+++ /dev/null
-# Class: postgresql::config::afterservice
-#
-# Parameters:
-#
-# [*postgres_password*] - postgres db user password.
-#
-# Actions:
-#
-# Requires:
-#
-# Usage:
-# This class is not intended to be used directly; it is
-# managed by postgresl::config. It contains resources
-# that should be handled *after* the postgres service
-# has been started up.
-#
-# class { 'postgresql::config::afterservice':
-# postgres_password => 'postgres'
-# }
-#
-class postgresql::config::afterservice(
- $postgres_password = undef
-) inherits postgresql::params {
- if ($postgres_password != undef) {
- # NOTE: this password-setting logic relies on the pg_hba.conf being configured
- # to allow the postgres system user to connect via psql without specifying
- # a password ('ident' or 'trust' security). This is the default
- # for pg_hba.conf.
- exec { 'set_postgres_postgrespw':
- # This command works w/no password because we run it as postgres system user
- command => "psql -c \"ALTER ROLE ${postgresql::params::user} PASSWORD '${postgres_password}'\"",
- user => $postgresql::params::user,
- group => $postgresql::params::group,
- logoutput => true,
- cwd => '/tmp',
- # With this command we're passing -h to force TCP authentication, which does require
- # a password. We specify the password via the PGPASSWORD environment variable. If
- # the password is correct (current), this command will exit with an exit code of 0,
- # which will prevent the main command from running.
- unless => "env PGPASSWORD=\"${postgres_password}\" psql -h localhost -c 'select 1' > /dev/null",
- path => '/usr/bin:/usr/local/bin:/bin',
- }
- }
-}