do that if we + # port this to ruby. + privilege => 'ALL', + db => 'test1', + role => 'dan', +} diff --git a/3rdparty/modules/postgresql/examples/postgresql_pg_hba_rule.pp b/3rdparty/modules/postgresql/examples/postgresql_pg_hba_rule.pp new file mode 100644 index 000000000..fbd3925b6 --- /dev/null +++ b/3rdparty/modules/postgresql/examples/postgresql_pg_hba_rule.pp @@ -0,0 +1,18 @@ +# Basic remote access +postgresql::pg_hba_rule{ 'allow access to db foo from 2.2.2.0/24 for user foo': + type => 'host', + database => 'foo', + user => 'foo', + address => '2.2.2.0/24', + auth_method => 'md5', +} + +# LDAP Integration +postgresql::pg_hba_rule{ 'allow ldap access to db foo from 10.1.1.0/24 for all': + type => 'host', + database => 'foo', + user => 'all', + address => '10.1.1.0/24', + auth_method => 'ldap', + auth_option => 'ldapserver=ldap.example.net ldapprefix="cn=" ldapsuffix=", dc=example, dc=net"', +} diff --git a/3rdparty/modules/postgresql/examples/postgresql_pgconf_extras.pp b/3rdparty/modules/postgresql/examples/postgresql_pgconf_extras.pp new file mode 100644 index 000000000..22b210d21 --- /dev/null +++ b/3rdparty/modules/postgresql/examples/postgresql_pgconf_extras.pp @@ -0,0 +1,19 @@ +class { 'postgresql::server': + config_hash => { + 'ip_mask_deny_postgres_user' => '0.0.0.0/32', + 'ip_mask_allow_all_users' => '0.0.0.0/0', + 'listen_addresses' => '*', + 'manage_redhat_firewall' => true, + 'postgres_password' => 'postgres', + }, +} + +include 'postgresql::params' + +$pg_conf_include_file = "${postgresql::params::confdir}/postgresql_puppet_extras.conf" + +file { $pg_conf_include_file: + content => 'max_connections = 123', + notify => Service['postgresqld'], +} + diff --git a/3rdparty/modules/postgresql/examples/postgresql_tablespace.pp b/3rdparty/modules/postgresql/examples/postgresql_tablespace.pp new file mode 100644 index 000000000..962941012 --- /dev/null +++ b/3rdparty/modules/postgresql/examples/postgresql_tablespace.pp @@ -0,0 +1,73 @@ +class { 'postgresql::server': + config_hash => { + 'ip_mask_deny_postgres_user' => '0.0.0.0/32', + 'ip_mask_allow_all_users' => '0.0.0.0/0', + 'listen_addresses' => '*', + 'manage_redhat_firewall' => true, + 'postgres_password' => 'postgres', + }, +} + +file { '/tmp': + ensure => 'directory', +} +file { '/tmp/pg_tablespaces': + ensure => 'directory', + owner => 'postgres', + group => 'postgres', + mode => '0700', + require => File['/tmp'], +} + +postgresql::tablespace{ 'tablespace1': + location => '/tmp/pg_tablespaces/space1', + require => [Class['postgresql::server'], File['/tmp/pg_tablespaces']], +} +postgresql::database{ 'tablespacedb1': + # TODO: ensure not yet supported + #ensure => present, + charset => 'utf8', + require => Class['postgresql::server'], +} +postgresql::database{ 'tablespacedb2': + # TODO: ensure not yet supported + #ensure => present, + charset => 'utf8', + tablespace => 'tablespace1', + require => Postgresql::Tablespace['tablespace1'], +} +postgresql::db{ 'tablespacedb3': + # TODO: ensure not yet supported + #ensure => present, + user => 'dbuser1', + password => 'dbuser1', + require => Class['postgresql::server'], +} +postgresql::db{ 'tablespacedb4': + # TODO: ensure not yet supported + #ensure => present, + user => 'dbuser2', + password => 'dbuser2', + tablespace => 'tablespace1', + require => Postgresql::Tablespace['tablespace1'], +} + +postgresql::database_user{ 'spcuser': + # TODO: ensure is not yet supported + #ensure => present, + password_hash => postgresql_password('spcuser', 'spcuser'), + require => Class['postgresql::server'], +} +postgresql::tablespace{ 'tablespace2': + location => '/tmp/pg_tablespaces/space2', + owner => 'spcuser', + require => [Postgresql::Database_user['spcuser'], File['/tmp/pg_tablespaces']], +} +postgresql::database{ 'tablespacedb5': + # TODO: ensure not yet supported + #ensure => present, + charset => 'utf8', + tablespace => 'tablespace2', + require => Postgresql::Tablespace['tablespace2'], +} + diff --git a/3rdparty/modules/postgresql/examples/postgresql_user.pp b/3rdparty/modules/postgresql/examples/postgresql_user.pp new file mode 100644 index 000000000..fa7cab5e9 --- /dev/null +++ b/3rdparty/modules/postgresql/examples/postgresql_user.pp @@ -0,0 +1,28 @@ +class { 'postgresql::server': + config_hash => { + 'ip_mask_deny_postgres_user' => '0.0.0.0/32', + 'ip_mask_allow_all_users' => '0.0.0.0/0', + 'listen_addresses' => '*', + 'manage_redhat_firewall' => true, + 'postgres_password' => 'postgres', + }, +} + +# TODO: in mysql module, the username includes, e.g., '@%' or '@localhost', which +# affects the user's ability to connect from remote hosts. In postgres this is +# managed via pg_hba.conf; not sure if we want to try to reconcile that difference +# in the modules or not. +postgresql::database_user{ 'redmine': + # TODO: ensure is not yet supported + #ensure => present, + password_hash => postgresql_password('redmine', 'redmine'), + require => Class['postgresql::server'], +} + +postgresql::database_user{ 'dan': + # TODO: ensure is not yet supported + #ensure => present, + password_hash => postgresql_password('dan', 'blah'), + require => Class['postgresql::server'], +} + diff --git a/3rdparty/modules/postgresql/examples/server.pp b/3rdparty/modules/postgresql/examples/server.pp new file mode 100644 index 000000000..0a70a44f9 --- /dev/null +++ b/3rdparty/modules/postgresql/examples/server.pp @@ -0,0 +1,10 @@ +class { 'postgresql::server': + config_hash => { + 'ip_mask_deny_postgres_user' => '0.0.0.0/32', + 'ip_mask_allow_all_users' => '0.0.0.0/0', + 'listen_addresses' => '*', + 'ipv4acls' => ['hostssl all johndoe 192.168.0.0/24 cert'], + 'manage_redhat_firewall' => true, + 'postgres_password' => 'postgres', + }, +} diff --git a/3rdparty/modules/postgresql/files/RPM-GPG-KEY-PGDG b/3rdparty/modules/postgresql/files/RPM-GPG-KEY-PGDG new file mode 100644 index 000000000..065274e0d --- /dev/null +++ b/3rdparty/modules/postgresql/files/RPM-GPG-KEY-PGDG @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.7 (GNU/Linux) + +mQGiBEeD8koRBACC1VBRsUwGr9gxFFRho9kZpdRUjBJoPhkeOTvp9LzkdAQMFngr +BFi6N0ov1kCX7LLwBmDG+JPR7N+XcH9YR1coSHpLVg+JNy2kFDd4zAyWxJafjZ3a +9zFg9Yx+0va1BJ2t4zVcmKS4aOfbgQ5KwIOWUujalQW5Y+Fw39Gn86qjbwCg5dIo +tkM0l19h2sx50D027pV5aPsD/2c9pfcFTbMhB0CcKS836GH1qY+NCAdUwPs646ee +Ex/k9Uy4qMwhl3HuCGGGa+N6Plyon7V0TzZuRGp/1742dE8IO+I/KLy2L1d1Fxrn +XOTBZd8qe6nBwh12OMcKrsPBVBxn+iSkaG3ULsgOtx+HHLfa1/p22L5+GzGdxizr +peBuA/90cCp+lYcEwdYaRoFVR501yDOTmmzBc1DrsyWP79QMEGzMqa393G0VnqXt +L4pGmunq66Agw2EhPcIt3pDYiCmEt/obdVtSJH6BtmSDB/zYhbE8u3vLP3jfFDa9 +KXxgtYj0NvuUVoRmxSKm8jtfmj1L7zoKNz3jl+Ba3L0WxIv4+bRBUG9zdGdyZVNR +TCBSUE0gQnVpbGRpbmcgUHJvamVjdCA8cGdzcWxycG1zLWhhY2tlcnNAcGdmb3Vu +ZHJ5Lm9yZz6IYAQTEQIAIAUCR4PySgIbIwYLCQgHAwIEFQIIAwQWAgMBAh4BAheA +AAoJEB8W0uFELfD4jnkAoMqd6ZwwsgYHZ3hP9vt+DJt1uDW7AKDbRwP8ESKFhwdJ +8m91RPBeJW/tMLkCDQRHg/JKEAgA64+ZXgcERPYfZYo4p+yMTJAAa9aqnE3U4Ni6 +ZMB57GPuEy8NfbNya+HiftO8hoozmJdcI6XFyRBCDUVCdZ8SE+PJdOx2FFqZVIu6 +dKnr8ykhgLpNNEFDG3boK9UfLj/5lYQ3Y550Iym1QKOgyrJYeAp6sZ+Nx2PavsP3 +nMFCSD67BqAbcLCVQN7a2dAUXfEbfXJjPHXTbo1/kxtzE+KCRTLdXEbSEe3nHO04 +K/EgTBjeBUOxnciH5RylJ2oGy/v4xr9ed7R1jJtshsDKMdWApwoLlCBJ63jg/4T/ +z/OtXmu4AvmWaJxaTl7fPf2GqSqqb6jLCrQAH7AIhXr9V0zPZwADBQgAlpptNQHl +u7euIdIujFwwcxyQGfee6BG+3zaNSEHMVQMuc6bxuvYmgM9r7aki/b0YMfjJBk8v +OJ3Eh1vDH/woJi2iJ13vQ21ot+1JP3fMd6NPR8/qEeDnmVXu7QAtlkmSKI9Rdnjz +FFSUJrQPHnKsH4V4uvAM+njwYD+VFiwlBPTKNeL8cdBb4tPN2cdVJzoAp57wkZAN +VA2tKxNsTJKBi8wukaLWX8+yPHiWCNWItvyB4WCEp/rZKG4A868NM5sZQMAabpLd +l4fTiGu68OYgK9qUPZvhEAL2C1jPDVHPkLm+ZsD+90Pe66w9vB00cxXuHLzm8Pad +GaCXCY8h3xi6VIhJBBgRAgAJBQJHg/JKAhsMAAoJEB8W0uFELfD4K4cAoJ4yug8y +1U0cZEiF5W25HDzMTtaDAKCaM1m3Cbd+AZ0NGWNg/VvIX9MsPA== +=au6K +-----END PGP PUBLIC KEY BLOCK----- diff --git a/3rdparty/modules/postgresql/lib/facter/postgres_default_version.rb b/3rdparty/modules/postgresql/lib/facter/postgres_default_version.rb new file mode 100644 index 000000000..c10ad2a29 --- /dev/null +++ b/3rdparty/modules/postgresql/lib/facter/postgres_default_version.rb @@ -0,0 +1,69 @@ +def get_debianfamily_postgres_version + case Facter.value('operatingsystem') + when "Debian" + get_debian_postgres_version() + when "Ubuntu" + get_ubuntu_postgres_version() + else + nil + end +end + +def get_debian_postgres_version + case Facter.value('operatingsystemrelease') + # TODO: add more debian versions or better logic here + when /^6\./ + "8.4" + when /^wheezy/, /^7\./ + "9.1" + else + nil + end +end + +def get_ubuntu_postgres_version + case Facter.value('operatingsystemrelease') + when "11.10", "12.04", "12.10", "13.04" + "9.1" + when "10.04", "10.10", "11.04" + "8.4" + else + nil + end +end + +def get_redhatfamily_postgres_version + case Facter.value('operatingsystemrelease') + when /^6\./ + "8.4" + when /^5\./ + "8.1" + else + nil + end +end + +Facter.add("postgres_default_version") do + setcode do + result = + case Facter.value('osfamily') + when 'RedHat' + get_redhatfamily_postgres_version() + when 'Linux' + get_redhatfamily_postgres_version() + when 'Debian' + get_debianfamily_postgres_version() + else + nil + end + + # TODO: not sure if this is really a great idea, but elsewhere in the code + # it is useful to be able to distinguish between the case where the fact + # does not exist at all (e.g., if pluginsync is not enabled), and the case + # where the fact is not known for the OS in question. + if result == nil + result = 'unknown' + end + result + end +end diff --git a/3rdparty/modules/postgresql/lib/puppet/parser/functions/postgresql_acls_to_resources_hash.rb b/3rdparty/modules/postgresql/lib/puppet/parser/functions/postgresql_acls_to_resources_hash.rb new file mode 100644 index 000000000..7fa785486 --- /dev/null +++ b/3rdparty/modules/postgresql/lib/puppet/parser/functions/postgresql_acls_to_resources_hash.rb @@ -0,0 +1,76 @@ +module Puppet::Parser::Functions + newfunction(:postgresql_acls_to_resources_hash, :type => :rvalue, :doc => <<-EOS + This internal function translates the ipv(4|6)acls format into a resource + suitable for create_resources. It is not intended to be used outside of the + postgresql internal classes/defined resources. + + This function accepts an array of strings that are pg_hba.conf rules. It + will return a hash that can be fed into create_resources to create multiple + individual pg_hba_rule resources. + + The second parameter is an identifier that will be included in the namevar + to provide uniqueness. It must be a string. + + The third parameter is an order offset, so you can start the order at an + arbitrary starting point. + EOS + ) do |args| + func_name = "postgresql_acls_to_resources_hash()" + + raise(Puppet::ParseError, "#{func_name}: Wrong number of arguments " + + "given (#{args.size} for 3)") if args.size != 3 + + acls = args[0] + raise(Puppet::ParseError, "#{func_name}: first argument must be an array") \ + unless acls.instance_of? Array + + id = args[1] + raise(Puppet::ParseError, "#{func_name}: second argument must be a string") \ + unless id.instance_of? String + + offset = args[2].to_i + raise(Puppet::ParseError, "#{func_name}: third argument must be a number") \ + unless offset.instance_of? Fixnum + + resources = {} + acls.each do |acl| + index = acls.index(acl) + + parts = acl.split + + raise(Puppet::ParseError, "#{func_name}: acl line #{index} does not " + + "have enough parts") unless parts.length >= 4 + + resource = { + 'type' => parts[0], + 'database' => parts[1], + 'user' => parts[2], + 'order' => format('%03d', offset + index), + } + if parts[0] == 'local' then + resource['auth_method'] = parts[3] + if parts.length > 4 then + resource['auth_option'] = parts.last(parts.length - 4).join(" ") + end + else + if parts[4] =~ /^\d/ + resource['address'] = parts[3] + ' ' + parts[4] + resource['auth_method'] = parts[5] + + if parts.length > 6 then + resource['auth_option'] = parts.last(parts.length - 6).join(" ") + end + else + resource['address'] = parts[3] + resource['auth_method'] = parts[4] + + if parts.length > 5 then + resource['auth_option'] = parts.last(parts.length - 5).join(" ") + end + end + end + resources["postgresql class generated rule #{id} #{index}"] = resource + end + resources + end +end diff --git a/3rdparty/modules/postgresql/lib/puppet/parser/functions/postgresql_password.rb b/3rdparty/modules/postgresql/lib/puppet/parser/functions/postgresql_password.rb new file mode 100644 index 000000000..0689e0e5b --- /dev/null +++ b/3rdparty/modules/postgresql/lib/puppet/parser/functions/postgresql_password.rb @@ -0,0 +1,18 @@ +# hash a string as mysql's "PASSWORD()" function would do it +require 'digest/md5' + +module Puppet::Parser::Functions + newfunction(:postgresql_password, :type => :rvalue, :doc => <<-EOS + Returns the postgresql password hash from the clear text username / password. + EOS + ) do |args| + + raise(Puppet::ParseError, "postgresql_password(): Wrong number of arguments " + + "given (#{args.size} for 2)") if args.size != 2 + + username = args[0] + password = args[1] + + 'md5' + Digest::MD5.hexdigest(password + username) + end +end diff --git a/3rdparty/modules/postgresql/lib/puppet/provider/postgresql_psql/ruby.rb b/3rdparty/modules/postgresql/lib/puppet/provider/postgresql_psql/ruby.rb new file mode 100644 index 000000000..7962669c1 --- /dev/null +++ b/3rdparty/modules/postgresql/lib/puppet/provider/postgresql_psql/ruby.rb @@ -0,0 +1,67 @@ +Puppet::Type.type(:postgresql_psql).provide(:ruby) do + + def command() + if ((! resource[:unless]) or (resource[:unless].empty?)) + if (resource[:refreshonly]) + # So, if there's no 'unless', and we're in "refreshonly" mode, + # we need to return the target command here. If we don't, + # then Puppet will generate an event indicating that this + # property has changed. + return resource[:command] + end + + # if we're not in refreshonly mode, then we return nil, + # which will cause Puppet to sync this property. This + # is what we want if there is no 'unless' value specified. + return nil + end + + output, status = run_unless_sql_command(resource[:unless]) + + if status != 0 + self.fail("Error evaluating 'unless' clause: '#{output}'") + end + result_count = output.strip.to_i + if result_count > 0 + # If the 'unless' query returned rows, then we don't want to execute + # the 'command'. Returning the target 'command' here will cause + # Puppet to treat this property as already being 'insync?', so it + # won't call the setter to run the 'command' later. + return resource[:command] + end + + # Returning 'nil' here will cause Puppet to see this property + # as out-of-sync, so it will call the setter later. + nil + end + + def command=(val) + output, status = run_sql_command(val) + + if status != 0 + self.fail("Error executing SQL; psql returned #{status}: '#{output}'") + end + end + + + def run_unless_sql_command(sql) + # for the 'unless' queries, we wrap the user's query in a 'SELECT COUNT', + # which makes it easier to parse and process the output. + run_sql_command('SELECT COUNT(*) FROM (' << sql << ') count') + end + + def run_sql_command(sql) + command = [resource[:psql_path]] + command.push("-d", resource[:db]) if resource[:db] + command.push("-t", "-c", sql) + + if resource[:cwd] + Dir.chdir resource[:cwd] do + Puppet::Util::SUIDManager.run_and_capture(command, resource[:psql_user], resource[:psql_group]) + end + else + Puppet::Util::SUIDManager.run_and_capture(command, resource[:psql_user], resource[:psql_group]) + end + end + +end diff --git a/3rdparty/modules/postgresql/lib/puppet/type/postgresql_psql.rb b/3rdparty/modules/postgresql/lib/puppet/type/postgresql_psql.rb new file mode 100644 index 000000000..ab6af927f --- /dev/null +++ b/3rdparty/modules/postgresql/lib/puppet/type/postgresql_psql.rb @@ -0,0 +1,84 @@ +Puppet::Type.newtype(:postgresql_psql) do + + newparam(:name) do + desc "An arbitrary tag for your own reference; the name of the message." + isnamevar + end + + newproperty(:command) do + desc 'The SQL command to execute via psql.' + + defaultto { @resource[:name] } + + def sync(refreshing = false) + # We're overriding 'sync' here in order to do some magic + # in support of providing a 'refreshonly' parameter. This + # is kind of hacky because the logic for 'refreshonly' is + # spread between the type and the provider, but this is + # the least horrible way that I could determine to accomplish + # it. + # + # Note that our overridden version of 'sync' takes a parameter, + # 'refreshing', which the parent version doesn't take. This + # allows us to call the sync method directly from the 'refresh' + # method, and then inside of the body of 'sync' we can tell + # whether or not we're refreshing. + + if ((@resource[:refreshonly] == :false) || refreshing) + # If we're not in 'refreshonly' mode, or we're not currently + # refreshing, then we just call the parent method. + super() + else + # If we get here, it means we're in 'refreshonly' mode and + # we're not being called by the 'refresh' method, so we + # just no-op. We'll be called again by the 'refresh' + # method momentarily. + nil + end + end + end + + newparam(:unless) do + desc "An optional SQL command to execute prior to the main :command; " + + "this is generally intended to be used for idempotency, to check " + + "for the existence of an object in the database to determine whether " + + "or not the main SQL command needs to be executed at all." + end + + newparam(:db) do + desc "The name of the database to execute the SQL command against." + end + + newparam(:psql_path) do + desc "The path to psql executable." + defaultto("psql") + end + + newparam(:psql_user) do + desc "The system user account under which the psql command should be executed." + defaultto("postgres") + end + + newparam(:psql_group) do + desc "The system user group account under which the psql command should be executed." + defaultto("postgres") + end + + newparam(:cwd, :parent => Puppet::Parameter::Path) do + desc "The working directory under which the psql command should be executed." + defaultto("/tmp") + end + + newparam(:refreshonly) do + desc "If 'true', then the SQL will only be executed via a notify/subscribe event." + + defaultto(:false) + end + + def refresh() + # All of the magic for this type is attached to the ':command' property, so + # we just need to sync it to accomplish a 'refresh'. + self.property(:command).sync(true) + end + +end diff --git a/3rdparty/modules/postgresql/manifests/client.pp b/3rdparty/modules/postgresql/manifests/client.pp new file mode 100644 index 000000000..fb82509be --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/client.pp @@ -0,0 +1,28 @@ +# Class: postgresql::client +# +# This class installs postgresql client software. +# +# *Note* don't forget to make sure to add any necessary yum or apt +# repositories if specifying a custom version. +# +# Parameters: +# [*package_name*] - The name of the postgresql client package. +# [*ensure*] - the ensure parameter passed to the postgresql client package resource +# Actions: +# +# Requires: +# +# Sample Usage: +# +class postgresql::client ( + $package_name = $postgresql::params::client_package_name, + $package_ensure = 'present' +) inherits postgresql::params { + + package { 'postgresql-client': + ensure => $package_ensure, + name => $package_name, + tag => 'postgresql', + } + +} diff --git a/3rdparty/modules/postgresql/manifests/config.pp b/3rdparty/modules/postgresql/manifests/config.pp new file mode 100644 index 000000000..9038052ad --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/config.pp @@ -0,0 +1,75 @@ +# Class: postgresql::config +# +# Parameters: +# +# [*postgres_password*] - postgres db user password. +# [*ip_mask_deny_postgres_user*] - ip mask for denying remote access for postgres user; defaults to '0.0.0.0/0', +# meaning that all TCP access for postgres user is denied. +# [*ip_mask_allow_all_users*] - ip mask for allowing remote access for other users (besides postgres); +# defaults to '127.0.0.1/32', meaning only allow connections from localhost +# [*listen_addresses*] - what IP address(es) to listen on; comma-separated list of addresses; defaults to +# 'localhost', '*' = all +# [*ipv4acls*] - list of strings for access control for connection method, users, databases, IPv4 +# addresses; see postgresql documentation about pg_hba.conf for information +# [*ipv6acls*] - list of strings for access control for connection method, users, databases, IPv6 +# addresses; see postgresql documentation about pg_hba.conf for information +# [*pg_hba_conf_path*] - path to pg_hba.conf file +# [*postgresql_conf_path*] - path to postgresql.conf file +# [*manage_redhat_firewall*] - boolean indicating whether or not the module should open a port in the firewall on +# redhat-based systems; this parameter is likely to change in future versions. Possible +# changes include support for non-RedHat systems and finer-grained control over the +# firewall rule (currently, it simply opens up the postgres port to all TCP connections). +# [*manage_pg_hba_conf*] - boolean indicating whether or not the module manages pg_hba.conf file. +# +# +# Actions: +# +# Requires: +# +# Usage: +# +# class { 'postgresql::config': +# postgres_password => 'postgres', +# ip_mask_allow_all_users => '0.0.0.0/0', +# } +# +class postgresql::config( + $postgres_password = undef, + $ip_mask_deny_postgres_user = $postgresql::params::ip_mask_deny_postgres_user, + $ip_mask_allow_all_users = $postgresql::params::ip_mask_allow_all_users, + $listen_addresses = $postgresql::params::listen_addresses, + $ipv4acls = $postgresql::params::ipv4acls, + $ipv6acls = $postgresql::params::ipv6acls, + $pg_hba_conf_path = $postgresql::params::pg_hba_conf_path, + $postgresql_conf_path = $postgresql::params::postgresql_conf_path, + $manage_redhat_firewall = $postgresql::params::manage_redhat_firewall, + $manage_pg_hba_conf = $postgresql::params::manage_pg_hba_conf +) inherits postgresql::params { + + # Basically, all this class needs to handle is passing parameters on + # to the "beforeservice" and "afterservice" classes, and ensure + # the proper ordering. + + class { 'postgresql::config::beforeservice': + ip_mask_deny_postgres_user => $ip_mask_deny_postgres_user, + ip_mask_allow_all_users => $ip_mask_allow_all_users, + listen_addresses => $listen_addresses, + ipv4acls => $ipv4acls, + ipv6acls => $ipv6acls, + pg_hba_conf_path => $pg_hba_conf_path, + postgresql_conf_path => $postgresql_conf_path, + manage_redhat_firewall => $manage_redhat_firewall, + manage_pg_hba_conf => $manage_pg_hba_conf, + } + + class { 'postgresql::config::afterservice': + postgres_password => $postgres_password, + } + + Class['postgresql::config'] -> + Class['postgresql::config::beforeservice'] -> + Service['postgresqld'] -> + Class['postgresql::config::afterservice'] + + +} diff --git a/3rdparty/modules/postgresql/manifests/config/afterservice.pp b/3rdparty/modules/postgresql/manifests/config/afterservice.pp new file mode 100644 index 000000000..a06444e78 --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/config/afterservice.pp @@ -0,0 +1,44 @@ +# Class: postgresql::config::afterservice +# +# Parameters: +# +# [*postgres_password*] - postgres db user password. +# +# Actions: +# +# Requires: +# +# Usage: +# This class is not intended to be used directly; it is +# managed by postgresl::config. It contains resources +# that should be handled *after* the postgres service +# has been started up. +# +# class { 'postgresql::config::afterservice': +# postgres_password => 'postgres' +# } +# +class postgresql::config::afterservice( + $postgres_password = undef +) inherits postgresql::params { + if ($postgres_password != undef) { + # NOTE: this password-setting logic relies on the pg_hba.conf being configured + # to allow the postgres system user to connect via psql without specifying + # a password ('ident' or 'trust' security). This is the default + # for pg_hba.conf. + exec { 'set_postgres_postgrespw': + # This command works w/no password because we run it as postgres system user + command => "psql -c \"ALTER ROLE ${postgresql::params::user} PASSWORD '${postgres_password}'\"", + user => $postgresql::params::user, + group => $postgresql::params::group, + logoutput => true, + cwd => '/tmp', + # With this command we're passing -h to force TCP authentication, which does require + # a password. We specify the password via the PGPASSWORD environment variable. If + # the password is correct (current), this command will exit with an exit code of 0, + # which will prevent the main command from running. + unless => "env PGPASSWORD=\"${postgres_password}\" psql -h localhost -c 'select 1' > /dev/null", + path => '/usr/bin:/usr/local/bin:/bin', + } + } +} diff --git a/3rdparty/modules/postgresql/manifests/config/beforeservice.pp b/3rdparty/modules/postgresql/manifests/config/beforeservice.pp new file mode 100644 index 000000000..1b30e2aae --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/config/beforeservice.pp @@ -0,0 +1,168 @@ +# Class: postgresql::config::beforeservice +# +# Parameters: +# +# [*ip_mask_deny_postgres_user*] - ip mask for denying remote access for postgres user; defaults to '0.0.0.0/0', +# meaning that all TCP access for postgres user is denied. +# [*ip_mask_allow_all_users*] - ip mask for allowing remote access for other users (besides postgres); +# defaults to '127.0.0.1/32', meaning only allow connections from localhost +# [*listen_addresses*] - what IP address(es) to listen on; comma-separated list of addresses; defaults to +# 'localhost', '*' = all +# [*ipv4acls*] - list of strings for access control for connection method, users, databases, IPv4 +# addresses; see postgresql documentation about pg_hba.conf for information +# [*ipv6acls*] - list of strings for access control for connection method, users, databases, IPv6 +# addresses; see postgresql documentation about pg_hba.conf for information +# [*pg_hba_conf_path*] - path to pg_hba.conf file +# [*postgresql_conf_path*] - path to postgresql.conf file +# [*manage_redhat_firewall*] - boolean indicating whether or not the module should open a port in the firewall on +# redhat-based systems; this parameter is likely to change in future versions. Possible +# changes include support for non-RedHat systems and finer-grained control over the +# firewall rule (currently, it simply opens up the postgres port to all TCP connections). +# [*manage_pg_hba_conf*] - boolean indicating whether or not the module manages pg_hba.conf file. +# +# Actions: +# +# Requires: +# +# Usage: +# This class is not intended to be used directly; it is +# managed by postgresl::config. It contains resources +# that should be handled *before* the postgres service +# has been started up. +# +# class { 'postgresql::config::before_service': +# ip_mask_allow_all_users => '0.0.0.0/0', +# } +# +class postgresql::config::beforeservice( + $pg_hba_conf_path, + $postgresql_conf_path, + $ip_mask_deny_postgres_user = $postgresql::params::ip_mask_deny_postgres_user, + $ip_mask_allow_all_users = $postgresql::params::ip_mask_allow_all_users, + $listen_addresses = $postgresql::params::listen_addresses, + $ipv4acls = $postgresql::params::ipv4acls, + $ipv6acls = $postgresql::params::ipv6acls, + $manage_redhat_firewall = $postgresql::params::manage_redhat_firewall, + $manage_pg_hba_conf = $postgresql::params::manage_pg_hba_conf +) inherits postgresql::params { + + + File { + owner => $postgresql::params::user, + group => $postgresql::params::group, + } + + if $manage_pg_hba_conf { + # Create the main pg_hba resource + postgresql::pg_hba { 'main': + notify => Exec['reload_postgresql'], + } + + Postgresql::Pg_hba_rule { + database => 'all', + user => 'all', + } + + # Lets setup the base rules + postgresql::pg_hba_rule { 'local access as postgres user': + type => 'local', + user => $postgresql::params::user, + auth_method => 'ident', + auth_option => $postgresql::params::version ? { + '8.1' => 'sameuser', + default => undef, + }, + order => '001', + } + postgresql::pg_hba_rule { 'local access to database with same name': + type => 'local', + auth_method => 'ident', + auth_option => $postgresql::params::version ? { + '8.1' => 'sameuser', + default => undef, + }, + order => '002', + } + postgresql::pg_hba_rule { 'deny access to postgresql user': + type => 'host', + user => $postgresql::params::user, + address => $ip_mask_deny_postgres_user, + auth_method => 'reject', + order => '003', + } + + # ipv4acls are passed as an array of rule strings, here we transform them into + # a resources hash, and pass the result to create_resources + $ipv4acl_resources = postgresql_acls_to_resources_hash($ipv4acls, 'ipv4acls', 10) + create_resources('postgresql::pg_hba_rule', $ipv4acl_resources) + + postgresql::pg_hba_rule { 'allow access to all users': + type => 'host', + address => $ip_mask_allow_all_users, + auth_method => 'md5', + order => '100', + } + postgresql::pg_hba_rule { 'allow access to ipv6 localhost': + type => 'host', + address => '::1/128', + auth_method => 'md5', + order => '101', + } + + # ipv6acls are passed as an array of rule strings, here we transform them into + # a resources hash, and pass the result to create_resources + $ipv6acl_resources = postgresql_acls_to_resources_hash($ipv6acls, 'ipv6acls', 102) + create_resources('postgresql::pg_hba_rule', $ipv6acl_resources) + } + + # We must set a "listen_addresses" line in the postgresql.conf if we + # want to allow any connections from remote hosts. + file_line { 'postgresql.conf#listen_addresses': + path => $postgresql_conf_path, + match => '^listen_addresses\s*=.*$', + line => "listen_addresses = '${listen_addresses}'", + notify => Service['postgresqld'], + } + + # Here we are adding an 'include' line so that users have the option of + # managing their own settings in a second conf file. This only works for + # postgresql 8.2 and higher. + if(versioncmp($postgresql::params::version, '8.2') >= 0) { + # Since we're adding an "include" for this extras config file, we need + # to make sure it exists. + exec { "create_postgresql_conf_path": + command => "touch `dirname ${postgresql_conf_path}`/postgresql_puppet_extras.conf", + path => '/usr/bin:/bin', + unless => "[ -f `dirname ${postgresql_conf_path}`/postgresql_puppet_extras.conf ]" + } + + file_line { 'postgresql.conf#include': + path => $postgresql_conf_path, + line => "include 'postgresql_puppet_extras.conf'", + require => Exec["create_postgresql_conf_path"], + notify => Service['postgresqld'], + } + } + + + # TODO: is this a reasonable place for this firewall stuff? + # TODO: figure out a way to make this not platform-specific; debian and ubuntu have + # an out-of-the-box firewall configuration that seems trickier to manage + # TODO: get rid of hard-coded port + if ($manage_redhat_firewall and $firewall_supported) { + exec { 'postgresql-persist-firewall': + command => $persist_firewall_command, + refreshonly => true, + } + + Firewall { + notify => Exec['postgresql-persist-firewall'] + } + + firewall { '5432 accept - postgres': + port => '5432', + proto => 'tcp', + action => 'accept', + } + } +} diff --git a/3rdparty/modules/postgresql/manifests/contrib.pp b/3rdparty/modules/postgresql/manifests/contrib.pp new file mode 100644 index 000000000..9647a94c7 --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/contrib.pp @@ -0,0 +1,28 @@ +# Class: postgresql::contrib +# +# This class installs the postgresql contrib package. +# +# Parameters: +# [*package_name*] - The name of the postgresql contrib package. +# [*package_ensure*] - The ensure value of the package. +# +# Actions: +# +# Requires: +# +# Sample Usage: +# +# class { 'postgresql::contrib': } +# +class postgresql::contrib ( + $package_name = $postgresql::params::contrib_package_name, + $package_ensure = 'present' +) inherits postgresql::params { + + validate_string($package_name) + + package { 'postgresql-contrib': + ensure => $package_ensure, + name => $package_name, + } +} diff --git a/3rdparty/modules/postgresql/manifests/database.pp b/3rdparty/modules/postgresql/manifests/database.pp new file mode 100644 index 000000000..fd272f40a --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/database.pp @@ -0,0 +1,85 @@ +# puppet-postgresql +# For all details and documentation: +# http://github.com/inkling/puppet-postgresql +# +# Copyright 2012- Inkling Systems, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# TODO: in order to match up more closely with the mysql module, this probably +# needs to be moved over to ruby, and add support for ensurable. + +define postgresql::database( + $dbname = $title, + $owner = $postgresql::params::user, + $tablespace = undef, + $charset = $postgresql::params::charset, + $locale = $postgresql::params::locale, + $istemplate = false +) { + include postgresql::params + + # Set the defaults for the postgresql_psql resource + Postgresql_psql { + psql_user => $postgresql::params::user, + psql_group => $postgresql::params::group, + psql_path => $postgresql::params::psql_path, + } + + # Optionally set the locale switch. Older versions of createdb may not accept + # --locale, so if the parameter is undefined its safer not to pass it. + if ($postgresql::params::version != '8.1') { + $locale_option = $locale ? { + undef => '', + default => "--locale=${locale}", + } + $public_revoke_privilege = 'CONNECT' + } else { + $locale_option = '' + $public_revoke_privilege = 'ALL' + } + + $createdb_command_tmp = "${postgresql::params::createdb_path} --owner='${owner}' --template=template0 --encoding '${charset}' ${locale_option} '${dbname}'" + + if($tablespace == undef) { + $createdb_command = $createdb_command_tmp + } + else { + $createdb_command = "${createdb_command_tmp} --tablespace='${tablespace}'" + } + + postgresql_psql { "Check for existence of db '${dbname}'": + command => 'SELECT 1', + unless => "SELECT datname FROM pg_database WHERE datname='${dbname}'", + require => Class['postgresql::server'] + } ~> + + exec { $createdb_command : + refreshonly => true, + user => $postgresql::params::user, + logoutput => on_failure, + } ~> + + # This will prevent users from connecting to the database unless they've been + # granted privileges. + postgresql_psql {"REVOKE ${public_revoke_privilege} ON DATABASE \"${dbname}\" FROM public": + db => $postgresql::params::user, + refreshonly => true, + } + + Exec [ $createdb_command ] -> + + postgresql_psql {"UPDATE pg_database SET datistemplate = ${istemplate} WHERE datname = '${dbname}'": + unless => "SELECT datname FROM pg_database WHERE datname = '${dbname}' AND datistemplate = ${istemplate}", + } +} diff --git a/3rdparty/modules/postgresql/manifests/database_grant.pp b/3rdparty/modules/postgresql/manifests/database_grant.pp new file mode 100644 index 000000000..63943a863 --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/database_grant.pp @@ -0,0 +1,35 @@ +# puppet-postgresql +# For all details and documentation: +# http://github.com/inkling/puppet-postgresql +# +# Copyright 2012- Inkling Systems, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +define postgresql::database_grant( + $privilege, + $db, + $role, + $psql_db = undef, + $psql_user = undef +) { + include postgresql::params + postgresql::grant { "database:${name}": + role => $role, + db => $db, + privilege => $privilege, + object_type => 'DATABASE', + object_name => $db, + psql_db => $psql_db, + psql_user => $psql_user, + } +} diff --git a/3rdparty/modules/postgresql/manifests/database_user.pp b/3rdparty/modules/postgresql/manifests/database_user.pp new file mode 100644 index 000000000..c81d7a45a --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/database_user.pp @@ -0,0 +1,60 @@ +# puppet-postgresql +# For all details and documentation: +# http://github.com/inkling/puppet-postgresql +# +# Copyright 2012- Inkling Systems, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Define: postgresql::database_user +# +# This type creates a postgres database user. +# +# Parameters: +# [*user*] - username to create. +# [*password_hash*] - user's password; this may be clear text, or an md5 hash as returned by the +# "postgresql_password" function in this module. +# +# Actions: +# +# Requires: +# +# +# Sample Usage: +# +# postgresql::database_user { 'frank': +# password_hash => postgresql_password('frank', 'password'), +# } +# + +define postgresql::database_user( + $password_hash = false, + $createdb = false, + $createrole = false, + $db = $postgresql::params::user, + $superuser = false, + $replication = false, + $connection_limit = '-1', + $user = $title +) { + postgresql::role { $user: + db => $db, + password_hash => $password_hash, + login => true, + createdb => $createdb, + superuser => $superuser, + createrole => $createrole, + replication => $replication, + connection_limit => $connection_limit, + } +} diff --git a/3rdparty/modules/postgresql/manifests/db.pp b/3rdparty/modules/postgresql/manifests/db.pp new file mode 100644 index 000000000..0ea3c6d95 --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/db.pp @@ -0,0 +1,76 @@ +# Define: postgresql::db +# +# This module creates database instances, a user, and grants that user +# privileges to the database. +# +# Since it requires class postgresql::server, we assume to run all commands as the +# postgresql user against the local postgresql server. +# +# TODO: support an array of privileges for "grant"; currently only supports a single +# privilege, which is pretty useless unless that privilege is "ALL" +# +# Parameters: +# [*title*] - postgresql database name. +# [*user*] - username to create and grant access. +# [*password*] - user's password. may be md5-encoded, in the format returned by the "postgresql_password" +# function in this module +# [*charset*] - database charset. defaults to 'utf8' +# [*grant*] - privilege to grant user. defaults to 'all'. +# [*tablespace*] - database tablespace. default to use the template database's tablespace. +# [*locale*] - locale for database. defaults to 'undef' (effectively 'C'). +# +# Actions: +# +# Requires: +# +# class postgresql::server +# +# Sample Usage: +# +# postgresql::db { 'mydb': +# user => 'my_user', +# password => 'password', +# grant => 'all' +# } +# +define postgresql::db ( + $user, + $password, + $charset = $postgresql::params::charset, + $locale = $postgresql::params::locale, + $grant = 'ALL', + $tablespace = undef, + $istemplate = false +) { + include postgresql::params + + postgresql::database { $name: + # TODO: ensure is not yet supported + #ensure => present, + charset => $charset, + tablespace => $tablespace, + #provider => 'postgresql', + require => Class['postgresql::server'], + locale => $locale, + istemplate => $istemplate, + } + + if ! defined(Postgresql::Database_user[$user]) { + postgresql::database_user { $user: + # TODO: ensure is not yet supported + #ensure => present, + password_hash => $password, + #provider => 'postgresql', + require => Postgresql::Database[$name], + } + } + + postgresql::database_grant { "GRANT ${user} - ${grant} - ${name}": + privilege => $grant, + db => $name, + role => $user, + #provider => 'postgresql', + require => [Postgresql::Database[$name], Postgresql::Database_user[$user]], + } + +} diff --git a/3rdparty/modules/postgresql/manifests/devel.pp b/3rdparty/modules/postgresql/manifests/devel.pp new file mode 100644 index 000000000..115fb4527 --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/devel.pp @@ -0,0 +1,27 @@ +# Class: postgresql::devel +# +# This class installs postgresql development libraries +# +# Parameters: +# [*package_name*] - The name of the postgresql development package. +# [*package_ensure*] - The ensure value of the package +# +# Actions: +# +# Requires: +# +# Sample Usage: +# +class postgresql::devel( + $package_name = $postgresql::params::devel_package_name, + $package_ensure = 'present' +) inherits postgresql::params { + + validate_string($package_name) + + package { 'postgresql-devel': + ensure => $package_ensure, + name => $package_name, + tag => 'postgresql', + } +} diff --git a/3rdparty/modules/postgresql/manifests/grant.pp b/3rdparty/modules/postgresql/manifests/grant.pp new file mode 100644 index 000000000..6b383b3d5 --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/grant.pp @@ -0,0 +1,77 @@ +# Resource postgresql::grant +# +# TODO: in mysql module, the grant resource name might look like this: 'user@host/dbname'; +# I think that the API for the resource type should split these up, because it's +# easier / safer to recombine them for mysql than it is to parse them for other +# databases. Also, in the mysql module, the hostname portion of that string +# affects the user's ability to connect from remote hosts. In postgres this is +# managed via pg_hba.conf; not sure if we want to try to reconcile that difference +# in the modules or not. +define postgresql::grant ( + $role, + $db, + # TODO: mysql supports an array of privileges here. We should do that if we + # port this to ruby. + $privilege = undef, + $object_type = 'database', + $object_name = $db, + $psql_db = $postgresql::params::user, + $psql_user = $postgresql::params::user +) { + + ## Munge the input values + $_object_type = upcase($object_type) + $_privilege = upcase($privilege) + + ## Validate that the object type is known + validate_string($_object_type, + #'COLUMN', + 'DATABASE', + #'FOREIGN SERVER', + #'FOREIGN DATA WRAPPER', + #'FUNCTION', + #'PROCEDURAL LANGUAGE', + #'SCHEMA', + #'SEQUENCE', + 'TABLE', + #'TABLESPACE', + #'VIEW', + ) + + ## Validate that the object type's privilege is acceptable + case $_object_type { + 'DATABASE': { + validate_string($_privilege,'CREATE','CONNECT','TEMPORARY','TEMP','ALL','ALL PRIVILEGES') + $unless_function = 'has_database_privilege' + $on_db = $psql_db + } + 'TABLE': { + validate_string($_privilege,'SELECT','INSERT','UPDATE','REFERENCES','ALL','ALL PRIVILEGES') + $unless_function = 'has_table_privilege' + $on_db = $db + } + default: { + fail("Missing privilege validation for object type ${_object_type}") + } + } + + # TODO: this is a terrible hack; if they pass "ALL" as the desired privilege, + # we need a way to test for it--and has_database_privilege does not recognize + # 'ALL' as a valid privilege name. So we probably need to hard-code a mapping + # between 'ALL' and the list of actual privileges that it entails, and loop + # over them to check them. That sort of thing will probably need to wait until + # we port this over to ruby, so, for now, we're just going to assume that if + # they have "CREATE" privileges on a database, then they have "ALL". (I told + # you that it was terrible!) + $unless_privilege = $_privilege ? { + 'ALL' => 'CREATE', + default => $_privilege, + } + postgresql_psql { "GRANT ${_privilege} ON ${_object_type} \"${object_name}\" TO \"${role}\"": + db => $on_db, + psql_user => $psql_user, + psql_group => $postgresql::params::group, + psql_path => $postgresql::params::psql_path, + unless => "SELECT 1 WHERE ${unless_function}('${role}', '${object_name}', '${unless_privilege}')", + } +} diff --git a/3rdparty/modules/postgresql/manifests/init.pp b/3rdparty/modules/postgresql/manifests/init.pp new file mode 100644 index 000000000..974904dff --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/init.pp @@ -0,0 +1,145 @@ +# == Class: postgresql +# +# This is a base class that can be used to modify catalog-wide settings relating +# to the various types in class contained in the postgresql module. +# +# If you don't declare this class in your catalog, sensible defaults will +# be used. However, if you choose to declare it, it needs to appear *before* +# any other types or classes from the postgresql module. +# +# For examples, see the files in the `tests` directory; in particular, +# `/server-yum-postgresql-org.pp`. +# +# === Parameters +# +# [*version*] +# The postgresql version to install. If not specified, the +# module will use whatever version is the default for your +# OS distro. +# [*manage_package_repo*] +# This determines whether or not the module should +# attempt to manage the postgres package repository for your +# distro. Defaults to `false`, but if set to `true`, it can +# be used to set up the official postgres yum/apt package +# repositories for you. +# [*package_source*] +# This setting is only used if `manage_package_repo` is +# set to `true`. It determines which package repository should +# be used to install the postgres packages. Currently supported +# values include `yum.postgresql.org`. +# [*locale*] +# This setting defines the default locale for initdb and createdb +# commands. This default to 'undef' which is effectively 'C'. +# [*charset*] +# Sets the default charset to be used for initdb and createdb. +# Defaults to 'UTF8'. +# [*datadir*] +# This setting can be used to override the default postgresql +# data directory for the target platform. If not specified, the +# module will use whatever directory is the default for your +# OS distro. +# [*confdir*] +# This setting can be used to override the default postgresql +# configuration directory for the target platform. If not +# specified, the module will use whatever directory is the +# default for your OS distro. +# [*bindir*] +# This setting can be used to override the default postgresql +# binaries directory for the target platform. If not +# specified, the module will use whatever directory is the +# default for your OS distro. +# [*client_package_name*] +# This setting can be used to override the default +# postgresql client package name. If not specified, the module +# will use whatever package name is the default for your +# OS distro. +# [*server_package_name*] +# This setting can be used to override the default +# postgresql server package name. If not specified, the module +# will use whatever package name is the default for your +# OS distro. +# [*contrib_package_name*] +# This setting can be used to override the default +# postgresql contrib package name. If not specified, the module +# will use whatever package name is the default for your +# OS distro. +# [*devel_package_name*] +# This setting can be used to override the default +# postgresql devel package name. If not specified, the module +# will use whatever package name is the default for your +# OS distro. +# [*java_package_name*] +# This setting can be used to override the default +# postgresql java package name. If not specified, the module +# will use whatever package name is the default for your +# OS distro. +# [*service_name*] +# This setting can be used to override the default +# postgresql service name. If not specified, the module +# will use whatever service name is the default for your +# OS distro. +# [*user*] +# This setting can be used to override the default +# postgresql super user and owner of postgresql related files +# in the file system. If not specified, the module will use +# the user name 'postgres'. +# [*group*] +# This setting can be used to override the default +# postgresql user group to be used for related files +# in the file system. If not specified, the module will use +# the group name 'postgres'. +# [*run_initdb*] +# This setting can be used to explicitly call the initdb +# operation after server package is installed and before +# the postgresql service is started. If not specified, the +# module will decide whether to call initdb or not depending +# on your OS distro. +# +# === Examples +# +# class { 'postgresql': +# version => '9.2', +# manage_package_repo => true, +# } +# +# +class postgresql ( + $version = $::postgres_default_version, + $manage_package_repo = false, + $package_source = undef, + $locale = undef, + $charset = 'UTF8', + $datadir = undef, + $confdir = undef, + $bindir = undef, + $client_package_name = undef, + $server_package_name = undef, + $contrib_package_name = undef, + $devel_package_name = undef, + $java_package_name = undef, + $service_name = undef, + $user = undef, + $group = undef, + $run_initdb = undef +) { + + class { 'postgresql::params': + version => $version, + manage_package_repo => $manage_package_repo, + package_source => $package_source, + locale => $locale, + charset => $charset, + custom_datadir => $datadir, + custom_confdir => $confdir, + custom_bindir => $bindir, + custom_client_package_name => $client_package_name, + custom_server_package_name => $server_package_name, + custom_contrib_package_name => $contrib_package_name, + custom_devel_package_name => $devel_package_name, + custom_java_package_name => $java_package_name, + custom_service_name => $service_name, + custom_user => $user, + custom_group => $group, + run_initdb => $run_initdb, + } +} diff --git a/3rdparty/modules/postgresql/manifests/initdb.pp b/3rdparty/modules/postgresql/manifests/initdb.pp new file mode 100644 index 000000000..cd3f67685 --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/initdb.pp @@ -0,0 +1,52 @@ +# puppet-postgresql +# For all details and documentation: +# http://github.com/inkling/puppet-postgresql +# +# Copyright 2012- Inkling Systems, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +class postgresql::initdb( + $datadir = $postgresql::params::datadir, + $encoding = $postgresql::params::charset, + $group = $postgresql::params::group, + $initdb_path = $postgresql::params::initdb_path, + $user = $postgresql::params::user +) inherits postgresql::params { + # Build up the initdb command. + # + # We optionally add the locale switch if specified. Older versions of the + # initdb command don't accept this switch. So if the user didn't pass the + # parameter, lets not pass the switch at all. + $initdb_command = $postgresql::params::locale ? { + undef => "${initdb_path} --encoding '${encoding}' --pgdata '${datadir}'", + default => "${initdb_path} --encoding '${encoding}' --pgdata '${datadir}' --locale '${postgresql::params::locale}'" + } + + # This runs the initdb command, we use the existance of the PG_VERSION file to + # ensure we don't keep running this command. + exec { 'postgresql_initdb': + command => $initdb_command, + creates => "${datadir}/PG_VERSION", + user => $user, + group => $group, + logoutput => on_failure, + } + + # If we manage the package (which is user configurable) make sure the + # package exists first. + if defined(Package[$postgresql::params::server_package_name]) { + Package[$postgresql::params::server_package_name]-> + Exec['postgresql_initdb'] + } +} diff --git a/3rdparty/modules/postgresql/manifests/java.pp b/3rdparty/modules/postgresql/manifests/java.pp new file mode 100644 index 000000000..abbee3154 --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/java.pp @@ -0,0 +1,29 @@ +# Class: postgresql::java +# +# This class installs the postgresql jdbc connector. +# +# Parameters: +# [*package_name*] - The name of the postgresql java package. +# [*package_ensure*] - The ensure value of the package. +# +# Actions: +# +# Requires: +# +# Sample Usage: +# +# class { 'postgresql::java': } +# +class postgresql::java ( + $package_name = $postgresql::params::java_package_name, + $package_ensure = 'present' +) inherits postgresql::params { + + validate_string($package_name) + + package { 'postgresql-jdbc': + ensure => $package_ensure, + name => $package_name, + } + +} diff --git a/3rdparty/modules/postgresql/manifests/package_source/apt_postgresql_org.pp b/3rdparty/modules/postgresql/manifests/package_source/apt_postgresql_org.pp new file mode 100644 index 000000000..a24b75673 --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/package_source/apt_postgresql_org.pp @@ -0,0 +1,21 @@ +class postgresql::package_source::apt_postgresql_org { + # Here we have tried to replicate the instructions on the PostgreSQL site: + # + # http://www.postgresql.org/download/linux/debian/ + # + apt::pin { 'apt.postgresql.org': + originator => 'apt.postgresql.org', + priority => 500, + }-> + apt::source { 'apt.postgresql.org': + location => 'http://apt.postgresql.org/pub/repos/apt/', + release => "${::lsbdistcodename}-pgdg", + repos => 'main', + required_packages => 'pgdg-keyring', + key => 'ACCC4CF8', + key_source => 'http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc', + include_src => false, + } + + Apt::Source['apt.postgresql.org']->Package<|tag == 'postgresql'|> +} diff --git a/3rdparty/modules/postgresql/manifests/package_source/yum_postgresql_org.pp b/3rdparty/modules/postgresql/manifests/package_source/yum_postgresql_org.pp new file mode 100644 index 000000000..5781d4356 --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/package_source/yum_postgresql_org.pp @@ -0,0 +1,30 @@ +class postgresql::package_source::yum_postgresql_org( + $version +) { + + $version_parts = split($version, '[.]') + $package_version = "${version_parts[0]}${version_parts[1]}" + + file { "/etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-${package_version}": + source => 'puppet:///modules/postgresql/RPM-GPG-KEY-PGDG', + before => Yumrepo['yum.postgresql.org'] + } + + if($::operatingsystem == 'Fedora') { + $label1 = 'fedora' + $label2 = $label1 + } else { + $label1 = 'redhat' + $label2 = 'rhel' + } + + yumrepo { 'yum.postgresql.org': + descr => "PostgreSQL ${version} \$releasever - \$basearch", + baseurl => "http://yum.postgresql.org/${version}/${label1}/${label2}-\$releasever-\$basearch", + enabled => 1, + gpgcheck => 1, + gpgkey => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-${package_version}", + } + + Yumrepo['yum.postgresql.org'] -> Package<|tag == 'postgresql'|> +} diff --git a/3rdparty/modules/postgresql/manifests/params.pp b/3rdparty/modules/postgresql/manifests/params.pp new file mode 100644 index 000000000..7ace592f6 --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/params.pp @@ -0,0 +1,244 @@ +# Class: postgresql::params +# +# The postgresql configuration settings. +# +# Parameters: +# +# Actions: +# +# Requires: +# +# Sample Usage: +# + +# TODO: add real docs + +# This class allows you to use a newer version of postgres, rather than your +# system's default version. +# +# If you want to do that, note that it is important that you use the '->', +# or a before/require metaparameter to make sure that the `params` +# class is evaluated before any of the other classes in the module. +# +# Also note that this class includes the ability to automatically manage +# the yumrepo resource. If you'd prefer to manage the repo yourself, simply pass +# 'false' or omit the 'manage_repo' parameter--it defaults to 'false'. You will +# still need to use the 'params' class to specify the postgres version +# number, though, in order for the other classes to be able to find the +# correct paths to the postgres dirs. + +class postgresql::params( + $version = $::postgres_default_version, + $manage_package_repo = false, + $package_source = undef, + $locale = undef, + $charset = 'UTF8', + $custom_datadir = undef, + $custom_confdir = undef, + $custom_bindir = undef, + $custom_client_package_name = undef, + $custom_server_package_name = undef, + $custom_contrib_package_name = undef, + $custom_devel_package_name = undef, + $custom_java_package_name = undef, + $custom_plperl_package_name = undef, + $custom_service_name = undef, + $custom_user = undef, + $custom_group = undef, + $run_initdb = undef +) { + $user = pick($custom_user, 'postgres') + $group = pick($custom_group, 'postgres') + $ip_mask_deny_postgres_user = '0.0.0.0/0' + $ip_mask_allow_all_users = '127.0.0.1/32' + $listen_addresses = 'localhost' + $ipv4acls = [] + $ipv6acls = [] + $manage_pg_hba_conf = true + # TODO: figure out a way to make this not platform-specific + $manage_redhat_firewall = false + + if ($manage_package_repo) { + case $::osfamily { + 'RedHat': { + $rh_pkg_source = pick($package_source, 'yum.postgresql.org') + + case $rh_pkg_source { + 'yum.postgresql.org': { + class { 'postgresql::package_source::yum_postgresql_org': + version => $version + } + } + + default: { + fail("Unsupported package source '${rh_pkg_source}' for ${::osfamily} OS family. Currently the only supported source is 'yum.postgresql.org'") + } + } + } + + 'Debian': { + class { 'postgresql::package_source::apt_postgresql_org': } + } + + default: { + fail("Unsupported osfamily for manage_package_repo: ${::osfamily} operatingsystem: ${::operatingsystem}, module ${module_name} currently only supports managing repos for osfamily RedHat and Debian") + } + } + } + + + # This is a bit hacky, but if the puppet nodes don't have pluginsync enabled, + # they will fail with a not-so-helpful error message. Here we are explicitly + # verifying that the custom fact exists (which implies that pluginsync is + # enabled and succeeded). If not, we fail with a hint that tells the user + # that pluginsync might not be enabled. Ideally this would be handled directly + # in puppet. + if ($::postgres_default_version == undef) { + fail "No value for postgres_default_version facter fact; it's possible that you don't have pluginsync enabled." + } + + case $::operatingsystem { + default: { + $service_provider = undef + } + } + + # Amazon Linux's OS Family is 'Linux', operating system 'Amazon'. + case $::osfamily { + 'RedHat', 'Linux': { + $needs_initdb = pick($run_initdb, true) + $firewall_supported = true + $persist_firewall_command = '/sbin/iptables-save > /etc/sysconfig/iptables' + + if $version == $::postgres_default_version { + $client_package_name = pick($custom_client_package_name, 'postgresql') + $server_package_name = pick($custom_server_package_name, 'postgresql-server') + $contrib_package_name = pick($custom_contrib_package_name,'postgresql-contrib') + $devel_package_name = pick($custom_devel_package_name, 'postgresql-devel') + $java_package_name = pick($custom_java_package_name, 'postgresql-jdbc') + $plperl_package_name = pick($custom_plperl_package_name, 'postgresql-plperl') + $service_name = pick($custom_service_name, 'postgresql') + $bindir = pick($custom_bindir, '/usr/bin') + $datadir = pick($custom_datadir, '/var/lib/pgsql/data') + $confdir = pick($custom_confdir, $datadir) + } else { + $version_parts = split($version, '[.]') + $package_version = "${version_parts[0]}${version_parts[1]}" + $client_package_name = pick($custom_client_package_name, "postgresql${package_version}") + $server_package_name = pick($custom_server_package_name, "postgresql${package_version}-server") + $contrib_package_name = pick($custom_contrib_package_name,"postgresql${package_version}-contrib") + $devel_package_name = pick($custom_devel_package_name, "postgresql${package_version}-devel") + $java_package_name = pick($custom_java_package_name, "postgresql${package_version}-jdbc") + $plperl_package_name = pick($custom_plperl_package_name, "postgresql${package_version}-plperl") + $service_name = pick($custom_service_name, "postgresql-${version}") + $bindir = pick($custom_bindir, "/usr/pgsql-${version}/bin") + $datadir = pick($custom_datadir, "/var/lib/pgsql/${version}/data") + $confdir = pick($custom_confdir, $datadir) + } + + $service_status = undef + $python_package_name="python-psycopg2" + } + + 'Debian': { + $firewall_supported = false + # TODO: not exactly sure yet what the right thing to do for Debian/Ubuntu is. + #$persist_firewall_command = '/sbin/iptables-save > /etc/iptables/rules.v4' + + if $manage_package_repo == true { + $needs_initdb = pick($run_initdb, true) + $service_name = pick($custom_service_name, 'postgresql') + } else { + $needs_initdb = pick($run_initdb, false) + case $::operatingsystem { + 'Debian': { + $service_name = pick($custom_service_name, 'postgresql') + } + 'Ubuntu': { + # thanks, ubuntu + if($::lsbmajdistrelease == '10') { + $service_name = pick($custom_service_name, "postgresql-${version}") + } else { + $service_name = pick($custom_service_name, 'postgresql') + } + } + } + } + + $client_package_name = pick($custom_client_package_name, "postgresql-client-${version}") + $server_package_name = pick($custom_server_package_name, "postgresql-${version}") + $contrib_package_name = pick($custom_contrib_package_name, "postgresql-contrib-${version}") + $devel_package_name = pick($custom_devel_package_name, 'libpq-dev') + $java_package_name = pick($custom_java_package_name, 'libpostgresql-jdbc-java') + $bindir = pick($custom_bindir, "/usr/lib/postgresql/${version}/bin") + $datadir = pick($custom_datadir, "/var/lib/postgresql/${version}/main") + $confdir = pick($custom_confdir, "/etc/postgresql/${version}/main") + $service_status = "/etc/init.d/${service_name} status | /bin/egrep -q 'Running clusters: .+|online'" + $python_package_name = "python-psycopg2" + $plperl_package_name = "postgresql-plperl-${version}" + } + + default: { + + $err_msg_prefix = "Module ${module_name} does not provide defaults for osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}; please specify a value for ${module_name}::params::" + + if ($run_initdb != undef) { + $needs_initdb = $run_initdb + } else { + fail("${err_msg_prefix}run_initdb") + } + + $firewall_supported = false + + if ($custom_service_name) { + $service_name = $custom_service_name + } else { + fail("${err_msg_prefix}custom_service_name") + } + + if ($custom_client_package_name) { + $client_package_name = $custom_client_package_name + } else { + fail("${err_msg_prefix}custom_client_package_name") + } + + if ($custom_server_package_name) { + $server_package_name = $custom_server_package_name + } else { + fail("${err_msg_prefix}custom_server_package_name") + } + + + $contrib_package_name = $custom_contrib_package_name + $devel_package_name = $custom_devel_package_name + $java_package_name = $custom_java_package_name + + if ($custom_bindir) { + $bindir = $custom_bindir + } else { + fail("${err_msg_prefix}custom_bindir") + } + + if ($custom_datadir) { + $datadir = $custom_datadir + } else { + fail("${err_msg_prefix}custom_datadir") + } + + if ($custom_confdir) { + $confdir = $custom_confdir + } else { + fail("${err_msg_prefix}custom_confdir") + } + + $service_status = undef + } + } + + $initdb_path = "${bindir}/initdb" + $createdb_path = "${bindir}/createdb" + $psql_path = "${bindir}/psql" + $pg_hba_conf_path = "${confdir}/pg_hba.conf" + $postgresql_conf_path = "${confdir}/postgresql.conf" + +} diff --git a/3rdparty/modules/postgresql/manifests/pg_hba.pp b/3rdparty/modules/postgresql/manifests/pg_hba.pp new file mode 100644 index 000000000..599e00236 --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/pg_hba.pp @@ -0,0 +1,19 @@ +# This resource manages a pg_hba file, collecting fragments of pg_hba_rules +# to build up the final file. +define postgresql::pg_hba( + $target = $postgresql::params::pg_hba_conf_path, + $owner = 0, + $group = $postgresql::params::group +) { + include postgresql::params + include concat::setup + + # Collect file from fragments + concat { $target: + owner => $owner, + group => $group, + mode => '0640', + warn => true, + } + +} diff --git a/3rdparty/modules/postgresql/manifests/pg_hba_rule.pp b/3rdparty/modules/postgresql/manifests/pg_hba_rule.pp new file mode 100644 index 000000000..5abb8855e --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/pg_hba_rule.pp @@ -0,0 +1,41 @@ +# This resource manages an individual rule that applies to the file defined in +# $target. +define postgresql::pg_hba_rule( + $type, + $database, + $user, + $auth_method, + $address = undef, + $description = 'none', + $auth_option = undef, + $target = $postgresql::params::pg_hba_conf_path, + $order = '150' +) { + include postgresql::params + + validate_re($type, '^(local|host|hostssl|hostnossl)$', + "The type you specified [${type}] must be one of: local, host, hostssl, hostnosssl") + validate_re($auth_method, '^(trust|reject|md5|crypt|password|gss|sspi|krb5|ident|peer|ldap|radius|cert|pam)$', + "The auth_method you specified [${auth_method}] must be one of: trust, reject, md5, crypt, password, krb5, ident, ldap, pam") + + if($type =~ /^host/ and $address == undef) { + fail('You must specify an address property when type is host based') + } + + # This is required to make sure concat::setup is initialized first. This + # probably points to a bug inside ripienaar-concat. + include concat::setup + + # Create a rule fragment + $fragname = "pg_hba_rule_${name}" + concat::fragment { $fragname: + target => $target, + content => template('postgresql/pg_hba_rule.conf'), + order => $order, + owner => $::id, + mode => '0600', + } + + Class['concat::setup']-> + Concat::Fragment[$fragname] +} diff --git a/3rdparty/modules/postgresql/manifests/plperl.pp b/3rdparty/modules/postgresql/manifests/plperl.pp new file mode 100644 index 000000000..0c0b10ce8 --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/plperl.pp @@ -0,0 +1,24 @@ +# == Class: postgresql::plperl +# +# This class installs the PL/Perl procedural language for postgresql. +# +# === Parameters +# +# [*ensure*] +# ensure state for package. +# can be specified as version. +# +# [*package_name*] +# name of package +# +class postgresql::plperl( + $package_name = $postgresql::params::plperl_package_name, + $package_ensure = 'present' +) inherits postgresql::params { + + package { 'postgresql-plperl': + ensure => $package_ensure, + name => $package_name, + } + +} diff --git a/3rdparty/modules/postgresql/manifests/psql.pp b/3rdparty/modules/postgresql/manifests/psql.pp new file mode 100644 index 000000000..a7320b1bf --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/psql.pp @@ -0,0 +1,56 @@ +# puppet-postgresql +# For all details and documentation: +# http://github.com/inkling/puppet-postgresql +# +# Copyright 2012- Inkling Systems, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +define postgresql::psql( + $db, + $unless, + $command = $title, + $refreshonly = false, + $user = $postgresql::params::user +) { + + include postgresql::params + + # TODO: FIXME: shellquote does not work, and this regex works for trivial + # things but not nested escaping. Need a lexer, preferably a ruby SQL parser + # to catch errors at catalog time. Possibly https://github.com/omghax/sql ? + + if ($postgresql::params::version != '8.1') { + $no_password_option = '--no-password' + } + + $psql = "${postgresql::params::psql_path} ${no_password_option} --tuples-only --quiet --dbname ${db}" + + $quoted_command = regsubst($command, '"', '\\"', 'G') + $quoted_unless = regsubst($unless, '"', '\\"', 'G') + + $final_cmd = "/bin/echo \"${quoted_command}\" | ${psql} |egrep -v -q '^$'" + + notify { "deprecation warning: ${final_cmd}": + message => 'postgresql::psql is deprecated ; please use postgresql_psql instead.', + } -> + + exec { $final_cmd: + cwd => '/tmp', + user => $user, + returns => 1, + unless => "/bin/echo \"${quoted_unless}\" | ${psql} | egrep -v -q '^$'", + refreshonly => $refreshonly, + } +} + diff --git a/3rdparty/modules/postgresql/manifests/python.pp b/3rdparty/modules/postgresql/manifests/python.pp new file mode 100644 index 000000000..16fc638a2 --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/python.pp @@ -0,0 +1,18 @@ +# Class: postgresql::python +# This class installs the python libs for postgresql. +# +# Parameters: +# [*ensure*] - ensure state for package. +# can be specified as version. +# [*package_name*] - name of package +class postgresql::python( + $package_name = $postgresql::params::python_package_name, + $package_ensure = 'present' +) inherits postgresql::params { + + package { 'python-psycopg2': + ensure => $package_ensure, + name => $package_name, + } + +} diff --git a/3rdparty/modules/postgresql/manifests/role.pp b/3rdparty/modules/postgresql/manifests/role.pp new file mode 100644 index 000000000..ccada6b70 --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/role.pp @@ -0,0 +1,87 @@ +# puppet-postgresql +# For all details and documentation: +# http://github.com/inkling/puppet-postgresql +# +# Copyright 2012- Inkling Systems, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +define postgresql::role( + $password_hash = false, + $createdb = false, + $createrole = false, + $db = 'postgres', + $login = false, + $superuser = false, + $replication = false, + $connection_limit = '-1', + $username = $title +) { + include postgresql::params + + $login_sql = $login ? { true => 'LOGIN' , default => 'NOLOGIN' } + $createrole_sql = $createrole ? { true => 'CREATEROLE' , default => 'NOCREATEROLE' } + $createdb_sql = $createdb ? { true => 'CREATEDB' , default => 'NOCREATEDB' } + $superuser_sql = $superuser ? { true => 'SUPERUSER' , default => 'NOSUPERUSER' } + $replication_sql = $replication ? { true => 'REPLICATION' , default => '' } + if ($password_hash != false) { + $password_sql = "ENCRYPTED PASSWORD '${password_hash}'" + } else { + $password_sql = "" + } + + Postgresql_psql { + db => $db, + psql_user => $postgresql::params::user, + psql_group => $postgresql::params::group, + psql_path => $postgresql::params::psql_path, + require => Postgresql_psql["CREATE ROLE \"${username}\" ${password_sql} ${login_sql} ${createrole_sql} ${createdb_sql} ${superuser_sql} ${replication_sql} CONNECTION LIMIT ${connection_limit}"], + } + + postgresql_psql {"CREATE ROLE \"${username}\" ${password_sql} ${login_sql} ${createrole_sql} ${createdb_sql} ${superuser_sql} ${replication_sql} CONNECTION LIMIT ${connection_limit}": + unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}'", + require => undef, + } + + postgresql_psql {"ALTER ROLE \"${username}\" ${superuser_sql}": + unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolsuper=${superuser}", + } + + postgresql_psql {"ALTER ROLE \"${username}\" ${createdb_sql}": + unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolcreatedb=${createdb}", + } + + postgresql_psql {"ALTER ROLE \"${username}\" ${createrole_sql}": + unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolcreaterole=${createrole}", + } + + postgresql_psql {"ALTER ROLE \"${username}\" ${login_sql}": + unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolcanlogin=${login}", + } + + if(versioncmp($postgresql::params::version, '9.1') >= 0) { + postgresql_psql {"ALTER ROLE \"${username}\" ${replication_sql}": + unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolreplication=${replication}", + } + } + + postgresql_psql {"ALTER ROLE \"${username}\" CONNECTION LIMIT ${connection_limit}": + unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolconnlimit=${connection_limit}", + } + + if $password_hash { + postgresql_psql {"ALTER ROLE \"${username}\" ${password_sql}": + unless => "SELECT usename FROM pg_shadow WHERE usename='${username}' and passwd='${password_hash}'", + } + } +} diff --git a/3rdparty/modules/postgresql/manifests/server.pp b/3rdparty/modules/postgresql/manifests/server.pp new file mode 100644 index 000000000..8c2ae1fbb --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/server.pp @@ -0,0 +1,93 @@ +# Class: postgresql::server +# +# == Class: postgresql::server +# Manages the installation of the postgresql server. manages the package and +# service. +# +# === Parameters: +# [*package_name*] - name of package +# [*service_name*] - name of service +# +# Configuration: +# Advanced configuration setting parameters can be placed into 'postgresql_puppet_extras.conf' (located in the same +# folder as 'postgresql.conf'). You can manage that file as a normal puppet file resource, or however you see fit; +# which gives you complete control over the settings. Any value you specify in that file will override any existing +# value set in the templated version. +# +# Actions: +# +# Requires: +# +# Sample Usage: +# +class postgresql::server ( + $ensure = 'present', + $package_name = $postgresql::params::server_package_name, + $package_ensure = 'present', + $service_name = $postgresql::params::service_name, + $service_provider = $postgresql::params::service_provider, + $service_status = $postgresql::params::service_status, + $config_hash = {}, + $datadir = $postgresql::params::datadir +) inherits postgresql::params { + + if ($ensure == 'absent') { + service { 'postgresqld': + ensure => stopped, + name => $service_name, + enable => false, + provider => $service_provider, + hasstatus => true, + status => $service_status, + }-> + package { 'postgresql-server': + ensure => purged, + name => $package_name, + tag => 'postgresql', + }-> + file { $datadir: + ensure => absent, + recurse => true, + force => true, + } + } else { + package { 'postgresql-server': + ensure => $package_ensure, + name => $package_name, + tag => 'postgresql', + } + + $config_class = { + 'postgresql::config' => $config_hash, + } + + create_resources( 'class', $config_class ) + + service { 'postgresqld': + ensure => running, + name => $service_name, + enable => true, + require => Package['postgresql-server'], + provider => $service_provider, + hasstatus => true, + status => $service_status, + } + + if ($postgresql::params::needs_initdb) { + include postgresql::initdb + + Package['postgresql-server'] -> Class['postgresql::initdb'] -> Class['postgresql::config'] -> Service['postgresqld'] + } + else { + Package['postgresql-server'] -> Class['postgresql::config'] -> Service['postgresqld'] + } + + exec { 'reload_postgresql': + path => '/usr/bin:/usr/sbin:/bin:/sbin', + command => "service ${service_name} reload", + onlyif => $service_status, + refreshonly => true, + } + } + +} diff --git a/3rdparty/modules/postgresql/manifests/table_grant.pp b/3rdparty/modules/postgresql/manifests/table_grant.pp new file mode 100644 index 000000000..850a15ccc --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/table_grant.pp @@ -0,0 +1,20 @@ +# Resource postgresql::table_grant +define postgresql::table_grant( + $privilege, + $table, + $db, + $role, + $psql_db = undef, + $psql_user = undef +) { + include postgresql::params + postgresql::grant { "table:${name}": + role => $role, + db => $db, + privilege => $privilege, + object_type => 'TABLE', + object_name => $table, + psql_db => $psql_db, + psql_user => $psql_user, + } +} diff --git a/3rdparty/modules/postgresql/manifests/tablespace.pp b/3rdparty/modules/postgresql/manifests/tablespace.pp new file mode 100644 index 000000000..152e0cfba --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/tablespace.pp @@ -0,0 +1,59 @@ +# Define: postgresql::tablespace +# +# This module creates tablespace +# +# Parameters: +# [*title*] - the name of a tablespace to be created. The name cannot begin with pg_, as such names are reserved for system tablespaces. +# [*owner*] - the name of the user who will own the tablespace. If omitted, defaults to the user executing the command. +# Only superusers can create tablespaces, but they can assign ownership of tablespaces to non-superusers. +# [*location*] - The directory that will be used for the tablespace. The directory should be empty and must be owned by the PostgreSQL +# system user. The directory must be specified by an absolute path name. +# +# Actions: +# +# Requires: +# +# class postgresql::server +# +# Sample Usage: +# +# postgresql::tablespace { 'dbspace': +# location => '/data/dbs', +# } +# +# +define postgresql::tablespace( + $location, + $owner = undef, + $spcname = $title) +{ + include postgresql::params + + Postgresql_psql { + psql_user => $postgresql::params::user, + psql_group => $postgresql::params::group, + psql_path => $postgresql::params::psql_path, + } + + if ($owner == undef) { + $owner_section = '' + } + else { + $owner_section = "OWNER \"${owner}\"" + } + + $create_tablespace_command = "CREATE TABLESPACE \"${spcname}\" ${owner_section} LOCATION '${location}'" + + file { $location: + ensure => directory, + owner => $postgresql::params::user, + group => $postgresql::params::group, + mode => '0700', + } + + postgresql_psql { "Create tablespace '${spcname}'": + command => $create_tablespace_command, + unless => "SELECT spcname FROM pg_tablespace WHERE spcname='${spcname}'", + require => [Class['postgresql::server'], File[$location]], + } +} diff --git a/3rdparty/modules/postgresql/manifests/validate_db_connection.pp b/3rdparty/modules/postgresql/manifests/validate_db_connection.pp new file mode 100644 index 000000000..b843e6e32 --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/validate_db_connection.pp @@ -0,0 +1,77 @@ +# Define: postgresql::validate_db_connection +# +# This type validates that a successful postgres connection can be established +# between the node on which this resource is run and a specified postgres +# instance (host/port/user/password/database name). +# +# Parameters: +# [*database_host*] - the hostname or IP address of the machine where the +# postgres server should be running. +# [*database_port*] - the port on which postgres server should be +# listening (defaults to 5432). +# [*database_username*] - the postgres username +# [*database_password*] - the postgres user's password +# [*database_name*] - the database name that the connection should be +# established against +# +# NOTE: to some degree this type assumes that you've created the corresponding +# postgres database instance that you are validating by using the +# `postgresql::db` or `postgresql::database` type provided by this module +# elsewhere in your manifests. +# +# Actions: +# +# Attempts to establish a connection to the specified postgres database. If +# a connection cannot be established, the resource will fail; this allows you +# to use it as a dependency for other resources that would be negatively +# impacted if they were applied without the postgres connection being available. +# +# Requires: +# +# `psql` commandline tool (will automatically install the system's postgres +# client package if it is not already installed.) +# +# Sample Usage: +# +# postgresql::validate_db_connection { 'validate my postgres connection': +# database_host => 'my.postgres.host', +# database_username => 'mydbuser', +# database_password => 'mydbpassword', +# database_name => 'mydbname', +# } +# + +define postgresql::validate_db_connection( + $database_host, + $database_name, + $database_password, + $database_username, + $database_port = 5432 +) { + require postgresql::client + + # TODO: port to ruby + $psql = "${postgresql::params::psql_path} --tuples-only --quiet -h ${database_host} -U ${database_username} -p ${database_port} --dbname ${database_name}" + + $exec_name = "validate postgres connection for ${database_host}/${database_name}" + exec { $exec_name: + command => '/bin/false', + unless => "/bin/echo \"SELECT 1\" | ${psql}", + cwd => '/tmp', + environment => "PGPASSWORD=${database_password}", + logoutput => 'on_failure', + require => Package['postgresql-client'], + } + + # This is a little bit of puppet magic. What we want to do here is make + # sure that if the validation and the database instance creation are being + # applied on the same machine, then the database resource is applied *before* + # the validation resource. Otherwise, the validation is guaranteed to fail + # on the first run. + # + # We accomplish this by using Puppet's resource collection syntax to search + # for the Database resource in our current catalog; if it exists, the + # appropriate relationship is created here. + Database<|title == $database_name|> -> Exec[$exec_name] +} + diff --git a/3rdparty/modules/postgresql/metadata.json b/3rdparty/modules/postgresql/metadata.json new file mode 100644 index 000000000..6657d3b62 --- /dev/null +++ b/3rdparty/modules/postgresql/metadata.json @@ -0,0 +1,158 @@ +{ + "name": "puppetlabs-postgresql", + "version": "2.4.0", + "source": "git://github.com/puppetlabs/puppet-postgresql.git", + "author": "Inkling/Puppet Labs", + "license": "Apache", + "summary": "PostgreSQL defined resource types", + "description": "PostgreSQL defined resource types", + "project_page": "https://github.com/puppetlabs/puppet-postgresql", + "dependencies": [ + { + "name": "puppetlabs/stdlib", + "version_requirement": ">=3.2.0 <5.0.0" + }, + { + "name": "puppetlabs/firewall", + "version_requirement": ">= 0.0.4" + }, + { + "name": "puppetlabs/apt", + "version_requirement": ">=1.1.0 <2.0.0" + }, + { + "name": "ripienaar/concat", + "version_requirement": ">= 0.2.0" + } + ], + "types": [ + { + "name": "postgresql_psql", + "doc": "", + "properties": [ + { + "name": "command", + "doc": "The SQL command to execute via psql." + } + ], + "parameters": [ + { + "name": "name", + "doc": "An arbitrary tag for your own reference; the name of the message." + }, + { + "name": "unless", + "doc": "An optional SQL command to execute prior to the main :command; this is generally intended to be used for idempotency, to check for the existence of an object in the database to determine whether or not the main SQL command needs to be executed at all." + }, + { + "name": "db", + "doc": "The name of the database to execute the SQL command against." + }, + { + "name": "psql_path", + "doc": "The path to psql executable." + }, + { + "name": "psql_user", + "doc": "The system user account under which the psql command should be executed." + }, + { + "name": "psql_group", + "doc": "The system user group account under which the psql command should be executed." + }, + { + "name": "cwd", + "doc": "The working directory under which the psql command should be executed." + }, + { + "name": "refreshonly", + "doc": "If 'true', then the SQL will only be executed via a notify/subscribe event." + } + ], + "providers": [ + { + "name": "ruby", + "doc": "" + } + ] + } + ], + "checksums": { + "Changelog": "1bbbbb0bf3a2a9c45340a837a7d80cc9", + "Gemfile": "1aeb148bd15a4ddc1f42327393accae3", + "Gemfile.lock": "787c8db4b84e6469c8c0f2003579d0fc", + "LICENSE": "a781715ebc5e3e0956ee6baec3140e58", + "Modulefile": "f90b1249f08c5e7a779efc3ba64a831d", + "README.md": "a0ce60f3260475d4d5fbc66eca49a9ca", + "Rakefile": "7e458ced5c7b798430ee6371f860057e", + "examples/init.pp": "f7772943903ec859df2e43b61b700fd4", + "examples/official-postgresql-repos.pp": "44e02f3c93b7d5edf1647d608c4e6310", + "examples/postgresql_database.pp": "8c631bdc1a57c3e82b203ec3d5dde5e1", + "examples/postgresql_db.pp": "2db756a3dea26055fd9aa8e63201ec4d", + "examples/postgresql_grant.pp": "6f1e08c4f7394b32573a70acc314c3a7", + "examples/postgresql_pg_hba_rule.pp": "4591748c68d75a1014991de70a83aaaa", + "examples/postgresql_pgconf_extras.pp": "51b8d3bf9847a7d7c2a33b131705496f", + "examples/postgresql_tablespace.pp": "f3f6b0c2b6ff09b73ff36138604e2b92", + "examples/postgresql_user.pp": "974917490d130306d45fbb8edee2d6b6", + "examples/server.pp": "7a44884738b92730cdcc0282a581dce2", + "files/RPM-GPG-KEY-PGDG": "78b5db170d33f80ad5a47863a7476b22", + "lib/facter/postgres_default_version.rb": "53c88744595fa06f0ce7f08211a46ae2", + "lib/puppet/parser/functions/postgresql_acls_to_resources_hash.rb": "d518a7959b950874820a3b0a7a324488", + "lib/puppet/parser/functions/postgresql_password.rb": "820da02a888ab42357fe9bc2352b1c37", + "lib/puppet/provider/postgresql_psql/ruby.rb": "ed5f97f93876db0b830c2596fff16ec6", + "lib/puppet/type/postgresql_psql.rb": "ae147c9e12a1d0909bcf8d5374494fb1", + "manifests/client.pp": "462bae5ffbcc40b1172e5fdbfdb909bf", + "manifests/config/afterservice.pp": "033677b9d1aef3b7d941ee920c287d2c", + "manifests/config/beforeservice.pp": "49869372f7d8f30aea1460c530ce5a0d", + "manifests/config.pp": "40133151b124f3726f49cebe915583da", + "manifests/contrib.pp": "27ff6b8df85a556d9f9a28ed2b01e0f1", + "manifests/database.pp": "b105ae2f6aafa1adc4f23e2e28a8819c", + "manifests/database_grant.pp": "3f9c69a817be47d8bf940f6a1002d4d0", + "manifests/database_user.pp": "b5f9fdff0bdbd751dfc5f493bddcf1e3", + "manifests/db.pp": "3632f3e819be95e8a4b6ce79d4256730", + "manifests/devel.pp": "4ae7a114c635874555489c15a512b124", + "manifests/grant.pp": "8d13bc521cd6396f69600a0fc94e0db1", + "manifests/init.pp": "229910d441d3881e4389d3a2bcd37c3a", + "manifests/initdb.pp": "9d14ae813bed54ad46d791ed490588d7", + "manifests/java.pp": "be65d349b7657f3cc4b8dd4195e21a7c", + "manifests/package_source/apt_postgresql_org.pp": "f2077dde857658cd3a12c9956ac879d7", + "manifests/package_source/yum_postgresql_org.pp": "4a80fe043d9710da0bcc34a3450159ca", + "manifests/params.pp": "1cc7fa9b165b916188a84661e6a903a5", + "manifests/pg_hba.pp": "d5e130f3a2e1023061dcfb8cff8fad07", + "manifests/pg_hba_rule.pp": "032477ffac94d72b30c8108394568e89", + "manifests/plperl.pp": "f7fbc3c3b53ae18afdcbc9a740e3b5b9", + "manifests/psql.pp": "339bae8e795f5bcf5550a88ad1e1105d", + "manifests/python.pp": "cd2c8d7624ac6146fd0b9d4b8cc57ef5", + "manifests/role.pp": "4ac572845c7c2fa223515a042936b310", + "manifests/server.pp": "1d517c9c74c364f01d4381a580a6de2e", + "manifests/table_grant.pp": "10909deaf4f26d8ea265076275919a89", + "manifests/tablespace.pp": "37d8393a8d92b3b7ba1a6236cba13a9b", + "manifests/validate_db_connection.pp": "3154199da6a6fb39c78ff86d1e5c50e7", + "spec/spec_helper.rb": "21d45639cb46497b9196d7658eefbaa5", + "spec/spec_helper_system.rb": "56e45808e53c1259b10870621606a891", + "spec/system/install_spec.rb": "26e8ce8a147669479f9ef04412ce8727", + "spec/system/non_defaults_spec.rb": "841055d4ebc15626bb8661415b59c4f9", + "spec/unit/classes/client_spec.rb": "60e55a28a18b2370dac9c79fc175ba2f", + "spec/unit/classes/contrib_spec.rb": "16713d2b385cb20b29d0cdb95480ed01", + "spec/unit/classes/devel_spec.rb": "8f24f839c5ced188e5a373fe469d4f29", + "spec/unit/classes/init_spec.rb": "d8fdd6f2b67570832606b56704fc48f6", + "spec/unit/classes/params_spec.rb": "f35c148917971a3e50c48c22c17eab18", + "spec/unit/classes/postgresql_java_spec.rb": "a073702d2443d45abba0b5e2a719c863", + "spec/unit/classes/postgresql_python_spec.rb": "de978ff4029e0f7309b8a144553c01eb", + "spec/unit/classes/server_spec.rb": "a89d34b468251a36ab7c55e7fb619a5f", + "spec/unit/defines/database_grant_spec.rb": "b3ec60b58c6f917061bca0a48adbf0b7", + "spec/unit/defines/database_spec.rb": "b9f0face88bc301d68f460208ba72df4", + "spec/unit/defines/database_user_spec.rb": "2cb9eaf726859d82baeb6d4a6bf453c4", + "spec/unit/defines/db_spec.rb": "9b99d7f4145b3081d1b025e30f13b3fc", + "spec/unit/defines/pg_hba_rule_spec.rb": "9b7a77c48088d36f9a95b2d82caca8cf", + "spec/unit/defines/pg_hba_spec.rb": "ea0c151170a9eab5398f66ca191b0383", + "spec/unit/defines/psql_spec.rb": "c08ca62b81c68609cca83ec1c60fda55", + "spec/unit/defines/role_spec.rb": "84def95468a82e156a01abfa5e5cb40d", + "spec/unit/defines/tablespace_spec.rb": "fd65a12b4e447421ca0ef0f496aa7cf0", + "spec/unit/defines/validate_db_connection_spec.rb": "1dfe61aca3e98cb96510b3d275097b02", + "spec/unit/facts/postgres_default_version_spec.rb": "0a592d4c1a3948f9a661004cd22fcfc2", + "spec/unit/functions/postgresql_acls_to_resources_hash_spec.rb": "e7740c3cd2110e2fcebab8356012267c", + "spec/unit/functions/postgresql_password_spec.rb": "76034569a5ff627073c5e6ff69176ac3", + "templates/pg_hba_rule.conf": "13b46eecdfd359eddff71fa485ef2f54" + } +} \ No newline at end of file diff --git a/3rdparty/modules/postgresql/spec/spec_helper.rb b/3rdparty/modules/postgresql/spec/spec_helper.rb new file mode 100644 index 000000000..0e93e63ed --- /dev/null +++ b/3rdparty/modules/postgresql/spec/spec_helper.rb @@ -0,0 +1,27 @@ +require 'puppetlabs_spec_helper/module_spec_helper' + +RSpec.configure do |c| + c.include PuppetlabsSpec::Files + + c.before :each do + # Ensure that we don't accidentally cache facts and environment + # between test cases. + Facter::Util::Loader.any_instance.stubs(:load_all) + Facter.clear + Facter.clear_messages + + # Store any environment variables away to be restored later + @old_env = {} + ENV.each_key {|k| @old_env[k] = ENV[k]} + end + + c.after :each do + PuppetlabsSpec::Files.cleanup + end +end + +# Convenience helper for returning parameters for a type from the +# catalogue. +def param(type, title, param) + param_value(catalogue, type, title, param) +end diff --git a/3rdparty/modules/postgresql/spec/spec_helper_system.rb b/3rdparty/modules/postgresql/spec/spec_helper_system.rb new file mode 100644 index 000000000..7fdb9e30c --- /dev/null +++ b/3rdparty/modules/postgresql/spec/spec_helper_system.rb @@ -0,0 +1,54 @@ +require 'rspec-system/spec_helper' +require 'rspec-system-puppet/helpers' +require 'tempfile' + +module LocalHelpers + include RSpecSystem::Util + + def psql(psql_cmd, user = 'postgres', &block) + psql = "psql #{psql_cmd}" + shell("su #{shellescape(user)} -c #{shellescape(psql)}", &block) + end +end + +include RSpecSystemPuppet::Helpers + +RSpec.configure do |c| + # Project root for the firewall code + proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) + + # Enable colour in Jenkins + c.tty = true + + # Include in our local helpers + c.include ::LocalHelpers + + # Puppet helpers + c.include RSpecSystemPuppet::Helpers + c.extend RSpecSystemPuppet::Helpers + + # This is where we 'setup' the nodes before running our tests + c.before :suite do + # Install puppet + puppet_install + + # Copy this module into the module path of the test node + puppet_module_install(:source => proj_root, :module_name => 'postgresql') + shell('puppet module install puppetlabs/stdlib') + shell('puppet module install puppetlabs/firewall') + shell('puppet module install puppetlabs/apt') + shell('puppet module install ripienaar/concat') + + file = Tempfile.new('foo') + begin + file.write(<<-EOS) +--- +:logger: noop + EOS + file.close + rcp(:sp => file.path, :dp => '/etc/puppet/hiera.yaml') + ensure + file.unlink + end + end +end diff --git a/3rdparty/modules/postgresql/spec/system/install_spec.rb b/3rdparty/modules/postgresql/spec/system/install_spec.rb new file mode 100644 index 000000000..974ff3b0d --- /dev/null +++ b/3rdparty/modules/postgresql/spec/system/install_spec.rb @@ -0,0 +1,663 @@ +require 'spec_helper_system' + +describe 'install:' do + after :all do + # Cleanup after tests have ran + puppet_apply("class { 'postgresql::server': ensure => absent }") do |r| + r.exit_code.should_not == 1 + end + end + + it 'test postgresql::server' do + pp = <<-EOS + class { 'postgresql::server': } + EOS + + puppet_apply(pp) do |r| + r.exit_code.should_not == 1 + end + + puppet_apply(pp) do |r| + r.exit_code.should be_zero + end + end + + describe 'postgresql::db' do + it 'should idempotently create a db that we can connect to' do + begin + pp = <<-EOS + $db = 'postgresql_test_db' + include postgresql::server + + postgresql::db { $db: + user => $db, + password => postgresql_password($db, $db), + } + EOS + + puppet_apply(pp) do |r| + r.exit_code.should_not == 1 + end + + puppet_apply(pp) do |r| + r.exit_code.should == 0 + end + + psql('--command="select datname from pg_database" postgresql_test_db') do |r| + r.stdout.should =~ /postgresql_test_db/ + r.stderr.should be_empty + r.exit_code.should == 0 + end + ensure + psql('--command="drop database postgresql_test_db" postgres') + end + end + + it 'should take a locale parameter' do + pending('no support for locale parameter with centos 5', :if => (node.facts['osfamily'] == 'RedHat' and node.facts['lsbmajdistrelease'] == '5')) + begin + pp = <<-EOS + class { 'postgresql::server': } + if($::operatingsystem == 'Debian') { + # Need to make sure the correct locale is installed first + file { '/etc/locale.gen': + content => "en_US ISO-8859-1\nen_NG UTF-8\n", + }~> + exec { '/usr/sbin/locale-gen': + logoutput => true, + refreshonly => true, + } + } + postgresql::db { 'test1': + user => 'test1', + password => postgresql_password('test1', 'test1'), + charset => 'UTF8', + locale => 'en_NG', + } + EOS + + puppet_apply(pp) do |r| + r.exit_code.should_not == 1 + end + + puppet_apply(pp) do |r| + r.exit_code.should == 0 + end + + psql('-c "show lc_ctype" test1') do |r| + r.stdout.should =~ /en_NG/ + end + + psql('-c "show lc_collate" test1') do |r| + r.stdout.should =~ /en_NG/ + end + ensure + psql('--command="drop database test1" postgres') + end + end + + it 'should take an istemplate parameter' do + begin + pp = <<-EOS + $db = 'template2' + include postgresql::server + + postgresql::db { $db: + user => $db, + password => postgresql_password($db, $db), + istemplate => true, + } + EOS + + puppet_apply(pp) do |r| + r.exit_code.should_not == 1 + end + + puppet_apply(pp) do |r| + r.exit_code.should == 0 + end + + psql('--command="select datname from pg_database" template2') do |r| + r.stdout.should =~ /template2/ + r.stderr.should be_empty + r.exit_code.should == 0 + end + ensure + psql('--command="drop database template2" postgres') do |r| + r.stdout.should be_empty + r.stderr.should =~ /cannot drop a template database/ + r.exit_code.should_not == 0 + end + end + end + + it 'should update istemplate parameter' do + begin + pp = <<-EOS + $db = 'template2' + include postgresql::server + + postgresql::db { $db: + user => $db, + password => postgresql_password($db, $db), + istemplate => false, + } + EOS + + puppet_apply(pp) do |r| + r.exit_code.should_not == 1 + end + + puppet_apply(pp) do |r| + r.exit_code.should == 0 + end + + psql('--command="select datname from pg_database" template2') do |r| + r.stdout.should =~ /template2/ + r.stderr.should be_empty + r.exit_code.should == 0 + end + ensure + psql('--command="drop database template2" postgres') do |r| + r.exit_code.should == 0 + end + end + end + end + + describe 'postgresql::psql' do + it 'should work but emit a deprecation warning' do + pp = <<-EOS + include postgresql::server + + postgresql::psql { 'foobar': + db => 'postgres', + user => 'postgres', + command => 'select * from pg_database limit 1', + unless => 'select 1 where 1=1', + require => Class['postgresql::server'], + } + EOS + + puppet_apply(pp) do |r| + r.exit_code.should_not == 1 + r.stdout.should =~ /postgresql::psql is deprecated/ + end + + puppet_apply(pp) do |r| + r.exit_code.should == 2 + r.stdout.should =~ /postgresql::psql is deprecated/ + end + end + end + + describe 'postgresql_psql' do + it 'should run some SQL when the unless query returns no rows' do + pp = <<-EOS + include postgresql::server + + postgresql_psql { 'foobar': + db => 'postgres', + psql_user => 'postgres', + command => 'select 1', + unless => 'select 1 where 1=2', + require => Class['postgresql::server'], + } + EOS + + puppet_apply(pp) do |r| + r.exit_code.should_not == 1 + end + + puppet_apply(pp) do |r| + r.exit_code.should == 2 + end + end + + it 'should not run SQL when the unless query returns rows' do + pp = <<-EOS + include postgresql::server + + postgresql_psql { 'foobar': + db => 'postgres', + psql_user => 'postgres', + command => 'select * from pg_database limit 1', + unless => 'select 1 where 1=1', + require => Class['postgresql::server'], + } + EOS + + puppet_apply(pp) do |r| + r.exit_code.should_not == 1 + end + + puppet_apply(pp) do |r| + r.exit_code.should be_zero + end + end + end + + describe 'postgresql::user' do + it 'should idempotently create a user who can log in' do + pp = <<-EOS + $user = "postgresql_test_user" + $password = "postgresql_test_password" + + include postgresql::server + + # Since we are not testing pg_hba or any of that, make a local user for ident auth + user { $user: + ensure => present, + } + + postgresql::database_user { $user: + password_hash => postgresql_password($user, $password), + require => [ Class['postgresql::server'], + User[$user] ], + } + EOS + + puppet_apply(pp) do |r| + r.exit_code.should_not == 1 + end + + puppet_apply(pp) do |r| + r.exit_code.should be_zero + end + + # Check that the user can log in + psql('--command="select datname from pg_database" postgres', 'postgresql_test_user') do |r| + r.stdout.should =~ /template1/ + r.stderr.should be_empty + r.exit_code.should == 0 + end + end + + it 'should idempotently alter a user who can log in' do + pp = <<-EOS + $user = "postgresql_test_user" + $password = "postgresql_test_password2" + + include postgresql::server + + # Since we are not testing pg_hba or any of that, make a local user for ident auth + user { $user: + ensure => present, + } + + postgresql::database_user { $user: + password_hash => postgresql_password($user, $password), + require => [ Class['postgresql::server'], + User[$user] ], + } + EOS + + puppet_apply(pp) do |r| + r.exit_code.should_not == 1 + end + + puppet_apply(pp) do |r| + r.exit_code.should be_zero + end + + # Check that the user can log in + psql('--command="select datname from pg_database" postgres', 'postgresql_test_user') do |r| + r.stdout.should =~ /template1/ + r.stderr.should be_empty + r.exit_code.should == 0 + end + end + end + + describe 'postgresql::database_grant' do + it 'should grant access so a user can create in a database' do + begin + pp = <<-EOS + $db = 'postgres' + $user = 'psql_grant_tester' + $password = 'psql_grant_pw' + + include postgresql::server + + # Since we are not testing pg_hba or any of that, make a local user for ident auth + user { $user: + ensure => present, + } + + postgresql::database_user { $user: + password_hash => postgresql_password($user, $password), + require => [ + Class['postgresql::server'], + User[$user], + ], + } + + postgresql::database { $db: + require => Class['postgresql::server'], + } + + postgresql::database_grant { 'grant create test': + privilege => 'CREATE', + db => $db, + role => $user, + require => [ + Postgresql::Database[$db], + Postgresql::Database_user[$user], + ], + } + EOS + + puppet_apply(pp) do |r| + r.exit_code.should_not == 1 + end + + puppet_apply(pp) do |r| + r.exit_code.should be_zero + end + + # Check that the user can create a table in the database + psql('--command="create table foo (foo int)" postgres', 'psql_grant_tester') do |r| + r.stdout.should =~ /CREATE TABLE/ + r.stderr.should be_empty + r.exit_code.should == 0 + end + ensure + psql('--command="drop table foo" postgres', 'psql_grant_tester') + end + end + end + + describe 'postgresql::table_grant' do + it 'should grant access so a user can insert in a table' do + begin + pp = <<-EOS + $db = 'table_grant' + $user = 'psql_table_tester' + $password = 'psql_table_pw' + + include postgresql::server + + # Since we are not testing pg_hba or any of that, make a local user for ident auth + user { $user: + ensure => present, + } + + postgresql::database_user { $user: + password_hash => postgresql_password($user, $password), + require => [ + Class['postgresql::server'], + User[$user], + ], + } + + postgresql::database { $db: + require => Class['postgresql::server'], + } + + postgresql_psql { 'Create testing table': + command => 'CREATE TABLE "test_table" (field integer NOT NULL)', + db => $db, + unless => "SELECT * FROM pg_tables WHERE tablename = 'test_table'", + require => Postgresql::Database[$db], + } + + postgresql::table_grant { 'grant insert test': + privilege => 'INSERT', + table => 'test_table', + db => $db, + role => $user, + require => [ + Postgresql::Database[$db], + Postgresql::Database_user[$user], + Postgresql_psql['Create testing table'], + ], + } + EOS + + puppet_apply(pp) do |r| + r.exit_code.should_not == 1 + end + + puppet_apply(pp) do |r| + r.exit_code.should be_zero + end + + ## Check that the user can create a table in the database + #psql('--command="create table foo (foo int)" postgres', 'psql_grant_tester') do |r| + # r.stdout.should =~ /CREATE TABLE/ + # r.stderr.should be_empty + # r.exit_code.should == 0 + #end + ensure + #psql('--command="drop table foo" postgres', 'psql_grant_tester') + end + end + end + + describe 'postgresql::validate_db_connections' do + it 'should run puppet with no changes declared if database connectivity works' do + pp = <<-EOS + $db = 'foo' + include postgresql::server + + postgresql::db { $db: + user => $db, + password => postgresql_password($db, $db), + } + EOS + + puppet_apply(pp) do |r| + r.exit_code.should_not == 1 + end + + puppet_apply(pp) do |r| + r.exit_code.should be_zero + end + + pp = <<-EOS + postgresql::validate_db_connection { 'foo': + database_host => 'localhost', + database_name => 'foo', + database_username => 'foo', + database_password => 'foo', + } + EOS + + puppet_apply(pp) do |r| + r.exit_code.should be_zero + end + end + + it 'should fail catalogue if database connectivity fails' do + pp = <<-EOS + postgresql::validate_db_connection { 'foobarbaz': + database_host => 'localhost', + database_name => 'foobarbaz', + database_username => 'foobarbaz', + database_password => 'foobarbaz', + } + EOS + + puppet_apply(pp) do |r| + r.exit_code.should == 4 + end + end + end + + describe 'postgresql::tablespace' do + it 'should idempotently create tablespaces and databases that are using them' do + pp = <<-EOS + include postgresql::server + + file { '/tmp/pg_tablespaces': + ensure => 'directory', + owner => 'postgres', + group => 'postgres', + mode => '0700', + }~> + # This works around rubies that lack Selinux support, I'm looking at you RHEL5 + exec { "chcon -u system_u -r object_r -t postgresql_db_t /tmp/pg_tablespaces": + refreshonly => true, + path => "/bin:/usr/bin", + onlyif => "which chcon", + before => File["/tmp/pg_tablespaces/space1", "/tmp/pg_tablespaces/space2"] + } + + postgresql::tablespace{ 'tablespace1': + location => '/tmp/pg_tablespaces/space1', + require => [Class['postgresql::server'], File['/tmp/pg_tablespaces']], + } + postgresql::database{ 'tablespacedb1': + charset => 'utf8', + tablespace => 'tablespace1', + require => Postgresql::Tablespace['tablespace1'], + } + postgresql::db{ 'tablespacedb2': + user => 'dbuser2', + password => postgresql_password('dbuser2', 'dbuser2'), + tablespace => 'tablespace1', + require => Postgresql::Tablespace['tablespace1'], + } + + postgresql::database_user{ 'spcuser': + password_hash => postgresql_password('spcuser', 'spcuser'), + require => Class['postgresql::server'], + } + postgresql::tablespace{ 'tablespace2': + location => '/tmp/pg_tablespaces/space2', + owner => 'spcuser', + require => [Postgresql::Database_user['spcuser'], File['/tmp/pg_tablespaces']], + } + postgresql::database{ 'tablespacedb3': + charset => 'utf8', + tablespace => 'tablespace2', + require => Postgresql::Tablespace['tablespace2'], + } + EOS + + puppet_apply(pp) do |r| + r.exit_code.should_not == 1 + end + + puppet_apply(pp) do |r| + r.exit_code.should == 0 + end + + # Check that databases use correct tablespaces + psql('--command="select ts.spcname from pg_database db, pg_tablespace ts where db.dattablespace = ts.oid and db.datname = \'"\'tablespacedb1\'"\'"') do |r| + r.stdout.should =~ /tablespace1/ + r.stderr.should be_empty + r.exit_code.should == 0 + end + + psql('--command="select ts.spcname from pg_database db, pg_tablespace ts where db.dattablespace = ts.oid and db.datname = \'"\'tablespacedb3\'"\'"') do |r| + r.stdout.should =~ /tablespace2/ + r.stderr.should be_empty + r.exit_code.should == 0 + end + end + end + + describe 'postgresql::pg_hba_rule' do + it 'should create a ruleset in pg_hba.conf' do + pp = <<-EOS + include postgresql::server + postgresql::pg_hba_rule { "allow application network to access app database": + type => "host", + database => "app", + user => "app", + address => "200.1.2.0/24", + auth_method => md5, + } + EOS + + puppet_apply(pp) do |r| + r.exit_code.should_not == 1 + end + + puppet_apply(pp) do |r| + r.exit_code.should be_zero + end + + shell("grep '200.1.2.0/24' /etc/postgresql/*/*/pg_hba.conf || grep '200.1.2.0/24' /var/lib/pgsql/data/pg_hba.conf") do |r| + r.exit_code.should be_zero + end + end + + it 'should create a ruleset in pg_hba.conf that denies db access to db test1' do + pp = <<-EOS + include postgresql::server + postgresql::db { "test1": + user => "test1", + password => postgresql_password('test1', 'test1'), + grant => "all", + } + postgresql::pg_hba_rule { "allow anyone to have access to db test1": + type => "local", + database => "test1", + user => "test1", + auth_method => reject, + order => '001', + } + user { "test1": + shell => "/bin/bash", + managehome => true, + } + EOS + puppet_apply(pp) do |r| + r.exit_code.should_not == 1 + end + + shell('su - test1 -c \'psql -U test1 -c "\q" test1\'') do |r| + r.exit_code.should == 2 + end + end + end + + describe 'postgresql.conf include' do + it "should support an 'include' directive at the end of postgresql.conf" do + pending('no support for include directive with centos 5/postgresql 8.1', :if => (node.facts['osfamily'] == 'RedHat' and node.facts['lsbmajdistrelease'] == '5')) + pp = <<-EOS + class pg_test { + class { 'postgresql::server': } + + $pg_conf_include_file = "${postgresql::params::confdir}/postgresql_puppet_extras.conf" + + file { $pg_conf_include_file : + content => 'max_connections = 123', + notify => Service['postgresqld'], + } + } + class { 'pg_test': } + EOS + + puppet_apply(pp) do |r| + r.exit_code.should_not == 1 + end + + puppet_apply(pp) do |r| + r.exit_code.should be_zero + end + + psql('--command="show max_connections" -t') do |r| + r.stdout.should =~ /123/ + r.stderr.should be_empty + r.exit_code.should be_zero + end + + pp = <<-EOS + class cleanup { + require postgresql::params + + $pg_conf_include_file = "${postgresql::params::confdir}/postgresql_puppet_extras.conf" + + file { $pg_conf_include_file : + ensure => absent + } + } + class { 'cleanup': } + EOS + puppet_apply(pp) + end + end +end diff --git a/3rdparty/modules/postgresql/spec/system/non_defaults_spec.rb b/3rdparty/modules/postgresql/spec/system/non_defaults_spec.rb new file mode 100644 index 000000000..99db61a8b --- /dev/null +++ b/3rdparty/modules/postgresql/spec/system/non_defaults_spec.rb @@ -0,0 +1,114 @@ +require 'spec_helper_system' + +describe 'non defaults:' do + before :all do + puppet_apply(<<-EOS) + if($::operatingsystem =~ /Debian|Ubuntu/) { + # Need to make sure the correct utf8 locale is ready for our + # non-standard tests + file { '/etc/locale.gen': + content => "en_US ISO-8859-1\nen_NG UTF-8\nen_US UTF-8\n", + }~> + exec { '/usr/sbin/locale-gen': + logoutput => true, + refreshonly => true, + } + } + EOS + end + + context 'test installing non-default version of postgresql' do + after :each do + # Cleanup + psql('--command="drop database postgresql_test_db" postgres') + pp = <<-EOS + class { "postgresql": + version => "9.2", + manage_package_repo => true, + }-> + class { 'postgresql::server': + ensure => absent, + service_status => 'service postgresql-9.2 status', + } + EOS + puppet_apply(pp) + end + + it 'perform installation and create a db' do + pp = <<-EOS + # Configure version and manage_package_repo globally, install postgres + # and then try to install a new database. + class { "postgresql": + version => "9.2", + manage_package_repo => true, + charset => 'UTF8', + locale => 'en_US.UTF-8', + }-> + class { "postgresql::server": }-> + postgresql::db { "postgresql_test_db": + user => "foo1", + password => postgresql_password('foo1', 'foo1'), + }-> + class { "postgresql::plperl": } + EOS + + puppet_apply(pp) do |r| + # Currently puppetlabs/apt shows deprecated messages + #r.stderr.should be_empty + [2,6].should include(r.exit_code) + end + + puppet_apply(pp) do |r| + # Currently puppetlabs/apt shows deprecated messages + #r.stderr.should be_empty + # It also returns a 4 + [0,4].should include(r.exit_code) + end + + psql('postgresql_test_db --command="select datname from pg_database limit 1"') + end + end + + context 'override locale and charset' do + it 'perform installation with different locale and charset' do + puts node.facts.inspect + pending('no support for locale parameter with centos 5', :if => (node.facts['osfamily'] == 'RedHat' and node.facts['lsbmajdistrelease'] == '5')) + pending('no support for initdb with debian/ubuntu', :if => (node.facts['osfamily'] == 'Debian')) + + # TODO: skip for ubuntu and centos 5 + pp = <<-EOS + # Set global locale and charset option, and try installing postgres + class { 'postgresql': + locale => 'en_NG', + charset => 'UTF8', + }-> + class { 'postgresql::server': } + EOS + + puppet_apply(pp) do |r| + # Currently puppetlabs/apt shows deprecated messages + #r.stderr.should be_empty + # It also returns a 6 + [2,6].should include(r.exit_code) + end + + puppet_apply(pp) do |r| + # Currently puppetlabs/apt shows deprecated messages + #r.stderr.should be_empty + # It also returns a 2 + [0,4].should include(r.exit_code) + end + + # Remove db first, if it exists for some reason + shell('su postgres -c "dropdb test1"') + shell('su postgres -c "createdb test1"') + shell('su postgres -c \'psql -c "show lc_ctype" test1\'') do |r| + r.stdout.should =~ /en_NG/ + end + + shell('su postgres -c \'psql -c "show lc_collate" test1\'') do |r| + r.stdout.should =~ /en_NG/ + end + end + end +end diff --git a/3rdparty/modules/postgresql/spec/unit/classes/client_spec.rb b/3rdparty/modules/postgresql/spec/unit/classes/client_spec.rb new file mode 100644 index 000000000..6da32b3a0 --- /dev/null +++ b/3rdparty/modules/postgresql/spec/unit/classes/client_spec.rb @@ -0,0 +1,11 @@ +require 'spec_helper' + +describe 'postgresql::client', :type => :class do + let :facts do + { + :postgres_default_version => '8.4', + :osfamily => 'Debian', + } + end + it { should include_class("postgresql::client") } +end diff --git a/3rdparty/modules/postgresql/spec/unit/classes/contrib_spec.rb b/3rdparty/modules/postgresql/spec/unit/classes/contrib_spec.rb new file mode 100644 index 000000000..c1368f941 --- /dev/null +++ b/3rdparty/modules/postgresql/spec/unit/classes/contrib_spec.rb @@ -0,0 +1,11 @@ +require 'spec_helper' + +describe 'postgresql::contrib', :type => :class do + let :facts do + { + :postgres_default_version => '8.4', + :osfamily => 'Debian', + } + end + it { should include_class("postgresql::contrib") } +end diff --git a/3rdparty/modules/postgresql/spec/unit/classes/devel_spec.rb b/3rdparty/modules/postgresql/spec/unit/classes/devel_spec.rb new file mode 100644 index 000000000..c8436daaa --- /dev/null +++ b/3rdparty/modules/postgresql/spec/unit/classes/devel_spec.rb @@ -0,0 +1,11 @@ +require 'spec_helper' + +describe 'postgresql::devel', :type => :class do + let :facts do + { + :postgres_default_version => '8.4', + :osfamily => 'Debian', + } + end + it { should include_class("postgresql::devel") } +end diff --git a/3rdparty/modules/postgresql/spec/unit/classes/init_spec.rb b/3rdparty/modules/postgresql/spec/unit/classes/init_spec.rb new file mode 100644 index 000000000..f04b7acd2 --- /dev/null +++ b/3rdparty/modules/postgresql/spec/unit/classes/init_spec.rb @@ -0,0 +1,71 @@ +require 'spec_helper' + +describe 'postgresql', :type => :class do + describe 'with supported os' do + let :facts do + { + :postgres_default_version => '8.4', + :osfamily => 'Debian', + } + end + it { should include_class("postgresql") } + + context 'support override params' do + let(:params) {{ + :version => '8.4', + :manage_package_repo => true, + :package_source => '', + :locale => 'en_NG', + :charset => 'UTF8', + :datadir => '/srv/pgdata', + :confdir => '/opt/pg/etc', + :bindir => '/opt/pg/bin', + :client_package_name => 'my-postgresql-client', + :server_package_name => 'my-postgresql-server', + :contrib_package_name => 'my-postgresql-contrib', + :devel_package_name => 'my-postgresql-devel', + :java_package_name => 'my-postgresql-java', + :service_name => 'my-postgresql', + :user => 'my-postgresql', + :group => 'my-postgresql', + :run_initdb => true, + }} + + it { should include_class("postgresql") } + it { should include_class("postgresql::params") } + end + end + + describe 'with unsupported os' do + let :facts do + { + :postgres_default_version => '8.4', + :osfamily => 'foo', + } + end + + context 'support override params' do + let(:params) {{ + :version => '8.4', + :package_source => '', + :locale => 'en_NG', + :charset => 'UTF8', + :datadir => '/srv/pgdata', + :confdir => '/opt/pg/etc', + :bindir => '/opt/pg/bin', + :client_package_name => 'my-postgresql-client', + :server_package_name => 'my-postgresql-server', + :contrib_package_name => 'my-postgresql-contrib', + :devel_package_name => 'my-postgresql-devel', + :java_package_name => 'my-postgresql-java', + :service_name => 'my-postgresql', + :user => 'my-postgresql', + :group => 'my-postgresql', + :run_initdb => true, + }} + + it { should include_class("postgresql") } + it { should include_class("postgresql::params") } + end + end +end diff --git a/3rdparty/modules/postgresql/spec/unit/classes/params_spec.rb b/3rdparty/modules/postgresql/spec/unit/classes/params_spec.rb new file mode 100644 index 000000000..56b1f90fc --- /dev/null +++ b/3rdparty/modules/postgresql/spec/unit/classes/params_spec.rb @@ -0,0 +1,11 @@ +require 'spec_helper' + +describe 'postgresql::params', :type => :class do + let :facts do + { + :postgres_default_version => '8.4', + :osfamily => 'Debian', + } + end + it { should include_class("postgresql::params") } +end diff --git a/3rdparty/modules/postgresql/spec/unit/classes/postgresql_java_spec.rb b/3rdparty/modules/postgresql/spec/unit/classes/postgresql_java_spec.rb new file mode 100644 index 000000000..a166037a2 --- /dev/null +++ b/3rdparty/modules/postgresql/spec/unit/classes/postgresql_java_spec.rb @@ -0,0 +1,50 @@ +require 'spec_helper' + +describe 'postgresql::java', :type => :class do + + describe 'on a debian based os' do + let :facts do { + :osfamily => 'Debian', + :postgres_default_version => 'foo', + } + end + it { should contain_package('postgresql-jdbc').with( + :name => 'libpostgresql-jdbc-java', + :ensure => 'present' + )} + end + + describe 'on a redhat based os' do + let :facts do { + :osfamily => 'RedHat', + :postgres_default_version => 'foo', + } + end + it { should contain_package('postgresql-jdbc').with( + :name => 'postgresql-jdbc', + :ensure => 'present' + )} + describe 'when parameters are supplied' do + let :params do + {:package_ensure => 'latest', :package_name => 'somepackage'} + end + it { should contain_package('postgresql-jdbc').with( + :name => 'somepackage', + :ensure => 'latest' + )} + end + end + + describe 'on any other os' do + let :facts do { + :osfamily => 'foo', + :postgres_default_version => 'foo', + } + end + + it 'should fail without all the necessary parameters' do + expect { subject }.to raise_error(/Module postgresql does not provide defaults for osfamily: foo/) + end + end + +end diff --git a/3rdparty/modules/postgresql/spec/unit/classes/postgresql_python_spec.rb b/3rdparty/modules/postgresql/spec/unit/classes/postgresql_python_spec.rb new file mode 100644 index 000000000..f606d249c --- /dev/null +++ b/3rdparty/modules/postgresql/spec/unit/classes/postgresql_python_spec.rb @@ -0,0 +1,53 @@ +require 'spec_helper' + +describe 'postgresql::python', :type => :class do + + describe 'on a redhat based os' do + let :facts do { + :osfamily => 'RedHat', + :postgres_default_version => 'foo', + } + end + it { should contain_package('python-psycopg2').with( + :name => 'python-psycopg2', + :ensure => 'present' + )} + end + + describe 'on a debian based os' do + let :facts do { + :osfamily => 'Debian', + :postgres_default_version => 'foo', + } + end + it { should contain_package('python-psycopg2').with( + :name => 'python-psycopg2', + :ensure => 'present' + )} + end + + describe 'on any other os' do + let :facts do { + :osfamily => 'foo', + :postgres_default_version => 'foo', + } + end + + it 'should fail without all the necessary parameters' do + expect { subject }.to raise_error(/Module postgresql does not provide defaults for osfamily: foo/) + end + end + + describe 'on any other os without all the necessary parameters' do + let :facts do { + :osfamily => 'foo', + :postgres_default_version => 'foo', + } + end + + it 'should fail' do + expect { subject }.to raise_error(/Module postgresql does not provide defaults for osfamily: foo/) + end + end + +end diff --git a/3rdparty/modules/postgresql/spec/unit/classes/server_spec.rb b/3rdparty/modules/postgresql/spec/unit/classes/server_spec.rb new file mode 100644 index 000000000..38099e96c --- /dev/null +++ b/3rdparty/modules/postgresql/spec/unit/classes/server_spec.rb @@ -0,0 +1,12 @@ +require 'spec_helper' + +describe 'postgresql::server', :type => :class do + let :facts do + { + :postgres_default_version => '8.4', + :osfamily => 'Debian', + :concat_basedir => tmpfilename('server'), + } + end + it { should include_class("postgresql::server") } +end diff --git a/3rdparty/modules/postgresql/spec/unit/defines/database_grant_spec.rb b/3rdparty/modules/postgresql/spec/unit/defines/database_grant_spec.rb new file mode 100644 index 000000000..8cbb3fb26 --- /dev/null +++ b/3rdparty/modules/postgresql/spec/unit/defines/database_grant_spec.rb @@ -0,0 +1,21 @@ +require 'spec_helper' + +describe 'postgresql::database_grant', :type => :define do + let :facts do + { + :postgres_default_version => '8.4', + :osfamily => 'Debian', + } + end + let :title do + 'test' + end + let :params do + { + :privilege => 'ALL', + :db => 'test', + :role => 'test', + } + end + it { should include_class("postgresql::params") } +end diff --git a/3rdparty/modules/postgresql/spec/unit/defines/database_spec.rb b/3rdparty/modules/postgresql/spec/unit/defines/database_spec.rb new file mode 100644 index 000000000..a2ba81be5 --- /dev/null +++ b/3rdparty/modules/postgresql/spec/unit/defines/database_spec.rb @@ -0,0 +1,14 @@ +require 'spec_helper' + +describe 'postgresql::database', :type => :define do + let :facts do + { + :postgres_default_version => '8.4', + :osfamily => 'Debian', + } + end + let :title do + 'test' + end + it { should include_class("postgresql::params") } +end diff --git a/3rdparty/modules/postgresql/spec/unit/defines/database_user_spec.rb b/3rdparty/modules/postgresql/spec/unit/defines/database_user_spec.rb new file mode 100644 index 000000000..998b5db32 --- /dev/null +++ b/3rdparty/modules/postgresql/spec/unit/defines/database_user_spec.rb @@ -0,0 +1,19 @@ +require 'spec_helper' + +describe 'postgresql::database_user', :type => :define do + let :facts do + { + :postgres_default_version => '8.4', + :osfamily => 'Debian', + } + end + let :title do + 'test' + end + let :params do + { + :password_hash => 'test', + } + end + it { should include_class("postgresql::params") } +end diff --git a/3rdparty/modules/postgresql/spec/unit/defines/db_spec.rb b/3rdparty/modules/postgresql/spec/unit/defines/db_spec.rb new file mode 100644 index 000000000..077a72016 --- /dev/null +++ b/3rdparty/modules/postgresql/spec/unit/defines/db_spec.rb @@ -0,0 +1,20 @@ +require 'spec_helper' + +describe 'postgresql::db', :type => :define do + let :facts do + { + :postgres_default_version => '8.4', + :osfamily => 'Debian', + } + end + let :title do + 'test' + end + let :params do + { + :user => 'test', + :password => 'test', + } + end + it { should include_class("postgresql::params") } +end diff --git a/3rdparty/modules/postgresql/spec/unit/defines/pg_hba_rule_spec.rb b/3rdparty/modules/postgresql/spec/unit/defines/pg_hba_rule_spec.rb new file mode 100644 index 000000000..1a3921338 --- /dev/null +++ b/3rdparty/modules/postgresql/spec/unit/defines/pg_hba_rule_spec.rb @@ -0,0 +1,104 @@ +require 'spec_helper' + +describe 'postgresql::pg_hba_rule', :type => :define do + let :facts do + { + :postgres_default_version => '8.4', + :osfamily => 'Debian', + :concat_basedir => tmpfilename('pg_hba'), + } + end + let :title do + 'test' + end + let :target do + tmpfilename('pg_hba_rule') + end + + context 'test template 1' do + let :params do + { + :type => 'host', + :database => 'all', + :user => 'all', + :address => '1.1.1.1/24', + :auth_method => 'md5', + :target => target, + } + end + it do + content = param('concat::fragment', 'pg_hba_rule_test', 'content') + content.should =~ /host\s+all\s+all\s+1\.1\.1\.1\/24\s+md5/ + end + end + + context 'test template 2' do + let :params do + { + :type => 'local', + :database => 'all', + :user => 'all', + :auth_method => 'ident', + :target => target, + } + end + it do + content = param('concat::fragment', 'pg_hba_rule_test', 'content') + content.should =~ /local\s+all\s+all\s+ident/ + end + end + + context 'test template 3' do + let :params do + { + :type => 'host', + :database => 'all', + :user => 'all', + :address => '0.0.0.0/0', + :auth_method => 'ldap', + :auth_option => 'foo=bar', + :target => target, + } + end + it do + content = param('concat::fragment', 'pg_hba_rule_test', 'content') + content.should =~ /host\s+all\s+all\s+0\.0\.0\.0\/0\s+ldap\s+foo=bar/ + end + end + + context 'validation' do + context 'validate type test 1' do + let :params do + { + :type => 'invalid', + :database => 'all', + :user => 'all', + :address => '0.0.0.0/0', + :auth_method => 'ldap', + :target => target, + } + end + it 'should fail parsing when type is not valid' do + expect {subject}.to raise_error(Puppet::Error, + /The type you specified \[invalid\] must be one of/) + end + end + + context 'validate auth_method' do + let :params do + { + :type => 'local', + :database => 'all', + :user => 'all', + :address => '0.0.0.0/0', + :auth_method => 'invalid', + :target => target, + } + end + it 'should fail parsing when auth_method is not valid' do + expect {subject}.to raise_error(Puppet::Error, + /The auth_method you specified \[invalid\] must be one of/) + end + end + end +end diff --git a/3rdparty/modules/postgresql/spec/unit/defines/pg_hba_spec.rb b/3rdparty/modules/postgresql/spec/unit/defines/pg_hba_spec.rb new file mode 100644 index 000000000..62e6fe290 --- /dev/null +++ b/3rdparty/modules/postgresql/spec/unit/defines/pg_hba_spec.rb @@ -0,0 +1,20 @@ +require 'spec_helper' + +describe 'postgresql::pg_hba', :type => :define do + let :facts do + { + :postgres_default_version => '8.4', + :osfamily => 'Debian', + :concat_basedir => tmpfilename('pg_hba'), + } + end + let :title do + 'test' + end + let :params do + { + :target => tmpfilename('pg_hba_target'), + } + end + it { should include_class("postgresql::params") } +end diff --git a/3rdparty/modules/postgresql/spec/unit/defines/psql_spec.rb b/3rdparty/modules/postgresql/spec/unit/defines/psql_spec.rb new file mode 100644 index 000000000..3c21b1184 --- /dev/null +++ b/3rdparty/modules/postgresql/spec/unit/defines/psql_spec.rb @@ -0,0 +1,20 @@ +require 'spec_helper' + +describe 'postgresql::psql', :type => :define do + let :facts do + { + :postgres_default_version => '8.4', + :osfamily => 'Debian', + } + end + let :title do + 'test' + end + let :params do + { + :db => 'test', + :unless => 'test', + } + end + it { should include_class("postgresql::params") } +end diff --git a/3rdparty/modules/postgresql/spec/unit/defines/role_spec.rb b/3rdparty/modules/postgresql/spec/unit/defines/role_spec.rb new file mode 100644 index 000000000..e531390d3 --- /dev/null +++ b/3rdparty/modules/postgresql/spec/unit/defines/role_spec.rb @@ -0,0 +1,14 @@ +require 'spec_helper' + +describe 'postgresql::role', :type => :define do + let :facts do + { + :postgres_default_version => '8.4', + :osfamily => 'Debian', + } + end + let :title do + 'test' + end + it { should include_class("postgresql::params") } +end diff --git a/3rdparty/modules/postgresql/spec/unit/defines/tablespace_spec.rb b/3rdparty/modules/postgresql/spec/unit/defines/tablespace_spec.rb new file mode 100644 index 000000000..76077f3ff --- /dev/null +++ b/3rdparty/modules/postgresql/spec/unit/defines/tablespace_spec.rb @@ -0,0 +1,19 @@ +require 'spec_helper' + +describe 'postgresql::tablespace', :type => :define do + let :facts do + { + :postgres_default_version => '8.4', + :osfamily => 'Debian', + } + end + let :title do + 'test' + end + let :params do + { + :location => '/srv/data/foo', + } + end + it { should include_class("postgresql::params") } +end diff --git a/3rdparty/modules/postgresql/spec/unit/defines/validate_db_connection_spec.rb b/3rdparty/modules/postgresql/spec/unit/defines/validate_db_connection_spec.rb new file mode 100644 index 000000000..76bcfcbc5 --- /dev/null +++ b/3rdparty/modules/postgresql/spec/unit/defines/validate_db_connection_spec.rb @@ -0,0 +1,22 @@ +require 'spec_helper' + +describe 'postgresql::validate_db_connection', :type => :define do + let :facts do + { + :postgres_default_version => '8.4', + :osfamily => 'Debian', + } + end + let :title do + 'test' + end + let :params do + { + :database_host => 'test', + :database_name => 'test', + :database_password => 'test', + :database_username => 'test', + } + end + it { should include_class("postgresql::params") } +end diff --git a/3rdparty/modules/postgresql/spec/unit/facts/postgres_default_version_spec.rb b/3rdparty/modules/postgresql/spec/unit/facts/postgres_default_version_spec.rb new file mode 100644 index 000000000..5ad5f7b14 --- /dev/null +++ b/3rdparty/modules/postgresql/spec/unit/facts/postgres_default_version_spec.rb @@ -0,0 +1,14 @@ +require 'spec_helper' + +describe 'postgres_default_version', :type => :fact do + it 'should handle redhat 6.0' do + Facter.fact(:osfamily).stubs(:value).returns 'RedHat' + Facter.fact(:operatingsystemrelease).stubs(:value).returns '6.0' + Facter.fact(:postgres_default_version).value.should == '8.4' + end + + it 'should return unknown if osfamily is unknown' do + Facter.fact(:osfamily).expects(:value).returns 'test' + Facter.fact(:postgres_default_version).value.should eq 'unknown' + end +end diff --git a/3rdparty/modules/postgresql/spec/unit/functions/postgresql_acls_to_resources_hash_spec.rb b/3rdparty/modules/postgresql/spec/unit/functions/postgresql_acls_to_resources_hash_spec.rb new file mode 100644 index 000000000..0ac1d1bfd --- /dev/null +++ b/3rdparty/modules/postgresql/spec/unit/functions/postgresql_acls_to_resources_hash_spec.rb @@ -0,0 +1,137 @@ +require 'spec_helper' + +describe 'postgresql_acls_to_resources_hash', :type => :puppet_function do + context 'individual transform tests' do + it do + input = 'local all postgres ident' + result = { + "postgresql class generated rule test 0"=>{ + "type"=>"local", + "database"=>"all", + "user"=>"postgres", + "auth_method"=>"ident", + "order"=>"100", + }, + } + + should run.with_params([input], 'test', 100).and_return(result) + end + + it do + input = 'local all root ident' + result = { + "postgresql class generated rule test 0"=>{ + "type"=>"local", + "database"=>"all", + "user"=>"root", + "auth_method"=>"ident", + "order"=>"100", + }, + } + + should run.with_params([input], 'test', 100).and_return(result) + end + + it do + input_array = [ + 'local all all ident', + ] + result = { + "postgresql class generated rule test 0"=>{ + "type"=>"local", + "database"=>"all", + "user"=>"all", + "auth_method"=>"ident", + "order"=>"100", + }, + } + + should run.with_params(input_array, 'test', 100).and_return(result) + end + + it do + input = 'host all all 127.0.0.1/32 md5' + result = { + "postgresql class generated rule test 0"=>{ + "type"=>"host", + "database"=>"all", + "user"=>"all", + "address"=>"127.0.0.1/32", + "auth_method"=>"md5", + "order"=>"100", + }, + } + + should run.with_params([input], 'test', 100).and_return(result) + end + + it do + input = 'host all all 0.0.0.0/0 md5' + result = { + "postgresql class generated rule test 0"=>{ + "type"=>"host", + "database"=>"all", + "user"=>"all", + "address"=>"0.0.0.0/0", + "auth_method"=>"md5", + "order"=>"100", + }, + } + + should run.with_params([input], 'test', 100).and_return(result) + end + + it do + input = 'host all all ::1/128 md5' + result = { + "postgresql class generated rule test 0"=>{ + "type"=>"host", + "database"=>"all", + "user"=>"all", + "address"=>"::1/128", + "auth_method"=>"md5", + "order"=>"100", + }, + } + + should run.with_params([input], 'test', 100).and_return(result) + end + + it do + input = 'host all all 1.1.1.1 255.255.255.0 md5' + result = { + "postgresql class generated rule test 0"=>{ + "type"=>"host", + "database"=>"all", + "user"=>"all", + "address"=>"1.1.1.1 255.255.255.0", + "auth_method"=>"md5", + "order"=>"100", + }, + } + + should run.with_params([input], 'test', 100).and_return(result) + end + + it do + input = 'host all all 1.1.1.1 255.255.255.0 ldap ldapserver=ldap.example.net ldapprefix="cn=" ldapsuffix=", dc=example, dc=net"' + result = { + "postgresql class generated rule test 0"=>{ + "type"=>"host", + "database"=>"all", + "user"=>"all", + "address"=>"1.1.1.1 255.255.255.0", + "auth_method"=>"ldap", + "auth_option"=>"ldapserver=ldap.example.net ldapprefix=\"cn=\" ldapsuffix=\", dc=example, dc=net\"", + "order"=>"100", + }, + } + + should run.with_params([input], 'test', 100).and_return(result) + end + end + + it 'should return an empty hash when input is empty array' do + should run.with_params([], 'test', 100).and_return({}) + end +end diff --git a/3rdparty/modules/postgresql/spec/unit/functions/postgresql_password_spec.rb b/3rdparty/modules/postgresql/spec/unit/functions/postgresql_password_spec.rb new file mode 100644 index 000000000..0d043f873 --- /dev/null +++ b/3rdparty/modules/postgresql/spec/unit/functions/postgresql_password_spec.rb @@ -0,0 +1,6 @@ +require 'spec_helper' + +describe 'postgresql_password', :type => :puppet_function do + it { should run.with_params('foo', 'bar'). + and_return('md596948aad3fcae80c08a35c9b5958cd89') } +end diff --git a/3rdparty/modules/postgresql/templates/pg_hba_rule.conf b/3rdparty/modules/postgresql/templates/pg_hba_rule.conf new file mode 100644 index 000000000..af54db5b2 --- /dev/null +++ b/3rdparty/modules/postgresql/templates/pg_hba_rule.conf @@ -0,0 +1,5 @@ + +# Rule Name: <%=@name%> +# Description: <%=@description%> +# Order: <%=@order%> +<%=@type%> <%=@database%> <%=@user%> <%=@address%> <%=@auth_method%> <%=@auth_option%>