mod 'puppetlabs/stdlib', '4.6.0'
mod 'puppetlabs/concat', '1.2.2'
mod 'puppetlabs/rabbitmq', '5.2.1'
-mod 'puppetlabs/postgresql', '2.4.0'
+mod 'puppetlabs-postgresql', '5.1.0'
mod 'nanliu/staging', '1.0.3'
--- /dev/null
+## Supported Release 5.1.0
+### Summary
+This release includes Japanese translations for internationalization, Puppet 5 support, implementation of defined type postgresql::server::reassign_owned_by.
+
+#### Features
+- Updating translations for readmes/README_ja_JP.md
+- add defined type postgresql::server::reassign_owned_by
+- Allow order parameter to be string value
+- prep for puppet 5 ([MODULES-5144](https://tickets.puppetlabs.com/browse/MODULES-5144))
+- add data_checksums option to initdb
+- parameter ensure of custom resource postgresql_replication_slot is not documented ([MODULES-2989](https://tickets.puppetlabs.com/browse/MODULES-2989))
+
+#### Bug Fixes
+- Adding a space for header formatting
+- use https for apt.postgresql.org repo
+- msync puppet 5 and ruby 2.4 ([MODULES-5197](https://tickets.puppetlabs.com/browse/MODULES-5187))
+- Only run test on postgresql >= 9.0 ([FM-6240](https://tickets.puppetlabs.com/browse/FM-6240))
+- Fix Ruby 2.4 deprecation in postgresql_acls_to_resources_hash
+
+## Supported Release 5.0.0
+### Summary
+This **major** release dropped support for Puppet 3 and PostgreSQL 8.x, added Puppet 4 data types, and deprecated the validate_db_connection type.
+
+#### Added
+- `locales/` directory, .pot file, and i18n `config.yaml`. ([FM-6116](https://tickets.puppet.com/browse/FM-6116))
+- `update_password` parameter to toggle password management per role.
+- **Puppet 4** type validation.
+- new `postgresql_conn_validator` custom type and deprecated `validate_db_connection`. ([MODULES-1394](https://tickets.puppet.com/browse/MODULES-1394))
+
+#### Changed
+- default postgis versions in postgresql::globals to use newer versions.
+- puppetlabs-concat and puppetlabs-apt dependencies to use latest versions. ([MODULES-4906](https://tickets.puppet.com/browse/MODULES-4906), [MODULES-4947](https://tickets.puppet.com/browse/MODULES-4947))
+- default value for `log_line_prefix` to `undef`.
+- `listen_addresses` default value to 'localhost'. Allows for it to be set independently of a class declaration.
+- use of stdlib validate_* functions. They have been removed in favor of Puppet 4 type validation.
+- lower Puppet dependency in metadata to 4.7.0. ([MODULES-4826](https://tickets.puppet.com/browse/MODULES-4826))
+
+#### Fixed
+- deprecated apt::source parameters(`key`,`key_source`, & `include_src`).
+- default SUSE parameters. ([MODULES-4598](https://tickets.puppet.com/browse/MODULES-4598))
+- use of force parameter on concat resources.
+
+## Supported Release 4.9.0
+### Summary
+This release adds several types and, among other bugs, fixes an issue with the yum URL.
+
+#### Features
+- Modifying ownership of databases and schemas now available (MODULES-3247)
+- Use `module_workdir` to specify a custom directory in which to execute psql commands
+- `grant_role` and `grant` types added!
+- Support for parallel unit testing (parallel_tests)
+- Override download/installation repo URL with `repo_baseurl`
+- Set your timezone with `timezone`
+- Grant privileges on LANGUAGEs
+- Added support for Debian Stretch and Ubuntu Yakkety Yak
+
+#### Bugfixes
+- Usernames and passwords are now converted to strings before password hash is created
+- Specify default database name if it is not the username
+- Update to yum repo
+- Schema name conflicts fix
+
+## Supported Release 4.8.0
+### Summary
+This release primarily fixes an issue with `postgresql_conf` values of ipaddresses being considered floats and not getting quoted.
+
+#### Features
+- Add `default_connect_settings` parameter to `postgresql::server`
+- Running under strict variables is now supported
+- Add timestamps into logs by default
+
+#### Bugfixes
+- Obscure password in postgresql\_psql type
+- Fix ip address quoting in postgresql\_conf type
+- Fix handling of systemd service on Ubuntu
+- Mark log_min_duration_statement setting as requiring a service restart
+- Add fixes for Fedora 23, Fedora 24, FreeBSD, OpenBSD
+- Fix environment handling to avoid "Overriding environment setting" message
+- Work around PUP-6385, using empty arrays instead of undef when specifying resource relationships
+- README editorial pass
+- Reduce whitespace in templates
+- Update build/test infrastructure
+
+## Supported Release 4.7.1
+### Summary
+This release contains some bugfixes and documentation updates.
+
+#### Bugfixes
+- (MODULES-3024) Quote database objects when creating databases.
+- Properly escape case where password ends with '$'.
+- Fixes password change when postgres is configure to non-standard port.
+- Unpins concat dependency to be able to use concat 2.x.
+- Workaround to fix installing on Amazon Linux.
+- Fixes proper defaulting of `$service_provider` parameter.
+- Fixes postgres server init script naming on Amazon Linux.
+- Fixes service reload parameter on Arch Linux.
+- Adds missing onlyif_function to sequence grant code.
+- Fixes to the markdown of the README.
+
+## Supported Release 4.7.0
+### Summary
+A release with a considerable amount of new features, including remote db support and several platform support updates. Various bugfixes including several to address warnings and a sizable README update.
+
+#### Features
+- Remote DB support - Connection-settings allows a hash of options that can be used when connecting to a remote DB.
+- Debian 8 support.
+- Updated systemd-override to support fedora and CentOS paths.
+- Adds the ability to define the extension name separately from the title of the resource, which allows you to add the extension to more than one database.
+- Added parameter to disable automatic service restarts on config changes.
+- Ubuntu 15.10 compatibility.
+- OpenBSD version is now 9.4.
+- Added .gitattributes to maintain line endings for .sh and .rb files.
+- Adds default postgis version for 9.5.
+- Allows float postgresql_conf values.
+- Schedule apt update after install of repo.
+
+#### Bugfixes
+- Fixed systemd-override for RedHat systems with unmanaged Yum repos.
+- Removed inherits postgresql::params.
+- Multi-node tests are now not ran by default.
+- Change apt::pin to apt_postgresql_org to prevent error message.
+- Removed syntax error near UTF8.
+- Removal of extra blanks and backslashes in README.
+- Double quotes now used around database name to prevent syntax error.
+- Removes ruby 1.8.7 and puppet 2.7 from travis-ci jobs.
+- Fixed paths to work on Amazon Linux.
+- Fixed quotes around locale options.
+- Huge README update.
+- Update to use current msync configs.
+- Fixes postgresql::server acceptance test descriptions.
+
+## Supported Release 4.6.1
+###Summary
+
+Small release for support of newer PE versions. This increments the version of PE in the metadata.json file.
+
+## 2015-09-01 - Supported Release 4.6.0
+### Summary
+This release adds a proxy feature for yum, Postgis improvements, and decoupling pg_hba_rule from postgresql::server.
+
+#### Features
+- Support setting a proxy for yum operations
+- Allow for undefined PostGIS version
+- Decouple pg_hba_rule from postgresql::server
+
+#### Bugfixes
+- Fix postgis default package name on RedHat
+
+## 2015-07-27 - Supported Release 4.5.0
+### Summary
+This release adds sequence grants, some postgresql 9.4 fixes, and `onlyif` to
+the psql resource.
+
+### Features
+- Add `onlyif` parameter to `postgresql_psql`
+- Add unsupported compatibility with Ubuntu 15.04
+- Add unsupported compatibility with SLES 11/12 and OpenSuSE 13.2
+- Add `postgresql::server::grant::onlyif_exists` attribute
+- Add `postgresql::server::table_grant::onlyif_exists` attribute
+- Add granting permissions on sequences
+
+### Bugfixes
+- Added docs for `postgresql::server::grant`
+- Fix `pg_hba_conf_defaults => false` to not disable ipv4/ipv6 acls
+- Fix 9.4 for `postgresql::server::pg_hba_rule`
+
+## 2015-07-07 - Supported Release 4.4.2
+### Summary
+This release fixes a bug introduced in 4.4.0.
+
+#### Bugfixes
+- Fixes `withenv` execution under Puppet 2.7. (MODULES-2185)
+
+## 2015-07-01 - Supported Release 4.4.1
+### Summary
+This release fixes RHEL 7 & Fedora with manage_package_repo switched on.
+
+#### Bugfixes
+- Ensure manage_package_repo variable is in scope for systemd-override file for RHEL7
+
+## 2015-06-30 - Supported Release 4.4.0
+### Summary
+This release has several new features, bugfixes, and test improvements.
+
+#### Features
+- Adds a resource to manage recovery.conf.
+- Adds a parameter that allows the specification of a validate connection script in `postgresql::client`.
+- Adds support for plpython package management.
+- Adds support for postgresql-docs management.
+- Adds ability to make `postgresql::server::schema` titles unique. (MODULES-2049)
+- Updates puppetlabs-apt module dependency to support version 2.1.0.
+
+#### Bugfixes
+- Fix `postgresql_psql` parameter ordering to work on OpenBSD with Future Parser
+- Fix setting postgres role password (MODULES-1869)
+- Fix execution command with puppet <3.4 (MODULES-1923)
+- Fix Puppet.newtype deprecation warning (MODULES-2007)
+- Fix systemd override for manage_repo package versions
+- Fix Copy snakeoil certificate and key instead of symlinking
+
+#### Test Improvements
+- Allows setting BEAKER and BEAKER_RSPEC versions via environment variables.
+- Enables Unit testing on Travis CI with Puppet 4.
+- Cleans up spec_helper_acceptance.rb to use new puppet_install_helper gem.
+
+## 2015-03-24 - Supported Release 4.3.0
+### Summary
+This release fixes compatibility with Puppet 4 and removes opportunities for local users to view the postgresql password. It also adds a new custom resource to aid in managing replication.
+
+#### Features
+- Add `postgresql::server::logdir` parameter to manage the logdir
+- Add `environment` parameter to `postgresql_psql`
+- Add `postgresql_replication_slot` custom resource
+
+#### Bugfixes
+- Fix for Puppet 4
+- Don't print postgresql\_psql password in command
+- Allow `postgresql::validate_db_connection` for more than one host+port+database combo
+- Fix service command on Debian 8 and up
+- Fix `postgresql::server::extension` to work with custom user/group/port
+- Fix `postgresql::server::initdb` to work with custom user/group/port
+- Fix changing template1 encoding
+- Fix default `postgresql::server::grant::object_name` value
+- Fix idempotency of granting all tables in schema with `puppet::server::grant`
+- Fix lint warnings
+- Fix apt key to use 40 character key and bump puppetlabs-apt to >= 1.8.0 < 2.0.0
+
+
+##2015-03-10 - Supported Release 4.2.0
+###Summary
+
+This release has several new features including support for server extensions, improved grant support, and a number of bugfixes.
+
+####Features
+- Changes to support OpenBSD
+- Add `service_reload` parameter to `postgresql::server`
+- Add `comment` parameter to `postgresql::server::database` (MODULES-1153)
+- Add `postgresql::server::extension` defined type
+- Add postgresql versions for utopic and jessie
+- Update `postgresql::server::grant` to support 'GRANT SCHEMA' and 'ALL TABLES IN SCHEMA'
+
+####Bugfixes
+- Lint cleanup
+- Remove outdated upgrade info from README
+- Use correct TCP port when checking password
+- Create role before database
+- Fix template1 encoding on Debian
+- Require server package before user permissions
+- Fix `service_status` default for FreeBSD to allow PostgreSQL to start the first run
+- Fix invalid US-ASCII byte sequence in `postgresql::server::grant` comments
+- Reverted to default behavior for Debian systems as `pg_config` should not be overwritten (MODULES-1485)
+
+##2014-11-04 - Supported Release 4.1.0
+###Summary
+
+This release adds the ability to change the PGDATA directory, and also includes documentation and test updates, future parser support, and a few other new features.
+
+####Features
+- Future parser support
+- Documentation updates
+- Test updates
+- Add a link from `/etc/sysconfig/pgsql/postgresql-${version}` to `/etc/sysconfig/pgsql/postgresql` to support init scripts from the postgresql.org repo
+- Add support for changing the PGDATA directory
+- Set default versions for Fedora 21 and FreeBSD
+
+##2014-09-03 - Supported Release 4.0.0
+###Summary
+
+This release removes the uninstall ability from the module, removes the firewall
+management, overhauls all of the acceptance testing, as well as adds better
+support for SuSE and Fedora.
+
+###Backwards Incompatible changes.
+
+- Uninstall code removal.
+- Firewall management for Postgres.
+- Set manage_pg_ident_conf to true.
+
+####Uninstallation removal
+
+We rely heavily on the ability to uninstall and reinstall postgres throughout
+our testing code, testing features like "can I move from the distribution
+packages to the upstream packages through the module" and over time we've
+learnt that the uninstall code simply doesn't work a lot of the time. It
+leaves traces of postgres behind or fails to remove certain packages on Ubuntu,
+and generally causes bits to be left on your system that you didn't expect.
+
+When we then reinstall things fail because it's not a true clean slate, and
+this causes us enormous problems during test. We've spent weeks and months
+working on these tests and they simply don't hold up well across the full range
+of PE platforms.
+
+Due to all these problems we've decided to take a stance on uninstalling in
+general. We feel that in 2014 it's completely reasonable and normal to have a
+good provisioning pipeline combined with your configuration management and the
+"correct" way to uninstall a fully installed service like postgresql is to
+simply reprovision the server without it in the first place. As a general rule
+this is how I personally like to work and I think is a good practice.
+
+####I'm not OK with this!
+
+We understand that there are environments and situations in which it's not easy
+to do that. What if you accidently deployed Postgres on 100,000 nodes? In the
+future we're going to take a look at building some example 'profiles' to be
+found under examples/ within this module that can uninstall postgres on popular
+platforms. These can be modified and used in your specific case to uninstall
+postgresql. They will be much more brute force and reliant on deleting entire
+directories and require you to do more work up front in specifying where things
+are installed but we think it'll prove to be a much cleaner mechanism for this
+kind of thing rather than trying to weave it into the main module logic itself.
+
+####Features
+- Removal of uninstall.
+- Removal of firewall management.
+- Tests ported to rspec3.
+- Acceptance tests rewritten.
+- Add a defined type for creating database schemas.
+- Add a pg_ident_rule defined type.
+- Set manage_pg_ident_conf to true.
+- Manage pg_ident.conf by default.
+- Improve selinux support for tablespace.
+- Remove deprecation warnings.
+- Support changing PGDATA on RedHat.
+- Add SLES 11 support.
+
+####Bugfixes
+- Link pg_config binary into /usr/bin.
+- Fix fedora support by using systemd.
+- Initdb should create xlogdir if set.
+- Use a regular expression to match the major OS version on Ubuntu.
+
+##2014-07-31 - Supported Release 3.4.2
+###Summary
+
+This release fixes recent Fedora versions.
+
+####Features
+####Bugfixes
+- Fix Fedora.
+
+##2014-07-15 - Supported Release 3.4.1
+###Summary
+
+This release merely updates metadata.json so the module can be uninstalled and
+upgraded via the puppet module command.
+
+##2014-04-14 - Supported Release 3.4.0
+###Summary
+
+This feature rolls up several important features, the biggest being PostGIS
+handling and allowing `port` to be set on postgresql::server in order to
+change the port that Postgres listens on. We've added support for RHEL7
+and Ubuntu 14.04, as well as allowing you to manage the service via
+`service_ensure` finally.
+
+####Features
+- Added `perl_package_name` for installing bindings.
+- Added `service_ensure` for allowing control of services.
+- Added `postgis_version` and postgis class for installing postgis.
+- Added `port` for selecting the port Postgres runs on.
+- Add support for RHEL7 and Ubuntu 14.04.
+- Add `default_db` to postgresql::server::database.
+- Widen the selection of unquoted parameters in postgresql_conf{}
+- Require the service within postgresql::server::reload for RHEL7.
+- Add `inherit` to postgresql::server::role.
+
+####Bugfixes
+
+##2014-03-04 - Supported Release 3.3.3
+###Summary
+
+This is a supported release. This release removes a testing symlink that can
+cause trouble on systems where /var is on a seperate filesystem from the
+modulepath.
+
+####Features
+####Bugfixes
+####Known Bugs
+* SLES is not supported.
+
+##2014-03-04 - Supported Release 3.3.2
+###Summary
+This is a supported release. It fixes a problem with updating passwords on postgresql.org distributed versions of PostgreSQL.
+
+####Bugfixes
+- Correct psql path when setting password on custom versions.
+- Documentation updates
+- Test updates
+
+####Known Bugs
+* SLES is not supported.
+
+
+##2014-02-12 - Version 3.3.1
+####Bugfix:
+- Allow dynamic rubygems host
+
+
+##2014-01-28 - Version 3.3.0
+
+###Summary
+
+This release rolls up a bunch of bugfixes our users have found and fixed for
+us over the last few months. This improves things for 9.1 users, and makes
+this module usable on FreeBSD.
+
+This release is dedicated to 'bma', who's suffering with Puppet 3.4.1 issues
+thanks to Puppet::Util::SUIDManager.run_and_capture.
+
+####Features
+ - Add lc_ config entry settings
+ - Can pass template at database creation.
+ - Add FreeBSD support.
+ - Add support for customer `xlogdir` parameter.
+ - Switch tests from rspec-system to beaker. (This isn't really a feature)
+
+####Bugfixes
+ - Properly fix the deprecated Puppet::Util::SUIDManager.run_and_capture errors.
+ - Fix NOREPLICATION option for Postgres 9.1
+ - Wrong parameter name: manage_pg_conf -> manage_pg_hba_conf
+ - Add $postgresql::server::client_package_name, referred to by install.pp
+ - Add missing service_provider/service_name descriptions in ::globals.
+ - Fix several smaller typos/issues throughout.
+ - Exec['postgresql_initdb'] needs to be done after $datadir exists
+ - Prevent defined resources from floating in the catalog.
+ - Fix granting all privileges on a table.
+ - Add some missing privileges.
+ - Remove deprecated and unused concat::fragment parameters.
+
+
+##2013-11-05 - Version 3.2.0
+
+###Summary
+
+Add's support for Ubuntu 13.10 (and 14.04) as well as x, y, z.
+
+####Features
+- Add versions for Ubuntu 13.10 and 14.04.
+- Use default_database in validate_db_connection instead of a hardcoded
+'postgres'
+- Add globals/params layering for default_database.
+- Allow specification of default database name.
+
+####Bugs
+- Fixes to the README.
+
+
+##2013-10-25 - Version 3.1.0
+
+###Summary
+
+This is a minor feature and bug fix release.
+
+Firstly, the postgresql_psql type now includes a new parameter `search_path` which is equivalent to using `set search_path` which allows you to change the default schema search path.
+
+The default version of Fedora 17 has now been added, so that Fedora 17 users can enjoy the module.
+
+And finally we've extended the capabilities of the defined type postgresql::validate_db_connection so that now it can handle retrying and sleeping between retries. This feature has been monopolized to fix a bug we were seeing with startup race conditions, but it can also be used by remote systems to 'wait' for PostgreSQL to start before their Puppet run continues.
+
+####Features
+- Defined $default_version for Fedora 17 (Bret Comnes)
+- add search_path attribute to postgresql_psql resource (Jeremy Kitchen)
+- (GH-198) Add wait and retry capability to validate_db_connection (Ken Barber)
+
+####Bugs
+- enabling defined postgres user password without resetting on every puppet run (jonoterc)
+- periods are valid in configuration variables also (Jeremy Kitchen)
+- Add zero length string to join() function (Jarl Stefansson)
+- add require of install to reload class (cdenneen)
+- (GH-198) Fix race condition on postgresql startup (Ken Barber)
+- Remove concat::setup for include in preparation for the next concat release (Ken Barber)
+
+
+##2013-10-14 - Version 3.0.0
+
+Final release of 3.0, enjoy!
+
+
+##2013-10-14 - Version 3.0.0-rc3
+
+###Summary
+
+Add a parameter to unmanage pg_hba.conf to fix a regression from 2.5, as well
+as allowing owner to be passed into x.
+
+####Features
+- `manage_pg_hba_conf` parameter added to control pg_hba.conf management.
+- `owner` parameter added to server::db.
+
+
+##2013-10-09 - Version 3.0.0-rc2
+
+###Summary
+
+A few bugfixes have been found since -rc1.
+
+####Fixes
+- Special case for $datadir on Amazon
+- Fix documentation about username/password for the postgresql_hash function
+
+
+##2013-10-01 - Version 3.0.0-rc1
+
+###Summary
+
+Version 3 was a major rewrite to fix some internal dependency issues, and to
+make the new Public API more clear. As a consequence a lot of things have
+changed for version 3 and older revisions that we will try to outline here.
+
+(NOTE: The format of this CHANGELOG differs to normal in an attempt to
+explain the scope of changes)
+
+* Server specific objects now moved under `postgresql::server::` namespace:
+
+To restructure server specific elements under the `postgresql::server::`
+namespaces the following objects were renamed as such:
+
+`postgresql::database` -> `postgresql::server::database`
+`postgresql::database_grant` -> `postgresql::server::database_grant`
+`postgresql::db` -> `postgresql::server::db`
+`postgresql::grant` -> `postgresql::server::grant`
+`postgresql::pg_hba_rule` -> `postgresql::server::pg_hba_rule`
+`postgresql::plperl` -> `postgresql::server::plperl`
+`postgresql::contrib` -> `postgresql::server::contrib`
+`postgresql::role` -> `postgresql::server::role`
+`postgresql::table_grant` -> `postgresql::server::table_grant`
+`postgresql::tablespace` -> `postgresql::server::tablespace`
+
+* New `postgresql::server::config_entry` resource for managing configuration:
+
+Previously we used the `file_line` resource to modify `postgresql.conf`. This
+new revision now adds a new resource named `postgresql::server::config_entry`
+for managing this file. For example:
+
+```puppet
+ postgresql::server::config_entry { 'check_function_bodies':
+ value => 'off',
+ }
+```
+
+If you were using `file_line` for this purpose, you should change to this new
+methodology.
+
+* `postgresql_puppet_extras.conf` has been removed:
+
+Now that we have a methodology for managing `postgresql.conf`, and due to
+concerns over the file management methodology using an `exec { 'touch ...': }`
+as a way to create an empty file the existing postgresql\_puppet\_extras.conf
+file is no longer managed by this module.
+
+If you wish to recreate this methodology yourself, use this pattern:
+
+```puppet
+ class { 'postgresql::server': }
+
+ $extras = "/tmp/include.conf"
+
+ file { $extras:
+ content => 'max_connections = 123',
+ notify => Class['postgresql::server::service'],
+ }->
+ postgresql::server::config_entry { 'include':
+ value => $extras,
+ }
+```
+
+* All uses of the parameter `charset` changed to `encoding`:
+
+Since PostgreSQL uses the terminology `encoding` not `charset` the parameter
+has been made consisent across all classes and resources.
+
+* The `postgresql` base class is no longer how you set globals:
+
+The old global override pattern was less then optimal so it has been fixed,
+however we decided to demark this properly by specifying these overrides in
+the class `postgresql::global`. Consult the documentation for this class now
+to see what options are available.
+
+Also, some parameter elements have been moved between this and the
+`postgresql::server` class where it made sense.
+
+* `config_hash` parameter collapsed for the `postgresql::server` class:
+
+Because the `config_hash` was really passing data through to what was in
+effect an internal class (`postgresql::config`). And since we don't want this
+kind of internal exposure the parameters were collapsed up into the
+`postgresql::server` class directly.
+
+* Lots of changes to 'private' or 'undocumented' classes:
+
+If you were using these before, these have changed names. You should only use
+what is documented in this README.md, and if you don't have what you need you
+should raise a patch to add that feature to a public API. All internal classes
+now have a comment at the top indicating them as private to make sure the
+message is clear that they are not supported as Public API.
+
+* `pg_hba_conf_defaults` parameter included to turn off default pg\_hba rules:
+
+The defaults should be good enough for most cases (if not raise a bug) but if
+you simply need an escape hatch, this setting will turn off the defaults. If
+you want to do this, it may affect the rest of the module so make sure you
+replace the rules with something that continues operation.
+
+* `postgresql::database_user` has now been removed:
+
+Use `postgresql::server::role` instead.
+
+* `postgresql::psql` resource has now been removed:
+
+Use `postgresql_psql` instead. In the future we may recreate this as a wrapper
+to add extra capability, but it will not match the old behaviour.
+
+* `postgresql_default_version` fact has now been removed:
+
+It didn't make sense to have this logic in a fact any more, the logic has been
+moved into `postgresql::params`.
+
+* `ripienaar/concat` is no longer used, instead we use `puppetlabs/concat`:
+
+The older concat module is now deprecated and moved into the
+`puppetlabs/concat` namespace. Functionality is more or less identical, but
+you may need to intervene during the installing of this package - as both use
+the same `concat` namespace.
+
+---
+##2013-09-09 Release 2.5.0
+
+###Summary
+
+The focus of this release is primarily to capture the fixes done to the
+types and providers to make sure refreshonly works properly and to set
+the stage for the large scale refactoring work of 3.0.0.
+
+####Features
+
+
+####Bugfixes
+- Use boolean for refreshonly.
+- Fix postgresql::plperl documentation.
+- Add two missing parameters to config::beforeservice
+- Style fixes
+
+
+##2013-08-01 Release 2.4.1
+
+###Summary
+
+This minor bugfix release solves an idempotency issue when using plain text
+passwords for the password_hash parameter for the postgresql::role defined
+type. Without this, users would continually see resource changes everytime
+your run Puppet.
+
+####Bugfixes
+- Alter role call not idempotent with cleartext passwords (Ken Barber)
+
+
+##2013-07-19 Release 2.4.0
+
+###Summary
+
+This updates adds the ability to change permissions on tables, create template
+databases from normal databases, manage PL-Perl's postgres package, and
+disable the management of `pg_hba.conf`.
+
+####Features
+- Add `postgresql::table_grant` defined resource
+- Add `postgresql::plperl` class
+- Add `manage_pg_hba_conf` parameter to the `postgresql::config` class
+- Add `istemplate` parameter to the `postgresql::database` define
+
+####Bugfixes
+- Update `postgresql::role` class to be able to update roles when modified
+instead of only on creation.
+- Update tests
+- Fix documentation of `postgresql::database_grant`
+
+
+##2.3.0
+
+This feature release includes the following changes:
+
+* Add a new parameter `owner` to the `database` type. This can be used to
+ grant ownership of a new database to a specific user. (Bruno Harbulot)
+* Add support for operating systems other than Debian/RedHat, as long as the
+ user supplies custom values for all of the required paths, package names, etc.
+ (Chris Price)
+* Improved integration testing (Ken Barber)
+
+
+##2.2.1
+
+This release fixes a bug whereby one of our shell commands (psql) were not ran from a globally accessible directory. This was causing permission denied errors when the command attempted to change user without changing directory.
+
+Users of previous versions might have seen this error:
+
+ Error: Error executing SQL; psql returned 256: 'could not change directory to "/root"
+
+This patch should correct that.
+
+#### Detail Changes
+
+* Set /tmp as default CWD for postgresql_psql
+
+
+##2.2.0
+
+This feature release introduces a number of new features and bug fixes.
+
+First of all it includes a new class named `postgresql::python` which provides you with a convenient way of install the python Postgresql client libraries.
+
+ class { 'postgresql::python':
+ }
+
+You are now able to use `postgresql::database_user` without having to specify a password_hash, useful for different authentication mechanisms that do not need passwords (ie. cert, local etc.).
+
+We've also provided a lot more advanced custom parameters now for greater control of your Postgresql installation. Consult the class documentation for PuppetDB in the README.
+
+This release in particular has largely been contributed by the community members below, a big thanks to one and all.
+
+#### Detailed Changes
+
+* Add support for psycopg installation (Flaper Fesp and Dan Prince)
+* Added default PostgreSQL version for Ubuntu 13.04 (Kamil Szymanski)
+* Add ability to create users without a password (Bruno Harbulot)
+* Three Puppet 2.6 fixes (Dominic Cleal)
+* Add explicit call to concat::setup when creating concat file (Dominic Cleal)
+* Fix readme typo (Jordi Boggiano)
+* Update postgres_default_version for Ubuntu (Kamil Szymanski)
+* Allow to set connection for noew role (Kamil Szymanski)
+* Fix pg_hba_rule for postgres local access (Kamil Szymanski)
+* Fix versions for travis-ci (Ken Barber)
+* Add replication support (Jordi Boggiano)
+* Cleaned up and added unit tests (Ken Barber)
+* Generalization to provide more flexability in postgresql configuration (Karel Brezina)
+* Create dependent directory for sudoers so tests work on Centos 5 (Ken Barber)
+* Allow SQL commands to be run against a specific DB (Carlos Villela)
+* Drop trailing comma to support Puppet 2.6 (Michael Arnold)
+
+
+##2.1.1
+
+
+This release provides a bug fix for RHEL 5 and Centos 5 systems, or specifically systems using PostgreSQL 8.1 or older. On those systems one would have received the error:
+
+ Error: Could not start Service[postgresqld]: Execution of ‘/sbin/service postgresql start’ returned 1:
+
+And the postgresql log entry:
+
+ FATAL: unrecognized configuration parameter "include"
+
+This bug is due to a new feature we had added in 2.1.0, whereby the `include` directive in `postgresql.conf` was not compatible. As a work-around we have added checks in our code to make sure systems running PostgreSQL 8.1 or older do not have this directive added.
+
+#### Detailed Changes
+
+2013-01-21 - Ken Barber <ken@bob.sh>
+* Only install `include` directive and included file on PostgreSQL >= 8.2
+* Add system tests for Centos 5
+
+
+##2.1.0
+
+This release is primarily a feature release, introducing some new helpful constructs to the module.
+
+For starters, we've added the line `include 'postgresql_conf_extras.conf'` by default so extra parameters not managed by the module can be added by other tooling or by Puppet itself. This provides a useful escape-hatch for managing settings that are not currently managed by the module today.
+
+We've added a new defined resource for managing your tablespace, so you can now create new tablespaces using the syntax:
+
+ postgresql::tablespace { 'dbspace':
+ location => '/srv/dbspace',
+ }
+
+We've added a locale parameter to the `postgresql` class, to provide a default. Also the parameter has been added to the `postgresql::database` and `postgresql::db` defined resources for changing the locale per database:
+
+ postgresql::db { 'mydatabase':
+ user => 'myuser',
+ password => 'mypassword',
+ encoding => 'UTF8',
+ locale => 'en_NG',
+ }
+
+There is a new class for installing the necessary packages to provide the PostgreSQL JDBC client jars:
+
+ class { 'postgresql::java': }
+
+And we have a brand new defined resource for managing fine-grained rule sets within your pg_hba.conf access lists:
+
+ postgresql::pg_hba { 'Open up postgresql for access from 200.1.2.0/24':
+ type => 'host',
+ database => 'app',
+ user => 'app',
+ address => '200.1.2.0/24',
+ auth_method => 'md5',
+ }
+
+Finally, we've also added Travis-CI support and unit tests to help us iterate faster with tests to reduce regression. The current URL for these tests is here: https://travis-ci.org/puppetlabs/puppet-postgresql. Instructions on how to run the unit tests available are provided in the README for the module.
+
+A big thanks to all those listed below who made this feature release possible :-).
+
+#### Detailed Changes
+
+2013-01-18 - Simão Fontes <simaofontes@gmail.com> & Flaper Fesp <flaper87@gmail.com>
+* Remove trailing commas from params.pp property definition for Puppet 2.6.0 compatibility
+
+2013-01-18 - Lauren Rother <lauren.rother@puppetlabs.com>
+* Updated README.md to conform with best practices template
+
+2013-01-09 - Adrien Thebo <git@somethingsinistral.net>
+* Update postgresql_default_version to 9.1 for Debian 7.0
+
+2013-01-28 - Karel Brezina <karel.brezina@gmail.com>
+* Add support for tablespaces
+
+2013-01-16 - Chris Price <chris@puppetlabs.com> & Karel Brezina <karel.brezina@gmail.com>
+* Provide support for an 'include' config file 'postgresql_conf_extras.conf' that users can modify manually or outside of the module.
+
+2013-01-31 - jv <jeff@jeffvier.com>
+* Fix typo in README.pp for postgresql::db example
+
+2013-02-03 - Ken Barber <ken@bob.sh>
+* Add unit tests and travis-ci support
+
+2013-02-02 - Ken Barber <ken@bob.sh>
+* Add locale parameter support to the 'postgresql' class
+
+2013-01-21 - Michael Arnold <github@razorsedge.org>
+* Add a class for install the packages containing the PostgreSQL JDBC jar
+
+2013-02-06 - fhrbek <filip.hbrek@gmail.com>
+* Coding style fixes to reduce warnings in puppet-lint and Geppetto
+
+2013-02-10 - Ken Barber <ken@bob.sh>
+* Provide new defined resource for managing pg_hba.conf
+
+2013-02-11 - Ken Barber <ken@bob.sh>
+* Fix bug with reload of Postgresql on Redhat/Centos
+
+2013-02-15 - Erik Dalén <dalen@spotify.com>
+* Fix more style issues to reduce warnings in puppet-lint and Geppetto
+
+2013-02-15 - Erik Dalén <dalen@spotify.com>
+* Fix case whereby we were modifying a hash after creation
+
+
+##2.0.1
+
+Minor bugfix release.
+
+2013-01-16 - Chris Price <chris@puppetlabs.com>
+ * Fix revoke command in database.pp to support postgres 8.1 (43ded42)
+
+2013-01-15 - Jordi Boggiano <j.boggiano@seld.be>
+ * Add support for ubuntu 12.10 status (3504405)
+
+##2.0.0
+
+Many thanks to the following people who contributed patches to this
+release:
+
+* Adrien Thebo
+* Albert Koch
+* Andreas Ntaflos
+* Brett Porter
+* Chris Price
+* dharwood
+* Etienne Pelletier
+* Florin Broasca
+* Henrik
+* Hunter Haugen
+* Jari Bakken
+* Jordi Boggiano
+* Ken Barber
+* nzakaria
+* Richard Arends
+* Spenser Gilliland
+* stormcrow
+* William Van Hevelingen
+
+Notable features:
+
+ * Add support for versions of postgres other than the system default version
+ (which varies depending on OS distro). This includes optional support for
+ automatically managing the package repo for the "official" postgres yum/apt
+ repos. (Major thanks to Etienne Pelletier <epelletier@maestrodev.com> and
+ Ken Barber <ken@bob.sh> for their tireless efforts and patience on this
+ feature set!) For example usage see `tests/official-postgresql-repos.pp`.
+
+ * Add some support for Debian Wheezy and Ubuntu Quantal
+
+ * Add new `postgres_psql` type with a Ruby provider, to replace the old
+ exec-based `psql` type. This gives us much more flexibility around
+ executing SQL statements and controlling their logging / reports output.
+
+ * Major refactor of the "spec" tests--which are actually more like
+ acceptance tests. We now support testing against multiple OS distros
+ via vagrant, and the framework is in place to allow us to very easily add
+ more distros. Currently testing against Cent6 and Ubuntu 10.04.
+
+ * Fixed a bug that was preventing multiple databases from being owned by the
+ same user
+ (9adcd182f820101f5e4891b9f2ff6278dfad495c - Etienne Pelletier <epelletier@maestrodev.com>)
+
+ * Add support for ACLs for finer-grained control of user/interface access
+ (b8389d19ad78b4fb66024897097b4ed7db241930 - dharwood <harwoodd@cat.pdx.edu>)
+
+ * Many other bug fixes and improvements!
+
+---
+##1.0.0
+
+2012-09-17 - Version 0.3.0 released
+
+2012-09-14 - Chris Price <chris@puppetlabs.com>
+ * Add a type for validating a postgres connection (ce4a049)
+
+2012-08-25 - Jari Bakken <jari.bakken@gmail.com>
+ * Remove trailing commas. (e6af5e5)
+
+2012-08-16 - Version 0.2.0 released
--- /dev/null
+Checklist (and a short version for the impatient)
+=================================================
+
+ * Commits:
+
+ - Make commits of logical units.
+
+ - Check for unnecessary whitespace with "git diff --check" before
+ committing.
+
+ - Commit using Unix line endings (check the settings around "crlf" in
+ git-config(1)).
+
+ - Do not check in commented out code or unneeded files.
+
+ - The first line of the commit message should be a short
+ description (50 characters is the soft limit, excluding ticket
+ number(s)), and should skip the full stop.
+
+ - Associate the issue in the message. The first line should include
+ the issue number in the form "(#XXXX) Rest of message".
+
+ - The body should provide a meaningful commit message, which:
+
+ - uses the imperative, present tense: "change", not "changed" or
+ "changes".
+
+ - includes motivation for the change, and contrasts its
+ implementation with the previous behavior.
+
+ - Make sure that you have tests for the bug you are fixing, or
+ feature you are adding.
+
+ - Make sure the test suites passes after your commit:
+ `bundle exec rspec spec/acceptance` More information on [testing](#Testing) below
+
+ - When introducing a new feature, make sure it is properly
+ documented in the README.md
+
+ * Submission:
+
+ * Pre-requisites:
+
+ - Make sure you have a [GitHub account](https://github.com/join)
+
+ - [Create a ticket](https://tickets.puppet.com/secure/CreateIssue!default.jspa), or [watch the ticket](https://tickets.puppet.com/browse/) you are patching for.
+
+ * Preferred method:
+
+ - Fork the repository on GitHub.
+
+ - Push your changes to a topic branch in your fork of the
+ repository. (the format ticket/1234-short_description_of_change is
+ usually preferred for this project).
+
+ - Submit a pull request to the repository in the puppetlabs
+ organization.
+
+The long version
+================
+
+ 1. Make separate commits for logically separate changes.
+
+ Please break your commits down into logically consistent units
+ which include new or changed tests relevant to the rest of the
+ change. The goal of doing this is to make the diff easier to
+ read for whoever is reviewing your code. In general, the easier
+ your diff is to read, the more likely someone will be happy to
+ review it and get it into the code base.
+
+ If you are going to refactor a piece of code, please do so as a
+ separate commit from your feature or bug fix changes.
+
+ We also really appreciate changes that include tests to make
+ sure the bug is not re-introduced, and that the feature is not
+ accidentally broken.
+
+ Describe the technical detail of the change(s). If your
+ description starts to get too long, that is a good sign that you
+ probably need to split up your commit into more finely grained
+ pieces.
+
+ Commits which plainly describe the things which help
+ reviewers check the patch and future developers understand the
+ code are much more likely to be merged in with a minimum of
+ bike-shedding or requested changes. Ideally, the commit message
+ would include information, and be in a form suitable for
+ inclusion in the release notes for the version of Puppet that
+ includes them.
+
+ Please also check that you are not introducing any trailing
+ whitespace or other "whitespace errors". You can do this by
+ running "git diff --check" on your changes before you commit.
+
+ 2. Sending your patches
+
+ To submit your changes via a GitHub pull request, we _highly_
+ recommend that you have them on a topic branch, instead of
+ directly on "master".
+ It makes things much easier to keep track of, especially if
+ you decide to work on another thing before your first change
+ is merged in.
+
+ GitHub has some pretty good
+ [general documentation](http://help.github.com/) on using
+ their site. They also have documentation on
+ [creating pull requests](http://help.github.com/send-pull-requests/).
+
+ In general, after pushing your topic branch up to your
+ repository on GitHub, you can switch to the branch in the
+ GitHub UI and click "Pull Request" towards the top of the page
+ in order to open a pull request.
+
+
+ 3. Update the related GitHub issue.
+
+ If there is a GitHub issue associated with the change you
+ submitted, then you should update the ticket to include the
+ location of your branch, along with any other commentary you
+ may wish to make.
+
+Testing
+=======
+
+Getting Started
+---------------
+
+Our puppet modules provide [`Gemfile`](./Gemfile)s which can tell a ruby
+package manager such as [bundler](http://bundler.io/) what Ruby packages,
+or Gems, are required to build, develop, and test this software.
+
+Please make sure you have [bundler installed](http://bundler.io/#getting-started)
+on your system, then use it to install all dependencies needed for this project,
+by running
+
+```shell
+% bundle install
+Fetching gem metadata from https://rubygems.org/........
+Fetching gem metadata from https://rubygems.org/..
+Using rake (10.1.0)
+Using builder (3.2.2)
+-- 8><-- many more --><8 --
+Using rspec-system-puppet (2.2.0)
+Using serverspec (0.6.3)
+Using rspec-system-serverspec (1.0.0)
+Using bundler (1.3.5)
+Your bundle is complete!
+Use `bundle show [gemname]` to see where a bundled gem is installed.
+```
+
+NOTE some systems may require you to run this command with sudo.
+
+If you already have those gems installed, make sure they are up-to-date:
+
+```shell
+% bundle update
+```
+
+With all dependencies in place and up-to-date we can now run the tests:
+
+```shell
+% bundle exec rake spec
+```
+
+This will execute all the [rspec tests](http://rspec-puppet.com/) tests
+under [spec/defines](./spec/defines), [spec/classes](./spec/classes),
+and so on. rspec tests may have the same kind of dependencies as the
+module they are testing. While the module defines in its [Modulefile](./Modulefile),
+rspec tests define them in [.fixtures.yml](./fixtures.yml).
+
+Some puppet modules also come with [beaker](https://github.com/puppetlabs/beaker)
+tests. These tests spin up a virtual machine under
+[VirtualBox](https://www.virtualbox.org/)) with, controlling it with
+[Vagrant](http://www.vagrantup.com/) to actually simulate scripted test
+scenarios. In order to run these, you will need both of those tools
+installed on your system.
+
+You can run them by issuing the following command
+
+```shell
+% bundle exec rake spec_clean
+% bundle exec rspec spec/acceptance
+```
+
+This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml),
+install puppet, copy this module and install its dependencies per [spec/spec_helper_acceptance.rb](./spec/spec_helper_acceptance.rb)
+and then run all the tests under [spec/acceptance](./spec/acceptance).
+
+Writing Tests
+-------------
+
+XXX getting started writing tests.
+
+If you have commit access to the repository
+===========================================
+
+Even if you have commit access to the repository, you will still need to
+go through the process above, and have someone else review and merge
+in your changes. The rule is that all changes must be reviewed by a
+developer on the project (that did not write the code) to ensure that
+all changes go through a code review process.
+
+Having someone other than the author of the topic branch recorded as
+performing the merge is the record that they performed the code
+review.
+
+
+Additional Resources
+====================
+
+* [Getting additional help](http://puppet.com/community/get-help)
+
+* [Writing tests](https://docs.puppet.com/guides/module_guides/bgtm.html#step-three-module-testing)
+
+* [General GitHub documentation](http://help.github.com/)
+
+* [GitHub pull request documentation](http://help.github.com/send-pull-requests/)
+++ /dev/null
-2013-07-19 Release 2.4.0
-========================
-
-Summary
--------
-This updates adds the ability to change permissions on tables, create template
-databases from normal databases, manage PL-Perl's postgres package, and
-disable the management of `pg_hba.conf`.
-
-Features
---------
-- Add `postgresql::table_grant` defined resource
-- Add `postgresql::plperl` class
-- Add `manage_pg_hba_conf` parameter to the `postgresql::config` class
-- Add `istemplate` parameter to the `postgresql::database` define
-
-Bugfixes
---------
-- Update `postgresql::role` class to be able to update roles when modified
-instead of only on creation.
-- Update tests
-- Fix documentation of `postgresql::database_grant`
-
-2.3.0
-=====
-
-This feature release includes the following changes:
-
-* Add a new parameter `owner` to the `database` type. This can be used to
- grant ownership of a new database to a specific user. (Bruno Harbulot)
-* Add support for operating systems other than Debian/RedHat, as long as the
- user supplies custom values for all of the required paths, package names, etc.
- (Chris Price)
-* Improved integration testing (Ken Barber)
-
-2.2.1
-=====
-
-This release fixes a bug whereby one of our shell commands (psql) were not ran from a globally accessible directory. This was causing permission denied errors when the command attempted to change user without changing directory.
-
-Users of previous versions might have seen this error:
-
- Error: Error executing SQL; psql returned 256: 'could not change directory to "/root"
-
-This patch should correct that.
-
-#### Detail Changes
-
-* Set /tmp as default CWD for postgresql_psql
-
-2.2.0
-=====
-
-This feature release introduces a number of new features and bug fixes.
-
-First of all it includes a new class named `postgresql::python` which provides you with a convenient way of install the python Postgresql client libraries.
-
- class { 'postgresql::python':
- }
-
-You are now able to use `postgresql::database_user` without having to specify a password_hash, useful for different authentication mechanisms that do not need passwords (ie. cert, local etc.).
-
-We've also provided a lot more advanced custom parameters now for greater control of your Postgresql installation. Consult the class documentation for PuppetDB in the README.
-
-This release in particular has largely been contributed by the community members below, a big thanks to one and all.
-
-#### Detailed Changes
-
-* Add support for psycopg installation (Flaper Fesp and Dan Prince)
-* Added default PostgreSQL version for Ubuntu 13.04 (Kamil Szymanski)
-* Add ability to create users without a password (Bruno Harbulot)
-* Three Puppet 2.6 fixes (Dominic Cleal)
-* Add explicit call to concat::setup when creating concat file (Dominic Cleal)
-* Fix readme typo (Jordi Boggiano)
-* Update postgres_default_version for Ubuntu (Kamil Szymanski)
-* Allow to set connection for noew role (Kamil Szymanski)
-* Fix pg_hba_rule for postgres local access (Kamil Szymanski)
-* Fix versions for travis-ci (Ken Barber)
-* Add replication support (Jordi Boggiano)
-* Cleaned up and added unit tests (Ken Barber)
-* Generalization to provide more flexability in postgresql configuration (Karel Brezina)
-* Create dependent directory for sudoers so tests work on Centos 5 (Ken Barber)
-* Allow SQL commands to be run against a specific DB (Carlos Villela)
-* Drop trailing comma to support Puppet 2.6 (Michael Arnold)
-
-2.1.1
-=====
-
-This release provides a bug fix for RHEL 5 and Centos 5 systems, or specifically systems using PostgreSQL 8.1 or older. On those systems one would have received the error:
-
- Error: Could not start Service[postgresqld]: Execution of ‘/sbin/service postgresql start’ returned 1:
-
-And the postgresql log entry:
-
- FATAL: unrecognized configuration parameter "include"
-
-This bug is due to a new feature we had added in 2.1.0, whereby the `include` directive in `postgresql.conf` was not compatible. As a work-around we have added checks in our code to make sure systems running PostgreSQL 8.1 or older do not have this directive added.
-
-#### Detailed Changes
-
-2013-01-21 - Ken Barber <ken@bob.sh>
-* Only install `include` directive and included file on PostgreSQL >= 8.2
-* Add system tests for Centos 5
-
-2.1.0
-=====
-
-This release is primarily a feature release, introducing some new helpful constructs to the module.
-
-For starters, we've added the line `include 'postgresql_conf_extras.conf'` by default so extra parameters not managed by the module can be added by other tooling or by Puppet itself. This provides a useful escape-hatch for managing settings that are not currently managed by the module today.
-
-We've added a new defined resource for managing your tablespace, so you can now create new tablespaces using the syntax:
-
- postgresql::tablespace { 'dbspace':
- location => '/srv/dbspace',
- }
-
-We've added a locale parameter to the `postgresql` class, to provide a default. Also the parameter has been added to the `postgresql::database` and `postgresql::db` defined resources for changing the locale per database:
-
- postgresql::db { 'mydatabase':
- user => 'myuser',
- password => 'mypassword',
- encoding => 'UTF8',
- locale => 'en_NG',
- }
-
-There is a new class for installing the necessary packages to provide the PostgreSQL JDBC client jars:
-
- class { 'postgresql::java': }
-
-And we have a brand new defined resource for managing fine-grained rule sets within your pg_hba.conf access lists:
-
- postgresql::pg_hba { 'Open up postgresql for access from 200.1.2.0/24':
- type => 'host',
- database => 'app',
- user => 'app',
- address => '200.1.2.0/24',
- auth_method => 'md5',
- }
-
-Finally, we've also added Travis-CI support and unit tests to help us iterate faster with tests to reduce regression. The current URL for these tests is here: https://travis-ci.org/puppetlabs/puppet-postgresql. Instructions on how to run the unit tests available are provided in the README for the module.
-
-A big thanks to all those listed below who made this feature release possible :-).
-
-#### Detailed Changes
-
-2013-01-18 - Simão Fontes <simaofontes@gmail.com> & Flaper Fesp <flaper87@gmail.com>
-* Remove trailing commas from params.pp property definition for Puppet 2.6.0 compatibility
-
-2013-01-18 - Lauren Rother <lauren.rother@puppetlabs.com>
-* Updated README.md to conform with best practices template
-
-2013-01-09 - Adrien Thebo <git@somethingsinistral.net>
-* Update postgresql_default_version to 9.1 for Debian 7.0
-
-2013-01-28 - Karel Brezina <karel.brezina@gmail.com>
-* Add support for tablespaces
-
-2013-01-16 - Chris Price <chris@puppetlabs.com> & Karel Brezina <karel.brezina@gmail.com>
-* Provide support for an 'include' config file 'postgresql_conf_extras.conf' that users can modify manually or outside of the module.
-
-2013-01-31 - jv <jeff@jeffvier.com>
-* Fix typo in README.pp for postgresql::db example
-
-2013-02-03 - Ken Barber <ken@bob.sh>
-* Add unit tests and travis-ci support
-
-2013-02-02 - Ken Barber <ken@bob.sh>
-* Add locale parameter support to the 'postgresql' class
-
-2013-01-21 - Michael Arnold <github@razorsedge.org>
-* Add a class for install the packages containing the PostgreSQL JDBC jar
-
-2013-02-06 - fhrbek <filip.hbrek@gmail.com>
-* Coding style fixes to reduce warnings in puppet-lint and Geppetto
-
-2013-02-10 - Ken Barber <ken@bob.sh>
-* Provide new defined resource for managing pg_hba.conf
-
-2013-02-11 - Ken Barber <ken@bob.sh>
-* Fix bug with reload of Postgresql on Redhat/Centos
-
-2013-02-15 - Erik Dalén <dalen@spotify.com>
-* Fix more style issues to reduce warnings in puppet-lint and Geppetto
-
-2013-02-15 - Erik Dalén <dalen@spotify.com>
-* Fix case whereby we were modifying a hash after creation
-
-2.0.1
-=====
-
-Minor bugfix release.
-
-2013-01-16 - Chris Price <chris@puppetlabs.com>
- * Fix revoke command in database.pp to support postgres 8.1 (43ded42)
-
-2013-01-15 - Jordi Boggiano <j.boggiano@seld.be>
- * Add support for ubuntu 12.10 status (3504405)
-
-2.0.0
-=====
-
-Many thanks to the following people who contributed patches to this
-release:
-
-* Adrien Thebo
-* Albert Koch
-* Andreas Ntaflos
-* Brett Porter
-* Chris Price
-* dharwood
-* Etienne Pelletier
-* Florin Broasca
-* Henrik
-* Hunter Haugen
-* Jari Bakken
-* Jordi Boggiano
-* Ken Barber
-* nzakaria
-* Richard Arends
-* Spenser Gilliland
-* stormcrow
-* William Van Hevelingen
-
-Notable features:
-
- * Add support for versions of postgres other than the system default version
- (which varies depending on OS distro). This includes optional support for
- automatically managing the package repo for the "official" postgres yum/apt
- repos. (Major thanks to Etienne Pelletier <epelletier@maestrodev.com> and
- Ken Barber <ken@bob.sh> for their tireless efforts and patience on this
- feature set!) For example usage see `tests/official-postgresql-repos.pp`.
-
- * Add some support for Debian Wheezy and Ubuntu Quantal
-
- * Add new `postgres_psql` type with a Ruby provider, to replace the old
- exec-based `psql` type. This gives us much more flexibility around
- executing SQL statements and controlling their logging / reports output.
-
- * Major refactor of the "spec" tests--which are actually more like
- acceptance tests. We now support testing against multiple OS distros
- via vagrant, and the framework is in place to allow us to very easily add
- more distros. Currently testing against Cent6 and Ubuntu 10.04.
-
- * Fixed a bug that was preventing multiple databases from being owned by the
- same user
- (9adcd182f820101f5e4891b9f2ff6278dfad495c - Etienne Pelletier <epelletier@maestrodev.com>)
-
- * Add support for ACLs for finer-grained control of user/interface access
- (b8389d19ad78b4fb66024897097b4ed7db241930 - dharwood <harwoodd@cat.pdx.edu>)
-
- * Many other bug fixes and improvements!
-
-
-1.0.0
-=====
-2012-09-17 - Version 0.3.0 released
-
-2012-09-14 - Chris Price <chris@puppetlabs.com>
- * Add a type for validating a postgres connection (ce4a049)
-
-2012-08-25 - Jari Bakken <jari.bakken@gmail.com>
- * Remove trailing commas. (e6af5e5)
-
-2012-08-16 - Version 0.2.0 released
-source 'https://rubygems.org'
-
-group :development, :test do
- gem 'rake'
- gem 'puppetlabs_spec_helper', :require => false
- gem 'rspec-system-puppet', '~>1.0'
- gem 'rspec-system', '>=1.2.1'
- gem 'puppet-lint', '~> 0.3.2'
+#This file is generated by ModuleSync, do not edit.
+
+source ENV['GEM_SOURCE'] || "https://rubygems.org"
+
+# Determines what type of gem is requested based on place_or_version.
+def gem_type(place_or_version)
+ if place_or_version =~ /^git:/
+ :git
+ elsif place_or_version =~ /^file:/
+ :file
+ else
+ :gem
+ end
+end
+
+# Find a location or specific version for a gem. place_or_version can be a
+# version, which is most often used. It can also be git, which is specified as
+# `git://somewhere.git#branch`. You can also use a file source location, which
+# is specified as `file://some/location/on/disk`.
+def location_for(place_or_version, fake_version = nil)
+ if place_or_version =~ /^(git[:@][^#]*)#(.*)/
+ [fake_version, { :git => $1, :branch => $2, :require => false }].compact
+ elsif place_or_version =~ /^file:\/\/(.*)/
+ ['>= 0', { :path => File.expand_path($1), :require => false }]
+ else
+ [place_or_version, { :require => false }]
+ end
+end
+
+# Used for gem conditionals
+supports_windows = false
+ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments
+minor_version = "#{ruby_version_segments[0]}.#{ruby_version_segments[1]}"
+
+group :development do
+ gem "puppet-module-posix-default-r#{minor_version}", :require => false, :platforms => "ruby"
+ gem "puppet-module-win-default-r#{minor_version}", :require => false, :platforms => ["mswin", "mingw", "x64_mingw"]
+ gem "puppet-module-posix-dev-r#{minor_version}", :require => false, :platforms => "ruby"
+ gem "puppet-module-win-dev-r#{minor_version}", :require => false, :platforms => ["mswin", "mingw", "x64_mingw"]
+ gem "json_pure", '<= 2.0.1', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0')
+ gem "fast_gettext", '1.1.0', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0')
+ gem "fast_gettext", :require => false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0')
+end
+
+group :system_tests do
+ gem "puppet-module-posix-system-r#{minor_version}", :require => false, :platforms => "ruby"
+ gem "puppet-module-win-system-r#{minor_version}", :require => false, :platforms => ["mswin", "mingw", "x64_mingw"]
+ gem "beaker", *location_for(ENV['BEAKER_VERSION'] || '>= 3')
+ gem "beaker-pe", :require => false
+ gem "beaker-rspec", *location_for(ENV['BEAKER_RSPEC_VERSION'])
+ gem "beaker-hostgenerator", *location_for(ENV['BEAKER_HOSTGENERATOR_VERSION'])
+ gem "beaker-abs", *location_for(ENV['BEAKER_ABS_VERSION'] || '~> 0.1')
+end
+
+gem 'puppet', *location_for(ENV['PUPPET_GEM_VERSION'])
+
+# Only explicitly specify Facter/Hiera if a version has been specified.
+# Otherwise it can lead to strange bundler behavior. If you are seeing weird
+# gem resolution behavior, try setting `DEBUG_RESOLVER` environment variable
+# to `1` and then run bundle install.
+gem 'facter', *location_for(ENV['FACTER_GEM_VERSION']) if ENV['FACTER_GEM_VERSION']
+gem 'hiera', *location_for(ENV['HIERA_GEM_VERSION']) if ENV['HIERA_GEM_VERSION']
+
+
+# Evaluate Gemfile.local if it exists
+if File.exists? "#{__FILE__}.local"
+ eval(File.read("#{__FILE__}.local"), binding)
end
-if puppetversion = ENV['PUPPET_GEM_VERSION']
- gem 'puppet', puppetversion, :require => false
-else
- gem 'puppet', :require => false
+# Evaluate ~/.gemfile if it exists
+if File.exists?(File.join(Dir.home, '.gemfile'))
+ eval(File.read(File.join(Dir.home, '.gemfile')), binding)
end
# vim:ft=ruby
+++ /dev/null
-GEM
- remote: https://rubygems.org/
- specs:
- builder (3.2.2)
- diff-lcs (1.2.4)
- facter (1.7.2)
- hiera (1.2.1)
- json_pure
- json_pure (1.8.0)
- kwalify (0.7.2)
- metaclass (0.0.1)
- mocha (0.14.0)
- metaclass (~> 0.0.1)
- net-scp (1.1.2)
- net-ssh (>= 2.6.5)
- net-ssh (2.6.8)
- nokogiri (1.5.10)
- puppet (3.2.3)
- facter (~> 1.6)
- hiera (~> 1.0)
- rgen (~> 0.6.5)
- puppet-lint (0.3.2)
- puppetlabs_spec_helper (0.4.1)
- mocha (>= 0.10.5)
- rake
- rspec (>= 2.9.0)
- rspec-puppet (>= 0.1.1)
- rake (10.1.0)
- rbvmomi (1.6.0)
- builder
- nokogiri (>= 1.4.1)
- trollop
- rgen (0.6.5)
- rspec (2.14.1)
- rspec-core (~> 2.14.0)
- rspec-expectations (~> 2.14.0)
- rspec-mocks (~> 2.14.0)
- rspec-core (2.14.4)
- rspec-expectations (2.14.0)
- diff-lcs (>= 1.1.3, < 2.0)
- rspec-mocks (2.14.1)
- rspec-puppet (0.1.6)
- rspec
- rspec-system (1.7.1)
- kwalify (~> 0.7.2)
- net-scp (~> 1.1)
- net-ssh (~> 2.6)
- nokogiri (~> 1.5.9)
- rbvmomi (~> 1.6)
- rspec (~> 2.13)
- systemu (~> 2.5)
- rspec-system-puppet (1.2.0)
- rspec-system (~> 1.5, >= 1.5.0)
- systemu (2.5.2)
- trollop (2.0)
-
-PLATFORMS
- ruby
-
-DEPENDENCIES
- puppet
- puppet-lint (~> 0.3.2)
- puppetlabs_spec_helper
- rake
- rspec-system (>= 1.2.1)
- rspec-system-puppet (~> 1.0)
-PostgreSQL Puppet Module
-Copyright 2012 Inkling Systems, Inc.
-Copyright 2012-2013 Puppetlabs Inc.
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
- http://www.apache.org/licenses/LICENSE-2.0
+ 1. Definitions.
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
--- /dev/null
+## Maintenance
+
+Maintainers:
+ - Puppet Forge Modules Team `forge-modules |at| puppet |dot| com`
+
+Tickets: https://tickets.puppet.com/browse/MODULES. Make sure to set component to `postgresql`.
+++ /dev/null
-name 'puppetlabs-postgresql'
-version '2.4.0'
-source 'git://github.com/puppetlabs/puppet-postgresql.git'
-author 'Inkling/Puppet Labs'
-description 'PostgreSQL defined resource types'
-summary 'PostgreSQL defined resource types'
-license 'Apache'
-project_page 'https://github.com/puppetlabs/puppet-postgresql'
-
-dependency 'puppetlabs/stdlib', '>=3.2.0 <5.0.0'
-dependency 'puppetlabs/firewall', '>= 0.0.4'
-dependency 'puppetlabs/apt', '>=1.1.0 <2.0.0'
-dependency 'ripienaar/concat', '>= 0.2.0'
--- /dev/null
+postgresql puppet module
+
+Copyright (C) 2012-2016 Puppet Labs, Inc.
+Copyright (C) 2012 Inkling Systems Inc
+Copyright (C) 2012-2013 Camptocamp SA.
+
+This product includes software developed by:
+ The Puppet Labs Inc (http://www.puppetlabs.com/).
+
+This product includes also software developed by:
+ Camptocamp SA (http://www.camptocamp.com/)
+
+This product includes also software developed by:
+ Inkling Systems Inc (https://www.inkling.com/)
+
+Puppet Labs can be contacted at: info@puppetlabs.com
+
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
-postgresql
-===========
+# postgresql
+
+#### Table of Contents
+
+1. [Module Description - What does the module do?](#module-description)
+2. [Setup - The basics of getting started with postgresql module](#setup)
+ * [What postgresql affects](#what-postgresql-affects)
+ * [Getting started with postgresql](#getting-started-with-postgresql)
+3. [Usage - Configuration options and additional functionality](#usage)
+ * [Configure a server](#configure-a-server)
+ * [Create a database](#create-a-database)
+ * [Manage users, roles, and permissions](#manage-users-roles-and-permissions)
+ * [Manage ownership of DB objects](#manage-ownership-of-db-objects)
+ * [Override defaults](#override-defaults)
+ * [Create an access rule for pg_hba.conf](#create-an-access-rule-for-pg_hbaconf)
+ * [Create user name maps for pg_ident.conf](#create-user-name-maps-for-pg_identconf)
+ * [Validate connectivity](#validate-connectivity)
+4. [Reference - An under-the-hood peek at what the module is doing and how](#reference)
+ * [Classes](#classes)
+ * [Defined Types](#defined-types)
+ * [Types](#types)
+ * [Functions](#functions)
+5. [Limitations - OS compatibility, etc.](#limitations)
+6. [Development - Guide for contributing to the module](#development)
+ * [Contributors - List of module contributors](#contributors)
+7. [Tests](#tests)
+8. [Contributors - List of module contributors](#contributors)
+
+## Module description
+
+The postgresql module allows you to manage PostgreSQL databases with Puppet.
+
+PostgreSQL is a high-performance, free, open-source relational database server. The postgresql module allows you to manage packages, services, databases, users, and common security settings in PostgreSQL.
+
+## Setup
+
+### What postgresql affects
+
+* Package, service, and configuration files for PostgreSQL
+* Listened-to ports
+* IP and mask (optional)
+
+### Getting started with postgresql
+
+To configure a basic default PostgreSQL server, declare the `postgresql::server` class.
+
+```puppet
+class { 'postgresql::server':
+}
+```
+
+## Usage
+
+### Configure a server
+
+For default settings, declare the `postgresql::server` class as above. To customize PostgreSQL server settings, specify the [parameters](#postgresqlserver) you want to change:
+
+```puppet
+class { 'postgresql::server':
+ ip_mask_deny_postgres_user => '0.0.0.0/32',
+ ip_mask_allow_all_users => '0.0.0.0/0',
+ ipv4acls => ['hostssl all johndoe 192.168.0.0/24 cert'],
+ postgres_password => 'TPSrep0rt!',
+}
+```
+
+After configuration, test your settings from the command line:
+
+```shell
+psql -h localhost -U postgres
+psql -h my.postgres.server -U
+```
+
+If you get an error message from these commands, your permission settings restrict access from the location you're trying to connect from. Depending on whether you want to allow connections from that location, you might need to adjust your permissions.
+
+For more details about server configuration parameters, consult the [PostgreSQL Runtime Configuration documentation](http://www.postgresql.org/docs/current/static/runtime-config.html).
+
+### Create a database
+
+You can set up a variety of PostgreSQL databases with the `postgresql::server::db` defined type. For instance, to set up a database for PuppetDB:
+
+```puppet
+class { 'postgresql::server':
+}
+
+postgresql::server::db { 'mydatabasename':
+ user => 'mydatabaseuser',
+ password => postgresql_password('mydatabaseuser', 'mypassword'),
+}
+```
+
+### Manage users, roles, and permissions
+
+To manage users, roles, and permissions:
+
+```puppet
+class { 'postgresql::server':
+}
+
+postgresql::server::role { 'marmot':
+ password_hash => postgresql_password('marmot', 'mypasswd'),
+}
+
+postgresql::server::database_grant { 'test1':
+ privilege => 'ALL',
+ db => 'test1',
+ role => 'marmot',
+}
+
+postgresql::server::table_grant { 'my_table of test2':
+ privilege => 'ALL',
+ table => 'my_table',
+ db => 'test2',
+ role => 'marmot',
+}
+```
+
+This example grants **all** privileges on the test1 database and on the `my_table` table of the test2 database to the specified user or group. After the values are added into the PuppetDB config file, this database would be ready for use.
+
+### Manage ownership of DB objects
+
+To change the ownership of all objects within a database using REASSIGN OWNED:
+
+```puppet
+postgresql::server::reassign_owned_by { 'new owner is meerkat':
+ db => 'test_db',
+ old_owner => 'marmot',
+ new_owner => 'meerkat',
+}
+```
+
+This would run the PostgreSQL statement 'REASSIGN OWNED' to update to ownership of all tables, sequences, functions and views currently owned by the role 'marmot' to be owned by the role 'meerkat' instead.
+
+This applies to objects within the nominated database, 'test_db' only.
+
+For Postgresql >= 9.3, the ownership of the database is also updated.
+
+### Override defaults
+
+The `postgresql::globals` class allows you to configure the main settings for this module globally, so that other classes and defined resources can use them. By itself, it does nothing.
+
+For example, to overwrite the default `locale` and `encoding` for all classes, use the following:
+
+```puppet
+class { 'postgresql::globals':
+ encoding => 'UTF-8',
+ locale => 'en_US.UTF-8',
+}
+
+class { 'postgresql::server':
+}
+```
+
+To use a specific version of the PostgreSQL package:
+
+```puppet
+class { 'postgresql::globals':
+ manage_package_repo => true,
+ version => '9.2',
+}
+
+class { 'postgresql::server':
+}
+```
+
+### Manage remote users, roles, and permissions
+
+Remote SQL objects are managed using the same Puppet resources as local SQL objects, along with a [`connect_settings`](#connect_settings) hash. This provides control over how Puppet connects to the remote Postgres instances and which version is used for generating SQL commands.
+
+The `connect_settings` hash can contain environment variables to control Postgres client connections, such as 'PGHOST', 'PGPORT', 'PGPASSWORD', and 'PGSSLKEY'. See the [PostgreSQL Environment Variables](http://www.postgresql.org/docs/9.4/static/libpq-envars.html) documentation for a complete list of variables.
+
+Additionally, you can specify the target database version with the special value of 'DBVERSION'. If the `connect_settings` hash is omitted or empty, then Puppet connects to the local PostgreSQL instance.
+
+You can provide a `connect_settings` hash for each of the Puppet resources, or you can set a default `connect_settings` hash in `postgresql::globals`. Configuring `connect_settings` per resource allows SQL objects to be created on multiple databases by multiple users.
+
+```puppet
+$connection_settings_super2 = {
+ 'PGUSER' => 'super2',
+ 'PGPASSWORD' => 'foobar2',
+ 'PGHOST' => '127.0.0.1',
+ 'PGPORT' => '5432',
+ 'PGDATABASE' => 'postgres',
+}
+
+include postgresql::server
+
+# Connect with no special settings, i.e domain sockets, user postgres
+postgresql::server::role { 'super2':
+ password_hash => 'foobar2',
+ superuser => true,
+
+ connect_settings => {},
+}
+
+# Now using this new user connect via TCP
+postgresql::server::database { 'db1':
+ connect_settings => $connection_settings_super2,
+ require => Postgresql::Server::Role['super2'],
+}
+```
+
+### Create an access rule for pg_hba.conf
+
+To create an access rule for `pg_hba.conf`:
+
+```puppet
+postgresql::server::pg_hba_rule { 'allow application network to access app database':
+ description => 'Open up PostgreSQL for access from 200.1.2.0/24',
+ type => 'host',
+ database => 'app',
+ user => 'app',
+ address => '200.1.2.0/24',
+ auth_method => 'md5',
+}
+```
+
+This would create a ruleset in `pg_hba.conf` similar to:
+
+```
+# Rule Name: allow application network to access app database
+# Description: Open up PostgreSQL for access from 200.1.2.0/24
+# Order: 150
+host app app 200.1.2.0/24 md5
+```
+
+By default, `pg_hba_rule` requires that you include `postgresql::server`. However, you can override that behavior by setting target and postgresql_version when declaring your rule. That might look like the following:
+
+```puppet
+postgresql::server::pg_hba_rule { 'allow application network to access app database':
+ description => 'Open up postgresql for access from 200.1.2.0/24',
+ type => 'host',
+ database => 'app',
+ user => 'app',
+ address => '200.1.2.0/24',
+ auth_method => 'md5',
+ target => '/path/to/pg_hba.conf',
+ postgresql_version => '9.4',
+}
+```
+
+### Create user name maps for pg_ident.conf
+
+To create a user name map for the pg_ident.conf:
+
+```puppet
+postgresql::server::pg_ident_rule { 'Map the SSL certificate of the backup server as a replication user':
+ map_name => 'sslrepli',
+ system_username => 'repli1.example.com',
+ database_username => 'replication',
+}
+```
+
+This would create a user name map in `pg_ident.conf` similar to:
+
+```
+#Rule Name: Map the SSL certificate of the backup server as a replication user
+#Description: none
+#Order: 150
+sslrepli repli1.example.com replication
+```
+
+### Create recovery configuration
+
+To create the recovery configuration file (`recovery.conf`):
+
+```puppet
+postgresql::server::recovery { 'Create a recovery.conf file with the following defined parameters':
+ restore_command => 'cp /mnt/server/archivedir/%f %p',
+ archive_cleanup_command => undef,
+ recovery_end_command => undef,
+ recovery_target_name => 'daily backup 2015-01-26',
+ recovery_target_time => '2015-02-08 22:39:00 EST',
+ recovery_target_xid => undef,
+ recovery_target_inclusive => true,
+ recovery_target => 'immediate',
+ recovery_target_timeline => 'latest',
+ pause_at_recovery_target => true,
+ standby_mode => 'on',
+ primary_conninfo => 'host=localhost port=5432',
+ primary_slot_name => undef,
+ trigger_file => undef,
+ recovery_min_apply_delay => 0,
+}
+```
+
+The above creates this `recovery.conf` config file:
+
+```
+restore_command = 'cp /mnt/server/archivedir/%f %p'
+recovery_target_name = 'daily backup 2015-01-26'
+recovery_target_time = '2015-02-08 22:39:00 EST'
+recovery_target_inclusive = true
+recovery_target = 'immediate'
+recovery_target_timeline = 'latest'
+pause_at_recovery_target = true
+standby_mode = 'on'
+primary_conninfo = 'host=localhost port=5432'
+recovery_min_apply_delay = 0
+```
+
+Only the specified parameters are recognized in the template. The `recovery.conf` is only be created if at least one parameter is set **and** [manage_recovery_conf](#manage_recovery_conf) is set to true.
+
+### Validate connectivity
+
+To validate client connections to a remote PostgreSQL database before starting dependent tasks, use the `postgresql_conn_validator` resource. You can use this on any node where the PostgreSQL client software is installed. It is often chained to other tasks such as starting an application server or performing a database migration.
+
+Example usage:
+
+```puppet
+postgresql_conn_validator { 'validate my postgres connection':
+ host => 'my.postgres.host',
+ db_username => 'mydbuser',
+ db_password => 'mydbpassword',
+ db_name => 'mydbname',
+}->
+exec { 'rake db:migrate':
+ cwd => '/opt/myrubyapp',
+}
+```
+
+## Reference
+
+The postgresql module comes with many options for configuring the server. While you are unlikely to use all of the settings below, they provide a decent amount of control over your security settings.
+
+**Classes:**
+
+* [postgresql::client](#postgresqlclient)
+* [postgresql::globals](#postgresqlglobals)
+* [postgresql::lib::devel](#postgresqllibdevel)
+* [postgresql::lib::java](#postgresqllibjava)
+* [postgresql::lib::perl](#postgresqllibperl)
+* [postgresql::lib::python](#postgresqllibpython)
+* [postgresql::server](#postgresqlserver)
+* [postgresql::server::plperl](#postgresqlserverplperl)
+* [postgresql::server::contrib](#postgresqlservercontrib)
+* [postgresql::server::postgis](#postgresqlserverpostgis)
+
+**Defined Types:**
+
+* [postgresql::server::config_entry](#postgresqlserverconfig_entry)
+* [postgresql::server::database](#postgresqlserverdatabase)
+* [postgresql::server::database_grant](#postgresqlserverdatabase_grant)
+* [postgresql::server::db](#postgresqlserverdb)
+* [postgresql::server::extension](#postgresqlserverextension)
+* [postgresql::server::grant](#postgresqlservergrant)
+* [postgresql::server::grant_role](#postgresqlservergrant_role)
+* [postgresql::server::pg_hba_rule](#postgresqlserverpg_hba_rule)
+* [postgresql::server::pg_ident_rule](#postgresqlserverpg_ident_rule)
+* [postgresql::server::reassign_owned_by](#postgresqlserverreassign_owned_by)
+* [postgresql::server::recovery](#postgresqlserverrecovery)
+* [postgresql::server::role](#postgresqlserverrole)
+* [postgresql::server::schema](#postgresqlserverschema)
+* [postgresql::server::table_grant](#postgresqlservertable_grant)
+* [postgresql::server::tablespace](#postgresqlservertablespace)
+
+**Types:**
+
+* [postgresql_psql](#custom-resource-postgresql_psql)
+* [postgresql_replication_slot](#custom-resource-postgresql_replication_slot)
+* [postgresql_conf](#custom-resource-postgresql_conf)
+* [postgresql_conn_validator](#custom-resource-postgresql_conn_validator)
+
+**Functions:**
+
+* [postgresql_password](#function-postgresql_password)
+* [postgresql_acls_to_resources_hash](#function-postgresql_acls_to_resources_hashacl_array-id-order_offset)
+
+### Classes
+
+#### postgresql::client
+
+Installs PostgreSQL client software. Set the following parameters if you have a custom version you would like to install.
+
+>**Note:** Make sure to add any necessary yum or apt repositories if specifying a custom version.
+
+##### `package_ensure`
+
+Whether the PostgreSQL client package resource should be present.
+
+Valid values: 'present', 'absent'.
+
+Default value: 'present'.
+
+##### `package_name`
+
+Sets the name of the PostgreSQL client package.
+
+Default value: 'file'.
+
+#### postgresql::lib::docs
+
+Installs PostgreSQL bindings for Postgres-Docs. Set the following parameters if you have a custom version you would like to install.
+
+**Note:** Make sure to add any necessary yum or apt repositories if specifying a custom version.
+
+##### `package_name`
+
+Specifies the name of the PostgreSQL docs package.
+
+##### `package_ensure`
+
+Whether the PostgreSQL docs package resource should be present.
+
+Valid values: 'present', 'absent'.
+
+Default value: 'present'.
+
+#### postgresql::globals
+
+**Note:** Most server-specific defaults should be overridden in the `postgresql::server` class. This class should be used only if you are using a non-standard OS, or if you are changing elements that can only be changed here, such as `version` or `manage_package_repo`.
+
+##### `bindir`
+
+Overrides the default PostgreSQL binaries directory for the target platform.
+
+Default value: OS dependent.
+
+##### `client_package_name`
+
+Overrides the default PostgreSQL client package name.
+
+Default value: OS dependent.
+
+##### `confdir`
+
+Overrides the default PostgreSQL configuration directory for the target platform.
+
+Default value: OS dependent.
+
+##### `contrib_package_name`
+
+Overrides the default PostgreSQL contrib package name.
+
+Default value: OS dependent.
+
+##### `createdb_path`
+
+**Deprecated.** Path to the `createdb` command.
+
+Default value: '${bindir}/createdb'.
+
+##### `datadir`
+
+Overrides the default PostgreSQL data directory for the target platform.
+
+Default value: OS dependent.
+
+**Note:** Changing the datadir after installation causes the server to come to a full stop before making the change. For Red Hat systems, the data directory must be labeled appropriately for SELinux. On Ubuntu, you must explicitly set `needs_initdb = true` to allow Puppet to initialize the database in the new datadir (`needs_initdb` defaults to true on other systems).
+
+**Warning:** If datadir is changed from the default, Puppet does not manage purging of the original data directory, which causes it to fail if the data directory is changed back to the original.
+
+##### `default_database`
+
+Specifies the name of the default database to connect with.
+
+Default value: 'postgres' (for most systems).
+
+##### `devel_package_name`
+
+Overrides the default PostgreSQL devel package name.
+
+Default value: OS dependent.
+
+##### `docs_package_name`
+
+Optional.
+
+Overrides the default PostgreSQL docs package name.
+
+Default value: OS dependent.
+
+##### `encoding`
+
+Sets the default encoding for all databases created with this module. On certain operating systems, this is also used during the `template1` initialization, so it becomes a default outside of the module as well.
+
+Default value: Dependent on the operating system's default encoding.
+
+##### `group`
+
+Overrides the default postgres user group to be used for related files in the file system.
+
+Default value: 'postgres'.
+
+##### `initdb_path`
+
+Path to the `initdb` command.
+
+##### `java_package_name`
+
+Overrides the default PostgreSQL java package name.
+
+Default value: OS dependent.
+
+##### `locale`
+
+Sets the default database locale for all databases created with this module. On certain operating systems, this is also used during the `template1` initialization, so it becomes a default outside of the module as well.
+
+Default value: `undef`, which is effectively 'C'.
+
+**On Debian, you'll need to ensure that the 'locales-all' package is installed for full functionality of PostgreSQL.**
+
+##### `data_checksums`
+
+Optional boolean to turn on data checksums during `initdb`.
+
+Default value: `undef`, which is the same as `false`.
+
+##### `timezone`
+
+Sets the default timezone of the postgresql server. The postgresql built-in default is taking the systems timezone information.
+
+##### `logdir`
+
+Overrides the default PostgreSQL log directory.
+
+Default value: initdb's default path.
+
+##### `manage_package_repo`
+
+Sets up official PostgreSQL repositories on your host if set to `true`.
+
+Default value: `false`.
+
+##### `module_workdir`
+
+Specifies working directory under which the psql command should be executed. May need to specify if '/tmp' is on volume mounted with noexec option.
+
+Default value: '/tmp'.
+
+##### `needs_initdb`
+
+Explicitly calls the initdb operation after the server package is installed and before the PostgreSQL service is started.
+
+Default value: OS dependent.
+
+##### `perl_package_name`
+
+Overrides the default PostgreSQL Perl package name.
+
+Default value: OS dependent.
+
+##### `pg_hba_conf_defaults`
+
+Disables the defaults supplied with the module for `pg_hba.conf` if set to `false`. This is useful if you want to override the defaults. Be sure that your changes align with the rest of the module, as some access is required to perform some operations, such as basic `psql` operations.
+
+Default value: The globals value set in `postgresql::globals::manage_pg_hba_conf` which defaults to `true`.
+
+##### `pg_hba_conf_path`
+
+Specifies the path to your `pg_hba.conf` file.
+
+Default value: '${confdir}/pg_hba.conf'.
+
+##### `pg_ident_conf_path`
+
+Specifies the path to your `pg_ident.conf` file.
+
+Default value: '${confdir}/pg_ident.conf'.
+
+##### `plperl_package_name`
+
+Overrides the default PostgreSQL PL/Perl package name.
+
+Default value: OS dependent.
+
+##### `plpython_package_name`
+
+Overrides the default PostgreSQL PL/Python package name.
+
+Default value: OS dependent.
+
+##### `postgis_version`
+
+Defines the version of PostGIS to install, if you install PostGIS.
+
+Default value: The lowest available with the version of PostgreSQL to be installed.
+
+##### `postgresql_conf_path`
+
+Sets the path to your `postgresql.conf` file.
+
+Default value: '${confdir}/postgresql.conf'.
+
+##### `psql_path`
+
+Sets the path to the `psql` command.
+
+##### `python_package_name`
+
+Overrides the default PostgreSQL Python package name.
+
+Default value: OS dependent.
+
+##### `recovery_conf_path`
+
+Path to your `recovery.conf` file.
+
+##### `repo_proxy`
+
+Sets the proxy option for the official PostgreSQL yum-repositories only. This is useful if your server is behind a corporate firewall and needs to use proxy servers for outside connectivity.
+
+Debian is currently not supported.
+
+##### `repo_baseurl`
+
+Sets the baseurl for the PostgreSQL repository. Useful if you host your own mirror of the repository.
+
+Default value: The official PostgreSQL repository.
+
+##### `server_package_name`
+
+Overrides the default PostgreSQL server package name.
+
+Default value: OS dependent.
+
+##### `service_name`
+
+Overrides the default PostgreSQL service name.
+
+Default value: OS dependent.
+
+##### `service_provider`
+
+Overrides the default PostgreSQL service provider.
+
+Default value: OS dependent.
+
+##### `service_status`
+
+Overrides the default status check command for your PostgreSQL service.
+
+Default value: OS dependent.
+
+##### `user`
+
+Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system.
+
+Default value: 'postgres'.
+
+##### `version`
+
+The version of PostgreSQL to install and manage.
+
+Default value: OS system default.
+
+##### `xlogdir`
+
+Overrides the default PostgreSQL xlog directory.
+
+Default value: initdb's default path.
+
+#### postgresql::lib::devel
+
+Installs the packages containing the development libraries for PostgreSQL and symlinks `pg_config` into `/usr/bin` (if not in `/usr/bin` or `/usr/local/bin`).
+
+##### `link_pg_config`
+
+If the bin directory used by the PostgreSQL page is not `/usr/bin` or `/usr/local/bin`, symlinks `pg_config` from the package's bin dir into `usr/bin` (not applicable to Debian systems). Set to `false` to disable this behavior.
+
+Valid values: `true`, `false`.
+
+Default value: `true`.
+
+##### `package_ensure`
+
+Overrides the 'ensure' parameter during package installation.
+
+Default value: 'present'.
+
+##### `package_name`
+
+Overrides the default package name for the distribution you are installing to.
+
+Default value: 'postgresql-devel' or 'postgresql<version>-devel' depending on your distro.
+
+#### postgresql::lib::java
+
+Installs PostgreSQL bindings for Java (JDBC). Set the following parameters if you have a custom version you would like to install.
+
+**Note:** Make sure to add any necessary yum or apt repositories if specifying a custom version.
+
+##### `package_ensure`
+
+Specifies whether the package is present.
+
+Valid values: 'present', 'absent'.
+
+Default value: 'present'.
+
+##### `package_name`
+
+Specifies the name of the PostgreSQL java package.
+
+#### postgresql::lib::perl
+
+Installs the PostgreSQL Perl libraries.
+
+##### `package_ensure`
+
+Specifies whether the package is present.
+
+Valid values: 'present', 'absent'.
+
+Default value: 'present'.
+
+##### `package_name`
+
+Specifies the name of the PostgreSQL perl package to install.
+
+#### postgresql::server::plpython
+
+Installs the PL/Python procedural language for PostgreSQL.
+
+##### `package_name`
+
+Specifies the name of the postgresql PL/Python package.
+
+##### `package_ensure`
+
+Specifies whether the package is present.
+
+Valid values: 'present', 'absent'.
+
+Default value: 'present'.
+
+#### postgresql::lib::python
+
+Installs PostgreSQL Python libraries.
+
+##### `package_ensure`
+
+Specifies whether the package is present.
+
+Valid values: 'present', 'absent'.
+
+Default value: 'present'.
+
+##### `package_name`
+
+The name of the PostgreSQL Python package.
+
+#### postgresql::server
+
+##### `createdb_path`
+
+**Deprecated.** Specifies the path to the `createdb` command.
+
+Default value: '${bindir}/createdb'.
+
+##### `default_database`
+
+Specifies the name of the default database to connect with. On most systems this is 'postgres'.
+
+##### `default_connect_settings`
+
+Specifies a hash of environment variables used when connecting to a remote server. Becomes the default for other defined-types. i.e. `postgresql::server::role`
+
+##### `encoding`
+
+Sets the default encoding for all databases created with this module. On certain operating systems this is also used during the `template1` initialization, so it becomes a default outside of the module as well.
+
+Default value: `undef`.
+
+##### `group`
+
+Overrides the default postgres user group to be used for related files in the file system.
+
+Default value: OS dependent default.
+
+##### `initdb_path`
+
+Specifies the path to the `initdb` command.
+
+Default value: '${bindir}/initdb'.
+
+##### `ipv4acls`
+
+Lists strings for access control for connection method, users, databases, IPv4 addresses;
+
+see [PostgreSQL documentation](http://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html) on `pg_hba.conf` for information.
+
+##### `ipv6acls`
+
+Lists strings for access control for connection method, users, databases, IPv6 addresses.
+
+see [PostgreSQL documentation](http://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html) on `pg_hba.conf` for information.
+
+##### `ip_mask_allow_all_users`
+
+Overrides PostgreSQL defaults for remote connections. By default, PostgreSQL does not allow database user accounts to connect via TCP from remote machines. If you'd like to allow this, you can override this setting.
+
+Set to '0.0.0.0/0' to allow database users to connect from any remote machine, or '192.168.0.0/1' to allow connections from any machine on your local '192.168' subnet.
+
+Default value: '127.0.0.1/32'.
+
+##### `ip_mask_deny_postgres_user`
+
+Specifies the IP mask from which remote connections should be denied for the postgres superuser.
+
+Default value: '0.0.0.0/0', which denies any remote connection.
+
+##### `locale`
+
+Sets the default database locale for all databases created with this module. On certain operating systems this is used during the `template1` initialization as well, so it becomes a default outside of the module.
+
+Default value: `undef`, which is effectively 'C'.
+
+**On Debian, you must ensure that the 'locales-all' package is installed for full functionality of PostgreSQL.**
+
+##### `manage_pg_hba_conf`
+
+Whether to manage the `pg_hba.conf`.
+
+If set to `true`, Puppet overwrites this file.
+
+If set to `false`, Puppet does not modify the file.
+
+Valid values: `true`, `false`.
+
+Default value: `true`
+
+##### `manage_pg_ident_conf`
+
+Overwrites the pg_ident.conf file.
+
+If set to `true`, Puppet overwrites the file.
+
+If set to `false`, Puppet does not modify the file.
+
+Valid values: `true`, `false`.
+
+Default value: `true`.
+
+##### `manage_recovery_conf`
+
+Specifies whether or not manage the `recovery.conf`.
+
+If set to `true`, Puppet overwrites this file.
+
+Valid values: `true`, `false`.
+
+Default value: `false`.
+
+##### `needs_initdb`
+
+Explicitly calls the `initdb` operation after server package is installed, and before the PostgreSQL service is started.
+
+Default value: OS dependent.
+
+##### `package_ensure`
+
+Passes a value through to the `package` resource when creating the server instance.
+
+Default value: `undef`.
+
+##### `package_name`
+
+Specifies the name of the package to use for installing the server software.
+
+Default value: OS dependent.
+
+##### `pg_hba_conf_defaults`
+
+If `false`, disables the defaults supplied with the module for `pg_hba.conf`. This is useful if you disagree with the defaults and wish to override them yourself. Be sure that your changes of course align with the rest of the module, as some access is required to perform basic `psql` operations for example.
+
+##### `pg_hba_conf_path`
+
+Specifies the path to your `pg_hba.conf` file.
+
+##### `pg_ident_conf_path`
+
+Specifies the path to your `pg_ident.conf` file.
+
+Default value: '${confdir}/pg_ident.conf'.
+
+##### `plperl_package_name`
+
+Sets the default package name for the PL/Perl extension.
+
+Default value: OS dependent.
+
+##### `plpython_package_name`
+
+Sets the default package name for the PL/Python extension.
+
+Default value: OS dependent.
+
+##### `port`
+
+Specifies the port for the PostgreSQL server to listen on. **Note:** The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, changing the port causes the server to come to a full stop before being able to make the change.
+
+Default value: 5432. Meaning the Postgres server listens on TCP port 5432.
+
+##### `postgres_password`
+
+Sets the password for the postgres user to your specified value. By default, this setting uses the superuser account in the Postgres database, with a user called `postgres` and no password.
+
+Default value: `undef`.
+
+##### `postgresql_conf_path`
+
+Specifies the path to your `postgresql.conf` file.
+
+Default value: '${confdir}/postgresql.conf'.
+
+##### `psql_path`
+
+Specifies the path to the `psql` command.
+
+Default value: OS dependent.
+
+##### `service_manage`
+
+Defines whether or not Puppet should manage the service.
+
+Default value: `true`.
+
+##### `service_name`
+
+Overrides the default PostgreSQL service name.
+
+Default value: OS dependent.
+
+##### `service_provider`
+
+Overrides the default PostgreSQL service provider.
+
+Default value: `undef`.
+
+##### `service_reload`
+
+Overrides the default reload command for your PostgreSQL service.
+
+Default value: OS dependent.
+
+##### `service_restart_on_change`
+
+Overrides the default behavior to restart your PostgreSQL service when a config entry has been changed that requires a service restart to become active.
+
+Default value: `true`.
-Table of Contents
------------------
+##### `service_status`
-1. [Overview - What is the PostgreSQL module?](#overview)
-2. [Module Description - What does the module do?](#module-description)
-3. [Setup - The basics of getting started with PostgreSQL module](#setup)
-4. [Usage - How to use the module for various tasks](#usage)
-5. [Reference - The classes, defines,functions and facts available in this module](#reference)
-6. [Limitations - OS compatibility, etc.](#limitations)
-7. [Development - Guide for contributing to the module](#development)
-8. [Disclaimer - Licensing information](#disclaimer)
-9. [Transfer Notice - Notice of authorship change](#transfer-notice)
-10. [Contributors - List of module contributors](#contributors)
+Overrides the default status check command for your PostgreSQL service.
-Overview
---------
+Default value: OS dependent.
-The PostgreSQL module allows you to easily manage postgres databases with Puppet.
+##### `user`
-Module Description
--------------------
+Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system.
-PostgreSQL is a high-performance, free, open-source relational database server. The postgresql module allows you to manage PostgreSQL packages and services on several operating systems, while also supporting basic management of PostgreSQL databases and users. The module offers support for managing firewall for postgres ports on RedHat-based distros, as well as support for basic management of common security settings.
+Default value: 'postgres'.
-Setup
------
+#### postgresql::server::contrib
-**What puppetlabs-PostgreSQL affects:**
+Installs the PostgreSQL contrib package.
-* package/service/configuration files for PostgreSQL
-* listened-to ports
-* system firewall (optional)
-* IP and mask (optional)
+##### `package_ensure`
+
+Sets the ensure parameter passed on to PostgreSQL contrib package resource.
-**Introductory Questions**
+##### `package_name`
-The postgresql module offers many security configuration settings. Before getting started, you will want to consider:
+The name of the PostgreSQL contrib package.
-* Do you want/need to allow remote connections?
- * If yes, what about TCP connections?
-* Would you prefer to work around your current firewall settings or overwrite some of them?
-* How restrictive do you want the database superuser's permissions to be?
+#### postgresql::server::plperl
-Your answers to these questions will determine which of the module's parameters you'll want to specify values for.
+Installs the PL/Perl procedural language for postgresql.
-###Configuring the server
+##### `package_ensure`
-The main configuration you’ll need to do will be around the `postgresql::server` class. The default parameters are reasonable, but fairly restrictive regarding permissions for who can connect and from where. To manage a PostgreSQL server with sane defaults:
+The ensure parameter passed on to PostgreSQL PL/Perl package resource.
- include postgresql::server
+##### `package_name`
-For a more customized, less restrictive configuration:
+The name of the PostgreSQL PL/Perl package.
- class { 'postgresql::server':
- config_hash => {
- 'ip_mask_deny_postgres_user' => '0.0.0.0/32',
- 'ip_mask_allow_all_users' => '0.0.0.0/0',
- 'listen_addresses' => '*',
- 'ipv4acls' => ['hostssl all johndoe 192.168.0.0/24 cert'],
- 'manage_redhat_firewall' => true,
- 'manage_pg_hba_conf' => false,
- 'postgres_password' => 'TPSrep0rt!',
- },
- }
+#### postgresql::server::postgis
-Once you've completed your configuration of `postgresql::server`, you can test out your settings from the command line:
+Installs the PostgreSQL postgis packages.
- $ psql -h localhost -U postgres
- $ psql -h my.postgres.server -U
+### Defined Types
-If you get an error message from these commands, it means that your permissions are set in a way that restricts access from where you’re trying to connect. That might be a good thing or a bad thing, depending on your goals.
+#### postgresql::server::config_entry
-Advanced configuration setting parameters can be placed into `postgresql_puppet_extras.conf` (located in the same folder as `postgresql.conf`). You can manage that file as a normal puppet file resource, or however you see fit; which gives you complete control over the settings. Any value you specify in that file will override any existing value set in the templated version.
+Modifies your `postgresql.conf` configuration file.
-For more details about server configuration parameters consult the [PostgreSQL Runtime Configuration docs](http://www.postgresql.org/docs/9.2/static/runtime-config.html).
+Each resource maps to a line inside the file, for example:
-Usage
------
+```puppet
+postgresql::server::config_entry { 'check_function_bodies':
+ value => 'off',
+}
+```
-###Creating a database
+##### `ensure`
-There are many ways to set up a postgres database using the `postgresql::db` class. For instance, to set up a database for PuppetDB (this assumes you’ve already got the `postgresql::server` set up to your liking in your manifest, as discussed above):
+Removes an entry if set to 'absent'.
- postgresql::db { 'mydatabasename':
- user => 'mydatabaseuser',
- password => 'mypassword'
- }
+Valid values: 'present', 'absent'.
-###Managing users, roles and permissions
+Default value: 'present'.
-To manage users, roles and permissions:
+##### `value`
- postgresql::database_user{'marmot':
- password_hash => 'foo',
- }
+Defines the value for the setting.
- postgresql::database_grant { 'test1':
- privilege => 'ALL',
- db => 'test1',
- role => 'dan',
- }
+#### postgresql::server::db
- postgresql::table_grant { 'my_table of test2':
- privilege => 'ALL',
- table => 'my_table',
- db => 'test2',
- role => 'dan',
- }
+Creates a local database, user, and assigns necessary permissions.
+##### `comment`
-In this example, you would grant ALL privileges on the test1 database and on the `my_table` table of the test2 database to the user or group specified by dan.
+Defines a comment to be stored about the database using the PostgreSQL COMMENT command.
-At this point, you would just need to plunk these database name/username/password values into your PuppetDB config files, and you are good to go.
+##### `connect_settings`
-Reference
----------
+Specifies a hash of environment variables used when connecting to a remote server.
-The postgresql module comes with many options for configuring the server. While you are unlikely to use all of the below settings, they allow you a decent amount of control over your security settings.
+Default value: Connects to the local Postgres instance.
-Classes:
+##### `dbname`
-* [postgresql](#class-postgresql)
-* [postgresql::server](#class-postgresqlserver)
-* [postgresql::client](#class-postgresqlclient)
-* [postgresql::contrib](#class-postgresqlcontrib)
-* [postgresql::devel](#class-postgresqldevel)
-* [postgresql::java](#class-postgresqljava)
-* [postgresql::python](#class-postgresqlpython)
+Sets the name of the database to be created.
-Resources:
+Default value: the namevar.
-* [postgresql::db](#resource-postgresqldb)
-* [postgresql::database](#resource-postgresqldatabase)
-* [postgresql::database_grant](#resource-postgresqldatabasegrant)
-* [postgresql::table_grant](#resource-postgresqltablegrant)
-* [postgresql::role](#resource-postgresqlrole)
-* [postgresql::tablespace](#resource-postgresqltablespace)
-* [postgresql::validate_db_connection](#resource-postgresqlvalidatedbconnection)
-* [postgresql::pg_hba_rule](#resource-postgresqlpghbarule)
+##### `encoding`
-Functions:
+Overrides the character set during creation of the database.
-* [postgresql\_password](#function-postgresqlpassword)
-* [postgresql\_acls\_to\_resources\_hash](#function-postgresqlaclstoresourceshashaclarray-id-orderoffset)
+Default value: The default defined during installation.
-Facts:
+##### `grant`
-* [postgres\_default\_version](#fact-postgresdefaultversion)
+Specifies the permissions to grant during creation.
-###Class: postgresql
-This class is used to configure the main settings for this module, to be used by the other classes and defined resources. On its own it does nothing.
+Default value: 'ALL'.
-For example, if you wanted to overwrite the default `locale` and `charset` you could use the following combination:
+##### `istemplate`
- class { 'postgresql':
- charset => 'UTF8',
- locale => 'en_NG',
- }->
- class { 'postgresql::server':
- }
+Specifies that the database is a template, if set to `true`.
-That would make the `charset` and `locale` the default for all classes and defined resources in this module.
+Default value: `false`.
-####`version`
-The version of PostgreSQL to install/manage. Defaults to your operating system default.
+##### `locale`
-####`manage_package_repo`
-If `true` this will setup the official PostgreSQL repositories on your host. Defaults to `false`.
+Overrides the locale during creation of the database.
-####`locale`
-This will set the default database locale for all databases created with this module. On certain operating systems this will be used during the `template1` initialization as well so it becomes a default outside of the module as well. Defaults to `undef` which is effectively `C`.
+Default value: The default defined during installation.
-####`charset`
-This will set the default charset for all databases created with this module. On certain operating systems this will be used during the `template1` initialization as well so it becomes a default outside of the module as well. Defaults to `UTF8`.
+##### `owner`
-####`datadir`
-This setting can be used to override the default postgresql data directory for the target platform. If not specified, the module will use whatever directory is the default for your OS distro.
+Sets a user as the owner of the database.
-####`confdir`
-This setting can be used to override the default postgresql configuration directory for the target platform. If not specified, the module will use whatever directory is the default for your OS distro.
+Default value: '$user' variable set in `postgresql::server` or `postgresql::globals`.
-####`bindir`
-This setting can be used to override the default postgresql binaries directory for the target platform. If not specified, the module will use whatever directory is the default for your OS distro.
+##### `password`
-####`client_package_name`
-This setting can be used to override the default postgresql client package name. If not specified, the module will use whatever package name is the default for your OS distro.
+**Required** Sets the password for the created user.
-####`server_package_name`
-This setting can be used to override the default postgresql server package name. If not specified, the module will use whatever package name is the default for your OS distro.
+##### `tablespace`
-####`contrib_package_name`
-This setting can be used to override the default postgresql contrib package name. If not specified, the module will use whatever package name is the default for your OS distro.
+Defines the name of the tablespace to allocate the created database to.
-####`devel_package_name`
-This setting can be used to override the default postgresql devel package name. If not specified, the module will use whatever package name is the default for your OS distro.
+Default value: PostgreSQL default.
-####`java_package_name`
-This setting can be used to override the default postgresql java package name. If not specified, the module will use whatever package name is the default for your OS distro.
+##### `template`
-####`service_name`
-This setting can be used to override the default postgresql service name. If not specified, the module will use whatever service name is the default for your OS distro.
+Specifies the name of the template database from which to build this database.
-####`user`
-This setting can be used to override the default postgresql super user and owner of postgresql related files in the file system. If not specified, the module will use the user name 'postgres'.
+Defaults value: `template0`.
-####`group`
-This setting can be used to override the default postgresql user group to be used for related files in the file system. If not specified, the module will use the group name 'postgres'.
+##### `user`
-####`run_initdb`
-This setting can be used to explicitly call the initdb operation after server package is installed and before the postgresql service is started. If not specified, the module will decide whether to call initdb or not depending on your OS distro.
+User to create and assign access to the database upon creation. Mandatory.
-###Class: postgresql::server
-Here are the options that you can set in the `config_hash` parameter of `postgresql::server`:
+#### postgresql::server::database
-####`ensure`
-This value default to `present`. When set to `absent` it will remove all packages, configuration and data so use this with extreme caution.
+Creates a database with no users and no permissions.
-####`postgres_password`
-This value defaults to `undef`, meaning the super user account in the postgres database is a user called `postgres` and this account does not have a password. If you provide this setting, the module will set the password for the `postgres` user to your specified value.
+##### `dbname`
-####`listen_addresses`
-This value defaults to `localhost`, meaning the postgres server will only accept connections from localhost. If you’d like to be able to connect to postgres from remote machines, you can override this setting. A value of `*` will tell postgres to accept connections from any remote machine. Alternately, you can specify a comma-separated list of hostnames or IP addresses. (For more info, have a look at the `postgresql.conf` file from your system’s postgres package).
+Sets the name of the database.
-####`manage_redhat_firewall`
-This value defaults to `false`. Many RedHat-based distros ship with a fairly restrictive firewall configuration which will block the port that postgres tries to listen on. If you’d like for the puppet module to open this port for you (using the [puppetlabs-firewall](http://forge.puppetlabs.com/puppetlabs/firewall) module), change this value to true. *[This parameter is likely to change in future versions. Possible changes include support for non-RedHat systems and finer-grained control over the firewall rule (currently, it simply opens up the postgres port to all TCP connections).]*
+Defaults value: The namevar.
-####`manage_pg_hba_conf`
-This value defaults to `true`. Whether or not manage the pg_hba.conf. If set to `true`, puppet will overwrite this file. If set to `false`, puppet will not modify the file.
+##### `encoding`
-####`ip_mask_allow_all_users`
-This value defaults to `127.0.0.1/32`. By default, Postgres does not allow any database user accounts to connect via TCP from remote machines. If you’d like to allow them to, you can override this setting. You might set it to `0.0.0.0/0` to allow database users to connect from any remote machine, or `192.168.0.0/16` to allow connections from any machine on your local 192.168 subnet.
+Overrides the character set during creation of the database.
-####`ip_mask_deny_postgres_user`
-This value defaults to `0.0.0.0/0`. Sometimes it can be useful to block the superuser account from remote connections if you are allowing other database users to connect remotely. Set this to an IP and mask for which you want to deny connections by the postgres superuser account. So, e.g., the default value of `0.0.0.0/0` will match any remote IP and deny access, so the postgres user won’t be able to connect remotely at all. Conversely, a value of `0.0.0.0/32` would not match any remote IP, and thus the deny rule will not be applied and the postgres user will be allowed to connect.
+Default value: The default defined during installation.
-####`pg_hba_conf_path`
-If, for some reason, your system stores the `pg_hba.conf` file in a non-standard location, you can override the path here.
+##### `istemplate`
-####`postgresql_conf_path`
-If, for some reason, your system stores the `postgresql.conf` file in a non-standard location, you can override the path here.
+Defines the database as a template if set to `true`.
-####`ipv4acls`
-List of strings for access control for connection method, users, databases, IPv4 addresses; see [postgresql documentation](http://www.postgresql.org/docs/9.2/static/auth-pg-hba-conf.html) about `pg_hba.conf` for information (please note that the link will take you to documentation for the most recent version of Postgres, however links for earlier versions can be found on that page).
+Default value: `false`.
-####`ipv6acls`
-List of strings for access control for connection method, users, databases, IPv6 addresses; see [postgresql documentation](http://www.postgresql.org/docs/9.2/static/auth-pg-hba-conf.html) about `pg_hba.conf` for information (please note that the link will take you to documentation for the most recent version of Postgres, however links for earlier versions can be found on that page).
+##### `locale`
-###Class: postgresql::client
+Overrides the locale during creation of the database.
-This class installs postgresql client software. Alter the following parameters if you have a custom version you would like to install (Note: don't forget to make sure to add any necessary yum or apt repositories if specifying a custom version):
+Default value: The default defined during installation.
-####`package_name`
-The name of the postgresql client package.
+##### `owner`
-####`package_ensure`
-The ensure parameter passed on to postgresql client package resource.
+Sets name of the database owner.
-###Class: postgresql::contrib
-Installs the postgresql contrib package.
+Default value: The '$user' variable set in `postgresql::server` or `postgresql::globals`.
-####`package_name`
-The name of the postgresql client package.
+##### `tablespace`
-####`package_ensure`
-The ensure parameter passed on to postgresql contrib package resource.
+Sets tablespace for where to create this database.
-###Class: postgresql::devel
-Installs the packages containing the development libraries for PostgreSQL.
+Default value: The default defined during installation.
-####`package_ensure`
-Override for the `ensure` parameter during package installation. Defaults to `present`.
+##### `template`
-####`package_name`
-Overrides the default package name for the distribution you are installing to. Defaults to `postgresql-devel` or `postgresql<version>-devel` depending on your distro.
+Specifies the name of the template database from which to build this database.
-###Class: postgresql::java
-This class installs postgresql bindings for Java (JDBC). Alter the following parameters if you have a custom version you would like to install (Note: don't forget to make sure to add any necessary yum or apt repositories if specifying a custom version):
+Default value: 'template0'.
-####`package_name`
-The name of the postgresql java package.
+#### postgresql::server::database_grant
-####`package_ensure`
-The ensure parameter passed on to postgresql java package resource.
+Manages grant-based access privileges for users, wrapping the `postgresql::server::database_grant` for database specific permissions. Consult the [PostgreSQL documentation for `grant`](http://www.postgresql.org/docs/current/static/sql-grant.html) for more information.
-###Class: postgresql::python
-This class installs the postgresql Python libraries. For customer requirements you can customise the following parameters:
+#### `connect_settings`
-####`package_name`
-The name of the postgresql python package.
+Specifies a hash of environment variables used when connecting to a remote server.
-####`package_ensure`
-The ensure parameter passed on to postgresql python package resource.
+Default value: Connects to the local Postgres instance.
-###Resource: postgresql::db
-This is a convenience resource that creates a database, user and assigns necessary permissions in one go.
+##### `db`
-For example, to create a database called `test1` with a corresponding user of the same name, you can use:
+Specifies the database to which you are granting access.
- postgresql::db { 'test1':
- user => 'test1',
- password => 'test1',
- }
+##### `privilege`
-####`namevar`
-The namevar for the resource designates the name of the database.
+Specifies comma-separated list of privileges to grant.
-####`user`
-User to create and assign access to the database upon creation. Mandatory.
+Valid options: 'ALL', 'CREATE', 'CONNECT', 'TEMPORARY', 'TEMP'.
-####`password`
-Password for the created user. Mandatory.
+##### `psql_db`
-####`tablespace`
-The name of the tablespace to allocate this database to. If not specifies, it defaults to the PostgreSQL default.
+Defines the database to execute the grant against.
-####`charset`
-Override the character set during creation of the database. Defaults to the default defined during installation.
+**This should not ordinarily be changed from the default**
-####`locale`
-Override the locale during creation of the database. Defaults to the default defined during installation.
+Default value: 'postgres'.
-####`grant`
-Grant permissions during creation. Defaults to `ALL`.
+##### `psql_user`
-####`istemplate`
-Define database as a template. Defaults to `false`.
+Specifies the OS user for running `psql`.
-###Resource: postgresql::database
-This defined type can be used to create a database with no users and no permissions, which is a rare use case.
+Default value: The default user for the module, usually 'postgres'.
-####`namevar`
-Name of the database to create.
+##### `role`
-####`owner`
-Name of the database user who should be set as the owner of the database. Defaults to `$postgresql::params::user`.
+Specifies the role or user whom you are granting access to.
-####`tablespace`
-Tablespace for where to create this database. Defaults to the defaults defined during PostgreSQL installation.
+#### postgresql::server::extension
-####`charset`
-Override the character set during creation of the database. Defaults to the default defined during installation.
+Manages a PostgreSQL extension.
-####`locale`
-Override the locale during creation of the database. Defaults to the default defined during installation.
+##### `database`
-####`istemplate`
-Define database as a template. Defaults to `false`.
+Specifies the database on which to activate the extension.
-###Resource: postgresql::database\_grant
-This defined type manages grant based access privileges for users. Consult the PostgreSQL documentation for `grant` for more information.
+##### `ensure`
-####`namevar`
-Used to uniquely identify this resource, but functionality not used during grant.
+Specifies whether to activate or deactivate the extension.
-####`privilege`
-Can be one of `SELECT`, `TEMPORARY`, `TEMP`, `CONNECT`. `ALL` is used as a synonym for `CREATE`. If you need to add multiple privileges, a space delimited string can be used.
+Valid options: 'present' or 'absent'.
-####`db`
-Database to grant access to.
+#### `extension`
-####`role`
-Role or user whom you are granting access for.
+Specifies the extension to activate. If left blank, uses the name of the resource.
-####`psql_db`
-Database to execute the grant against. This should not ordinarily be changed from the default, which is `postgres`.
+##### `package_name`
-####`psql_user`
-OS user for running `psql`. Defaults to the default user for the module, usually `postgres`.
+Specifies a package to install prior to activating the extension.
-###Resource: postgresql::table\_grant
-This defined type manages grant based access privileges for users. Consult the PostgreSQL documentation for `grant` for more information.
+##### `package_ensure`
-####`namevar`
-Used to uniquely identify this resource, but functionality not used during grant.
+Overrides default package deletion behavior.
-####`privilege`
-Can be one of `SELECT`, `INSERT`, `UPDATE`, `REFERENCES`. `ALL` is used as a synonym for `CREATE`. If you need to add multiple privileges, a space delimited string can be used.
+By default, the package specified with `package_name` is installed when the extension is activated and removed when the extension is deactivated. To override this behavior, set the `ensure` value for the package.
-####`table`
-Table to grant access on.
+#### postgresql::server::grant
-####`db`
-Database of table.
+Manages grant-based access privileges for roles. See [PostgreSQL documentation for `grant`](http://www.postgresql.org/docs/current/static/sql-grant.html) for more information.
-####`role`
-Role or user whom you are granting access for.
+##### `db`
-####`psql_db`
-Database to execute the grant against. This should not ordinarily be changed from the default, which is `postgres`.
+Specifies the database to which you are granting access.
-####`psql_user`
-OS user for running `psql`. Defaults to the default user for the module, usually `postgres`.
+##### `object_type`
-###Resource: postgresql::role
-This resource creates a role or user in PostgreSQL.
+Specifies the type of object to which you are granting privileges.
-####`namevar`
-The role name to create.
+Valid options: 'DATABASE', 'SCHEMA', 'SEQUENCE', 'ALL SEQUENCES IN SCHEMA', 'TABLE' or 'ALL TABLES IN SCHEMA'.
-####`password_hash`
-The hash to use during password creation. Use the `postgresql_password` function to provide an MD5 hash here.
+##### `object_name`
-####`createdb`
-Weither to grant the ability to create new databases with this role. Defaults to `false`.
+Specifies name of `object_type` to which to grant access.
-####`createrole`
-Weither to grant the ability to create new roles with this role. Defaults to `false`.
+##### `port`
-####`login`
-Weither to grant login capability for the new role. Defaults to `false`.
+Port to use when connecting.
-####`superuser`
-Weither to grant super user capability for the new role. Defaults to `false`.
+Default value: `undef`, which generally defaults to port 5432 depending on your PostgreSQL packaging.
-####`replication`
-If `true` provides replication capabilities for this role. Defaults to `false`.
+##### `privilege`
-####`connection_limit`
-Specifies how many concurrent connections the role can make. Defaults to `-1` meaning no limit.
+Specifies the privilege to grant.
-###Resource: postgresql::tablespace
-This defined type can be used to create a tablespace. For example:
+Valid options: 'ALL', 'ALL PRIVILEGES' or 'object_type' dependent string.
- postgresql::tablespace{ 'tablespace1':
- location => '/srv/space1',
- }
+##### `psql_db`
-It will create the location if necessary, assigning it the same permissions as your
-PostgreSQL server.
+Specifies the database to execute the grant against.
-####`namevar`
-The tablespace name to create.
+**This should not ordinarily be changed from the default**
-####`location`
-The path to locate this tablespace.
+Default value: 'postgres'.
-####`owner`
-The default owner of the tablespace.
+##### `psql_user`
-###Resource: postgresql::validate\_db\_connection
-This resource can be utilised inside composite manifests to validate that a client has a valid connection with a remote PostgreSQL database. It can be ran from any node where the PostgreSQL client software is installed to validate connectivity before commencing other dependent tasks in your Puppet manifests, so it is often used when chained to other tasks such as: starting an application server, performing a database migration.
+Sets the OS user to run `psql`.
-Example usage:
+Default value: the default user for the module, usually 'postgres'.
+
+##### `role`
+
+Specifies the role or user whom you are granting access to.
+
+#### postgresql::server::grant_role
+
+Allows you to assign a role to a (group) role. See [PostgreSQL documentation for `Role Membership`](http://www.postgresql.org/docs/current/static/role-membership.html) for more information.
+
+##### `group`
+
+Specifies the group role to which you are assigning a role.
+
+##### `role`
+
+Specifies the role you want to assign to a group. If left blank, uses the name of the resource.
+
+##### `ensure`
+
+Specifies whether to grant or revoke the membership.
- postgresql::validate_db_connection { 'validate my postgres connection':
- database_host => 'my.postgres.host',
- database_username => 'mydbuser',
- database_password => 'mydbpassword',
- database_name => 'mydbname',
- }->
- exec { 'rake db:migrate':
- cwd => '/opt/myrubyapp',
- }
+Valid options: 'present' or 'absent'.
-####`namevar`
-Uniquely identify this resource, but functionally does nothing.
+Default value: 'present'.
-####`database_host`
-The hostname of the database you wish to test.
+##### `port`
-####`database_port`
Port to use when connecting.
-####`database_name`
-The name of the database you wish to test.
+Default value: `undef`, which generally defaults to port 5432 depending on your PostgreSQL packaging.
-####`database_username`
-Username to connect with.
+##### `psql_db`
-####`database_password`
-Password to connect with. Can be left blank, but that is not recommended.
+Specifies the database to execute the grant against.
-###Resource: postgresql::pg\_hba\_rule
-This defined type allows you to create an access rule for `pg_hba.conf`. For more details see the [PostgreSQL documentation](http://www.postgresql.org/docs/8.2/static/auth-pg-hba-conf.html).
+**This should not ordinarily be changed from the default**
-For example:
+Default value: 'postgres'.
- postgresql::pg_hba_rule { 'allow application network to access app database':
- description => "Open up postgresql for access from 200.1.2.0/24",
- type => 'host',
- database => 'app',
- user => 'app',
- address => '200.1.2.0/24',
- auth_method => 'md5',
- }
+##### `psql_user`
-This would create a ruleset in `pg_hba.conf` similar to:
+Sets the OS user to run `psql`.
+
+Default value: the default user for the module, usually `postgres`.
+
+##### `connect_settings`
+
+Specifies a hash of environment variables used when connecting to a remote server.
- # Rule Name: allow application network to access app database
- # Description: Open up postgresql for access from 200.1.2.0/24
- # Order: 150
- host app app 200.1.2.0/24 md5
+Default value: Connects to the local Postgres instance.
-####`namevar`
-A unique identifier or short description for this rule. The namevar doesn't provide any functional usage, but it is stored in the comments of the produced `pg_hba.conf` so the originating resource can be identified.
+#### postgresql::server::pg_hba_rule
-####`description`
-A longer description for this rule if required. Defaults to `none`. This description is placed in the comments above the rule in `pg_hba.conf`.
+Allows you to create an access rule for `pg_hba.conf`. For more details see the [usage example](#create-an-access-rule-for-pghba.conf) and the [PostgreSQL documentation](http://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html).
-####`type`
-The type of rule, this is usually one of: `local`, `host`, `hostssl` or `hostnossl`.
+##### `address`
-####`database`
-A comma separated list of databases that this rule matches.
+Sets a CIDR based address for this rule matching when the type is not 'local'.
-####`user`
-A comma separated list of database users that this rule matches.
+##### `auth_method`
-####`address`
-If the type is not 'local' you can provide a CIDR based address here for rule matching.
+Provides the method that is used for authentication for the connection that this rule matches. Described further in the PostgreSQL `pg_hba.conf` documentation.
-####`auth_method`
-The `auth_method` is described further in the `pg_hba.conf` documentation, but it provides the method that is used for authentication for the connection that this rule matches.
+##### `auth_option`
-####`auth_option`
For certain `auth_method` settings there are extra options that can be passed. Consult the PostgreSQL `pg_hba.conf` documentation for further details.
-####`order`
-An order for placing the rule in `pg_hba.conf`. Defaults to `150`.
+##### `database`
+
+Sets a comma-separated list of databases that this rule matches.
+
+##### `description`
+
+Defines a longer description for this rule, if required. This description is placed in the comments above the rule in `pg_hba.conf`.
+
+Default value: 'none'.
+
+Specifies a way to uniquely identify this resource, but functionally does nothing.
+
+##### `order`
+
+Sets an order for placing the rule in `pg_hba.conf`.
+
+Default value: 150.
+
+#### `postgresql_version`
+
+Manages `pg_hba.conf` without managing the entire PostgreSQL instance.
+
+Default value: the version set in `postgresql::server`.
+
+##### `target`
+
+Provides the target for the rule, and is generally an internal only property.
+
+**Use with caution.**
+
+##### `type`
+
+Sets the type of rule.
+
+Valid options: 'local', 'host', 'hostssl' or 'hostnossl'.
+
+##### `user`
+
+Sets a comma-separated list of users that this rule matches.
+
+
+#### postgresql::server::pg_ident_rule
+
+Allows you to create user name maps for `pg_ident.conf`. For more details see the [usage example](#create-user-name-maps-for-pgidentconf) above and the [PostgreSQL documentation](http://www.postgresql.org/docs/current/static/auth-username-maps.html).
+
+##### `database_username`
+
+Specifies the user name of the database user. The `system_username` is mapped to this user name.
+
+##### `description`
+
+Sets a longer description for this rule if required. This description is placed in the comments above the rule in `pg_ident.conf`.
+
+Default value: 'none'.
+
+##### `map_name`
+
+Sets the name of the user map that is used to refer to this mapping in `pg_hba.conf`.
+
+##### `order`
+
+Defines an order for placing the mapping in `pg_ident.conf`.
+
+Default value: 150.
+
+##### `system_username`
+
+Specifies the operating system user name (the user name used to connect to the database).
+
+##### `target`
+
+Provides the target for the rule and is generally an internal only property.
+
+**Use with caution.**
+
+#### postgresql::server::reassign_owned_by
+
+Runs the PostgreSQL command 'REASSIGN OWNED' on a database, to transfer the ownership of existing objects between database roles
+
+##### `db`
+
+Specifies the database to which the 'REASSIGN OWNED' will be applied
+
+##### `old_role`
+
+Specifies the role or user who is the current owner of the objects in the specified db
+
+##### `new_role`
+
+Specifies the role or user who will be the new owner of these objects
+
+##### `psql_user`
+
+Specifies the OS user for running `psql`.
+
+Default value: The default user for the module, usually 'postgres'.
+
+##### `port`
+
+Port to use when connecting.
+
+Default value: `undef`, which generally defaults to port 5432 depending on your PostgreSQL packaging.
+
+##### `connect_settings`
+
+Specifies a hash of environment variables used when connecting to a remote server.
+
+Default value: Connects to the local Postgres instance.
+
+#### postgresql::server::recovery
+
+Allows you to create the content for `recovery.conf`. For more details see the [usage example](#create-recovery-configuration) and the [PostgreSQL documentation](http://www.postgresql.org/docs/current/static/recovery-config.html).
+
+Every parameter value is a string set in the template except `recovery_target_inclusive`, `pause_at_recovery_target`, `standby_mode` and `recovery_min_apply_delay`.
+
+A detailed description of all listed parameters can be found in the [PostgreSQL documentation](http://www.postgresql.org/docs/current/static/recovery-config.html).
+
+The parameters are grouped into these three sections:
+
+##### [Archive Recovery Parameters](http://www.postgresql.org/docs/current/static/archive-recovery-settings.html)
+
+* `restore_command`
+* `archive_cleanup_command`
+* `recovery_end_command`
+
+##### [Recovery Target Settings](http://www.postgresql.org/docs/current/static/recovery-target-settings.html)
+* `recovery_target_name`
+* `recovery_target_time`
+* `recovery_target_xid`
+* `recovery_target_inclusive`
+* `recovery_target`
+* `recovery_target_timeline`
+* `pause_at_recovery_target`
+
+##### [Standby Server Settings](http://www.postgresql.org/docs/current/static/standby-settings.html)
+* `standby_mode`: Can be specified with the string ('on'/'off'), or by using a Boolean value (`true`/`false`).
+* `primary_conninfo`
+* `primary_slot_name`
+* `trigger_file`
+* `recovery_min_apply_delay`
+
+##### `target`
+Provides the target for the rule, and is generally an internal only property.
+
+**Use with caution.**
+
+#### postgresql::server::role
+Creates a role or user in PostgreSQL.
+
+##### `connection_limit`
+Specifies how many concurrent connections the role can make.
+
+Default value: '-1', meaning no limit.
+
+##### `connect_settings`
+Specifies a hash of environment variables used when connecting to a remote server.
+
+Default value: Connects to the local Postgres instance.
+
+##### `createdb`
+Specifies whether to grant the ability to create new databases with this role.
+
+Default value: `false`.
+
+##### `createrole`
+Specifies whether to grant the ability to create new roles with this role.
+
+Default value: `false`.
+
+##### `inherit`
+Specifies whether to grant inherit capability for the new role.
+
+Default value: `true`.
+
+##### `login`
+Specifies whether to grant login capability for the new role.
+
+Default value: `true`.
+
+##### `password_hash`
+Sets the hash to use during password creation. If the password is not already pre-encrypted in a format that PostgreSQL supports, use the `postgresql_password` function to provide an MD5 hash here, for example:
+
+##### `update_password`
+If set to true, updates the password on changes. Set this to false to not modify the role's password after creation.
+
+```puppet
+postgresql::server::role { 'myusername':
+ password_hash => postgresql_password('myusername', 'mypassword'),
+}
+```
+
+##### `replication`
+
+Provides provides replication capabilities for this role if set to `true`.
+
+Default value: `false`.
+
+##### `superuser`
+
+Specifies whether to grant super user capability for the new role.
+
+Default value: `false`.
+
+##### `username`
+
+Defines the username of the role to create.
+
+Default value: the namevar.
+
+#### postgresql::server::schema
+
+Creates a schema.
+
+##### `connect_settings`
+
+Specifies a hash of environment variables used when connecting to a remote server.
+
+Default value: Connects to the local Postgres instance.
+
+##### `db`
+
+Required.
+
+Sets the name of the database in which to create this schema.
+
+##### `owner`
+
+Sets the default owner of the schema.
+
+##### `schema`
+
+Sets the name of the schema.
+
+Default value: the namevar.
+
+#### postgresql::server::table_grant
+
+Manages grant-based access privileges for users. Consult the PostgreSQL documentation for `grant` for more information.
+
+##### `connect_settings`
+
+Specifies a hash of environment variables used when connecting to a remote server.
+
+Default value: Connects to the local Postgres instance.
-####`target`
-This provides the target for the rule, and is generally an internal only property. Use with caution.
+##### `db`
-###Function: postgresql\_password
-If you need to generate a postgres encrypted password, use `postgresql_password`. You can call it from your production manifests if you don't mind them containing the clear text versions of your passwords, or you can call it from the command line and then copy and paste the encrypted password into your manifest:
+Specifies which database the table is in.
- $ puppet apply --execute 'notify { "test": message => postgresql_password("username", "password") }'
+##### `privilege`
-###Function: postgresql\_acls\_to\_resources\_hash(acl\_array, id, order\_offset)
-This internal function converts a list of `pg_hba.conf` based acls (passed in as an array of strings) to a format compatible with the `postgresql::pg_hba_rule` resource.
+Specifies comma-separated list of privileges to grant. Valid options: 'ALL', 'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER'.
+
+##### `psql_db`
+
+Specifies the database to execute the grant against.
+
+This should not ordinarily be changed from the default.
+
+Default value: 'postgres'.
+
+##### `psql_user`
+
+Specifies the OS user for running `psql`.
+
+Default value: The default user for the module, usually 'postgres'.
+
+##### `role`
+
+Specifies the role or user to whom you are granting access.
+
+##### `table`
+
+Specifies the table to which you are granting access.
+
+#### postgresql::server::tablespace
+
+Creates a tablespace. If necessary, also creates the location and assigns the same permissions as the PostgreSQL server.
+
+##### `connect_settings`
+
+Specifies a hash of environment variables used when connecting to a remote server.
+
+Default value: Connects to the local Postgres instance.
+
+##### `location`
+
+Specifies the path to locate this tablespace.
+
+##### `owner`
+
+Specifies the default owner of the tablespace.
+
+##### `spcname`
+
+Specifies the name of the tablespace.
+
+Default value: the namevar.
+
+### Types
+
+#### postgresql_psql
+
+Enables Puppet to run psql statements.
+
+##### `command`
+
+Required.
+
+Specifies the SQL command to execute via psql.
+
+##### `cwd`
+
+Specifies the working directory under which the psql command should be executed.
+
+Default value: '/tmp'.
+
+##### `db`
+
+Specifies the name of the database to execute the SQL command against.
+
+##### `environment`
+
+Specifies any additional environment variables you want to set for a SQL command. Multiple environment variables should be specified as an array.
+
+##### `name`
+
+Sets an arbitrary tag for your own reference; the name of the message. This is the namevar.
+
+##### `onlyif`
+
+Sets an optional SQL command to execute prior to the main command. This is generally intended to be used for idempotency, to check for the existence of an object in the database to determine whether or not the main SQL command needs to be executed at all.
+
+##### `port`
+
+Specifies the port of the database server to execute the SQL command against.
+
+##### `psql_group`
+
+Specifies the system user group account under which the psql command should be executed.
+
+Default value: 'postgres'.
+
+##### `psql_path`
+
+Specifies the path to psql executable.
+
+Default value: 'psql'.
+
+##### `psql_user`
+
+Specifies the system user account under which the psql command should be executed.
+
+Default value: 'postgres'.
+
+##### `refreshonly`
+
+Specifies whether to execute the SQL only if there is a notify or subscribe event.
+
+Valid values: `true`, `false`.
+
+Default value: `false`.
+
+##### `search_path`
+
+Defines the schema search path to use when executing the SQL command.
+
+##### `unless`
+
+The inverse of `onlyif`.
+
+#### postgresql_conf
+
+Allows Puppet to manage `postgresql.conf` parameters.
+
+##### `name`
+
+Specifies the PostgreSQL parameter name to manage.
+
+This is the namevar.
+
+##### `target`
+
+Specifies the path to `postgresql.conf`.
+
+Default value: '/etc/postgresql.conf'.
+
+##### `value`
+
+Specifies the value to set for this parameter.
+
+#### postgresql_replication_slot
+
+Allows you to create and destroy replication slots to register warm standby replication on a PostgreSQL master server.
+
+##### `name`
+
+Specifies the name of the slot to create. Must be a valid replication slot name.
+
+This is the namevar.
+
+##### `ensure`
+
+Required.
+
+Specifies the action to create or destroy named slot.
+
+Valid values: 'present', 'absent'.
+
+Default value: 'present'.
+
+#### postgresql_conn_validator
+
+Validate the connection to a local or remote PostgreSQL database using this type.
+
+##### `connect_settings`
+
+Specifies a hash of environment variables used when connecting to a remote server. This is an alternative to providing individual parameters (`host`, etc). If provided, the individual parameters take precedence.
+
+Default value: {}
+
+##### `db_name`
+
+Specifies the name of the database you wish to test.
+
+Default value: ''
+
+##### `db_password`
+
+Specifies the password to connect with. Can be left blank if `.pgpass` is being used, otherwise not recommended.
+
+Default value: ''
+
+##### `db_username`
+
+Specifies the username to connect with.
+
+Default value: ''
+
+When using a Unix socket and ident auth, this is the user you are running as.
+
+##### `command`
+
+This is the command run against the target database to verify connectivity.
+
+Default value: 'SELECT 1'
+
+##### `host`
+
+Sets the hostname of the database you wish to test.
+
+Default value: '', which generally uses the designated local Unix socket.
+
+**If the host is remote you must provide a username.**
+
+##### `port`
+
+Defines the port to use when connecting.
+
+Default value: ''
+
+##### `run_as`
+
+Specifies the user to run the `psql` command as. This is important when trying to connect to a database locally using Unix sockets and `ident` authentication. Not needed for remote testing.
+
+##### `sleep`
+
+Sets the number of seconds to sleep for before trying again after a failure.
+
+##### `tries`
+
+Sets the number of attempts after failure before giving up and failing the resource.
+
+### Functions
+
+#### postgresql_password
+
+Generates a PostgreSQL encrypted password, use `postgresql_password`. Call it from the command line and then copy and paste the encrypted password into your manifest:
+
+```shell
+puppet apply --execute 'notify { 'test': message => postgresql_password('username', 'password') }'
+```
+
+Alternatively, you can call this from your production manifests, but the manifests will then contain a clear text version of your passwords.
+
+#### postgresql_acls_to_resources_hash(acl_array, id, order_offset)
+
+This internal function converts a list of `pg_hba.conf` based ACLs (passed in as an array of strings) to a format compatible with the `postgresql::pg_hba_rule` resource.
**This function should only be used internally by the module**.
-###Fact: postgres\_default\_version
-The module provides a Facter fact that can be used to determine what the default version of postgres is for your operating system/distribution. Depending on the distribution, it might be 8.1, 8.4, 9.1, or possibly another version. This can be useful in a few cases, like when building path strings for the postgres directories.
+## Limitations
+
+Works with versions of PostgreSQL from 8.1 through 9.5.
+
+Currently, the postgresql module is tested on the following operating systems:
+
+* Debian 6.x, 7.x, 8.x.
+* CentOS 5.x, 6.x, and 7.x.
+* Ubuntu 10.04 and 12.04, 14.04.
-Limitations
-------------
+Other systems might be compatible, but are not being actively tested.
-Works with versions of PostgreSQL from 8.1 through 9.2.
+### Apt module support
-Development
-------------
+While this module supports both 1.x and 2.x versions of the 'puppetlabs-apt' module, it does not support 'puppetlabs-apt' 2.0.0 or 2.0.1.
-Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can't access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.
+### PostGIS support
-We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.
+PostGIS is currently considered an unsupported feature, as it doesn't work on all platforms correctly.
-You can read the complete module contribution guide [on the Puppet Labs wiki.](http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing)
+### All versions of RHEL/CentOS
+
+If you have SELinux enabled you must add any custom ports you use to the `postgresql_port_t` context. You can do this as follows:
+
+```shell
+semanage port -a -t postgresql_port_t -p tcp $customport
+```
+
+## Development
+
+Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad hardware, software, and deployment configurations that Puppet is intended to serve. We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. For more information, see our [module contribution guide](https://docs.puppetlabs.com/forge/contributing.html).
### Tests
-There are two types of tests distributed with the module. Unit tests with rspec-puppet and system tests using rspec-system.
+There are two types of tests distributed with this module. Unit tests with `rspec-puppet` and system tests using `rspec-system`.
For unit testing, make sure you have:
Install the necessary gems:
- bundle install --path=vendor
+```shell
+bundle install --path=vendor
+```
And then run the unit tests:
- bundle exec rake spec
+```shell
+bundle exec rake spec
+```
-The unit tests are ran in Travis-CI as well, if you want to see the results of your own tests regsiter the service hook through Travis-CI via the accounts section for your Github clone of this project.
+The unit tests are run in Travis-CI as well. If you want to see the results of your own tests, register the service hook through Travis-CI via the accounts section for your GitHub clone of this project.
-If you want to run the system tests, make sure you also have:
+To run the system tests, make sure you also have:
-* vagrant > 1.2.x
-* Virtualbox > 4.2.10
+* Vagrant > 1.2.x
+* VirtualBox > 4.2.10
Then run the tests using:
- bundle exec rake spec:system
-
-To run the tests on different operating systems, see the sets available in .nodeset.yml and run the specific set with the following syntax:
-
- RSPEC_SET=debian-607-x64 bundle exec rake spec:system
-
-Transfer Notice
-----------------
-
-This Puppet module was originally authored by Inkling Systems. The maintainer preferred that Puppet Labs take ownership of the module for future improvement and maintenance as Puppet Labs is using it in the PuppetDB module. Existing pull requests and issues were transferred over, please fork and continue to contribute here instead of Inkling.
-
-Previously: [https://github.com/inkling/puppet-postgresql](https://github.com/inkling/puppet-postgresql)
-
-Contributors
-------------
-
- * Andrew Moon
- * [Kenn Knowles](https://github.com/kennknowles) ([@kennknowles](https://twitter.com/KennKnowles))
- * Adrien Thebo
- * Albert Koch
- * Andreas Ntaflos
- * Brett Porter
- * Chris Price
- * dharwood
- * Etienne Pelletier
- * Florin Broasca
- * Henrik
- * Hunter Haugen
- * Jari Bakken
- * Jordi Boggiano
- * Ken Barber
- * nzakaria
- * Richard Arends
- * Spenser Gilliland
- * stormcrow
- * William Van Hevelingen
+```shell
+bundle exec rspec spec/acceptance
+```
+
+To run the tests on different operating systems, see the sets available in `.nodeset.yml` and run the specific set with the following syntax:
+
+```shell
+RSPEC_SET=debian-607-x64 bundle exec rspec spec/acceptance
+```
+
+### Contributors
+
+View the full list of contributors on [Github](https://github.com/puppetlabs/puppetlabs-postgresql/graphs/contributors).
-require 'rubygems'
-require 'bundler/setup'
-
-Bundler.require :default
-
require 'puppetlabs_spec_helper/rake_tasks'
-require 'rspec-system/rake_task'
require 'puppet-lint/tasks/puppet-lint'
+require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any?
+
+PuppetLint.configuration.fail_on_warnings = true
+PuppetLint.configuration.send('relative')
+
+desc 'Generate pooler nodesets'
+task :gen_nodeset do
+ require 'beaker-hostgenerator'
+ require 'securerandom'
+ require 'fileutils'
+
+ agent_target = ENV['TEST_TARGET']
+ if ! agent_target
+ STDERR.puts 'TEST_TARGET environment variable is not set'
+ STDERR.puts 'setting to default value of "redhat-64default."'
+ agent_target = 'redhat-64default.'
+ end
+
+ master_target = ENV['MASTER_TEST_TARGET']
+ if ! master_target
+ STDERR.puts 'MASTER_TEST_TARGET environment variable is not set'
+ STDERR.puts 'setting to default value of "redhat7-64mdcl"'
+ master_target = 'redhat7-64mdcl'
+ end
-task :default do
- sh %{rake -T}
+ targets = "#{master_target}-#{agent_target}"
+ cli = BeakerHostGenerator::CLI.new([targets])
+ nodeset_dir = "tmp/nodesets"
+ nodeset = "#{nodeset_dir}/#{targets}-#{SecureRandom.uuid}.yaml"
+ FileUtils.mkdir_p(nodeset_dir)
+ File.open(nodeset, 'w') do |fh|
+ fh.print(cli.execute)
+ end
+ puts nodeset
end
--- /dev/null
+{
+ "CHANGELOG.md": "468820280086e5a8f827737419109fd0",
+ "CONTRIBUTING.md": "77d0440d7cd4206497f99065c60bed46",
+ "Gemfile": "bedf635025b279d7c7732adcc8ae9a29",
+ "LICENSE": "3b83ef96387f14655fc854ddc3c6bd57",
+ "MAINTAINERS.md": "dede2640dfb244b2d67a280ed6496381",
+ "NOTICE": "7e066b054e0d528cc400e4b1adfb071d",
+ "README.md": "fd900828b709bdfeda5f9ab78189841b",
+ "Rakefile": "3851f083966b9bbd6d46e50dba5aa52a",
+ "files/RPM-GPG-KEY-PGDG": "78b5db170d33f80ad5a47863a7476b22",
+ "files/validate_postgresql_connection.sh": "63814aa224fed8d032bba75fbcdb63e1",
+ "lib/puppet/parser/functions/postgresql_acls_to_resources_hash.rb": "36bd86b3ce18f7acedaca34a1d880cba",
+ "lib/puppet/parser/functions/postgresql_escape.rb": "41a42275ce59d8588f3d4b4918d64392",
+ "lib/puppet/parser/functions/postgresql_password.rb": "856b268e0d517dfcadc89bc2544e60ef",
+ "lib/puppet/provider/postgresql_conf/parsed.rb": "6d3d15c73db2eb9f632218fa256d024a",
+ "lib/puppet/provider/postgresql_conn_validator/ruby.rb": "73eb74df07bdc3d98cbadb142bc16a03",
+ "lib/puppet/provider/postgresql_psql/ruby.rb": "bfb519df4ada462cdb21c5b82d19628f",
+ "lib/puppet/provider/postgresql_replication_slot/ruby.rb": "dcd93860861c530a12f1233334ea5f17",
+ "lib/puppet/type/postgresql_conf.rb": "95c73ca169db02aa1128ae3baa2f7399",
+ "lib/puppet/type/postgresql_conn_validator.rb": "ba734a1bc4284f45f3805f8f47871ef8",
+ "lib/puppet/type/postgresql_psql.rb": "d45a5f688c15b69114996fbe0232664f",
+ "lib/puppet/type/postgresql_replication_slot.rb": "cd9362cdb569945ca42986d005e88bcb",
+ "lib/puppet/util/postgresql_validator.rb": "e5e9289a3c691596df1fb4558588b142",
+ "locales/config.yaml": "b3045cc5f9008669749bd431510691e1",
+ "locales/ja/puppetlabs-postgresql.po": "285623cbf0526ec90f8b14ff9ead5646",
+ "locales/puppetlabs-postgresql.pot": "6269eb34430618683eabcbbf5da88b7c",
+ "manifests/client.pp": "4f1010b71fdd408b09e066448d31ee24",
+ "manifests/globals.pp": "c0ba7d7deb7c1fcd2b9f464a2b8e2657",
+ "manifests/lib/devel.pp": "ad16d397e4162cbfc7526308576a289d",
+ "manifests/lib/docs.pp": "1712d71f6f871790bc5bc809d724fcad",
+ "manifests/lib/java.pp": "01a31e39438dcad96202efc62ad4eb51",
+ "manifests/lib/perl.pp": "31321952e971b001e60f604ebd3fa6db",
+ "manifests/lib/python.pp": "43f77ea57e29a95baf3d891f36df87f1",
+ "manifests/params.pp": "8951af1c30b0ba13c3d78773b71bcdf4",
+ "manifests/repo/apt_postgresql_org.pp": "e21e5d7cf57b64e85a9d4426a6806562",
+ "manifests/repo/yum_postgresql_org.pp": "82cd0adf5a3ca614c1258042dcc04508",
+ "manifests/repo.pp": "c7569fd4a3fb277b3706bbddd24ef2ed",
+ "manifests/server/config.pp": "a31175115c5cc674617214c259186a91",
+ "manifests/server/config_entry.pp": "fb90b0649ba69ededc96e7df6d8efd59",
+ "manifests/server/contrib.pp": "e8a9586c5bc9c9b781902d3bc262799b",
+ "manifests/server/database.pp": "4de4db83e23f88a5cd2e0b68ec5ecebe",
+ "manifests/server/database_grant.pp": "ceda31baba15a6189c57c5cff2bf4512",
+ "manifests/server/db.pp": "9fcadbe5737068bdefa818b09c7ab08f",
+ "manifests/server/extension.pp": "f1dc8fd41e11013ee32a595362bd610b",
+ "manifests/server/grant.pp": "1465d2a20e34caa4b729ca16361ada3c",
+ "manifests/server/grant_role.pp": "88ce9e29ffb806491e041ddbee0d9bb5",
+ "manifests/server/initdb.pp": "3f25fa90a6a3c89bb94eb05746776dc0",
+ "manifests/server/install.pp": "e0ff19f2a4dc8a4814e0ee62786d1387",
+ "manifests/server/passwd.pp": "5ec205c563ef675db86e8f6a7c5ff46c",
+ "manifests/server/pg_hba_rule.pp": "3b610d64971ddf89eb038e3cd343a2a7",
+ "manifests/server/pg_ident_rule.pp": "0fa70e2d42d17c59f41bd3351d5d96fb",
+ "manifests/server/plperl.pp": "9253cd4d76c18566fa2bf9619bb76017",
+ "manifests/server/plpython.pp": "712d1e2539018a04614f6522e9f5d9a5",
+ "manifests/server/postgis.pp": "50cbd9a653408d23c0e276c30639befa",
+ "manifests/server/reassign_owned_by.pp": "70f795a9a53da55202553a40bf0661ca",
+ "manifests/server/recovery.pp": "e3b559cae82bd2c890f40cb7949bbe81",
+ "manifests/server/reload.pp": "218ac61018f7fab71f250284c4b879d0",
+ "manifests/server/role.pp": "bcb6c7fada5f8169789d1c5a0acd0a69",
+ "manifests/server/schema.pp": "e48c80a34f2be53283e05e456b73b77e",
+ "manifests/server/service.pp": "6ae7e30e1bbd8464c29267758429916e",
+ "manifests/server/table_grant.pp": "e2abea574f7eb295fc56313f4896a9fc",
+ "manifests/server/tablespace.pp": "79e486a94083335aa139c52120897c1f",
+ "manifests/server.pp": "49264f4fae30bfef5d2f95f89347bb4d",
+ "manifests/validate_db_connection.pp": "b5a853e96310125c2d895bacc33f2c38",
+ "metadata.json": "6f67b4f483e6359767df0dc1f7eeafca",
+ "readmes/README_ja_JP.md": "8eba095508ccac02ba12abd991128192",
+ "spec/acceptance/00-utf8_encoding_spec.rb": "ac20cfbaf4efce7c8b499d32bdec47d7",
+ "spec/acceptance/alternative_port_spec.rb": "7f883762a8e17941a96371e96d12c06b",
+ "spec/acceptance/db_spec.rb": "584f18e493be29571be23c3af3bc39bc",
+ "spec/acceptance/default_parameters_spec.rb": "82bb1fd9e71f6084b71ca34ba73ff05b",
+ "spec/acceptance/nodesets/centos-7-x64.yml": "a713f3abd3657f0ae2878829badd23cd",
+ "spec/acceptance/nodesets/debian-8-x64.yml": "d2d2977900989f30086ad251a14a1f39",
+ "spec/acceptance/nodesets/default.yml": "b42da5a1ea0c964567ba7495574b8808",
+ "spec/acceptance/nodesets/docker/centos-7.yml": "8a3892807bdd62306ae4774f41ba11ae",
+ "spec/acceptance/nodesets/docker/debian-8.yml": "ac8e871d1068c96de5e85a89daaec6df",
+ "spec/acceptance/nodesets/docker/ubuntu-14.04.yml": "dc42ee922a96908d85b8f0f08203ce58",
+ "spec/acceptance/postgresql_conn_validator_spec.rb": "5d9d29bb9d83f7ee9915260ae64c648e",
+ "spec/acceptance/postgresql_psql_spec.rb": "5d70b4c3e35f1b5fc89a768498f74987",
+ "spec/acceptance/remote_access_spec.rb": "4f2261af3b20d3556c50d3af2daef7d1",
+ "spec/acceptance/server/config_entry_spec.rb": "ea8f59a0824c8326a9aea2bab9a49b7f",
+ "spec/acceptance/server/grant_role_spec.rb": "ce3c5620a3489d896c36df7379a7707a",
+ "spec/acceptance/server/grant_spec.rb": "a21789c35943a5e89066523dd3246b0d",
+ "spec/acceptance/server/reassign_owned_by_spec.rb": "166bfea4fb6287854a7b4d15a389e764",
+ "spec/acceptance/server/recovery_spec.rb": "04c87359a23d3ac297ccf49127111ac1",
+ "spec/acceptance/server/schema_spec.rb": "7cb9e58ccc24d0e4231b36ca22274ffd",
+ "spec/acceptance/z_alternative_pgdata_spec.rb": "cbff072f96be283ab1607febd7c1b7ef",
+ "spec/spec_helper.rb": "b2db3bc02b4ac2fd5142a6621c641b07",
+ "spec/spec_helper_acceptance.rb": "675f253b1ad46680727637c01a6f522f",
+ "spec/spec_helper_local.rb": "3a50ad073f49d04a019212652a67c6ba",
+ "spec/unit/classes/client_spec.rb": "bb1bac2c6f7ee93a18cbe083d17eb88f",
+ "spec/unit/classes/globals_spec.rb": "183f881df5dc07ebc051fa755c71ed96",
+ "spec/unit/classes/lib/devel_spec.rb": "7da9ec3cd4f50bf70d97a031084d3688",
+ "spec/unit/classes/lib/java_spec.rb": "0e5703c0b1883364d0fca5a5883ed816",
+ "spec/unit/classes/lib/perl_spec.rb": "748a923db31aa42b3ee2fa5ac534d0d6",
+ "spec/unit/classes/lib/pgdocs_spec.rb": "edd7c5b7fee837d8975c6a1b11954095",
+ "spec/unit/classes/lib/python_spec.rb": "085a1fd6809298d8774b8fd84157908d",
+ "spec/unit/classes/params_spec.rb": "af9c9224fb32b0e64bf575275167bebf",
+ "spec/unit/classes/repo_spec.rb": "7e17538535713864e80922192d73f292",
+ "spec/unit/classes/server/config_spec.rb": "5b53adff4390bf18e40ab57cc74cf2b4",
+ "spec/unit/classes/server/contrib_spec.rb": "8df44d850f535327c5898693b788f56d",
+ "spec/unit/classes/server/initdb_spec.rb": "9b4948e496782922c127b52867bd9cd0",
+ "spec/unit/classes/server/plperl_spec.rb": "5fb32ffacadf95aa84646e32017a30f4",
+ "spec/unit/classes/server/plpython_spec.rb": "3b9cab37936cee039536660926b8e32d",
+ "spec/unit/classes/server/postgis_spec.rb": "3975f38629148de15fd2cd87385f8e2e",
+ "spec/unit/classes/server_spec.rb": "2ec89e7b8a4418bfeb0c8851a6b8536e",
+ "spec/unit/defines/server/config_entry_spec.rb": "f8c337f65849e921110678bf3fb4586b",
+ "spec/unit/defines/server/database_grant_spec.rb": "52e7ba3370d10b7c23a7b29fffe1ff33",
+ "spec/unit/defines/server/database_spec.rb": "51a30d3b0210fa4bc220942b7bc8b483",
+ "spec/unit/defines/server/db_spec.rb": "33b0f3152a559f701acf1b1ee5485acd",
+ "spec/unit/defines/server/extension_spec.rb": "7e15125802b820edf7bd2fdb798a81cf",
+ "spec/unit/defines/server/grant_role_spec.rb": "832c496075043908e9645f8be789aa75",
+ "spec/unit/defines/server/grant_spec.rb": "300de2de6bdbac31fc56779679abcec5",
+ "spec/unit/defines/server/pg_hba_rule_spec.rb": "494d55db6e16d222d03718530cdf1e6c",
+ "spec/unit/defines/server/pg_ident_rule_spec.rb": "2e32da6f0f107359fc5ab5727812f853",
+ "spec/unit/defines/server/reassign_owned_by_spec.rb": "e26b5511cc4918629aaffa45c8eb703a",
+ "spec/unit/defines/server/recovery_spec.rb": "86fba4b913ebeef06be8e63c52e72044",
+ "spec/unit/defines/server/role_spec.rb": "269402d82175fb328d7e02d7e85e0d34",
+ "spec/unit/defines/server/schema_spec.rb": "fc110fde368c9265e4c0f18ff947d3bd",
+ "spec/unit/defines/server/table_grant_spec.rb": "21e375467a0635194d0f2e5effdcf22a",
+ "spec/unit/defines/server/tablespace_spec.rb": "efc3e4e4f1bf36b6bea5f1d7de81b5c7",
+ "spec/unit/defines/validate_db_connection_spec.rb": "29dc87f24f619700b5d46768d35d9869",
+ "spec/unit/functions/postgresql_acls_to_resources_hash_spec.rb": "ba576b0f385aa44fa352df6d5812f4ae",
+ "spec/unit/functions/postgresql_escape_spec.rb": "ed7d1a0f8feee7d7147c35b84b27e940",
+ "spec/unit/functions/postgresql_password_spec.rb": "0881299f7796b13a939315b08ae54feb",
+ "spec/unit/provider/postgresql_conf/parsed_spec.rb": "535a7a2f7c31d433e3540da4dd938fde",
+ "spec/unit/puppet/provider/postgresql_conn_validator/ruby_spec.rb": "38de27c823b9946388a8dbc2cb3aea70",
+ "spec/unit/puppet/provider/postgresql_psql/ruby_spec.rb": "f08cded8801a0a3d866515f7ec58a382",
+ "spec/unit/puppet/provider/postgresql_replication_slot/ruby_spec.rb": "641f5e82f4b92c2de28b361cbd3361f2",
+ "spec/unit/puppet/type/postgresql_conn_validator.rb": "d868eeaa611e39ea798ff2eae065cd85",
+ "spec/unit/puppet/type/postgresql_psql_spec.rb": "5ad61a59e91be0035a794842e33bf6f2",
+ "spec/unit/puppet/type/postgresql_replication_slot_spec.rb": "fcd735f400d0e981213b2ecb7cbcf0b0",
+ "spec/unit/type/postgresql_conf_spec.rb": "069ce03012044d4864d7e81b60f022e0",
+ "templates/pg_hba_rule.conf": "13b46eecdfd359eddff71fa485ef2f54",
+ "templates/pg_ident_rule.conf": "444c85172fd44262344588e83ebb2515",
+ "templates/recovery.conf.erb": "ea5dc47b65f7b9596244f7e9e48085ba",
+ "templates/systemd-override.erb": "8efd876775a4bb401803366ba90dd718"
+}
\ No newline at end of file
+++ /dev/null
-include postgresql::client
+++ /dev/null
-# This manifest shows an example of how you can use a newer version of
-# postgres from yum.postgresql.org or apt.postgresql.org, rather than your
-# system's default version.
-#
-# Note that it is important that you use the '->', or a
-# before/require metaparameter to make sure that the `params`
-# class is evaluated before any of the other classes in the module.
-#
-# Also note that this example includes automatic management of the yumrepo or
-# apt resource. If you'd prefer to manage the repo yourself, simply pass
-# 'false' or omit the 'manage_repo' parameter--it defaults to 'false'. You will
-# still need to use the 'postgresql' class to specify the postgres version
-# number, though, in order for the other classes to be able to find the
-# correct paths to the postgres dirs.
-class { 'postgresql':
- version => '9.2',
- manage_package_repo => true,
-}->
-class { 'postgresql::server': }
+++ /dev/null
-class { 'postgresql::server':
- config_hash => {
- 'ip_mask_deny_postgres_user' => '0.0.0.0/32',
- 'ip_mask_allow_all_users' => '0.0.0.0/0',
- 'listen_addresses' => '*',
- 'manage_redhat_firewall' => true,
- 'postgres_password' => 'postgres',
- },
-}
-
-postgresql::database{ ['test1', 'test2', 'test3']:
- # TODO: ensure not yet supported
- #ensure => present,
- charset => 'utf8',
- require => Class['postgresql::server'],
-}
-postgresql::database{ 'test4':
- # TODO: ensure not yet supported
- #ensure => present,
- charset => 'latin1',
- require => Class['postgresql::server'],
-}
+++ /dev/null
-class { 'postgresql::server':
- config_hash => {
- 'ip_mask_allow_all_users' => '0.0.0.0/0',
- 'listen_addresses' => '*',
- 'manage_redhat_firewall' => true,
-
- #'ip_mask_deny_postgres_user' => '0.0.0.0/32',
- #'postgres_password' => 'puppet',
- },
-}
-
-postgresql::db{ 'test1':
- user => 'test1',
- password => 'test1',
- grant => 'all',
-}
-
-postgresql::db{ 'test2':
- user => 'test2',
- password => postgresql_password('test2', 'test2'),
- grant => 'all',
-}
-
-postgresql::db{ 'test3':
- user => 'test3',
- # The password here is a copy/paste of the output of the 'postgresql_password'
- # function from this module, with a u/p of 'test3', 'test3'.
- password => 'md5e12234d4575a12bfd61d61294f32b086',
- grant => 'all',
-}
+++ /dev/null
-# TODO: in mysql module, the grant resource name might look like this: 'user@host/dbname';
-# I think that the API for the resource type should split these up, because it's
-# easier / safer to recombine them for mysql than it is to parse them for other
-# databases. Also, in the mysql module, the hostname portion of that string
-# affects the user's ability to connect from remote hosts. In postgres this is
-# managed via pg_hba.conf; not sure if we want to try to reconcile that difference
-# in the modules or not.
-postgresql::database_grant{'test1':
- # TODO: mysql supports an array of privileges here. We should do that if we
- # port this to ruby.
- privilege => 'ALL',
- db => 'test1',
- role => 'dan',
-}
+++ /dev/null
-# Basic remote access
-postgresql::pg_hba_rule{ 'allow access to db foo from 2.2.2.0/24 for user foo':
- type => 'host',
- database => 'foo',
- user => 'foo',
- address => '2.2.2.0/24',
- auth_method => 'md5',
-}
-
-# LDAP Integration
-postgresql::pg_hba_rule{ 'allow ldap access to db foo from 10.1.1.0/24 for all':
- type => 'host',
- database => 'foo',
- user => 'all',
- address => '10.1.1.0/24',
- auth_method => 'ldap',
- auth_option => 'ldapserver=ldap.example.net ldapprefix="cn=" ldapsuffix=", dc=example, dc=net"',
-}
+++ /dev/null
-class { 'postgresql::server':
- config_hash => {
- 'ip_mask_deny_postgres_user' => '0.0.0.0/32',
- 'ip_mask_allow_all_users' => '0.0.0.0/0',
- 'listen_addresses' => '*',
- 'manage_redhat_firewall' => true,
- 'postgres_password' => 'postgres',
- },
-}
-
-include 'postgresql::params'
-
-$pg_conf_include_file = "${postgresql::params::confdir}/postgresql_puppet_extras.conf"
-
-file { $pg_conf_include_file:
- content => 'max_connections = 123',
- notify => Service['postgresqld'],
-}
-
+++ /dev/null
-class { 'postgresql::server':
- config_hash => {
- 'ip_mask_deny_postgres_user' => '0.0.0.0/32',
- 'ip_mask_allow_all_users' => '0.0.0.0/0',
- 'listen_addresses' => '*',
- 'manage_redhat_firewall' => true,
- 'postgres_password' => 'postgres',
- },
-}
-
-file { '/tmp':
- ensure => 'directory',
-}
-file { '/tmp/pg_tablespaces':
- ensure => 'directory',
- owner => 'postgres',
- group => 'postgres',
- mode => '0700',
- require => File['/tmp'],
-}
-
-postgresql::tablespace{ 'tablespace1':
- location => '/tmp/pg_tablespaces/space1',
- require => [Class['postgresql::server'], File['/tmp/pg_tablespaces']],
-}
-postgresql::database{ 'tablespacedb1':
- # TODO: ensure not yet supported
- #ensure => present,
- charset => 'utf8',
- require => Class['postgresql::server'],
-}
-postgresql::database{ 'tablespacedb2':
- # TODO: ensure not yet supported
- #ensure => present,
- charset => 'utf8',
- tablespace => 'tablespace1',
- require => Postgresql::Tablespace['tablespace1'],
-}
-postgresql::db{ 'tablespacedb3':
- # TODO: ensure not yet supported
- #ensure => present,
- user => 'dbuser1',
- password => 'dbuser1',
- require => Class['postgresql::server'],
-}
-postgresql::db{ 'tablespacedb4':
- # TODO: ensure not yet supported
- #ensure => present,
- user => 'dbuser2',
- password => 'dbuser2',
- tablespace => 'tablespace1',
- require => Postgresql::Tablespace['tablespace1'],
-}
-
-postgresql::database_user{ 'spcuser':
- # TODO: ensure is not yet supported
- #ensure => present,
- password_hash => postgresql_password('spcuser', 'spcuser'),
- require => Class['postgresql::server'],
-}
-postgresql::tablespace{ 'tablespace2':
- location => '/tmp/pg_tablespaces/space2',
- owner => 'spcuser',
- require => [Postgresql::Database_user['spcuser'], File['/tmp/pg_tablespaces']],
-}
-postgresql::database{ 'tablespacedb5':
- # TODO: ensure not yet supported
- #ensure => present,
- charset => 'utf8',
- tablespace => 'tablespace2',
- require => Postgresql::Tablespace['tablespace2'],
-}
-
+++ /dev/null
-class { 'postgresql::server':
- config_hash => {
- 'ip_mask_deny_postgres_user' => '0.0.0.0/32',
- 'ip_mask_allow_all_users' => '0.0.0.0/0',
- 'listen_addresses' => '*',
- 'manage_redhat_firewall' => true,
- 'postgres_password' => 'postgres',
- },
-}
-
-# TODO: in mysql module, the username includes, e.g., '@%' or '@localhost', which
-# affects the user's ability to connect from remote hosts. In postgres this is
-# managed via pg_hba.conf; not sure if we want to try to reconcile that difference
-# in the modules or not.
-postgresql::database_user{ 'redmine':
- # TODO: ensure is not yet supported
- #ensure => present,
- password_hash => postgresql_password('redmine', 'redmine'),
- require => Class['postgresql::server'],
-}
-
-postgresql::database_user{ 'dan':
- # TODO: ensure is not yet supported
- #ensure => present,
- password_hash => postgresql_password('dan', 'blah'),
- require => Class['postgresql::server'],
-}
-
+++ /dev/null
-class { 'postgresql::server':
- config_hash => {
- 'ip_mask_deny_postgres_user' => '0.0.0.0/32',
- 'ip_mask_allow_all_users' => '0.0.0.0/0',
- 'listen_addresses' => '*',
- 'ipv4acls' => ['hostssl all johndoe 192.168.0.0/24 cert'],
- 'manage_redhat_firewall' => true,
- 'postgres_password' => 'postgres',
- },
-}
--- /dev/null
+#!/bin/sh
+
+# usage is: validate_db_connection 2 50 psql
+
+SLEEP=$1
+TRIES=$2
+PSQL=$3
+
+STATE=1
+
+c=1
+
+while [ $c -le $TRIES ]
+do
+ echo $c
+ if [ $c -gt 1 ]
+ then
+ echo 'sleeping'
+ sleep $SLEEP
+ fi
+
+ /bin/echo "SELECT 1" | $PSQL
+ STATE=$?
+
+ if [ $STATE -eq 0 ]
+ then
+ exit 0
+ fi
+ c=$((c+1))
+done
+
+echo 'Unable to connect to postgresql'
+
+exit 1
+++ /dev/null
-def get_debianfamily_postgres_version
- case Facter.value('operatingsystem')
- when "Debian"
- get_debian_postgres_version()
- when "Ubuntu"
- get_ubuntu_postgres_version()
- else
- nil
- end
-end
-
-def get_debian_postgres_version
- case Facter.value('operatingsystemrelease')
- # TODO: add more debian versions or better logic here
- when /^6\./
- "8.4"
- when /^wheezy/, /^7\./
- "9.1"
- else
- nil
- end
-end
-
-def get_ubuntu_postgres_version
- case Facter.value('operatingsystemrelease')
- when "11.10", "12.04", "12.10", "13.04"
- "9.1"
- when "10.04", "10.10", "11.04"
- "8.4"
- else
- nil
- end
-end
-
-def get_redhatfamily_postgres_version
- case Facter.value('operatingsystemrelease')
- when /^6\./
- "8.4"
- when /^5\./
- "8.1"
- else
- nil
- end
-end
-
-Facter.add("postgres_default_version") do
- setcode do
- result =
- case Facter.value('osfamily')
- when 'RedHat'
- get_redhatfamily_postgres_version()
- when 'Linux'
- get_redhatfamily_postgres_version()
- when 'Debian'
- get_debianfamily_postgres_version()
- else
- nil
- end
-
- # TODO: not sure if this is really a great idea, but elsewhere in the code
- # it is useful to be able to distinguish between the case where the fact
- # does not exist at all (e.g., if pluginsync is not enabled), and the case
- # where the fact is not known for the OS in question.
- if result == nil
- result = 'unknown'
- end
- result
- end
-end
offset = args[2].to_i
raise(Puppet::ParseError, "#{func_name}: third argument must be a number") \
- unless offset.instance_of? Fixnum
+ unless offset.is_a? Integer
resources = {}
acls.each do |acl|
--- /dev/null
+require 'digest/md5'
+
+module Puppet::Parser::Functions
+ newfunction(:postgresql_escape, :type => :rvalue, :doc => <<-EOS
+ Safely escapes a string using $$ using a random tag which should be consistent
+ EOS
+ ) do |args|
+
+ raise(Puppet::ParseError, "postgresql_escape(): Wrong number of arguments " +
+ "given (#{args.size} for 1)") if args.size != 1
+
+ password = args[0]
+
+ if password !~ /\$\$/ and password[-1] != '$'
+ retval = "$$#{password}$$"
+ else
+ escape = Digest::MD5.hexdigest(password)[0..5].gsub(/\d/,'')
+ until password !~ /#{escape}/
+ escape = Digest::MD5.hexdigest(escape)[0..5].gsub(/\d/,'')
+ end
+ retval = "$#{escape}$#{password}$#{escape}$"
+ end
+ retval
+ end
+end
username = args[0]
password = args[1]
- 'md5' + Digest::MD5.hexdigest(password + username)
+ 'md5' + Digest::MD5.hexdigest(password.to_s + username.to_s)
end
end
--- /dev/null
+require 'puppet/provider/parsedfile'
+
+Puppet::Type.type(:postgresql_conf).provide(
+ :parsed,
+ :parent => Puppet::Provider::ParsedFile,
+ :default_target => '/etc/postgresql.conf',
+ :filetype => :flat
+) do
+ desc "Set key/values in postgresql.conf."
+
+ text_line :comment, :match => /^\s*#/
+ text_line :blank, :match => /^\s*$/
+
+ record_line :parsed,
+ :fields => %w{name value comment},
+ :optional => %w{comment},
+ :match => /^\s*([\w\.]+)\s*=?\s*(.*?)(?:\s*#\s*(.*))?\s*$/,
+ :to_line => proc { |h|
+
+ # simple string and numeric values don't need to be enclosed in quotes
+ if h[:value].is_a?(Numeric)
+ val = h[:value].to_s
+ else
+ val = h[:value]
+ end
+ dontneedquote = val.match(/^(\d+.?\d+|\w+)$/)
+ dontneedequal = h[:name].match(/^(include|include_if_exists)$/i)
+
+ str = h[:name].downcase # normalize case
+ str += dontneedequal ? ' ' : ' = '
+ str += "'" unless dontneedquote && !dontneedequal
+ str += val
+ str += "'" unless dontneedquote && !dontneedequal
+ str += " # #{h[:comment]}" unless (h[:comment].nil? or h[:comment] == :absent)
+ str
+ },
+ :post_parse => proc { |h|
+ h[:name].downcase! # normalize case
+ h[:value].gsub!(/(^'|'$)/, '') # strip out quotes
+ }
+
+end
--- /dev/null
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__),"..","..",".."))
+require 'puppet/util/postgresql_validator'
+
+# This file contains a provider for the resource type `postgresql_conn_validator`,
+# which validates the puppetdb connection by attempting an https connection.
+
+Puppet::Type.type(:postgresql_conn_validator).provide(:ruby) do
+ desc "A provider for the resource type `postgresql_conn_validator`,
+ which validates the PostgreSQL connection by attempting a query
+ to the target PostgreSQL server."
+
+ # Test to see if the resource exists, returns true if it does, false if it
+ # does not.
+ #
+ # Here we simply monopolize the resource API, to execute a test to see if the
+ # database is connectable. When we return a state of `false` it triggers the
+ # create method where we can return an error message.
+ #
+ # @return [bool] did the test succeed?
+ def exists?
+ validator.attempt_connection(resource[:sleep], resource[:tries])
+ end
+
+ # This method is called when the exists? method returns false.
+ #
+ # @return [void]
+ def create
+ # If `#create` is called, that means that `#exists?` returned false, which
+ # means that the connection could not be established... so we need to
+ # cause a failure here.
+ raise Puppet::Error, "Unable to connect to PostgreSQL server! (#{resource[:host]}:#{resource[:port]})"
+ end
+
+ # Returns the existing validator, if one exists otherwise creates a new object
+ # from the class.
+ #
+ # @api private
+ def validator
+ @validator ||= Puppet::Util::PostgresqlValidator.new(resource)
+ end
+
+end
+
Puppet::Type.type(:postgresql_psql).provide(:ruby) do
- def command()
- if ((! resource[:unless]) or (resource[:unless].empty?))
- if (resource[:refreshonly])
- # So, if there's no 'unless', and we're in "refreshonly" mode,
- # we need to return the target command here. If we don't,
- # then Puppet will generate an event indicating that this
- # property has changed.
- return resource[:command]
- end
-
- # if we're not in refreshonly mode, then we return nil,
- # which will cause Puppet to sync this property. This
- # is what we want if there is no 'unless' value specified.
- return nil
- end
-
- output, status = run_unless_sql_command(resource[:unless])
-
- if status != 0
- self.fail("Error evaluating 'unless' clause: '#{output}'")
- end
- result_count = output.strip.to_i
- if result_count > 0
- # If the 'unless' query returned rows, then we don't want to execute
- # the 'command'. Returning the target 'command' here will cause
- # Puppet to treat this property as already being 'insync?', so it
- # won't call the setter to run the 'command' later.
- return resource[:command]
- end
-
- # Returning 'nil' here will cause Puppet to see this property
- # as out-of-sync, so it will call the setter later.
- nil
- end
-
- def command=(val)
- output, status = run_sql_command(val)
-
- if status != 0
- self.fail("Error executing SQL; psql returned #{status}: '#{output}'")
- end
- end
-
-
def run_unless_sql_command(sql)
# for the 'unless' queries, we wrap the user's query in a 'SELECT COUNT',
# which makes it easier to parse and process the output.
end
def run_sql_command(sql)
+ if resource[:search_path]
+ sql = "set search_path to #{Array(resource[:search_path]).join(',')}; #{sql}"
+ end
+
command = [resource[:psql_path]]
command.push("-d", resource[:db]) if resource[:db]
- command.push("-t", "-c", sql)
+ command.push("-p", resource[:port]) if resource[:port]
+ command.push("-t", "-c", '"' + sql.gsub('"', '\"') + '"')
+
+ environment = get_environment
if resource[:cwd]
Dir.chdir resource[:cwd] do
- Puppet::Util::SUIDManager.run_and_capture(command, resource[:psql_user], resource[:psql_group])
+ run_command(command, resource[:psql_user], resource[:psql_group], environment)
+ end
+ else
+ run_command(command, resource[:psql_user], resource[:psql_group], environment)
+ end
+ end
+
+ private
+
+ def get_environment
+ environment = (resource[:connect_settings] || {}).dup
+ if envlist = resource[:environment]
+ envlist = [envlist] unless envlist.is_a? Array
+ envlist.each do |setting|
+ if setting =~ /^(\w+)=((.|\n)+)$/
+ env_name = $1
+ value = $2
+ if environment.include?(env_name) || environment.include?(env_name.to_sym)
+ if env_name == 'NEWPGPASSWD'
+ warning "Overriding environment setting '#{env_name}' with '****'"
+ else
+ warning "Overriding environment setting '#{env_name}' with '#{value}'"
+ end
+ end
+ environment[env_name] = value
+ else
+ warning "Cannot understand environment setting #{setting.inspect}"
+ end
+ end
+ end
+ return environment
+ end
+
+ def run_command(command, user, group, environment)
+ command = command.join ' '
+ if Puppet::PUPPETVERSION.to_f < 3.0
+ require 'puppet/util/execution'
+ Puppet::Util::Execution.withenv environment do
+ Puppet::Util::SUIDManager.run_and_capture(command, user, group)
+ end
+ elsif Puppet::PUPPETVERSION.to_f < 3.4
+ Puppet::Util.withenv environment do
+ Puppet::Util::SUIDManager.run_and_capture(command, user, group)
end
else
- Puppet::Util::SUIDManager.run_and_capture(command, resource[:psql_user], resource[:psql_group])
+ output = Puppet::Util::Execution.execute(command, {
+ :uid => user,
+ :gid => group,
+ :failonfail => false,
+ :combine => true,
+ :override_locale => true,
+ :custom_environment => environment,
+ })
+ [output, $CHILD_STATUS.dup]
end
end
--- /dev/null
+Puppet::Type.type(:postgresql_replication_slot).provide(:ruby) do
+ # For confinement
+ commands :psql => 'psql'
+
+ def self.instances
+ run_sql_command('SELECT * FROM pg_replication_slots;')[0].split("\n").select { |l| l =~ /\|/ }.map do |l|
+ name, *others = l.strip.split(/\s+\|\s+/)
+ new({
+ :name => name,
+ :ensure => :present,
+ })
+ end
+ end
+
+ def self.prefetch(resources)
+ instances.each do |i|
+ if slot = resources[i.name]
+ slot.provider = i
+ end
+ end
+ end
+
+ def exists?
+ @property_hash[:ensure] == :present
+ end
+
+ def create
+ output = self.class.run_sql_command("SELECT * FROM pg_create_physical_replication_slot('#{resource[:name]}');")
+ if output[1].success?
+ @property_hash[:ensure] = :present
+ else
+ raise Puppet::Error, "Failed to create replication slot #{resource[:name]}:\n#{output[0]}"
+ end
+ end
+
+ def destroy
+ output = self.class.run_sql_command("SELECT pg_drop_replication_slot('#{resource[:name]}');")
+ if output[1].success?
+ @property_hash[:ensure] = :absent
+ else
+ raise Puppet::Error, "Failed to destroy replication slot #{resource[:name]}:\n#{output[0]}"
+ end
+ end
+
+ private
+
+ def self.run_sql_command(sql)
+ command = ['psql', '-t', '-c', sql]
+
+ self.run_command(command, 'postgres', 'postgres')
+ end
+
+ def self.run_command(command, user, group)
+ if Puppet::PUPPETVERSION.to_f < 3.4
+ Puppet::Util::SUIDManager.run_and_capture(command, user, group)
+ else
+ output = Puppet::Util::Execution.execute(command, {
+ :uid => user,
+ :gid => group,
+ :failonfail => false,
+ :combine => true,
+ :override_locale => true,
+ :custom_environment => {}
+ })
+ [output, $CHILD_STATUS.dup]
+ end
+ end
+end
--- /dev/null
+Puppet::Type.newtype(:postgresql_conf) do
+
+ @doc = "This type allows puppet to manage postgresql.conf parameters."
+
+ ensurable
+
+ newparam(:name) do
+ desc "The postgresql parameter name to manage."
+ isnamevar
+
+ newvalues(/^[\w\.]+$/)
+ end
+
+ newproperty(:value) do
+ desc "The value to set for this parameter."
+ end
+
+ newproperty(:target) do
+ desc "The path to postgresql.conf"
+ defaultto {
+ if @resource.class.defaultprovider.ancestors.include?(Puppet::Provider::ParsedFile)
+ @resource.class.defaultprovider.default_target
+ else
+ nil
+ end
+ }
+ end
+
+end
--- /dev/null
+Puppet::Type.newtype(:postgresql_conn_validator) do
+
+ @doc = "Verify that a connection can be successfully established between a node
+ and the PostgreSQL server. Its primary use is as a precondition to
+ prevent configuration changes from being applied if the PostgreSQL
+ server cannot be reached, but it could potentially be used for other
+ purposes such as monitoring."
+
+ ensurable do
+ defaultvalues
+ defaultto :present
+ end
+
+ newparam(:name, :namevar => true) do
+ desc 'An arbitrary name used as the identity of the resource.'
+ end
+
+ newparam(:db_name) do
+ desc "The name of the database you are trying to validate a connection with."
+ end
+
+ newparam(:db_username) do
+ desc "A user that has access to the target PostgreSQL database."
+ end
+
+ newparam(:db_password) do
+ desc "The password required to access the target PostgreSQL database."
+ end
+
+ newparam(:host) do
+ desc 'The DNS name or IP address of the server where PostgreSQL should be running.'
+ end
+
+ newparam(:port) do
+ desc 'The port that the PostgreSQL server should be listening on.'
+
+ validate do |value|
+ Integer(value)
+ end
+ munge do |value|
+ Integer(value)
+ end
+ end
+
+ newparam(:connect_settings) do
+ desc 'Hash of environment variables for connection to a db.'
+ end
+
+ newparam(:sleep) do
+ desc "The length of sleep time between connection tries."
+
+ validate do |value|
+ Integer(value)
+ end
+ munge do |value|
+ Integer(value)
+ end
+
+ defaultto 2
+ end
+
+ newparam(:tries) do
+ desc "The number of tries to validate the connection to the target PostgreSQL database."
+
+ validate do |value|
+ Integer(value)
+ end
+ munge do |value|
+ Integer(value)
+ end
+
+ defaultto 10
+ end
+
+ newparam(:psql_path) do
+ desc "Path to the psql command."
+ end
+
+ newparam(:run_as) do
+ desc "System user that will run the psql command."
+ end
+
+ newparam(:command) do
+ desc "Command to run against target database."
+
+ defaultto "SELECT 1"
+ end
+end
defaultto { @resource[:name] }
- def sync(refreshing = false)
- # We're overriding 'sync' here in order to do some magic
- # in support of providing a 'refreshonly' parameter. This
- # is kind of hacky because the logic for 'refreshonly' is
- # spread between the type and the provider, but this is
- # the least horrible way that I could determine to accomplish
- # it.
- #
- # Note that our overridden version of 'sync' takes a parameter,
- # 'refreshing', which the parent version doesn't take. This
- # allows us to call the sync method directly from the 'refresh'
- # method, and then inside of the body of 'sync' we can tell
- # whether or not we're refreshing.
-
- if ((@resource[:refreshonly] == :false) || refreshing)
- # If we're not in 'refreshonly' mode, or we're not currently
- # refreshing, then we just call the parent method.
- super()
+ # If needing to run the SQL command, return a fake value that will trigger
+ # a sync, else return the expected SQL command so no sync takes place
+ def retrieve
+ if @resource.should_run_sql
+ return :notrun
else
- # If we get here, it means we're in 'refreshonly' mode and
- # we're not being called by the 'refresh' method, so we
- # just no-op. We'll be called again by the 'refresh'
- # method momentarily.
- nil
+ return self.should
end
end
+
+ def sync
+ output, status = provider.run_sql_command(value)
+ self.fail("Error executing SQL; psql returned #{status}: '#{output}'") unless status == 0
+ end
end
newparam(:unless) do
"this is generally intended to be used for idempotency, to check " +
"for the existence of an object in the database to determine whether " +
"or not the main SQL command needs to be executed at all."
+
+ # Return true if a matching row is found
+ def matches(value)
+ output, status = provider.run_unless_sql_command(value)
+ self.fail("Error evaluating 'unless' clause, returned #{status}: '#{output}'") unless status == 0
+
+ result_count = output.strip.to_i
+ self.debug("Found #{result_count} row(s) executing 'unless' clause")
+ result_count > 0
+ end
+ end
+
+ newparam(:onlyif) do
+ desc "An optional SQL command to execute prior to the main :command; " +
+ "this is generally intended to be used for idempotency, to check " +
+ "for the existence of an object in the database to determine whether " +
+ "or not the main SQL command needs to be executed at all."
+
+ # Return true if a matching row is found
+ def matches(value)
+ output, status = provider.run_unless_sql_command(value)
+ status = output.exitcode if status.nil?
+
+ self.fail("Error evaluating 'onlyif' clause, returned #{status}: '#{output}'") unless status == 0
+
+ result_count = output.strip.to_i
+ self.debug("Found #{result_count} row(s) executing 'onlyif' clause")
+ result_count > 0
+ end
+ end
+
+ newparam(:connect_settings) do
+ desc "Connection settings that will be used when connecting to postgres"
end
newparam(:db) do
- desc "The name of the database to execute the SQL command against."
+ desc "The name of the database to execute the SQL command against, this overrides any PGDATABASE value in connect_settings"
+ end
+
+ newparam(:port) do
+ desc "The port of the database server to execute the SQL command against, this overrides any PGPORT value in connect_settings."
+ end
+
+ newparam(:search_path) do
+ desc "The schema search path to use when executing the SQL command"
end
newparam(:psql_path) do
defaultto("/tmp")
end
- newparam(:refreshonly) do
+ newparam(:environment) do
+ desc "Any additional environment variables you want to set for a
+ SQL command. Multiple environment variables should be
+ specified as an array."
+
+ validate do |values|
+ Array(values).each do |value|
+ unless value =~ /\w+=/
+ raise ArgumentError, "Invalid environment setting '#{value}'"
+ end
+ end
+ end
+ end
+
+ newparam(:refreshonly, :boolean => true) do
desc "If 'true', then the SQL will only be executed via a notify/subscribe event."
defaultto(:false)
+ newvalues(:true, :false)
+ end
+
+ def should_run_sql(refreshing = false)
+ onlyif_param = @parameters[:onlyif]
+ unless_param = @parameters[:unless]
+ return false if !onlyif_param.nil? && !onlyif_param.value.nil? && !onlyif_param.matches(onlyif_param.value)
+ return false if !unless_param.nil? && !unless_param.value.nil? && unless_param.matches(unless_param.value)
+ return false if !refreshing && @parameters[:refreshonly].value == :true
+ true
end
- def refresh()
- # All of the magic for this type is attached to the ':command' property, so
- # we just need to sync it to accomplish a 'refresh'.
- self.property(:command).sync(true)
+ def refresh
+ self.property(:command).sync if self.should_run_sql(true)
end
end
--- /dev/null
+Puppet::Type.newtype(:postgresql_replication_slot) do
+ @doc = "Manages Postgresql replication slots.
+
+This type allows to create and destroy replication slots
+to register warm standby replication on a Postgresql
+master server.
+"
+
+ ensurable
+
+ newparam(:name) do
+ desc "The name of the slot to create. Must be a valid replication slot name."
+ isnamevar
+ newvalues /^[a-z0-9_]+$/
+ end
+end
--- /dev/null
+module Puppet
+ module Util
+ class PostgresqlValidator
+ attr_reader :resource
+
+ def initialize(resource)
+ @resource = resource
+ end
+
+ def build_psql_cmd
+ final_cmd = []
+
+ cmd_init = "#{@resource[:psql_path]} --tuples-only --quiet --no-psqlrc"
+
+ final_cmd.push cmd_init
+
+ cmd_parts = {
+ :host => "--host #{@resource[:host]}",
+ :port => "--port #{@resource[:port]}",
+ :db_username => "--username #{@resource[:db_username]}",
+ :db_name => "--dbname #{@resource[:db_name]}",
+ :command => "--command '#{@resource[:command]}'"
+ }
+
+ cmd_parts.each do |k,v|
+ final_cmd.push v if @resource[k]
+ end
+
+ final_cmd.join ' '
+ end
+
+ def parse_connect_settings
+ c_settings = @resource[:connect_settings] || {}
+ c_settings.merge! ({ 'PGPASSWORD' => @resource[:db_password] }) if @resource[:db_password]
+ return c_settings.map { |k,v| "#{k}=#{v}" }
+ end
+
+ def attempt_connection(sleep_length, tries)
+ (0..tries-1).each do |try|
+ Puppet.debug "PostgresqlValidator.attempt_connection: Attempting connection to #{@resource[:db_name]}"
+ Puppet.debug "PostgresqlValidator.attempt_connection: #{build_validate_cmd}"
+ result = execute_command
+ if result && result.length > 0
+ Puppet.debug "PostgresqlValidator.attempt_connection: Connection to #{@resource[:db_name] || parse_connect_settings.select { |elem| elem.match /PGDATABASE/ }} successful!"
+ return true
+ else
+ Puppet.warning "PostgresqlValidator.attempt_connection: Sleeping for #{sleep_length} seconds"
+ sleep sleep_length
+ end
+ end
+ false
+ end
+
+ private
+
+ def execute_command
+ Execution.execute(build_validate_cmd, :uid => @resource[:run_as])
+ end
+
+ def build_validate_cmd
+ "#{parse_connect_settings.join(' ')} #{build_psql_cmd} "
+ end
+ end
+ end
+end
--- /dev/null
+---
+# This is the project-specific configuration file for setting up
+# fast_gettext for your project.
+gettext:
+ # This is used for the name of the .pot and .po files; they will be
+ # called <project_name>.pot?
+ project_name: puppetlabs-postgresql
+ # This is used in comments in the .pot and .po files to indicate what
+ # project the files belong to and should bea little more desctiptive than
+ # <project_name>
+ package_name: puppetlabs-postgresql
+ # The locale that the default messages in the .pot file are in
+ default_locale: en
+ # The email used for sending bug reports.
+ bugs_address: docs@puppet.com
+ # The holder of the copyright.
+ copyright_holder: Puppet, Inc.
+ # This determines which comments in code should be eligible for translation.
+ # Any comments that start with this string will be externalized. (Leave
+ # empty to include all.)
+ comments_tag: TRANSLATOR
+ # Patterns for +Dir.glob+ used to find all files that might contain
+ # translatable content, relative to the project root directory
+ source_files:
+
--- /dev/null
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2017-03-21 14:19+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: Eriko Kashiwagi <eriko.55@d5.dion.ne.jp>, 2017\n"
+"Language-Team: Japanese (Japan) (https://www.transifex.com/puppet/teams/29089/ja_JP/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: ja_JP\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+"X-Generator: Translate Toolkit 2.0.0\n"
+
+#. metadata.json
+#: .summary
+msgid "Offers support for basic management of PostgreSQL databases."
+msgstr "PostgreSQLデータベースの基本的な管理を支援します。"
--- /dev/null
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2017-03-21 14:19+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Translate Toolkit 2.0.0\n"
+
+#. metadata.json
+#: .summary
+msgid "Offers support for basic management of PostgreSQL databases."
+msgstr ""
-# Class: postgresql::client
-#
-# This class installs postgresql client software.
-#
-# *Note* don't forget to make sure to add any necessary yum or apt
-# repositories if specifying a custom version.
-#
-# Parameters:
-# [*package_name*] - The name of the postgresql client package.
-# [*ensure*] - the ensure parameter passed to the postgresql client package resource
-# Actions:
-#
-# Requires:
-#
-# Sample Usage:
-#
+# Install client cli tool. See README.md for more details.
class postgresql::client (
- $package_name = $postgresql::params::client_package_name,
- $package_ensure = 'present'
+ Enum['file', 'absent'] $file_ensure = 'file',
+ Stdlib::Absolutepath $validcon_script_path = $postgresql::params::validcon_script_path,
+ String[1] $package_name = $postgresql::params::client_package_name,
+ String[1] $package_ensure = 'present'
) inherits postgresql::params {
- package { 'postgresql-client':
- ensure => $package_ensure,
- name => $package_name,
- tag => 'postgresql',
+ if $package_name != 'UNSET' {
+ package { 'postgresql-client':
+ ensure => $package_ensure,
+ name => $package_name,
+ tag => 'postgresql',
+ }
+ }
+
+ file { $validcon_script_path:
+ ensure => $file_ensure,
+ source => 'puppet:///modules/postgresql/validate_postgresql_connection.sh',
+ owner => 0,
+ group => 0,
+ mode => '0755',
}
}
+++ /dev/null
-# Class: postgresql::config
-#
-# Parameters:
-#
-# [*postgres_password*] - postgres db user password.
-# [*ip_mask_deny_postgres_user*] - ip mask for denying remote access for postgres user; defaults to '0.0.0.0/0',
-# meaning that all TCP access for postgres user is denied.
-# [*ip_mask_allow_all_users*] - ip mask for allowing remote access for other users (besides postgres);
-# defaults to '127.0.0.1/32', meaning only allow connections from localhost
-# [*listen_addresses*] - what IP address(es) to listen on; comma-separated list of addresses; defaults to
-# 'localhost', '*' = all
-# [*ipv4acls*] - list of strings for access control for connection method, users, databases, IPv4
-# addresses; see postgresql documentation about pg_hba.conf for information
-# [*ipv6acls*] - list of strings for access control for connection method, users, databases, IPv6
-# addresses; see postgresql documentation about pg_hba.conf for information
-# [*pg_hba_conf_path*] - path to pg_hba.conf file
-# [*postgresql_conf_path*] - path to postgresql.conf file
-# [*manage_redhat_firewall*] - boolean indicating whether or not the module should open a port in the firewall on
-# redhat-based systems; this parameter is likely to change in future versions. Possible
-# changes include support for non-RedHat systems and finer-grained control over the
-# firewall rule (currently, it simply opens up the postgres port to all TCP connections).
-# [*manage_pg_hba_conf*] - boolean indicating whether or not the module manages pg_hba.conf file.
-#
-#
-# Actions:
-#
-# Requires:
-#
-# Usage:
-#
-# class { 'postgresql::config':
-# postgres_password => 'postgres',
-# ip_mask_allow_all_users => '0.0.0.0/0',
-# }
-#
-class postgresql::config(
- $postgres_password = undef,
- $ip_mask_deny_postgres_user = $postgresql::params::ip_mask_deny_postgres_user,
- $ip_mask_allow_all_users = $postgresql::params::ip_mask_allow_all_users,
- $listen_addresses = $postgresql::params::listen_addresses,
- $ipv4acls = $postgresql::params::ipv4acls,
- $ipv6acls = $postgresql::params::ipv6acls,
- $pg_hba_conf_path = $postgresql::params::pg_hba_conf_path,
- $postgresql_conf_path = $postgresql::params::postgresql_conf_path,
- $manage_redhat_firewall = $postgresql::params::manage_redhat_firewall,
- $manage_pg_hba_conf = $postgresql::params::manage_pg_hba_conf
-) inherits postgresql::params {
-
- # Basically, all this class needs to handle is passing parameters on
- # to the "beforeservice" and "afterservice" classes, and ensure
- # the proper ordering.
-
- class { 'postgresql::config::beforeservice':
- ip_mask_deny_postgres_user => $ip_mask_deny_postgres_user,
- ip_mask_allow_all_users => $ip_mask_allow_all_users,
- listen_addresses => $listen_addresses,
- ipv4acls => $ipv4acls,
- ipv6acls => $ipv6acls,
- pg_hba_conf_path => $pg_hba_conf_path,
- postgresql_conf_path => $postgresql_conf_path,
- manage_redhat_firewall => $manage_redhat_firewall,
- manage_pg_hba_conf => $manage_pg_hba_conf,
- }
-
- class { 'postgresql::config::afterservice':
- postgres_password => $postgres_password,
- }
-
- Class['postgresql::config'] ->
- Class['postgresql::config::beforeservice'] ->
- Service['postgresqld'] ->
- Class['postgresql::config::afterservice']
-
-
-}
+++ /dev/null
-# Class: postgresql::config::afterservice
-#
-# Parameters:
-#
-# [*postgres_password*] - postgres db user password.
-#
-# Actions:
-#
-# Requires:
-#
-# Usage:
-# This class is not intended to be used directly; it is
-# managed by postgresl::config. It contains resources
-# that should be handled *after* the postgres service
-# has been started up.
-#
-# class { 'postgresql::config::afterservice':
-# postgres_password => 'postgres'
-# }
-#
-class postgresql::config::afterservice(
- $postgres_password = undef
-) inherits postgresql::params {
- if ($postgres_password != undef) {
- # NOTE: this password-setting logic relies on the pg_hba.conf being configured
- # to allow the postgres system user to connect via psql without specifying
- # a password ('ident' or 'trust' security). This is the default
- # for pg_hba.conf.
- exec { 'set_postgres_postgrespw':
- # This command works w/no password because we run it as postgres system user
- command => "psql -c \"ALTER ROLE ${postgresql::params::user} PASSWORD '${postgres_password}'\"",
- user => $postgresql::params::user,
- group => $postgresql::params::group,
- logoutput => true,
- cwd => '/tmp',
- # With this command we're passing -h to force TCP authentication, which does require
- # a password. We specify the password via the PGPASSWORD environment variable. If
- # the password is correct (current), this command will exit with an exit code of 0,
- # which will prevent the main command from running.
- unless => "env PGPASSWORD=\"${postgres_password}\" psql -h localhost -c 'select 1' > /dev/null",
- path => '/usr/bin:/usr/local/bin:/bin',
- }
- }
-}
+++ /dev/null
-# Class: postgresql::config::beforeservice
-#
-# Parameters:
-#
-# [*ip_mask_deny_postgres_user*] - ip mask for denying remote access for postgres user; defaults to '0.0.0.0/0',
-# meaning that all TCP access for postgres user is denied.
-# [*ip_mask_allow_all_users*] - ip mask for allowing remote access for other users (besides postgres);
-# defaults to '127.0.0.1/32', meaning only allow connections from localhost
-# [*listen_addresses*] - what IP address(es) to listen on; comma-separated list of addresses; defaults to
-# 'localhost', '*' = all
-# [*ipv4acls*] - list of strings for access control for connection method, users, databases, IPv4
-# addresses; see postgresql documentation about pg_hba.conf for information
-# [*ipv6acls*] - list of strings for access control for connection method, users, databases, IPv6
-# addresses; see postgresql documentation about pg_hba.conf for information
-# [*pg_hba_conf_path*] - path to pg_hba.conf file
-# [*postgresql_conf_path*] - path to postgresql.conf file
-# [*manage_redhat_firewall*] - boolean indicating whether or not the module should open a port in the firewall on
-# redhat-based systems; this parameter is likely to change in future versions. Possible
-# changes include support for non-RedHat systems and finer-grained control over the
-# firewall rule (currently, it simply opens up the postgres port to all TCP connections).
-# [*manage_pg_hba_conf*] - boolean indicating whether or not the module manages pg_hba.conf file.
-#
-# Actions:
-#
-# Requires:
-#
-# Usage:
-# This class is not intended to be used directly; it is
-# managed by postgresl::config. It contains resources
-# that should be handled *before* the postgres service
-# has been started up.
-#
-# class { 'postgresql::config::before_service':
-# ip_mask_allow_all_users => '0.0.0.0/0',
-# }
-#
-class postgresql::config::beforeservice(
- $pg_hba_conf_path,
- $postgresql_conf_path,
- $ip_mask_deny_postgres_user = $postgresql::params::ip_mask_deny_postgres_user,
- $ip_mask_allow_all_users = $postgresql::params::ip_mask_allow_all_users,
- $listen_addresses = $postgresql::params::listen_addresses,
- $ipv4acls = $postgresql::params::ipv4acls,
- $ipv6acls = $postgresql::params::ipv6acls,
- $manage_redhat_firewall = $postgresql::params::manage_redhat_firewall,
- $manage_pg_hba_conf = $postgresql::params::manage_pg_hba_conf
-) inherits postgresql::params {
-
-
- File {
- owner => $postgresql::params::user,
- group => $postgresql::params::group,
- }
-
- if $manage_pg_hba_conf {
- # Create the main pg_hba resource
- postgresql::pg_hba { 'main':
- notify => Exec['reload_postgresql'],
- }
-
- Postgresql::Pg_hba_rule {
- database => 'all',
- user => 'all',
- }
-
- # Lets setup the base rules
- postgresql::pg_hba_rule { 'local access as postgres user':
- type => 'local',
- user => $postgresql::params::user,
- auth_method => 'ident',
- auth_option => $postgresql::params::version ? {
- '8.1' => 'sameuser',
- default => undef,
- },
- order => '001',
- }
- postgresql::pg_hba_rule { 'local access to database with same name':
- type => 'local',
- auth_method => 'ident',
- auth_option => $postgresql::params::version ? {
- '8.1' => 'sameuser',
- default => undef,
- },
- order => '002',
- }
- postgresql::pg_hba_rule { 'deny access to postgresql user':
- type => 'host',
- user => $postgresql::params::user,
- address => $ip_mask_deny_postgres_user,
- auth_method => 'reject',
- order => '003',
- }
-
- # ipv4acls are passed as an array of rule strings, here we transform them into
- # a resources hash, and pass the result to create_resources
- $ipv4acl_resources = postgresql_acls_to_resources_hash($ipv4acls, 'ipv4acls', 10)
- create_resources('postgresql::pg_hba_rule', $ipv4acl_resources)
-
- postgresql::pg_hba_rule { 'allow access to all users':
- type => 'host',
- address => $ip_mask_allow_all_users,
- auth_method => 'md5',
- order => '100',
- }
- postgresql::pg_hba_rule { 'allow access to ipv6 localhost':
- type => 'host',
- address => '::1/128',
- auth_method => 'md5',
- order => '101',
- }
-
- # ipv6acls are passed as an array of rule strings, here we transform them into
- # a resources hash, and pass the result to create_resources
- $ipv6acl_resources = postgresql_acls_to_resources_hash($ipv6acls, 'ipv6acls', 102)
- create_resources('postgresql::pg_hba_rule', $ipv6acl_resources)
- }
-
- # We must set a "listen_addresses" line in the postgresql.conf if we
- # want to allow any connections from remote hosts.
- file_line { 'postgresql.conf#listen_addresses':
- path => $postgresql_conf_path,
- match => '^listen_addresses\s*=.*$',
- line => "listen_addresses = '${listen_addresses}'",
- notify => Service['postgresqld'],
- }
-
- # Here we are adding an 'include' line so that users have the option of
- # managing their own settings in a second conf file. This only works for
- # postgresql 8.2 and higher.
- if(versioncmp($postgresql::params::version, '8.2') >= 0) {
- # Since we're adding an "include" for this extras config file, we need
- # to make sure it exists.
- exec { "create_postgresql_conf_path":
- command => "touch `dirname ${postgresql_conf_path}`/postgresql_puppet_extras.conf",
- path => '/usr/bin:/bin',
- unless => "[ -f `dirname ${postgresql_conf_path}`/postgresql_puppet_extras.conf ]"
- }
-
- file_line { 'postgresql.conf#include':
- path => $postgresql_conf_path,
- line => "include 'postgresql_puppet_extras.conf'",
- require => Exec["create_postgresql_conf_path"],
- notify => Service['postgresqld'],
- }
- }
-
-
- # TODO: is this a reasonable place for this firewall stuff?
- # TODO: figure out a way to make this not platform-specific; debian and ubuntu have
- # an out-of-the-box firewall configuration that seems trickier to manage
- # TODO: get rid of hard-coded port
- if ($manage_redhat_firewall and $firewall_supported) {
- exec { 'postgresql-persist-firewall':
- command => $persist_firewall_command,
- refreshonly => true,
- }
-
- Firewall {
- notify => Exec['postgresql-persist-firewall']
- }
-
- firewall { '5432 accept - postgres':
- port => '5432',
- proto => 'tcp',
- action => 'accept',
- }
- }
-}
+++ /dev/null
-# Class: postgresql::contrib
-#
-# This class installs the postgresql contrib package.
-#
-# Parameters:
-# [*package_name*] - The name of the postgresql contrib package.
-# [*package_ensure*] - The ensure value of the package.
-#
-# Actions:
-#
-# Requires:
-#
-# Sample Usage:
-#
-# class { 'postgresql::contrib': }
-#
-class postgresql::contrib (
- $package_name = $postgresql::params::contrib_package_name,
- $package_ensure = 'present'
-) inherits postgresql::params {
-
- validate_string($package_name)
-
- package { 'postgresql-contrib':
- ensure => $package_ensure,
- name => $package_name,
- }
-}
+++ /dev/null
-# puppet-postgresql
-# For all details and documentation:
-# http://github.com/inkling/puppet-postgresql
-#
-# Copyright 2012- Inkling Systems, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# TODO: in order to match up more closely with the mysql module, this probably
-# needs to be moved over to ruby, and add support for ensurable.
-
-define postgresql::database(
- $dbname = $title,
- $owner = $postgresql::params::user,
- $tablespace = undef,
- $charset = $postgresql::params::charset,
- $locale = $postgresql::params::locale,
- $istemplate = false
-) {
- include postgresql::params
-
- # Set the defaults for the postgresql_psql resource
- Postgresql_psql {
- psql_user => $postgresql::params::user,
- psql_group => $postgresql::params::group,
- psql_path => $postgresql::params::psql_path,
- }
-
- # Optionally set the locale switch. Older versions of createdb may not accept
- # --locale, so if the parameter is undefined its safer not to pass it.
- if ($postgresql::params::version != '8.1') {
- $locale_option = $locale ? {
- undef => '',
- default => "--locale=${locale}",
- }
- $public_revoke_privilege = 'CONNECT'
- } else {
- $locale_option = ''
- $public_revoke_privilege = 'ALL'
- }
-
- $createdb_command_tmp = "${postgresql::params::createdb_path} --owner='${owner}' --template=template0 --encoding '${charset}' ${locale_option} '${dbname}'"
-
- if($tablespace == undef) {
- $createdb_command = $createdb_command_tmp
- }
- else {
- $createdb_command = "${createdb_command_tmp} --tablespace='${tablespace}'"
- }
-
- postgresql_psql { "Check for existence of db '${dbname}'":
- command => 'SELECT 1',
- unless => "SELECT datname FROM pg_database WHERE datname='${dbname}'",
- require => Class['postgresql::server']
- } ~>
-
- exec { $createdb_command :
- refreshonly => true,
- user => $postgresql::params::user,
- logoutput => on_failure,
- } ~>
-
- # This will prevent users from connecting to the database unless they've been
- # granted privileges.
- postgresql_psql {"REVOKE ${public_revoke_privilege} ON DATABASE \"${dbname}\" FROM public":
- db => $postgresql::params::user,
- refreshonly => true,
- }
-
- Exec [ $createdb_command ] ->
-
- postgresql_psql {"UPDATE pg_database SET datistemplate = ${istemplate} WHERE datname = '${dbname}'":
- unless => "SELECT datname FROM pg_database WHERE datname = '${dbname}' AND datistemplate = ${istemplate}",
- }
-}
+++ /dev/null
-# puppet-postgresql
-# For all details and documentation:
-# http://github.com/inkling/puppet-postgresql
-#
-# Copyright 2012- Inkling Systems, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-define postgresql::database_grant(
- $privilege,
- $db,
- $role,
- $psql_db = undef,
- $psql_user = undef
-) {
- include postgresql::params
- postgresql::grant { "database:${name}":
- role => $role,
- db => $db,
- privilege => $privilege,
- object_type => 'DATABASE',
- object_name => $db,
- psql_db => $psql_db,
- psql_user => $psql_user,
- }
-}
+++ /dev/null
-# puppet-postgresql
-# For all details and documentation:
-# http://github.com/inkling/puppet-postgresql
-#
-# Copyright 2012- Inkling Systems, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Define: postgresql::database_user
-#
-# This type creates a postgres database user.
-#
-# Parameters:
-# [*user*] - username to create.
-# [*password_hash*] - user's password; this may be clear text, or an md5 hash as returned by the
-# "postgresql_password" function in this module.
-#
-# Actions:
-#
-# Requires:
-#
-#
-# Sample Usage:
-#
-# postgresql::database_user { 'frank':
-# password_hash => postgresql_password('frank', 'password'),
-# }
-#
-
-define postgresql::database_user(
- $password_hash = false,
- $createdb = false,
- $createrole = false,
- $db = $postgresql::params::user,
- $superuser = false,
- $replication = false,
- $connection_limit = '-1',
- $user = $title
-) {
- postgresql::role { $user:
- db => $db,
- password_hash => $password_hash,
- login => true,
- createdb => $createdb,
- superuser => $superuser,
- createrole => $createrole,
- replication => $replication,
- connection_limit => $connection_limit,
- }
-}
+++ /dev/null
-# Define: postgresql::db
-#
-# This module creates database instances, a user, and grants that user
-# privileges to the database.
-#
-# Since it requires class postgresql::server, we assume to run all commands as the
-# postgresql user against the local postgresql server.
-#
-# TODO: support an array of privileges for "grant"; currently only supports a single
-# privilege, which is pretty useless unless that privilege is "ALL"
-#
-# Parameters:
-# [*title*] - postgresql database name.
-# [*user*] - username to create and grant access.
-# [*password*] - user's password. may be md5-encoded, in the format returned by the "postgresql_password"
-# function in this module
-# [*charset*] - database charset. defaults to 'utf8'
-# [*grant*] - privilege to grant user. defaults to 'all'.
-# [*tablespace*] - database tablespace. default to use the template database's tablespace.
-# [*locale*] - locale for database. defaults to 'undef' (effectively 'C').
-#
-# Actions:
-#
-# Requires:
-#
-# class postgresql::server
-#
-# Sample Usage:
-#
-# postgresql::db { 'mydb':
-# user => 'my_user',
-# password => 'password',
-# grant => 'all'
-# }
-#
-define postgresql::db (
- $user,
- $password,
- $charset = $postgresql::params::charset,
- $locale = $postgresql::params::locale,
- $grant = 'ALL',
- $tablespace = undef,
- $istemplate = false
-) {
- include postgresql::params
-
- postgresql::database { $name:
- # TODO: ensure is not yet supported
- #ensure => present,
- charset => $charset,
- tablespace => $tablespace,
- #provider => 'postgresql',
- require => Class['postgresql::server'],
- locale => $locale,
- istemplate => $istemplate,
- }
-
- if ! defined(Postgresql::Database_user[$user]) {
- postgresql::database_user { $user:
- # TODO: ensure is not yet supported
- #ensure => present,
- password_hash => $password,
- #provider => 'postgresql',
- require => Postgresql::Database[$name],
- }
- }
-
- postgresql::database_grant { "GRANT ${user} - ${grant} - ${name}":
- privilege => $grant,
- db => $name,
- role => $user,
- #provider => 'postgresql',
- require => [Postgresql::Database[$name], Postgresql::Database_user[$user]],
- }
-
-}
+++ /dev/null
-# Class: postgresql::devel
-#
-# This class installs postgresql development libraries
-#
-# Parameters:
-# [*package_name*] - The name of the postgresql development package.
-# [*package_ensure*] - The ensure value of the package
-#
-# Actions:
-#
-# Requires:
-#
-# Sample Usage:
-#
-class postgresql::devel(
- $package_name = $postgresql::params::devel_package_name,
- $package_ensure = 'present'
-) inherits postgresql::params {
-
- validate_string($package_name)
-
- package { 'postgresql-devel':
- ensure => $package_ensure,
- name => $package_name,
- tag => 'postgresql',
- }
-}
--- /dev/null
+# Class for setting cross-class global overrides. See README.md for more
+# details.
+class postgresql::globals (
+ $client_package_name = undef,
+ $server_package_name = undef,
+ $contrib_package_name = undef,
+ $devel_package_name = undef,
+ $java_package_name = undef,
+ $docs_package_name = undef,
+ $perl_package_name = undef,
+ $plperl_package_name = undef,
+ $plpython_package_name = undef,
+ $python_package_name = undef,
+ $postgis_package_name = undef,
+
+ $service_name = undef,
+ $service_provider = undef,
+ $service_status = undef,
+ $default_database = undef,
+
+ $validcon_script_path = undef,
+
+ $initdb_path = undef,
+ $createdb_path = undef,
+ $psql_path = undef,
+ $pg_hba_conf_path = undef,
+ $pg_ident_conf_path = undef,
+ $postgresql_conf_path = undef,
+ $recovery_conf_path = undef,
+ $default_connect_settings = {},
+
+ $pg_hba_conf_defaults = undef,
+
+ $datadir = undef,
+ $confdir = undef,
+ $bindir = undef,
+ $xlogdir = undef,
+ $logdir = undef,
+ $log_line_prefix = undef,
+
+ $user = undef,
+ $group = undef,
+
+ $version = undef,
+ $postgis_version = undef,
+ $repo_proxy = undef,
+ $repo_baseurl = undef,
+
+ $needs_initdb = undef,
+
+ $encoding = undef,
+ $locale = undef,
+ $data_checksums = undef,
+ $timezone = undef,
+
+ $manage_pg_hba_conf = undef,
+ $manage_pg_ident_conf = undef,
+ $manage_recovery_conf = undef,
+
+ $manage_package_repo = undef,
+ $module_workdir = undef,
+) {
+ # We are determining this here, because it is needed by the package repo
+ # class.
+ $default_version = $::osfamily ? {
+ /^(RedHat|Linux)/ => $::operatingsystem ? {
+ 'Fedora' => $::operatingsystemrelease ? {
+ /^(24|25)$/ => '9.5',
+ /^(22|23)$/ => '9.4',
+ /^(21)$/ => '9.3',
+ /^(18|19|20)$/ => '9.2',
+ /^(17)$/ => '9.1',
+ default => undef,
+ },
+ 'Amazon' => '9.2',
+ default => $::operatingsystemrelease ? {
+ /^7\./ => '9.2',
+ /^6\./ => '8.4',
+ /^5\./ => '8.1',
+ default => undef,
+ },
+ },
+ 'Debian' => $::operatingsystem ? {
+ 'Debian' => $::operatingsystemrelease ? {
+ /^(squeeze|6\.)/ => '8.4',
+ /^(wheezy|7\.)/ => '9.1',
+ /^(jessie|8\.)/ => '9.4',
+ /^(stretch|9\.)/ => '9.6',
+ default => undef,
+ },
+ 'Ubuntu' => $::operatingsystemrelease ? {
+ /^(10.04|10.10|11.04)$/ => '8.4',
+ /^(11.10|12.04|12.10|13.04|13.10)$/ => '9.1',
+ /^(14.04)$/ => '9.3',
+ /^(14.10|15.04|15.10)$/ => '9.4',
+ /^(16.04|16.10)$/ => '9.5',
+ default => undef,
+ },
+ default => undef,
+ },
+ 'Archlinux' => $::operatingsystem ? {
+ /Archlinux/ => '9.2',
+ default => '9.2',
+ },
+ 'Gentoo' => '9.5',
+ 'FreeBSD' => '93',
+ 'OpenBSD' => $::operatingsystemrelease ? {
+ /5\.6/ => '9.3',
+ /5\.[7-9]/ => '9.4',
+ /6\.[0-9]/ => '9.5',
+ },
+ 'Suse' => $::operatingsystem ? {
+ 'SLES' => $::operatingsystemrelease ? {
+ /11\.[0-4]/ => '91',
+ /12\.0/ => '93',
+ default => '94',
+ },
+ 'OpenSuSE' => $::operatingsystemrelease ? {
+ default => '94',
+ },
+ default => undef,
+ },
+ default => undef,
+ }
+ $globals_version = pick($version, $default_version, 'unknown')
+ if($globals_version == 'unknown') {
+ fail('No preferred version defined or automatically detected.')
+ }
+
+ $default_postgis_version = $globals_version ? {
+ '8.1' => '1.3.6',
+ '8.4' => '2.0',
+ '9.0' => '2.1',
+ '9.1' => '2.1',
+ '91' => '2.1',
+ '9.2' => '2.3',
+ '9.3' => '2.3',
+ '93' => '2.3',
+ '9.4' => '2.3',
+ '9.5' => '2.3',
+ '9.6' => '2.3',
+ default => undef,
+ }
+ $globals_postgis_version = $postgis_version ? {
+ undef => $default_postgis_version,
+ default => $postgis_version,
+ }
+
+ # Setup of the repo only makes sense globally, so we are doing this here.
+ if($manage_package_repo) {
+ class { 'postgresql::repo':
+ version => $globals_version,
+ proxy => $repo_proxy,
+ baseurl => $repo_baseurl,
+ }
+ }
+}
+++ /dev/null
-# Resource postgresql::grant
-#
-# TODO: in mysql module, the grant resource name might look like this: 'user@host/dbname';
-# I think that the API for the resource type should split these up, because it's
-# easier / safer to recombine them for mysql than it is to parse them for other
-# databases. Also, in the mysql module, the hostname portion of that string
-# affects the user's ability to connect from remote hosts. In postgres this is
-# managed via pg_hba.conf; not sure if we want to try to reconcile that difference
-# in the modules or not.
-define postgresql::grant (
- $role,
- $db,
- # TODO: mysql supports an array of privileges here. We should do that if we
- # port this to ruby.
- $privilege = undef,
- $object_type = 'database',
- $object_name = $db,
- $psql_db = $postgresql::params::user,
- $psql_user = $postgresql::params::user
-) {
-
- ## Munge the input values
- $_object_type = upcase($object_type)
- $_privilege = upcase($privilege)
-
- ## Validate that the object type is known
- validate_string($_object_type,
- #'COLUMN',
- 'DATABASE',
- #'FOREIGN SERVER',
- #'FOREIGN DATA WRAPPER',
- #'FUNCTION',
- #'PROCEDURAL LANGUAGE',
- #'SCHEMA',
- #'SEQUENCE',
- 'TABLE',
- #'TABLESPACE',
- #'VIEW',
- )
-
- ## Validate that the object type's privilege is acceptable
- case $_object_type {
- 'DATABASE': {
- validate_string($_privilege,'CREATE','CONNECT','TEMPORARY','TEMP','ALL','ALL PRIVILEGES')
- $unless_function = 'has_database_privilege'
- $on_db = $psql_db
- }
- 'TABLE': {
- validate_string($_privilege,'SELECT','INSERT','UPDATE','REFERENCES','ALL','ALL PRIVILEGES')
- $unless_function = 'has_table_privilege'
- $on_db = $db
- }
- default: {
- fail("Missing privilege validation for object type ${_object_type}")
- }
- }
-
- # TODO: this is a terrible hack; if they pass "ALL" as the desired privilege,
- # we need a way to test for it--and has_database_privilege does not recognize
- # 'ALL' as a valid privilege name. So we probably need to hard-code a mapping
- # between 'ALL' and the list of actual privileges that it entails, and loop
- # over them to check them. That sort of thing will probably need to wait until
- # we port this over to ruby, so, for now, we're just going to assume that if
- # they have "CREATE" privileges on a database, then they have "ALL". (I told
- # you that it was terrible!)
- $unless_privilege = $_privilege ? {
- 'ALL' => 'CREATE',
- default => $_privilege,
- }
- postgresql_psql { "GRANT ${_privilege} ON ${_object_type} \"${object_name}\" TO \"${role}\"":
- db => $on_db,
- psql_user => $psql_user,
- psql_group => $postgresql::params::group,
- psql_path => $postgresql::params::psql_path,
- unless => "SELECT 1 WHERE ${unless_function}('${role}', '${object_name}', '${unless_privilege}')",
- }
-}
+++ /dev/null
-# == Class: postgresql
-#
-# This is a base class that can be used to modify catalog-wide settings relating
-# to the various types in class contained in the postgresql module.
-#
-# If you don't declare this class in your catalog, sensible defaults will
-# be used. However, if you choose to declare it, it needs to appear *before*
-# any other types or classes from the postgresql module.
-#
-# For examples, see the files in the `tests` directory; in particular,
-# `/server-yum-postgresql-org.pp`.
-#
-# === Parameters
-#
-# [*version*]
-# The postgresql version to install. If not specified, the
-# module will use whatever version is the default for your
-# OS distro.
-# [*manage_package_repo*]
-# This determines whether or not the module should
-# attempt to manage the postgres package repository for your
-# distro. Defaults to `false`, but if set to `true`, it can
-# be used to set up the official postgres yum/apt package
-# repositories for you.
-# [*package_source*]
-# This setting is only used if `manage_package_repo` is
-# set to `true`. It determines which package repository should
-# be used to install the postgres packages. Currently supported
-# values include `yum.postgresql.org`.
-# [*locale*]
-# This setting defines the default locale for initdb and createdb
-# commands. This default to 'undef' which is effectively 'C'.
-# [*charset*]
-# Sets the default charset to be used for initdb and createdb.
-# Defaults to 'UTF8'.
-# [*datadir*]
-# This setting can be used to override the default postgresql
-# data directory for the target platform. If not specified, the
-# module will use whatever directory is the default for your
-# OS distro.
-# [*confdir*]
-# This setting can be used to override the default postgresql
-# configuration directory for the target platform. If not
-# specified, the module will use whatever directory is the
-# default for your OS distro.
-# [*bindir*]
-# This setting can be used to override the default postgresql
-# binaries directory for the target platform. If not
-# specified, the module will use whatever directory is the
-# default for your OS distro.
-# [*client_package_name*]
-# This setting can be used to override the default
-# postgresql client package name. If not specified, the module
-# will use whatever package name is the default for your
-# OS distro.
-# [*server_package_name*]
-# This setting can be used to override the default
-# postgresql server package name. If not specified, the module
-# will use whatever package name is the default for your
-# OS distro.
-# [*contrib_package_name*]
-# This setting can be used to override the default
-# postgresql contrib package name. If not specified, the module
-# will use whatever package name is the default for your
-# OS distro.
-# [*devel_package_name*]
-# This setting can be used to override the default
-# postgresql devel package name. If not specified, the module
-# will use whatever package name is the default for your
-# OS distro.
-# [*java_package_name*]
-# This setting can be used to override the default
-# postgresql java package name. If not specified, the module
-# will use whatever package name is the default for your
-# OS distro.
-# [*service_name*]
-# This setting can be used to override the default
-# postgresql service name. If not specified, the module
-# will use whatever service name is the default for your
-# OS distro.
-# [*user*]
-# This setting can be used to override the default
-# postgresql super user and owner of postgresql related files
-# in the file system. If not specified, the module will use
-# the user name 'postgres'.
-# [*group*]
-# This setting can be used to override the default
-# postgresql user group to be used for related files
-# in the file system. If not specified, the module will use
-# the group name 'postgres'.
-# [*run_initdb*]
-# This setting can be used to explicitly call the initdb
-# operation after server package is installed and before
-# the postgresql service is started. If not specified, the
-# module will decide whether to call initdb or not depending
-# on your OS distro.
-#
-# === Examples
-#
-# class { 'postgresql':
-# version => '9.2',
-# manage_package_repo => true,
-# }
-#
-#
-class postgresql (
- $version = $::postgres_default_version,
- $manage_package_repo = false,
- $package_source = undef,
- $locale = undef,
- $charset = 'UTF8',
- $datadir = undef,
- $confdir = undef,
- $bindir = undef,
- $client_package_name = undef,
- $server_package_name = undef,
- $contrib_package_name = undef,
- $devel_package_name = undef,
- $java_package_name = undef,
- $service_name = undef,
- $user = undef,
- $group = undef,
- $run_initdb = undef
-) {
-
- class { 'postgresql::params':
- version => $version,
- manage_package_repo => $manage_package_repo,
- package_source => $package_source,
- locale => $locale,
- charset => $charset,
- custom_datadir => $datadir,
- custom_confdir => $confdir,
- custom_bindir => $bindir,
- custom_client_package_name => $client_package_name,
- custom_server_package_name => $server_package_name,
- custom_contrib_package_name => $contrib_package_name,
- custom_devel_package_name => $devel_package_name,
- custom_java_package_name => $java_package_name,
- custom_service_name => $service_name,
- custom_user => $user,
- custom_group => $group,
- run_initdb => $run_initdb,
- }
-}
+++ /dev/null
-# puppet-postgresql
-# For all details and documentation:
-# http://github.com/inkling/puppet-postgresql
-#
-# Copyright 2012- Inkling Systems, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-class postgresql::initdb(
- $datadir = $postgresql::params::datadir,
- $encoding = $postgresql::params::charset,
- $group = $postgresql::params::group,
- $initdb_path = $postgresql::params::initdb_path,
- $user = $postgresql::params::user
-) inherits postgresql::params {
- # Build up the initdb command.
- #
- # We optionally add the locale switch if specified. Older versions of the
- # initdb command don't accept this switch. So if the user didn't pass the
- # parameter, lets not pass the switch at all.
- $initdb_command = $postgresql::params::locale ? {
- undef => "${initdb_path} --encoding '${encoding}' --pgdata '${datadir}'",
- default => "${initdb_path} --encoding '${encoding}' --pgdata '${datadir}' --locale '${postgresql::params::locale}'"
- }
-
- # This runs the initdb command, we use the existance of the PG_VERSION file to
- # ensure we don't keep running this command.
- exec { 'postgresql_initdb':
- command => $initdb_command,
- creates => "${datadir}/PG_VERSION",
- user => $user,
- group => $group,
- logoutput => on_failure,
- }
-
- # If we manage the package (which is user configurable) make sure the
- # package exists first.
- if defined(Package[$postgresql::params::server_package_name]) {
- Package[$postgresql::params::server_package_name]->
- Exec['postgresql_initdb']
- }
-}
+++ /dev/null
-# Class: postgresql::java
-#
-# This class installs the postgresql jdbc connector.
-#
-# Parameters:
-# [*package_name*] - The name of the postgresql java package.
-# [*package_ensure*] - The ensure value of the package.
-#
-# Actions:
-#
-# Requires:
-#
-# Sample Usage:
-#
-# class { 'postgresql::java': }
-#
-class postgresql::java (
- $package_name = $postgresql::params::java_package_name,
- $package_ensure = 'present'
-) inherits postgresql::params {
-
- validate_string($package_name)
-
- package { 'postgresql-jdbc':
- ensure => $package_ensure,
- name => $package_name,
- }
-
-}
--- /dev/null
+# This class installs postgresql development libraries. See README.md for more
+# details.
+class postgresql::lib::devel(
+ String $package_name = $postgresql::params::devel_package_name,
+ String[1] $package_ensure = 'present',
+ Boolean $link_pg_config = $postgresql::params::link_pg_config
+) inherits postgresql::params {
+
+ if $::osfamily == 'Gentoo' {
+ fail('osfamily Gentoo does not have a separate "devel" package, postgresql::lib::devel is not supported')
+ }
+
+ package { 'postgresql-devel':
+ ensure => $package_ensure,
+ name => $package_name,
+ tag => 'postgresql',
+ }
+
+ if $link_pg_config {
+ if ( $postgresql::params::bindir != '/usr/bin' and $postgresql::params::bindir != '/usr/local/bin') {
+ file { '/usr/bin/pg_config':
+ ensure => link,
+ target => "${postgresql::params::bindir}/pg_config",
+ }
+ }
+ }
+
+}
--- /dev/null
+# This class installs the postgresql-docs See README.md for more
+# details.
+class postgresql::lib::docs (
+ String $package_name = $postgresql::params::docs_package_name,
+ String[1] $package_ensure = 'present',
+) inherits postgresql::params {
+
+ package { 'postgresql-docs':
+ ensure => $package_ensure,
+ name => $package_name,
+ tag => 'postgresql',
+ }
+
+}
--- /dev/null
+# This class installs the postgresql jdbc connector. See README.md for more
+# details.
+class postgresql::lib::java (
+ String $package_name = $postgresql::params::java_package_name,
+ String[1] $package_ensure = 'present'
+) inherits postgresql::params {
+
+ package { 'postgresql-jdbc':
+ ensure => $package_ensure,
+ name => $package_name,
+ tag => 'postgresql',
+ }
+
+}
--- /dev/null
+# This class installs the perl libs for postgresql. See README.md for more
+# details.
+class postgresql::lib::perl(
+ String $package_name = $postgresql::params::perl_package_name,
+ String[1] $package_ensure = 'present'
+) inherits postgresql::params {
+
+ package { 'perl-DBD-Pg':
+ ensure => $package_ensure,
+ name => $package_name,
+ }
+
+}
--- /dev/null
+# This class installs the python libs for postgresql. See README.md for more
+# details.
+class postgresql::lib::python(
+ String[1] $package_name = $postgresql::params::python_package_name,
+ String[1] $package_ensure = 'present'
+) inherits postgresql::params {
+
+ package { 'python-psycopg2':
+ ensure => $package_ensure,
+ name => $package_name,
+ }
+
+}
+++ /dev/null
-class postgresql::package_source::apt_postgresql_org {
- # Here we have tried to replicate the instructions on the PostgreSQL site:
- #
- # http://www.postgresql.org/download/linux/debian/
- #
- apt::pin { 'apt.postgresql.org':
- originator => 'apt.postgresql.org',
- priority => 500,
- }->
- apt::source { 'apt.postgresql.org':
- location => 'http://apt.postgresql.org/pub/repos/apt/',
- release => "${::lsbdistcodename}-pgdg",
- repos => 'main',
- required_packages => 'pgdg-keyring',
- key => 'ACCC4CF8',
- key_source => 'http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc',
- include_src => false,
- }
-
- Apt::Source['apt.postgresql.org']->Package<|tag == 'postgresql'|>
-}
+++ /dev/null
-class postgresql::package_source::yum_postgresql_org(
- $version
-) {
-
- $version_parts = split($version, '[.]')
- $package_version = "${version_parts[0]}${version_parts[1]}"
-
- file { "/etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-${package_version}":
- source => 'puppet:///modules/postgresql/RPM-GPG-KEY-PGDG',
- before => Yumrepo['yum.postgresql.org']
- }
-
- if($::operatingsystem == 'Fedora') {
- $label1 = 'fedora'
- $label2 = $label1
- } else {
- $label1 = 'redhat'
- $label2 = 'rhel'
- }
-
- yumrepo { 'yum.postgresql.org':
- descr => "PostgreSQL ${version} \$releasever - \$basearch",
- baseurl => "http://yum.postgresql.org/${version}/${label1}/${label2}-\$releasever-\$basearch",
- enabled => 1,
- gpgcheck => 1,
- gpgkey => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-${package_version}",
- }
-
- Yumrepo['yum.postgresql.org'] -> Package<|tag == 'postgresql'|>
-}
-# Class: postgresql::params
-#
-# The postgresql configuration settings.
-#
-# Parameters:
-#
-# Actions:
-#
-# Requires:
-#
-# Sample Usage:
-#
-
-# TODO: add real docs
-
-# This class allows you to use a newer version of postgres, rather than your
-# system's default version.
-#
-# If you want to do that, note that it is important that you use the '->',
-# or a before/require metaparameter to make sure that the `params`
-# class is evaluated before any of the other classes in the module.
-#
-# Also note that this class includes the ability to automatically manage
-# the yumrepo resource. If you'd prefer to manage the repo yourself, simply pass
-# 'false' or omit the 'manage_repo' parameter--it defaults to 'false'. You will
-# still need to use the 'params' class to specify the postgres version
-# number, though, in order for the other classes to be able to find the
-# correct paths to the postgres dirs.
-
-class postgresql::params(
- $version = $::postgres_default_version,
- $manage_package_repo = false,
- $package_source = undef,
- $locale = undef,
- $charset = 'UTF8',
- $custom_datadir = undef,
- $custom_confdir = undef,
- $custom_bindir = undef,
- $custom_client_package_name = undef,
- $custom_server_package_name = undef,
- $custom_contrib_package_name = undef,
- $custom_devel_package_name = undef,
- $custom_java_package_name = undef,
- $custom_plperl_package_name = undef,
- $custom_service_name = undef,
- $custom_user = undef,
- $custom_group = undef,
- $run_initdb = undef
-) {
- $user = pick($custom_user, 'postgres')
- $group = pick($custom_group, 'postgres')
- $ip_mask_deny_postgres_user = '0.0.0.0/0'
- $ip_mask_allow_all_users = '127.0.0.1/32'
- $listen_addresses = 'localhost'
- $ipv4acls = []
- $ipv6acls = []
- $manage_pg_hba_conf = true
- # TODO: figure out a way to make this not platform-specific
- $manage_redhat_firewall = false
-
- if ($manage_package_repo) {
- case $::osfamily {
- 'RedHat': {
- $rh_pkg_source = pick($package_source, 'yum.postgresql.org')
-
- case $rh_pkg_source {
- 'yum.postgresql.org': {
- class { 'postgresql::package_source::yum_postgresql_org':
- version => $version
- }
- }
-
- default: {
- fail("Unsupported package source '${rh_pkg_source}' for ${::osfamily} OS family. Currently the only supported source is 'yum.postgresql.org'")
- }
- }
- }
-
- 'Debian': {
- class { 'postgresql::package_source::apt_postgresql_org': }
- }
-
- default: {
- fail("Unsupported osfamily for manage_package_repo: ${::osfamily} operatingsystem: ${::operatingsystem}, module ${module_name} currently only supports managing repos for osfamily RedHat and Debian")
- }
- }
- }
-
-
- # This is a bit hacky, but if the puppet nodes don't have pluginsync enabled,
- # they will fail with a not-so-helpful error message. Here we are explicitly
- # verifying that the custom fact exists (which implies that pluginsync is
- # enabled and succeeded). If not, we fail with a hint that tells the user
- # that pluginsync might not be enabled. Ideally this would be handled directly
- # in puppet.
- if ($::postgres_default_version == undef) {
- fail "No value for postgres_default_version facter fact; it's possible that you don't have pluginsync enabled."
- }
-
- case $::operatingsystem {
- default: {
- $service_provider = undef
- }
- }
+# PRIVATE CLASS: do not use directly
+class postgresql::params inherits postgresql::globals {
+ $version = $postgresql::globals::globals_version
+ $postgis_version = $postgresql::globals::globals_postgis_version
+ $listen_addresses = undef
+ $port = 5432
+ $log_line_prefix = undef
+ $ip_mask_deny_postgres_user = '0.0.0.0/0'
+ $ip_mask_allow_all_users = '127.0.0.1/32'
+ $ipv4acls = []
+ $ipv6acls = []
+ $encoding = $postgresql::globals::encoding
+ $locale = $postgresql::globals::locale
+ $data_checksums = $postgresql::globals::data_checksums
+ $timezone = $postgresql::globals::timezone
+ $service_ensure = 'running'
+ $service_enable = true
+ $service_manage = true
+ $service_restart_on_change = true
+ $service_provider = $postgresql::globals::service_provider
+ $manage_pg_hba_conf = pick($manage_pg_hba_conf, true)
+ $manage_pg_ident_conf = pick($manage_pg_ident_conf, true)
+ $manage_recovery_conf = pick($manage_recovery_conf, false)
+ $package_ensure = 'present'
+ $module_workdir = pick($module_workdir,'/tmp')
# Amazon Linux's OS Family is 'Linux', operating system 'Amazon'.
case $::osfamily {
'RedHat', 'Linux': {
- $needs_initdb = pick($run_initdb, true)
- $firewall_supported = true
- $persist_firewall_command = '/sbin/iptables-save > /etc/sysconfig/iptables'
-
- if $version == $::postgres_default_version {
- $client_package_name = pick($custom_client_package_name, 'postgresql')
- $server_package_name = pick($custom_server_package_name, 'postgresql-server')
- $contrib_package_name = pick($custom_contrib_package_name,'postgresql-contrib')
- $devel_package_name = pick($custom_devel_package_name, 'postgresql-devel')
- $java_package_name = pick($custom_java_package_name, 'postgresql-jdbc')
- $plperl_package_name = pick($custom_plperl_package_name, 'postgresql-plperl')
- $service_name = pick($custom_service_name, 'postgresql')
- $bindir = pick($custom_bindir, '/usr/bin')
- $datadir = pick($custom_datadir, '/var/lib/pgsql/data')
- $confdir = pick($custom_confdir, $datadir)
+ $link_pg_config = true
+ $user = pick($user, 'postgres')
+ $group = pick($group, 'postgres')
+ $needs_initdb = pick($needs_initdb, true)
+ $version_parts = split($version, '[.]')
+ $package_version = "${version_parts[0]}${version_parts[1]}"
+
+ if $version == $postgresql::globals::default_version and $::operatingsystem != 'Amazon' {
+ $client_package_name = pick($client_package_name, 'postgresql')
+ $server_package_name = pick($server_package_name, 'postgresql-server')
+ $contrib_package_name = pick($contrib_package_name,'postgresql-contrib')
+ $devel_package_name = pick($devel_package_name, 'postgresql-devel')
+ $java_package_name = pick($java_package_name, 'postgresql-jdbc')
+ $docs_package_name = pick($docs_package_name, 'postgresql-docs')
+ $plperl_package_name = pick($plperl_package_name, 'postgresql-plperl')
+ $plpython_package_name = pick($plpython_package_name, 'postgresql-plpython')
+ $service_name = pick($service_name, 'postgresql')
+ $bindir = pick($bindir, '/usr/bin')
+ $datadir = $::operatingsystem ? {
+ 'Amazon' => pick($datadir, "/var/lib/pgsql${package_version}/data"),
+ default => pick($datadir, '/var/lib/pgsql/data'),
+ }
+ $confdir = pick($confdir, $datadir)
+ } else {
+ $client_package_name = pick($client_package_name, "postgresql${package_version}")
+ $server_package_name = pick($server_package_name, "postgresql${package_version}-server")
+ $contrib_package_name = pick($contrib_package_name,"postgresql${package_version}-contrib")
+ $devel_package_name = pick($devel_package_name, "postgresql${package_version}-devel")
+ $java_package_name = pick($java_package_name, "postgresql${package_version}-jdbc")
+ $docs_package_name = pick($docs_package_name, "postgresql${package_version}-docs")
+ $plperl_package_name = pick($plperl_package_name, "postgresql${package_version}-plperl")
+ $plpython_package_name = pick($plpython_package_name, "postgresql${package_version}-plpython")
+ $service_name = $::operatingsystem ? {
+ 'Amazon' => pick($service_name, "postgresql${version_parts[0]}${version_parts[1]}"),
+ default => pick($service_name, "postgresql-${version}"),
+ }
+ $bindir = $::operatingsystem ? {
+ 'Amazon' => pick($bindir, '/usr/bin'),
+ default => pick($bindir, "/usr/pgsql-${version}/bin"),
+ }
+ $datadir = $::operatingsystem ? {
+ 'Amazon' => pick($datadir, "/var/lib/pgsql${package_version}/data"),
+ default => pick($datadir, "/var/lib/pgsql/${version}/data"),
+ }
+ $confdir = pick($confdir, $datadir)
+ }
+ $psql_path = pick($psql_path, "${bindir}/psql")
+
+ $service_status = $service_status
+ $service_reload = "service ${service_name} reload"
+ $perl_package_name = pick($perl_package_name, 'perl-DBD-Pg')
+ $python_package_name = pick($python_package_name, 'python-psycopg2')
+
+ if $postgresql::globals::postgis_package_name {
+ $postgis_package_name = $postgresql::globals::postgis_package_name
+ } elsif $::operatingsystemrelease =~ /^5\./ {
+ $postgis_package_name = 'postgis'
+ } elsif $postgis_version and versioncmp($postgis_version, '2') < 0 {
+ $postgis_package_name = "postgis${package_version}"
} else {
- $version_parts = split($version, '[.]')
- $package_version = "${version_parts[0]}${version_parts[1]}"
- $client_package_name = pick($custom_client_package_name, "postgresql${package_version}")
- $server_package_name = pick($custom_server_package_name, "postgresql${package_version}-server")
- $contrib_package_name = pick($custom_contrib_package_name,"postgresql${package_version}-contrib")
- $devel_package_name = pick($custom_devel_package_name, "postgresql${package_version}-devel")
- $java_package_name = pick($custom_java_package_name, "postgresql${package_version}-jdbc")
- $plperl_package_name = pick($custom_plperl_package_name, "postgresql${package_version}-plperl")
- $service_name = pick($custom_service_name, "postgresql-${version}")
- $bindir = pick($custom_bindir, "/usr/pgsql-${version}/bin")
- $datadir = pick($custom_datadir, "/var/lib/pgsql/${version}/data")
- $confdir = pick($custom_confdir, $datadir)
+ $postgis_package_name = "postgis2_${package_version}"
}
+ }
- $service_status = undef
- $python_package_name="python-psycopg2"
+ 'Archlinux': {
+ $link_pg_config = true
+ $needs_initdb = pick($needs_initdb, true)
+ $user = pick($user, 'postgres')
+ $group = pick($group, 'postgres')
+
+ # Archlinux doesn't have a client-package but has a libs package which
+ # pulls in postgresql server
+ $client_package_name = pick($client_package_name, 'postgresql')
+ $server_package_name = pick($server_package_name, 'postgresql-libs')
+ $java_package_name = pick($java_package_name, 'postgresql-jdbc')
+ # Archlinux doesn't have develop packages
+ $devel_package_name = pick($devel_package_name, 'postgresql-devel')
+ # Archlinux does have postgresql-contrib but it isn't maintained
+ $contrib_package_name = pick($contrib_package_name,'undef')
+ # Archlinux postgresql package provides plperl
+ $plperl_package_name = pick($plperl_package_name, 'undef')
+ $plpython_package_name = pick($plpython_package_name, 'undef')
+ $service_name = pick($service_name, 'postgresql')
+ $bindir = pick($bindir, '/usr/bin')
+ $datadir = pick($datadir, '/var/lib/postgres/data')
+ $confdir = pick($confdir, $datadir)
+ $psql_path = pick($psql_path, "${bindir}/psql")
+
+ $service_status = $service_status
+ $service_reload = "systemctl reload ${service_name}"
+ $python_package_name = pick($python_package_name, 'python-psycopg2')
+ # Archlinux does not have a perl::DBD::Pg package
+ $perl_package_name = pick($perl_package_name, 'undef')
}
'Debian': {
- $firewall_supported = false
- # TODO: not exactly sure yet what the right thing to do for Debian/Ubuntu is.
- #$persist_firewall_command = '/sbin/iptables-save > /etc/iptables/rules.v4'
+ $link_pg_config = false
+ $user = pick($user, 'postgres')
+ $group = pick($group, 'postgres')
- if $manage_package_repo == true {
- $needs_initdb = pick($run_initdb, true)
- $service_name = pick($custom_service_name, 'postgresql')
+ if $postgresql::globals::manage_package_repo == true {
+ $needs_initdb = pick($needs_initdb, true)
+ $service_name = pick($service_name, 'postgresql')
} else {
- $needs_initdb = pick($run_initdb, false)
- case $::operatingsystem {
- 'Debian': {
- $service_name = pick($custom_service_name, 'postgresql')
- }
- 'Ubuntu': {
- # thanks, ubuntu
- if($::lsbmajdistrelease == '10') {
- $service_name = pick($custom_service_name, "postgresql-${version}")
- } else {
- $service_name = pick($custom_service_name, 'postgresql')
- }
- }
+ $needs_initdb = pick($needs_initdb, false)
+ $service_name = $::operatingsystem ? {
+ 'Debian' => pick($service_name, 'postgresql'),
+ 'Ubuntu' => $::lsbmajdistrelease ? {
+ /^10/ => pick($service_name, "postgresql-${version}"),
+ default => pick($service_name, 'postgresql'),
+ },
+ default => undef
}
}
- $client_package_name = pick($custom_client_package_name, "postgresql-client-${version}")
- $server_package_name = pick($custom_server_package_name, "postgresql-${version}")
- $contrib_package_name = pick($custom_contrib_package_name, "postgresql-contrib-${version}")
- $devel_package_name = pick($custom_devel_package_name, 'libpq-dev')
- $java_package_name = pick($custom_java_package_name, 'libpostgresql-jdbc-java')
- $bindir = pick($custom_bindir, "/usr/lib/postgresql/${version}/bin")
- $datadir = pick($custom_datadir, "/var/lib/postgresql/${version}/main")
- $confdir = pick($custom_confdir, "/etc/postgresql/${version}/main")
- $service_status = "/etc/init.d/${service_name} status | /bin/egrep -q 'Running clusters: .+|online'"
- $python_package_name = "python-psycopg2"
- $plperl_package_name = "postgresql-plperl-${version}"
- }
-
- default: {
-
- $err_msg_prefix = "Module ${module_name} does not provide defaults for osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}; please specify a value for ${module_name}::params::"
-
- if ($run_initdb != undef) {
- $needs_initdb = $run_initdb
+ $client_package_name = pick($client_package_name, "postgresql-client-${version}")
+ $server_package_name = pick($server_package_name, "postgresql-${version}")
+ $contrib_package_name = pick($contrib_package_name, "postgresql-contrib-${version}")
+ if $postgis_version and versioncmp($postgis_version, '2') < 0 {
+ $postgis_package_name = pick($postgis_package_name, "postgresql-${version}-postgis")
} else {
- fail("${err_msg_prefix}run_initdb")
+ $postgis_package_name = pick($postgis_package_name, "postgresql-${version}-postgis-${postgis_version}")
}
-
- $firewall_supported = false
-
- if ($custom_service_name) {
- $service_name = $custom_service_name
- } else {
- fail("${err_msg_prefix}custom_service_name")
+ $devel_package_name = pick($devel_package_name, 'libpq-dev')
+ $java_package_name = $::operatingsystem ? {
+ 'Debian' => $::operatingsystemrelease ? {
+ /^6/ => pick($java_package_name, 'libpg-java'),
+ default => pick($java_package_name, 'libpostgresql-jdbc-java'),
+ },
+ default => pick($java_package_name, 'libpostgresql-jdbc-java'),
}
-
- if ($custom_client_package_name) {
- $client_package_name = $custom_client_package_name
+ $perl_package_name = pick($perl_package_name, 'libdbd-pg-perl')
+ $plperl_package_name = pick($plperl_package_name, "postgresql-plperl-${version}")
+ $plpython_package_name = pick($plpython_package_name, "postgresql-plpython-${version}")
+ $python_package_name = pick($python_package_name, 'python-psycopg2')
+
+ $bindir = pick($bindir, "/usr/lib/postgresql/${version}/bin")
+ $datadir = pick($datadir, "/var/lib/postgresql/${version}/main")
+ $confdir = pick($confdir, "/etc/postgresql/${version}/main")
+ if $::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8.0') >= 0 {
+ # Jessie uses systemd
+ $service_status = pick($service_status, "/usr/sbin/service ${service_name}@*-main status")
+ } elsif $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '15.04') >= 0 {
+ # Ubuntu releases since vivid use systemd
+ $service_status = pick($service_status, "/usr/sbin/service ${service_name} status")
} else {
- fail("${err_msg_prefix}custom_client_package_name")
+ $service_status = pick($service_status, "/etc/init.d/${service_name} status | /bin/egrep -q 'Running clusters: .+|online'")
}
+ $service_reload = "service ${service_name} reload"
+ $psql_path = pick($psql_path, '/usr/bin/psql')
+ }
- if ($custom_server_package_name) {
- $server_package_name = $custom_server_package_name
- } else {
- fail("${err_msg_prefix}custom_server_package_name")
- }
+ 'Gentoo': {
+ $user = pick($user, 'postgres')
+ $group = pick($group, 'postgres')
+
+ $client_package_name = pick($client_package_name, 'UNSET')
+ $server_package_name = pick($server_package_name, 'postgresql')
+ $contrib_package_name = pick_default($contrib_package_name, undef)
+ $devel_package_name = pick_default($devel_package_name, undef)
+ $java_package_name = pick($java_package_name, 'jdbc-postgresql')
+ $perl_package_name = pick($perl_package_name, 'DBD-Pg')
+ $plperl_package_name = undef
+ $python_package_name = pick($python_package_name, 'psycopg')
+
+ $service_name = pick($service_name, "postgresql-${version}")
+ $bindir = pick($bindir, "/usr/lib/postgresql-${version}/bin")
+ $datadir = pick($datadir, "/var/lib/postgresql/${version}_data")
+ $confdir = pick($confdir, "/etc/postgresql-${version}")
+ $service_status = pick($service_status, "systemctl status ${service_name}")
+ $service_reload = "systemctl reload ${service_name}"
+ $psql_path = pick($psql_path, "${bindir}/psql")
+
+ $needs_initdb = pick($needs_initdb, true)
+ }
+ 'FreeBSD': {
+ case $version {
+ '96': {
+ $user = pick($user, 'postgres')
+ $group = pick($group, 'postgres')
+ $datadir = pick($datadir, "/var/db/postgres/data${version}")
+ }
+ default: {
+ $user = pick($user, 'pgsql')
+ $group = pick($group, 'pgsql')
+ $datadir = pick($datadir, '/usr/local/pgsql/data')
+ }
+ }
- $contrib_package_name = $custom_contrib_package_name
- $devel_package_name = $custom_devel_package_name
- $java_package_name = $custom_java_package_name
+ $link_pg_config = true
+ $client_package_name = pick($client_package_name, "databases/postgresql${version}-client")
+ $server_package_name = pick($server_package_name, "databases/postgresql${version}-server")
+ $contrib_package_name = pick($contrib_package_name, "databases/postgresql${version}-contrib")
+ $devel_package_name = pick($devel_package_name, 'databases/postgresql-libpqxx3')
+ $java_package_name = pick($java_package_name, 'databases/postgresql-jdbc')
+ $perl_package_name = pick($plperl_package_name, 'databases/p5-DBD-Pg')
+ $plperl_package_name = pick($plperl_package_name, "databases/postgresql${version}-plperl")
+ $python_package_name = pick($python_package_name, 'databases/py-psycopg2')
+
+ $service_name = pick($service_name, 'postgresql')
+ $bindir = pick($bindir, '/usr/local/bin')
+ $confdir = pick($confdir, $datadir)
+ $service_status = pick($service_status, "/usr/local/etc/rc.d/${service_name} onestatus")
+ $service_reload = "service ${service_name} reload"
+ $psql_path = pick($psql_path, "${bindir}/psql")
+
+ $needs_initdb = pick($needs_initdb, true)
+ }
- if ($custom_bindir) {
- $bindir = $custom_bindir
- } else {
- fail("${err_msg_prefix}custom_bindir")
- }
+ 'OpenBSD': {
+ $user = pick($user, '_postgresql')
+ $group = pick($group, '_postgresql')
+
+ $client_package_name = pick($client_package_name, 'postgresql-client')
+ $server_package_name = pick($server_package_name, 'postgresql-server')
+ $contrib_package_name = pick($contrib_package_name, 'postgresql-contrib')
+ $devel_package_name = pick($devel_package_name, 'postgresql-client')
+ $java_package_name = pick($java_package_name, 'postgresql-jdbc')
+ $perl_package_name = pick($perl_package_name, 'databases/p5-DBD-Pg')
+ $plperl_package_name = undef
+ $python_package_name = pick($python_package_name, 'py-psycopg2')
+
+ $service_name = pick($service_name, 'postgresql')
+ $bindir = pick($bindir, '/usr/local/bin')
+ $datadir = pick($datadir, '/var/postgresql/data')
+ $confdir = pick($confdir, $datadir)
+ $service_status = pick($service_status, "/etc/rc.d/${service_name} check")
+ $service_reload = "/etc/rc.d/${service_name} reload"
+ $psql_path = pick($psql_path, "${bindir}/psql")
+
+ $needs_initdb = pick($needs_initdb, true)
+ }
- if ($custom_datadir) {
- $datadir = $custom_datadir
+ 'Suse': {
+ $link_pg_config = true
+ $user = pick($user, 'postgres')
+ $group = pick($group, 'postgres')
+
+ $client_package_name = pick($client_package_name, "postgresql${version}")
+ $server_package_name = pick($server_package_name, "postgresql${version}-server")
+ $contrib_package_name = pick($contrib_package_name, "postgresql${version}-contrib")
+ $devel_package_name = pick($devel_package_name, "postgresql${version}-devel")
+ $java_package_name = pick($java_package_name, "postgresql${version}-jdbc")
+ $perl_package_name = pick($plperl_package_name, 'perl-DBD-Pg')
+ $plperl_package_name = pick($plperl_package_name, "postgresql${version}-plperl")
+ $python_package_name = pick($python_package_name, 'python-psycopg2')
+
+ $service_name = pick($service_name, 'postgresql')
+ $bindir = pick($bindir, "/usr/lib/postgresql${version}/bin")
+ $datadir = pick($datadir, '/var/lib/pgsql/data')
+ $confdir = pick($confdir, $datadir)
+ if $::operatingsystem == 'SLES' and versioncmp($::operatingsystemrelease, '11.4') <= 0 {
+ $service_status = pick($service_status, "/etc/init.d/${service_name} status")
+ $service_reload = "/etc/init.d/${service_name} reload"
} else {
- fail("${err_msg_prefix}custom_datadir")
+ $service_status = pick($service_status, "systemctl status ${service_name}")
+ $service_reload = "systemctl reload ${service_name}"
}
+ $psql_path = pick($psql_path, "${bindir}/psql")
- if ($custom_confdir) {
- $confdir = $custom_confdir
- } else {
- fail("${err_msg_prefix}custom_confdir")
- }
+ $needs_initdb = pick($needs_initdb, true)
+ }
- $service_status = undef
+ default: {
+ $link_pg_config = true
+ $psql_path = pick($psql_path, "${bindir}/psql")
+
+ # Since we can't determine defaults on our own, we rely on users setting
+ # parameters with the postgresql::globals class. Here we are checking
+ # that the mandatory minimum is set for the module to operate.
+ $err_prefix = "Module ${module_name} does not provide defaults for osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}; please specify a value for ${module_name}::globals::"
+ if ($needs_initdb == undef) { fail("${err_prefix}needs_initdb") }
+ if ($service_name == undef) { fail("${err_prefix}service_name") }
+ if ($client_package_name == undef) { fail("${err_prefix}client_package_name") }
+ if ($server_package_name == undef) { fail("${err_prefix}server_package_name") }
+ if ($bindir == undef) { fail("${err_prefix}bindir") }
+ if ($datadir == undef) { fail("${err_prefix}datadir") }
+ if ($confdir == undef) { fail("${err_prefix}confdir") }
}
}
- $initdb_path = "${bindir}/initdb"
- $createdb_path = "${bindir}/createdb"
- $psql_path = "${bindir}/psql"
- $pg_hba_conf_path = "${confdir}/pg_hba.conf"
- $postgresql_conf_path = "${confdir}/postgresql.conf"
-
+ $validcon_script_path = pick($validcon_script_path, '/usr/local/bin/validate_postgresql_connection.sh')
+ $initdb_path = pick($initdb_path, "${bindir}/initdb")
+ $pg_hba_conf_path = pick($pg_hba_conf_path, "${confdir}/pg_hba.conf")
+ $pg_hba_conf_defaults = pick($pg_hba_conf_defaults, true)
+ $pg_ident_conf_path = pick($pg_ident_conf_path, "${confdir}/pg_ident.conf")
+ $postgresql_conf_path = pick($postgresql_conf_path, "${confdir}/postgresql.conf")
+ $recovery_conf_path = pick($recovery_conf_path, "${datadir}/recovery.conf")
+ $default_database = pick($default_database, 'postgres')
}
+++ /dev/null
-# This resource manages a pg_hba file, collecting fragments of pg_hba_rules
-# to build up the final file.
-define postgresql::pg_hba(
- $target = $postgresql::params::pg_hba_conf_path,
- $owner = 0,
- $group = $postgresql::params::group
-) {
- include postgresql::params
- include concat::setup
-
- # Collect file from fragments
- concat { $target:
- owner => $owner,
- group => $group,
- mode => '0640',
- warn => true,
- }
-
-}
+++ /dev/null
-# This resource manages an individual rule that applies to the file defined in
-# $target.
-define postgresql::pg_hba_rule(
- $type,
- $database,
- $user,
- $auth_method,
- $address = undef,
- $description = 'none',
- $auth_option = undef,
- $target = $postgresql::params::pg_hba_conf_path,
- $order = '150'
-) {
- include postgresql::params
-
- validate_re($type, '^(local|host|hostssl|hostnossl)$',
- "The type you specified [${type}] must be one of: local, host, hostssl, hostnosssl")
- validate_re($auth_method, '^(trust|reject|md5|crypt|password|gss|sspi|krb5|ident|peer|ldap|radius|cert|pam)$',
- "The auth_method you specified [${auth_method}] must be one of: trust, reject, md5, crypt, password, krb5, ident, ldap, pam")
-
- if($type =~ /^host/ and $address == undef) {
- fail('You must specify an address property when type is host based')
- }
-
- # This is required to make sure concat::setup is initialized first. This
- # probably points to a bug inside ripienaar-concat.
- include concat::setup
-
- # Create a rule fragment
- $fragname = "pg_hba_rule_${name}"
- concat::fragment { $fragname:
- target => $target,
- content => template('postgresql/pg_hba_rule.conf'),
- order => $order,
- owner => $::id,
- mode => '0600',
- }
-
- Class['concat::setup']->
- Concat::Fragment[$fragname]
-}
+++ /dev/null
-# == Class: postgresql::plperl
-#
-# This class installs the PL/Perl procedural language for postgresql.
-#
-# === Parameters
-#
-# [*ensure*]
-# ensure state for package.
-# can be specified as version.
-#
-# [*package_name*]
-# name of package
-#
-class postgresql::plperl(
- $package_name = $postgresql::params::plperl_package_name,
- $package_ensure = 'present'
-) inherits postgresql::params {
-
- package { 'postgresql-plperl':
- ensure => $package_ensure,
- name => $package_name,
- }
-
-}
+++ /dev/null
-# puppet-postgresql
-# For all details and documentation:
-# http://github.com/inkling/puppet-postgresql
-#
-# Copyright 2012- Inkling Systems, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-define postgresql::psql(
- $db,
- $unless,
- $command = $title,
- $refreshonly = false,
- $user = $postgresql::params::user
-) {
-
- include postgresql::params
-
- # TODO: FIXME: shellquote does not work, and this regex works for trivial
- # things but not nested escaping. Need a lexer, preferably a ruby SQL parser
- # to catch errors at catalog time. Possibly https://github.com/omghax/sql ?
-
- if ($postgresql::params::version != '8.1') {
- $no_password_option = '--no-password'
- }
-
- $psql = "${postgresql::params::psql_path} ${no_password_option} --tuples-only --quiet --dbname ${db}"
-
- $quoted_command = regsubst($command, '"', '\\"', 'G')
- $quoted_unless = regsubst($unless, '"', '\\"', 'G')
-
- $final_cmd = "/bin/echo \"${quoted_command}\" | ${psql} |egrep -v -q '^$'"
-
- notify { "deprecation warning: ${final_cmd}":
- message => 'postgresql::psql is deprecated ; please use postgresql_psql instead.',
- } ->
-
- exec { $final_cmd:
- cwd => '/tmp',
- user => $user,
- returns => 1,
- unless => "/bin/echo \"${quoted_unless}\" | ${psql} | egrep -v -q '^$'",
- refreshonly => $refreshonly,
- }
-}
-
+++ /dev/null
-# Class: postgresql::python
-# This class installs the python libs for postgresql.
-#
-# Parameters:
-# [*ensure*] - ensure state for package.
-# can be specified as version.
-# [*package_name*] - name of package
-class postgresql::python(
- $package_name = $postgresql::params::python_package_name,
- $package_ensure = 'present'
-) inherits postgresql::params {
-
- package { 'python-psycopg2':
- ensure => $package_ensure,
- name => $package_name,
- }
-
-}
--- /dev/null
+# PRIVATE CLASS: do not use directly
+class postgresql::repo (
+ $version = undef,
+ $proxy = undef,
+ $baseurl = undef,
+) {
+ case $::osfamily {
+ 'RedHat', 'Linux': {
+ if $version == undef {
+ fail("The parameter 'version' for 'postgresql::repo' is undefined. You must always define it when osfamily == Redhat or Linux")
+ }
+ class { 'postgresql::repo::yum_postgresql_org': }
+ }
+
+ 'Debian': {
+ class { 'postgresql::repo::apt_postgresql_org': }
+ }
+
+ default: {
+ fail("Unsupported managed repository for osfamily: ${::osfamily}, operatingsystem: ${::operatingsystem}, module ${module_name} currently only supports managing repos for osfamily RedHat and Debian")
+ }
+ }
+}
--- /dev/null
+# PRIVATE CLASS: do not use directly
+class postgresql::repo::apt_postgresql_org inherits postgresql::repo {
+ include ::apt
+
+ # Here we have tried to replicate the instructions on the PostgreSQL site:
+ #
+ # http://www.postgresql.org/download/linux/debian/
+ #
+ $default_baseurl = 'https://apt.postgresql.org/pub/repos/apt/'
+
+ $_baseurl = pick($postgresql::repo::baseurl, $default_baseurl)
+
+ apt::pin { 'apt_postgresql_org':
+ originator => 'apt.postgresql.org',
+ priority => 500,
+ }
+ -> apt::source { 'apt.postgresql.org':
+ location => $_baseurl,
+ release => "${::lsbdistcodename}-pgdg",
+ repos => "main ${postgresql::repo::version}",
+ key => {
+ id => 'B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8',
+ source => 'https://www.postgresql.org/media/keys/ACCC4CF8.asc',
+ },
+ include => {
+ src => false,
+ },
+ }
+
+ Apt::Source['apt.postgresql.org']->Package<|tag == 'postgresql'|>
+ Class['Apt::Update'] -> Package<|tag == 'postgresql'|>
+}
--- /dev/null
+# PRIVATE CLASS: do not use directly
+class postgresql::repo::yum_postgresql_org inherits postgresql::repo {
+ $version_parts = split($postgresql::repo::version, '[.]')
+ $package_version = "${version_parts[0]}${version_parts[1]}"
+ $gpg_key_path = "/etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-${package_version}"
+
+ file { $gpg_key_path:
+ source => 'puppet:///modules/postgresql/RPM-GPG-KEY-PGDG',
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ before => Yumrepo['yum.postgresql.org']
+ }
+
+ if($::operatingsystem == 'Fedora') {
+ $label1 = 'fedora'
+ $label2 = $label1
+ } else {
+ $label1 = 'redhat'
+ $label2 = 'rhel'
+ }
+ $default_baseurl = "https://download.postgresql.org/pub/repos/yum/${postgresql::repo::version}/${label1}/${label2}-\$releasever-\$basearch"
+
+ $_baseurl = pick($postgresql::repo::baseurl, $default_baseurl)
+
+ yumrepo { 'yum.postgresql.org':
+ descr => "PostgreSQL ${postgresql::repo::version} \$releasever - \$basearch",
+ baseurl => $_baseurl,
+ enabled => 1,
+ gpgcheck => 1,
+ gpgkey => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-${package_version}",
+ proxy => $postgresql::repo::proxy,
+ }
+
+ Yumrepo['yum.postgresql.org'] -> Package<|tag == 'postgresql'|>
+}
+++ /dev/null
-# puppet-postgresql
-# For all details and documentation:
-# http://github.com/inkling/puppet-postgresql
-#
-# Copyright 2012- Inkling Systems, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-define postgresql::role(
- $password_hash = false,
- $createdb = false,
- $createrole = false,
- $db = 'postgres',
- $login = false,
- $superuser = false,
- $replication = false,
- $connection_limit = '-1',
- $username = $title
-) {
- include postgresql::params
-
- $login_sql = $login ? { true => 'LOGIN' , default => 'NOLOGIN' }
- $createrole_sql = $createrole ? { true => 'CREATEROLE' , default => 'NOCREATEROLE' }
- $createdb_sql = $createdb ? { true => 'CREATEDB' , default => 'NOCREATEDB' }
- $superuser_sql = $superuser ? { true => 'SUPERUSER' , default => 'NOSUPERUSER' }
- $replication_sql = $replication ? { true => 'REPLICATION' , default => '' }
- if ($password_hash != false) {
- $password_sql = "ENCRYPTED PASSWORD '${password_hash}'"
- } else {
- $password_sql = ""
- }
-
- Postgresql_psql {
- db => $db,
- psql_user => $postgresql::params::user,
- psql_group => $postgresql::params::group,
- psql_path => $postgresql::params::psql_path,
- require => Postgresql_psql["CREATE ROLE \"${username}\" ${password_sql} ${login_sql} ${createrole_sql} ${createdb_sql} ${superuser_sql} ${replication_sql} CONNECTION LIMIT ${connection_limit}"],
- }
-
- postgresql_psql {"CREATE ROLE \"${username}\" ${password_sql} ${login_sql} ${createrole_sql} ${createdb_sql} ${superuser_sql} ${replication_sql} CONNECTION LIMIT ${connection_limit}":
- unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}'",
- require => undef,
- }
-
- postgresql_psql {"ALTER ROLE \"${username}\" ${superuser_sql}":
- unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolsuper=${superuser}",
- }
-
- postgresql_psql {"ALTER ROLE \"${username}\" ${createdb_sql}":
- unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolcreatedb=${createdb}",
- }
-
- postgresql_psql {"ALTER ROLE \"${username}\" ${createrole_sql}":
- unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolcreaterole=${createrole}",
- }
-
- postgresql_psql {"ALTER ROLE \"${username}\" ${login_sql}":
- unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolcanlogin=${login}",
- }
-
- if(versioncmp($postgresql::params::version, '9.1') >= 0) {
- postgresql_psql {"ALTER ROLE \"${username}\" ${replication_sql}":
- unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolreplication=${replication}",
- }
- }
-
- postgresql_psql {"ALTER ROLE \"${username}\" CONNECTION LIMIT ${connection_limit}":
- unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolconnlimit=${connection_limit}",
- }
-
- if $password_hash {
- postgresql_psql {"ALTER ROLE \"${username}\" ${password_sql}":
- unless => "SELECT usename FROM pg_shadow WHERE usename='${username}' and passwd='${password_hash}'",
- }
- }
-}
-# Class: postgresql::server
-#
-# == Class: postgresql::server
-# Manages the installation of the postgresql server. manages the package and
-# service.
-#
-# === Parameters:
-# [*package_name*] - name of package
-# [*service_name*] - name of service
-#
-# Configuration:
-# Advanced configuration setting parameters can be placed into 'postgresql_puppet_extras.conf' (located in the same
-# folder as 'postgresql.conf'). You can manage that file as a normal puppet file resource, or however you see fit;
-# which gives you complete control over the settings. Any value you specify in that file will override any existing
-# value set in the templated version.
-#
-# Actions:
-#
-# Requires:
-#
-# Sample Usage:
-#
+# This installs a PostgreSQL server. See README.md for more details.
class postgresql::server (
- $ensure = 'present',
- $package_name = $postgresql::params::server_package_name,
- $package_ensure = 'present',
- $service_name = $postgresql::params::service_name,
- $service_provider = $postgresql::params::service_provider,
- $service_status = $postgresql::params::service_status,
- $config_hash = {},
- $datadir = $postgresql::params::datadir
-) inherits postgresql::params {
+ $postgres_password = undef,
- if ($ensure == 'absent') {
- service { 'postgresqld':
- ensure => stopped,
- name => $service_name,
- enable => false,
- provider => $service_provider,
- hasstatus => true,
- status => $service_status,
- }->
- package { 'postgresql-server':
- ensure => purged,
- name => $package_name,
- tag => 'postgresql',
- }->
- file { $datadir:
- ensure => absent,
- recurse => true,
- force => true,
- }
- } else {
- package { 'postgresql-server':
- ensure => $package_ensure,
- name => $package_name,
- tag => 'postgresql',
- }
+ $package_name = $postgresql::params::server_package_name,
+ $package_ensure = $postgresql::params::package_ensure,
+
+ $plperl_package_name = $postgresql::params::plperl_package_name,
+ $plpython_package_name = $postgresql::params::plpython_package_name,
+
+ $service_ensure = $postgresql::params::service_ensure,
+ $service_enable = $postgresql::params::service_enable,
+ $service_manage = $postgresql::params::service_manage,
+ $service_name = $postgresql::params::service_name,
+ $service_restart_on_change = $postgresql::params::service_restart_on_change,
+ $service_provider = $postgresql::params::service_provider,
+ $service_reload = $postgresql::params::service_reload,
+ $service_status = $postgresql::params::service_status,
+ $default_database = $postgresql::params::default_database,
+ $default_connect_settings = $postgresql::globals::default_connect_settings,
+ $listen_addresses = $postgresql::params::listen_addresses,
+ $port = $postgresql::params::port,
+ $ip_mask_deny_postgres_user = $postgresql::params::ip_mask_deny_postgres_user,
+ $ip_mask_allow_all_users = $postgresql::params::ip_mask_allow_all_users,
+ $ipv4acls = $postgresql::params::ipv4acls,
+ $ipv6acls = $postgresql::params::ipv6acls,
+
+ $initdb_path = $postgresql::params::initdb_path,
+ $createdb_path = $postgresql::params::createdb_path,
+ $psql_path = $postgresql::params::psql_path,
+ $pg_hba_conf_path = $postgresql::params::pg_hba_conf_path,
+ $pg_ident_conf_path = $postgresql::params::pg_ident_conf_path,
+ $postgresql_conf_path = $postgresql::params::postgresql_conf_path,
+ $recovery_conf_path = $postgresql::params::recovery_conf_path,
+
+ $datadir = $postgresql::params::datadir,
+ $xlogdir = $postgresql::params::xlogdir,
+ $logdir = $postgresql::params::logdir,
- $config_class = {
- 'postgresql::config' => $config_hash,
- }
+ $log_line_prefix = $postgresql::params::log_line_prefix,
- create_resources( 'class', $config_class )
+ $pg_hba_conf_defaults = $postgresql::params::pg_hba_conf_defaults,
- service { 'postgresqld':
- ensure => running,
- name => $service_name,
- enable => true,
- require => Package['postgresql-server'],
- provider => $service_provider,
- hasstatus => true,
- status => $service_status,
- }
+ $user = $postgresql::params::user,
+ $group = $postgresql::params::group,
- if ($postgresql::params::needs_initdb) {
- include postgresql::initdb
+ $needs_initdb = $postgresql::params::needs_initdb,
- Package['postgresql-server'] -> Class['postgresql::initdb'] -> Class['postgresql::config'] -> Service['postgresqld']
- }
- else {
- Package['postgresql-server'] -> Class['postgresql::config'] -> Service['postgresqld']
- }
+ $encoding = $postgresql::params::encoding,
+ $locale = $postgresql::params::locale,
+ $data_checksums = $postgresql::params::data_checksums,
+ $timezone = $postgresql::params::timezone,
- exec { 'reload_postgresql':
- path => '/usr/bin:/usr/sbin:/bin:/sbin',
- command => "service ${service_name} reload",
- onlyif => $service_status,
- refreshonly => true,
- }
+ $manage_pg_hba_conf = $postgresql::params::manage_pg_hba_conf,
+ $manage_pg_ident_conf = $postgresql::params::manage_pg_ident_conf,
+ $manage_recovery_conf = $postgresql::params::manage_recovery_conf,
+ $module_workdir = $postgresql::params::module_workdir,
+ #Deprecated
+ $version = undef,
+) inherits postgresql::params {
+ $pg = 'postgresql::server'
+
+ if $version != undef {
+ warning('Passing "version" to postgresql::server is deprecated; please use postgresql::globals instead.')
+ $_version = $version
+ } else {
+ $_version = $postgresql::params::version
}
+ if $createdb_path != undef{
+ warning('Passing "createdb_path" to postgresql::server is deprecated, it can be removed safely for the same behaviour')
+ }
+
+ # Reload has its own ordering, specified by other defines
+ class { "${pg}::reload": require => Class["${pg}::install"] }
+
+ anchor { "${pg}::start": }
+ -> class { "${pg}::install": }
+ -> class { "${pg}::initdb": }
+ -> class { "${pg}::config": }
+ -> class { "${pg}::service": }
+ -> class { "${pg}::passwd": }
+ -> anchor { "${pg}::end": }
}
--- /dev/null
+# PRIVATE CLASS: do not call directly
+class postgresql::server::config {
+ $ip_mask_deny_postgres_user = $postgresql::server::ip_mask_deny_postgres_user
+ $ip_mask_allow_all_users = $postgresql::server::ip_mask_allow_all_users
+ $listen_addresses = $postgresql::server::listen_addresses
+ $port = $postgresql::server::port
+ $ipv4acls = $postgresql::server::ipv4acls
+ $ipv6acls = $postgresql::server::ipv6acls
+ $pg_hba_conf_path = $postgresql::server::pg_hba_conf_path
+ $pg_ident_conf_path = $postgresql::server::pg_ident_conf_path
+ $postgresql_conf_path = $postgresql::server::postgresql_conf_path
+ $recovery_conf_path = $postgresql::server::recovery_conf_path
+ $pg_hba_conf_defaults = $postgresql::server::pg_hba_conf_defaults
+ $user = $postgresql::server::user
+ $group = $postgresql::server::group
+ $version = $postgresql::server::_version
+ $manage_pg_hba_conf = $postgresql::server::manage_pg_hba_conf
+ $manage_pg_ident_conf = $postgresql::server::manage_pg_ident_conf
+ $manage_recovery_conf = $postgresql::server::manage_recovery_conf
+ $datadir = $postgresql::server::datadir
+ $logdir = $postgresql::server::logdir
+ $service_name = $postgresql::server::service_name
+ $log_line_prefix = $postgresql::server::log_line_prefix
+ $timezone = $postgresql::server::timezone
+
+ if ($manage_pg_hba_conf == true) {
+ # Prepare the main pg_hba file
+ concat { $pg_hba_conf_path:
+ owner => $user,
+ group => $group,
+ mode => '0640',
+ warn => true,
+ order => 'numeric',
+ notify => Class['postgresql::server::reload'],
+ }
+
+ if $pg_hba_conf_defaults {
+ Postgresql::Server::Pg_hba_rule {
+ database => 'all',
+ user => 'all',
+ }
+
+ # Lets setup the base rules
+ $local_auth_option = $version ? {
+ '8.1' => 'sameuser',
+ default => undef,
+ }
+ postgresql::server::pg_hba_rule { 'local access as postgres user':
+ type => 'local',
+ user => $user,
+ auth_method => 'ident',
+ auth_option => $local_auth_option,
+ order => 1,
+ }
+ postgresql::server::pg_hba_rule { 'local access to database with same name':
+ type => 'local',
+ auth_method => 'ident',
+ auth_option => $local_auth_option,
+ order => 2,
+ }
+ postgresql::server::pg_hba_rule { 'allow localhost TCP access to postgresql user':
+ type => 'host',
+ user => $user,
+ address => '127.0.0.1/32',
+ auth_method => 'md5',
+ order => 3,
+ }
+ postgresql::server::pg_hba_rule { 'deny access to postgresql user':
+ type => 'host',
+ user => $user,
+ address => $ip_mask_deny_postgres_user,
+ auth_method => 'reject',
+ order => 4,
+ }
+
+ postgresql::server::pg_hba_rule { 'allow access to all users':
+ type => 'host',
+ address => $ip_mask_allow_all_users,
+ auth_method => 'md5',
+ order => 100,
+ }
+ postgresql::server::pg_hba_rule { 'allow access to ipv6 localhost':
+ type => 'host',
+ address => '::1/128',
+ auth_method => 'md5',
+ order => 101,
+ }
+ }
+
+ # ipv4acls are passed as an array of rule strings, here we transform
+ # them into a resources hash, and pass the result to create_resources
+ $ipv4acl_resources = postgresql_acls_to_resources_hash($ipv4acls,
+ 'ipv4acls', 10)
+ create_resources('postgresql::server::pg_hba_rule', $ipv4acl_resources)
+
+
+ # ipv6acls are passed as an array of rule strings, here we transform
+ # them into a resources hash, and pass the result to create_resources
+ $ipv6acl_resources = postgresql_acls_to_resources_hash($ipv6acls,
+ 'ipv6acls', 102)
+ create_resources('postgresql::server::pg_hba_rule', $ipv6acl_resources)
+ }
+
+ if $listen_addresses {
+ postgresql::server::config_entry { 'listen_addresses':
+ value => $listen_addresses,
+ }
+ }
+
+ postgresql::server::config_entry { 'port':
+ value => $port,
+ }
+ postgresql::server::config_entry { 'data_directory':
+ value => $datadir,
+ }
+ if $timezone {
+ postgresql::server::config_entry { 'timezone':
+ value => $timezone,
+ }
+ }
+ if $logdir {
+ postgresql::server::config_entry { 'log_directory':
+ value => $logdir,
+ }
+
+ }
+ # Allow timestamps in log by default
+ if $log_line_prefix {
+ postgresql::server::config_entry {'log_line_prefix':
+ value => $log_line_prefix,
+ }
+ }
+
+ # RedHat-based systems hardcode some PG* variables in the init script, and need to be overriden
+ # in /etc/sysconfig/pgsql/postgresql. Create a blank file so we can manage it with augeas later.
+ if ($::osfamily == 'RedHat') and ($::operatingsystemrelease !~ /^7/) and ($::operatingsystem != 'Fedora') {
+ file { '/etc/sysconfig/pgsql/postgresql':
+ ensure => present,
+ replace => false,
+ }
+
+ # The init script from the packages of the postgresql.org repository
+ # sources an alternate sysconfig file.
+ # I. e. /etc/sysconfig/pgsql/postgresql-9.3 for PostgreSQL 9.3
+ # Link to the sysconfig file set by this puppet module
+ file { "/etc/sysconfig/pgsql/postgresql-${version}":
+ ensure => link,
+ target => '/etc/sysconfig/pgsql/postgresql',
+ require => File[ '/etc/sysconfig/pgsql/postgresql' ],
+ }
+
+ }
+
+
+ if ($manage_pg_ident_conf == true) {
+ concat { $pg_ident_conf_path:
+ owner => $user,
+ group => $group,
+ mode => '0640',
+ warn => true,
+ order => 'numeric',
+ notify => Class['postgresql::server::reload'],
+ }
+ }
+
+ if ($manage_recovery_conf == true) {
+ concat { $recovery_conf_path:
+ owner => $user,
+ group => $group,
+ mode => '0640',
+ warn => true,
+ order => 'numeric',
+ notify => Class['postgresql::server::reload'],
+ }
+ }
+
+ if $::osfamily == 'RedHat' {
+ if $::operatingsystemrelease =~ /^7/ or $::operatingsystem == 'Fedora' {
+ # Template uses:
+ # - $::operatingsystem
+ # - $service_name
+ # - $port
+ # - $datadir
+ file { 'systemd-override':
+ ensure => present,
+ path => "/etc/systemd/system/${service_name}.service",
+ owner => root,
+ group => root,
+ content => template('postgresql/systemd-override.erb'),
+ notify => [ Exec['restart-systemd'], Class['postgresql::server::service'] ],
+ before => Class['postgresql::server::reload'],
+ }
+ exec { 'restart-systemd':
+ command => 'systemctl daemon-reload',
+ refreshonly => true,
+ path => '/bin:/usr/bin:/usr/local/bin'
+ }
+ }
+ }
+ elsif $::osfamily == 'Gentoo' {
+ # Template uses:
+ # - $::operatingsystem
+ # - $service_name
+ # - $port
+ # - $datadir
+ file { 'systemd-override':
+ ensure => present,
+ path => "/etc/systemd/system/${service_name}.service",
+ owner => root,
+ group => root,
+ content => template('postgresql/systemd-override.erb'),
+ notify => [ Exec['restart-systemd'], Class['postgresql::server::service'] ],
+ before => Class['postgresql::server::reload'],
+ }
+ exec { 'restart-systemd':
+ command => 'systemctl daemon-reload',
+ refreshonly => true,
+ path => '/bin:/usr/bin:/usr/local/bin'
+ }
+ }
+}
--- /dev/null
+# Manage a postgresql.conf entry. See README.md for more details.
+define postgresql::server::config_entry (
+ $ensure = 'present',
+ $value = undef,
+ $path = false
+) {
+ $postgresql_conf_path = $postgresql::server::postgresql_conf_path
+
+ $target = $path ? {
+ false => $postgresql_conf_path,
+ default => $path,
+ }
+
+ # Those are the variables that are marked as "(change requires restart)"
+ # on postgresql.conf. Items are ordered as on postgresql.conf.
+ #
+ # XXX: This resource supports setting other variables without knowing
+ # their names. Do not add them here.
+ $requires_restart_until = {
+ 'data_directory' => undef,
+ 'hba_file' => undef,
+ 'ident_file' => undef,
+ 'external_pid_file' => undef,
+ 'listen_addresses' => undef,
+ 'port' => undef,
+ 'max_connections' => undef,
+ 'superuser_reserved_connections' => undef,
+ 'unix_socket_directory' => '9.3', # Turned into "unix_socket_directories"
+ 'unix_socket_directories' => undef,
+ 'unix_socket_group' => undef,
+ 'unix_socket_permissions' => undef,
+ 'bonjour' => undef,
+ 'bonjour_name' => undef,
+ 'ssl' => '10',
+ 'ssl_ciphers' => '10',
+ 'ssl_prefer_server_ciphers' => '10', # New on 9.4
+ 'ssl_ecdh_curve' => '10', # New on 9.4
+ 'ssl_cert_file' => '10', # New on 9.2
+ 'ssl_key_file' => '10', # New on 9.2
+ 'ssl_ca_file' => '10', # New on 9.2
+ 'ssl_crl_file' => '10', # New on 9.2
+ 'shared_buffers' => undef,
+ 'huge_pages' => undef, # New on 9.4
+ 'max_prepared_transactions' => undef,
+ 'max_files_per_process' => undef,
+ 'shared_preload_libraries' => undef,
+ 'max_worker_processes' => undef, # New on 9.4
+ 'old_snapshot_threshold' => undef, # New on 9.6
+ 'wal_level' => undef,
+ 'wal_log_hints' => undef, # New on 9.4
+ 'wal_buffers' => undef,
+ 'archive_mode' => undef,
+ 'max_wal_senders' => undef,
+ 'max_replication_slots' => undef, # New on 9.4
+ 'track_commit_timestamp' => undef, # New on 9.5
+ 'hot_standby' => undef,
+ 'logging_collector' => undef,
+ 'cluster_name' => undef, # New on 9.5
+ 'silent_mode' => '9.2', # Removed
+ 'track_activity_query_size' => undef,
+ 'autovacuum_max_workers' => undef,
+ 'autovacuum_freeze_max_age' => undef,
+ 'autovacuum_multixact_freeze_max_age' => undef, # New on 9.5
+ 'max_locks_per_transaction' => undef,
+ 'max_pred_locks_per_transaction' => undef,
+ }
+
+ Exec {
+ logoutput => 'on_failure',
+ }
+
+ if ! ($name in $requires_restart_until and (
+ ! $requires_restart_until[$name] or
+ versioncmp($postgresql::server::_version, $requires_restart_until[$name]) < 0
+ )) {
+ Postgresql_conf {
+ notify => Class['postgresql::server::reload'],
+ }
+ } elsif $postgresql::server::service_restart_on_change {
+ Postgresql_conf {
+ notify => Class['postgresql::server::service'],
+ }
+ } else {
+ Postgresql_conf {
+ before => Class['postgresql::server::service'],
+ }
+ }
+
+ # We have to handle ports and the data directory in a weird and
+ # special way. On early Debian and Ubuntu and RHEL we have to ensure
+ # we stop the service completely. On RHEL 7 we either have to create
+ # a systemd override for the port or update the sysconfig file, but this
+ # is managed for us in postgresql::server::config.
+ if $::operatingsystem == 'Debian' or $::operatingsystem == 'Ubuntu' {
+ if $name == 'port' and ( $::operatingsystemrelease =~ /^6/ or $::operatingsystemrelease =~ /^10\.04/ ) {
+ exec { "postgresql_stop_${name}":
+ command => "service ${::postgresql::server::service_name} stop",
+ onlyif => "service ${::postgresql::server::service_name} status",
+ unless => "grep 'port = ${value}' ${::postgresql::server::postgresql_conf_path}",
+ path => '/usr/sbin:/sbin:/bin:/usr/bin:/usr/local/bin',
+ before => Postgresql_conf[$name],
+ }
+ }
+ elsif $name == 'data_directory' {
+ exec { "postgresql_stop_${name}":
+ command => "service ${::postgresql::server::service_name} stop",
+ onlyif => "service ${::postgresql::server::service_name} status",
+ unless => "grep \"data_directory = '${value}'\" ${::postgresql::server::postgresql_conf_path}",
+ path => '/usr/sbin:/sbin:/bin:/usr/bin:/usr/local/bin',
+ before => Postgresql_conf[$name],
+ }
+ }
+ }
+ if $::osfamily == 'RedHat' {
+ if ! ($::operatingsystemrelease =~ /^7/ or $::operatingsystem == 'Fedora') {
+ if $name == 'port' {
+ # We need to force postgresql to stop before updating the port
+ # because puppet becomes confused and is unable to manage the
+ # service appropriately.
+ exec { "postgresql_stop_${name}":
+ command => "service ${::postgresql::server::service_name} stop",
+ onlyif => "service ${::postgresql::server::service_name} status",
+ unless => "grep 'PGPORT=${value}' /etc/sysconfig/pgsql/postgresql",
+ path => '/sbin:/bin:/usr/bin:/usr/local/bin',
+ require => File['/etc/sysconfig/pgsql/postgresql'],
+ }
+ -> augeas { 'override PGPORT in /etc/sysconfig/pgsql/postgresql':
+ lens => 'Shellvars.lns',
+ incl => '/etc/sysconfig/pgsql/*',
+ context => '/files/etc/sysconfig/pgsql/postgresql',
+ changes => "set PGPORT ${value}",
+ require => File['/etc/sysconfig/pgsql/postgresql'],
+ notify => Class['postgresql::server::service'],
+ before => Class['postgresql::server::reload'],
+ }
+ } elsif $name == 'data_directory' {
+ # We need to force postgresql to stop before updating the data directory
+ # otherwise init script breaks
+ exec { "postgresql_${name}":
+ command => "service ${::postgresql::server::service_name} stop",
+ onlyif => "service ${::postgresql::server::service_name} status",
+ unless => "grep 'PGDATA=${value}' /etc/sysconfig/pgsql/postgresql",
+ path => '/sbin:/bin:/usr/bin:/usr/local/bin',
+ require => File['/etc/sysconfig/pgsql/postgresql'],
+ }
+ -> augeas { 'override PGDATA in /etc/sysconfig/pgsql/postgresql':
+ lens => 'Shellvars.lns',
+ incl => '/etc/sysconfig/pgsql/*',
+ context => '/files/etc/sysconfig/pgsql/postgresql',
+ changes => "set PGDATA ${value}",
+ require => File['/etc/sysconfig/pgsql/postgresql'],
+ notify => Class['postgresql::server::service'],
+ before => Class['postgresql::server::reload'],
+ }
+ }
+ }
+ }
+
+ case $ensure {
+ /present|absent/: {
+ postgresql_conf { $name:
+ ensure => $ensure,
+ target => $target,
+ value => $value,
+ require => Class['postgresql::server::initdb'],
+ }
+ }
+
+ default: {
+ fail("Unknown value for ensure '${ensure}'.")
+ }
+ }
+}
--- /dev/null
+# Install the contrib postgresql packaging. See README.md for more details.
+class postgresql::server::contrib (
+ String $package_name = $postgresql::params::contrib_package_name,
+ String[1] $package_ensure = 'present'
+) inherits postgresql::params {
+
+ if $::osfamily == 'Gentoo' {
+ fail('osfamily Gentoo does not have a separate "contrib" package, postgresql::server::contrib is not supported.')
+ }
+
+ package { 'postgresql-contrib':
+ ensure => $package_ensure,
+ name => $package_name,
+ tag => 'postgresql',
+ }
+
+ anchor { 'postgresql::server::contrib::start': }
+ -> Class['postgresql::server::install']
+ -> Package['postgresql-contrib']
+ -> Class['postgresql::server::service']
+ anchor { 'postgresql::server::contrib::end': }
+}
--- /dev/null
+# Define for creating a database. See README.md for more details.
+define postgresql::server::database(
+ $comment = undef,
+ $dbname = $title,
+ $owner = undef,
+ $tablespace = undef,
+ $template = 'template0',
+ $encoding = $postgresql::server::encoding,
+ $locale = $postgresql::server::locale,
+ $istemplate = false,
+ $connect_settings = $postgresql::server::default_connect_settings,
+) {
+ $createdb_path = $postgresql::server::createdb_path
+ $user = $postgresql::server::user
+ $group = $postgresql::server::group
+ $psql_path = $postgresql::server::psql_path
+ $default_db = $postgresql::server::default_database
+
+ # If possible use the version of the remote database, otherwise
+ # fallback to our local DB version
+ if $connect_settings != undef and has_key( $connect_settings, 'DBVERSION') {
+ $version = $connect_settings['DBVERSION']
+ } else {
+ $version = $postgresql::server::_version
+ }
+
+ # If the connection settings do not contain a port, then use the local server port
+ if $connect_settings != undef and has_key( $connect_settings, 'PGPORT') {
+ $port = undef
+ } else {
+ $port = $postgresql::server::port
+ }
+
+ # Set the defaults for the postgresql_psql resource
+ Postgresql_psql {
+ db => $default_db,
+ psql_user => $user,
+ psql_group => $group,
+ psql_path => $psql_path,
+ port => $port,
+ connect_settings => $connect_settings,
+ }
+
+ # Optionally set the locale switch. Older versions of createdb may not accept
+ # --locale, so if the parameter is undefined its safer not to pass it.
+ if ($version != '8.1') {
+ $locale_option = $locale ? {
+ undef => '',
+ default => "LC_COLLATE = '${locale}' LC_CTYPE = '${locale}'",
+ }
+ $public_revoke_privilege = 'CONNECT'
+ } else {
+ $locale_option = ''
+ $public_revoke_privilege = 'ALL'
+ }
+
+ $template_option = $template ? {
+ undef => '',
+ default => "TEMPLATE = \"${template}\"",
+ }
+
+ $encoding_option = $encoding ? {
+ undef => '',
+ default => "ENCODING = '${encoding}'",
+ }
+
+ $tablespace_option = $tablespace ? {
+ undef => '',
+ default => "TABLESPACE = \"${tablespace}\"",
+ }
+
+ if $createdb_path != undef {
+ warning('Passing "createdb_path" to postgresql::database is deprecated, it can be removed safely for the same behaviour')
+ }
+
+ postgresql_psql { "CREATE DATABASE \"${dbname}\"":
+ command => "CREATE DATABASE \"${dbname}\" WITH ${template_option} ${encoding_option} ${locale_option} ${tablespace_option}",
+ unless => "SELECT 1 FROM pg_database WHERE datname = '${dbname}'",
+ require => Class['postgresql::server::service']
+ }
+
+ # This will prevent users from connecting to the database unless they've been
+ # granted privileges.
+ ~> postgresql_psql { "REVOKE ${public_revoke_privilege} ON DATABASE \"${dbname}\" FROM public":
+ refreshonly => true,
+ }
+
+ Postgresql_psql["CREATE DATABASE \"${dbname}\""]
+ -> postgresql_psql { "UPDATE pg_database SET datistemplate = ${istemplate} WHERE datname = '${dbname}'":
+ unless => "SELECT 1 FROM pg_database WHERE datname = '${dbname}' AND datistemplate = ${istemplate}",
+ }
+
+ if $comment {
+ # The shobj_description function was only introduced with 8.2
+ $comment_information_function = $version ? {
+ '8.1' => 'obj_description',
+ default => 'shobj_description',
+ }
+ Postgresql_psql["CREATE DATABASE \"${dbname}\""]
+ -> postgresql_psql { "COMMENT ON DATABASE \"${dbname}\" IS '${comment}'":
+ unless => "SELECT 1 FROM pg_catalog.pg_database d WHERE datname = '${dbname}' AND pg_catalog.${comment_information_function}(d.oid, 'pg_database') = '${comment}'",
+ db => $dbname,
+ }
+ }
+
+ if $owner {
+ postgresql_psql { "ALTER DATABASE \"${dbname}\" OWNER TO \"${owner}\"":
+ unless => "SELECT 1 FROM pg_database JOIN pg_roles rol ON datdba = rol.oid WHERE datname = '${dbname}' AND rolname = '${owner}'",
+ require => Postgresql_psql["CREATE DATABASE \"${dbname}\""],
+ }
+
+ if defined(Postgresql::Server::Role[$owner]) {
+ Postgresql::Server::Role[$owner]->Postgresql_psql["ALTER DATABASE \"${dbname}\" OWNER TO \"${owner}\""]
+ }
+ }
+
+ if $tablespace {
+ postgresql_psql { "ALTER DATABASE \"${dbname}\" SET ${tablespace_option}":
+ unless => "SELECT 1 FROM pg_database JOIN pg_tablespace spc ON dattablespace = spc.oid WHERE datname = '${dbname}' AND spcname = '${tablespace}'",
+ require => Postgresql_psql["CREATE DATABASE \"${dbname}\""],
+ }
+
+ if defined(Postgresql::Server::Tablespace[$tablespace]) {
+ # The tablespace must be there, before we create the database.
+ Postgresql::Server::Tablespace[$tablespace]->Postgresql_psql["CREATE DATABASE \"${dbname}\""]
+ }
+ }
+}
--- /dev/null
+# Manage a database grant. See README.md for more details.
+define postgresql::server::database_grant(
+ $privilege,
+ $db,
+ $role,
+ $psql_db = undef,
+ $psql_user = undef,
+ $connect_settings = undef,
+) {
+ postgresql::server::grant { "database:${name}":
+ role => $role,
+ db => $db,
+ privilege => $privilege,
+ object_type => 'DATABASE',
+ object_name => $db,
+ psql_db => $psql_db,
+ psql_user => $psql_user,
+ connect_settings => $connect_settings,
+ }
+}
--- /dev/null
+# Define for conveniently creating a role, database and assigning the correct
+# permissions. See README.md for more details.
+define postgresql::server::db (
+ $user,
+ $password,
+ $comment = undef,
+ $dbname = $title,
+ $encoding = $postgresql::server::encoding,
+ $locale = $postgresql::server::locale,
+ $grant = 'ALL',
+ $tablespace = undef,
+ $template = 'template0',
+ $istemplate = false,
+ $owner = undef
+) {
+
+ if ! defined(Postgresql::Server::Database[$dbname]) {
+ postgresql::server::database { $dbname:
+ comment => $comment,
+ encoding => $encoding,
+ tablespace => $tablespace,
+ template => $template,
+ locale => $locale,
+ istemplate => $istemplate,
+ owner => $owner,
+ }
+ }
+
+ if ! defined(Postgresql::Server::Role[$user]) {
+ postgresql::server::role { $user:
+ password_hash => $password,
+ before => Postgresql::Server::Database[$dbname],
+ }
+ }
+
+ if ! defined(Postgresql::Server::Database_grant["GRANT ${user} - ${grant} - ${dbname}"]) {
+ postgresql::server::database_grant { "GRANT ${user} - ${grant} - ${dbname}":
+ privilege => $grant,
+ db => $dbname,
+ role => $user,
+ } -> Postgresql_conn_validator<| db_name == $dbname |>
+ }
+
+ if($tablespace != undef and defined(Postgresql::Server::Tablespace[$tablespace])) {
+ Postgresql::Server::Tablespace[$tablespace]->Postgresql::Server::Database[$name]
+ }
+}
--- /dev/null
+# Activate an extension on a postgresql database
+define postgresql::server::extension (
+ $database,
+ $extension = $name,
+ String[1] $ensure = 'present',
+ $package_name = undef,
+ $package_ensure = undef,
+ $connect_settings = $postgresql::server::default_connect_settings,
+) {
+ $user = $postgresql::server::user
+ $group = $postgresql::server::group
+ $psql_path = $postgresql::server::psql_path
+
+ case $ensure {
+ 'present': {
+ $command = "CREATE EXTENSION \"${extension}\""
+ $unless_comp = '='
+ $package_require = []
+ $package_before = Postgresql_psql["Add ${extension} extension to ${database}"]
+ }
+
+ 'absent': {
+ $command = "DROP EXTENSION \"${extension}\""
+ $unless_comp = '!='
+ $package_require = Postgresql_psql["Add ${extension} extension to ${database}"]
+ $package_before = []
+ }
+
+ default: {
+ fail("Unknown value for ensure '${ensure}'.")
+ }
+ }
+
+
+ postgresql_psql {"Add ${extension} extension to ${database}":
+
+ psql_user => $user,
+ psql_group => $group,
+ psql_path => $psql_path,
+ connect_settings => $connect_settings,
+
+ db => $database,
+ command => $command,
+ unless => "SELECT t.count FROM (SELECT count(extname) FROM pg_extension WHERE extname = '${extension}') as t WHERE t.count ${unless_comp} 1",
+ require => Postgresql::Server::Database[$database],
+ }
+
+ if $package_name {
+ $_package_ensure = $package_ensure ? {
+ undef => $ensure,
+ default => $package_ensure,
+ }
+
+ ensure_packages($package_name, {
+ ensure => $_package_ensure,
+ tag => 'postgresql',
+ require => $package_require,
+ before => $package_before,
+ })
+ }
+}
--- /dev/null
+# Define for granting permissions to roles. See README.md for more details.
+define postgresql::server::grant (
+ String $role,
+ String $db,
+ Optional[String] $privilege = undef,
+ String $object_type = 'database',
+ Optional[String[1]] $object_name = undef,
+ String $psql_db = $postgresql::server::default_database,
+ String $psql_user = $postgresql::server::user,
+ Integer $port = $postgresql::server::port,
+ Boolean $onlyif_exists = false,
+ Hash $connect_settings = $postgresql::server::default_connect_settings,
+) {
+
+ $group = $postgresql::server::group
+ $psql_path = $postgresql::server::psql_path
+
+ if ! $object_name {
+ $_object_name = $db
+ } else {
+ $_object_name = $object_name
+ }
+
+ #
+ # Port, order of precedence: $port parameter, $connect_settings[PGPORT], $postgresql::server::port
+ #
+ if $port != undef {
+ $port_override = $port
+ } elsif $connect_settings != undef and has_key( $connect_settings, 'PGPORT') {
+ $port_override = undef
+ } else {
+ $port_override = $postgresql::server::port
+ }
+
+ ## Munge the input values
+ $_object_type = upcase($object_type)
+ $_privilege = upcase($privilege)
+
+ ## Validate that the object type is known
+ validate_re($_object_type,[
+ #'^COLUMN$',
+ '^DATABASE$',
+ #'^FOREIGN SERVER$',
+ #'^FOREIGN DATA WRAPPER$',
+ #'^FUNCTION$',
+ #'^PROCEDURAL LANGUAGE$',
+ '^SCHEMA$',
+ '^SEQUENCE$',
+ '^ALL SEQUENCES IN SCHEMA$',
+ '^TABLE$',
+ '^ALL TABLES IN SCHEMA$',
+ '^LANGUAGE$',
+ #'^TABLESPACE$',
+ #'^VIEW$',
+ ]
+ )
+ # You can use ALL TABLES IN SCHEMA by passing schema_name to object_name
+ # You can use ALL SEQUENCES IN SCHEMA by passing schema_name to object_name
+
+ ## Validate that the object type's privilege is acceptable
+ # TODO: this is a terrible hack; if they pass "ALL" as the desired privilege,
+ # we need a way to test for it--and has_database_privilege does not
+ # recognize 'ALL' as a valid privilege name. So we probably need to
+ # hard-code a mapping between 'ALL' and the list of actual privileges that
+ # it entails, and loop over them to check them. That sort of thing will
+ # probably need to wait until we port this over to ruby, so, for now, we're
+ # just going to assume that if they have "CREATE" privileges on a database,
+ # then they have "ALL". (I told you that it was terrible!)
+ case $_object_type {
+ 'DATABASE': {
+ $unless_privilege = $_privilege ? {
+ 'ALL' => 'CREATE',
+ 'ALL PRIVILEGES' => 'CREATE',
+ default => $_privilege,
+ }
+ validate_re($unless_privilege, [ '^$', '^CREATE$','^CONNECT$','^TEMPORARY$','^TEMP$',
+ '^ALL$','^ALL PRIVILEGES$' ])
+ $unless_function = 'has_database_privilege'
+ $on_db = $psql_db
+ $onlyif_function = undef
+ }
+ 'SCHEMA': {
+ $unless_privilege = $_privilege ? {
+ 'ALL' => 'CREATE',
+ 'ALL PRIVILEGES' => 'CREATE',
+ default => $_privilege,
+ }
+ validate_re($_privilege, [ '^$', '^CREATE$', '^USAGE$', '^ALL$', '^ALL PRIVILEGES$' ])
+ $unless_function = 'has_schema_privilege'
+ $on_db = $db
+ $onlyif_function = undef
+ }
+ 'SEQUENCE': {
+ $unless_privilege = $_privilege ? {
+ 'ALL' => 'USAGE',
+ default => $_privilege,
+ }
+ validate_re($unless_privilege, [ '^$', '^USAGE$', '^SELECT$', '^UPDATE$', '^ALL$', '^ALL PRIVILEGES$' ])
+ $unless_function = 'has_sequence_privilege'
+ $on_db = $db
+ $onlyif_function = undef
+ }
+ 'ALL SEQUENCES IN SCHEMA': {
+ validate_re($_privilege, [ '^$', '^USAGE$', '^SELECT$', '^UPDATE$', '^ALL$', '^ALL PRIVILEGES$' ])
+ $unless_function = 'custom'
+ $on_db = $db
+ $onlyif_function = undef
+
+ $schema = $object_name
+
+ $custom_privilege = $_privilege ? {
+ 'ALL' => 'USAGE',
+ 'ALL PRIVILEGES' => 'USAGE',
+ default => $_privilege,
+ }
+
+ # This checks if there is a difference between the sequences in the
+ # specified schema and the sequences for which the role has the specified
+ # privilege. It uses the EXCEPT clause which computes the set of rows
+ # that are in the result of the first SELECT statement but not in the
+ # result of the second one. It then counts the number of rows from this
+ # operation. If this number is zero then the role has the specified
+ # privilege for all sequences in the schema and the whole query returns a
+ # single row, which satisfies the `unless` parameter of Postgresql_psql.
+ # If this number is not zero then there is at least one sequence for which
+ # the role does not have the specified privilege, making it necessary to
+ # execute the GRANT statement.
+ $custom_unless = "SELECT 1 FROM (
+ SELECT sequence_name
+ FROM information_schema.sequences
+ WHERE sequence_schema='${schema}'
+ EXCEPT DISTINCT
+ SELECT object_name as sequence_name
+ FROM (
+ SELECT object_schema,
+ object_name,
+ grantee,
+ CASE privs_split
+ WHEN 'r' THEN 'SELECT'
+ WHEN 'w' THEN 'UPDATE'
+ WHEN 'U' THEN 'USAGE'
+ END AS privilege_type
+ FROM (
+ SELECT DISTINCT
+ object_schema,
+ object_name,
+ (regexp_split_to_array(regexp_replace(privs,E'/.*',''),'='))[1] AS grantee,
+ regexp_split_to_table((regexp_split_to_array(regexp_replace(privs,E'/.*',''),'='))[2],E'\\s*') AS privs_split
+ FROM (
+ SELECT n.nspname as object_schema,
+ c.relname as object_name,
+ regexp_split_to_table(array_to_string(c.relacl,','),',') AS privs
+ FROM pg_catalog.pg_class c
+ LEFT JOIN pg_catalog.pg_namespace n ON c.relnamespace = n.oid
+ WHERE c.relkind = 'S'
+ AND n.nspname NOT IN ( 'pg_catalog', 'information_schema' )
+ ) P1
+ ) P2
+ ) P3
+ WHERE grantee='${role}'
+ AND object_schema='${schema}'
+ AND privilege_type='${custom_privilege}'
+ ) P
+ HAVING count(P.sequence_name) = 0"
+ }
+ 'TABLE': {
+ $unless_privilege = $_privilege ? {
+ 'ALL' => 'INSERT',
+ default => $_privilege,
+ }
+ validate_re($unless_privilege,[ '^$', '^SELECT$','^INSERT$','^UPDATE$','^DELETE$',
+ '^TRUNCATE$','^REFERENCES$','^TRIGGER$','^ALL$','^ALL PRIVILEGES$' ])
+ $unless_function = 'has_table_privilege'
+ $on_db = $db
+ $onlyif_function = $onlyif_exists ? {
+ true => 'table_exists',
+ default => undef,
+ }
+ }
+ 'ALL TABLES IN SCHEMA': {
+ validate_re($_privilege, [ '^$', '^SELECT$','^INSERT$','^UPDATE$','^DELETE$',
+ '^TRUNCATE$','^REFERENCES$','^TRIGGER$','^ALL$','^ALL PRIVILEGES$' ])
+ $unless_function = 'custom'
+ $on_db = $db
+ $onlyif_function = undef
+
+ $schema = $object_name
+
+ # Again there seems to be no easy way in plain SQL to check if ALL
+ # PRIVILEGES are granted on a table. By convention we use INSERT
+ # here to represent ALL PRIVILEGES (truly terrible).
+ $custom_privilege = $_privilege ? {
+ 'ALL' => 'INSERT',
+ 'ALL PRIVILEGES' => 'INSERT',
+ default => $_privilege,
+ }
+
+ # This checks if there is a difference between the tables in the
+ # specified schema and the tables for which the role has the specified
+ # privilege. It uses the EXCEPT clause which computes the set of rows
+ # that are in the result of the first SELECT statement but not in the
+ # result of the second one. It then counts the number of rows from this
+ # operation. If this number is zero then the role has the specified
+ # privilege for all tables in the schema and the whole query returns a
+ # single row, which satisfies the `unless` parameter of Postgresql_psql.
+ # If this number is not zero then there is at least one table for which
+ # the role does not have the specified privilege, making it necessary to
+ # execute the GRANT statement.
+ $custom_unless = "SELECT 1 FROM (
+ SELECT table_name
+ FROM information_schema.tables
+ WHERE table_schema='${schema}'
+ EXCEPT DISTINCT
+ SELECT table_name
+ FROM information_schema.role_table_grants
+ WHERE grantee='${role}'
+ AND table_schema='${schema}'
+ AND privilege_type='${custom_privilege}'
+ ) P
+ HAVING count(P.table_name) = 0"
+ }
+ 'LANGUAGE': {
+ $unless_privilege = $_privilege ? {
+ 'ALL' => 'USAGE',
+ 'ALL PRIVILEGES' => 'USAGE',
+ default => $_privilege,
+ }
+ validate_re($unless_privilege, [ '^$','^CREATE$','^USAGE$','^ALL$','^ALL PRIVILEGES$' ])
+ $unless_function = 'has_language_privilege'
+ $on_db = $db
+ $onlyif_function = $onlyif_exists ? {
+ true => 'language_exists',
+ default => undef,
+ }
+ }
+
+ default: {
+ fail("Missing privilege validation for object type ${_object_type}")
+ }
+ }
+
+ # This is used to give grant to "schemaname"."tablename"
+ # If you need such grant, use:
+ # postgresql::grant { 'table:foo':
+ # role => 'joe',
+ # ...
+ # object_type => 'TABLE',
+ # object_name => [$schema, $table],
+ # }
+ if is_array($_object_name) {
+ $_togrant_object = join($_object_name, '"."')
+ # Never put double quotes into has_*_privilege function
+ $_granted_object = join($_object_name, '.')
+ } else {
+ $_granted_object = $_object_name
+ $_togrant_object = $_object_name
+ }
+
+ $_unless = $unless_function ? {
+ false => undef,
+ 'custom' => $custom_unless,
+ default => "SELECT 1 WHERE ${unless_function}('${role}',
+ '${_granted_object}', '${unless_privilege}')",
+ }
+
+ $_onlyif = $onlyif_function ? {
+ 'table_exists' => "SELECT true FROM pg_tables WHERE tablename = '${_togrant_object}'",
+ 'language_exists' => "SELECT true from pg_language WHERE lanname = '${_togrant_object}'",
+ default => undef,
+ }
+
+ $grant_cmd = "GRANT ${_privilege} ON ${_object_type} \"${_togrant_object}\" TO
+ \"${role}\""
+ postgresql_psql { "grant:${name}":
+ command => $grant_cmd,
+ db => $on_db,
+ port => $port_override,
+ connect_settings => $connect_settings,
+ psql_user => $psql_user,
+ psql_group => $group,
+ psql_path => $psql_path,
+ unless => $_unless,
+ onlyif => $_onlyif,
+ require => Class['postgresql::server']
+ }
+
+ if($role != undef and defined(Postgresql::Server::Role[$role])) {
+ Postgresql::Server::Role[$role]->Postgresql_psql["grant:${name}"]
+ }
+
+ if($db != undef and defined(Postgresql::Server::Database[$db])) {
+ Postgresql::Server::Database[$db]->Postgresql_psql["grant:${name}"]
+ }
+}
--- /dev/null
+# Define for granting membership to a role. See README.md for more information
+define postgresql::server::grant_role (
+ String[1] $group,
+ String[1] $role = $name,
+ Enum['present', 'absent'] $ensure = 'present',
+ $psql_db = $postgresql::server::default_database,
+ $psql_user = $postgresql::server::user,
+ $port = $postgresql::server::port,
+ $connect_settings = $postgresql::server::default_connect_settings,
+) {
+ case $ensure {
+ 'present': {
+ $command = "GRANT \"${group}\" TO \"${role}\""
+ $unless_comp = '='
+ }
+ 'absent': {
+ $command = "REVOKE \"${group}\" FROM \"${role}\""
+ $unless_comp = '!='
+ }
+ default: {
+ fail("Unknown value for ensure '${ensure}'.")
+ }
+ }
+
+ postgresql_psql { "grant_role:${name}":
+ command => $command,
+ unless => "SELECT 1 WHERE EXISTS (SELECT 1 FROM pg_roles AS r_role JOIN pg_auth_members AS am ON r_role.oid = am.member JOIN pg_roles AS r_group ON r_group.oid = am.roleid WHERE r_group.rolname = '${group}' AND r_role.rolname = '${role}') ${unless_comp} true",
+ db => $psql_db,
+ psql_user => $psql_user,
+ port => $port,
+ connect_settings => $connect_settings,
+ }
+
+ if ! $connect_settings or empty($connect_settings) {
+ Class['postgresql::server']->Postgresql_psql["grant_role:${name}"]
+ }
+ if defined(Postgresql::Server::Role[$role]) {
+ Postgresql::Server::Role[$role]->Postgresql_psql["grant_role:${name}"]
+ }
+ if defined(Postgresql::Server::Role[$group]) {
+ Postgresql::Server::Role[$group]->Postgresql_psql["grant_role:${name}"]
+ }
+}
--- /dev/null
+# PRIVATE CLASS: do not call directly
+class postgresql::server::initdb {
+ $needs_initdb = $postgresql::server::needs_initdb
+ $initdb_path = $postgresql::server::initdb_path
+ $datadir = $postgresql::server::datadir
+ $xlogdir = $postgresql::server::xlogdir
+ $logdir = $postgresql::server::logdir
+ $encoding = $postgresql::server::encoding
+ $locale = $postgresql::server::locale
+ $data_checksums = $postgresql::server::data_checksums
+ $group = $postgresql::server::group
+ $user = $postgresql::server::user
+ $psql_path = $postgresql::server::psql_path
+ $port = $postgresql::server::port
+ $module_workdir = $postgresql::server::module_workdir
+
+ # Set the defaults for the postgresql_psql resource
+ Postgresql_psql {
+ psql_user => $user,
+ psql_group => $group,
+ psql_path => $psql_path,
+ port => $port,
+ cwd => $module_workdir,
+ }
+
+ if $::osfamily == 'RedHat' and $::selinux == true {
+ $seltype = 'postgresql_db_t'
+ $logdir_type = 'postgresql_log_t'
+ }
+
+ else {
+ $seltype = undef
+ $logdir_type = undef
+ }
+
+ # Make sure the data directory exists, and has the correct permissions.
+ file { $datadir:
+ ensure => directory,
+ owner => $user,
+ group => $group,
+ mode => '0700',
+ seltype => $seltype,
+ }
+
+ if($xlogdir) {
+ # Make sure the xlog directory exists, and has the correct permissions.
+ file { $xlogdir:
+ ensure => directory,
+ owner => $user,
+ group => $group,
+ mode => '0700',
+ seltype => $seltype,
+ }
+ }
+
+ if($logdir) {
+ # Make sure the log directory exists, and has the correct permissions.
+ file { $logdir:
+ ensure => directory,
+ owner => $user,
+ group => $group,
+ seltype => $logdir_type,
+ }
+ }
+
+ if($needs_initdb) {
+ # Build up the initdb command.
+ #
+ # We optionally add the locale switch if specified. Older versions of the
+ # initdb command don't accept this switch. So if the user didn't pass the
+ # parameter, lets not pass the switch at all.
+ $ic_base = "${initdb_path} --encoding '${encoding}' --pgdata '${datadir}'"
+ $ic_xlog = $xlogdir ? {
+ undef => $ic_base,
+ default => "${ic_base} --xlogdir '${xlogdir}'"
+ }
+
+ # The xlogdir need to be present before initdb runs.
+ # If xlogdir is default it's created by package installer
+ if($xlogdir) {
+ $require_before_initdb = [$datadir, $xlogdir]
+ } else {
+ $require_before_initdb = [$datadir]
+ }
+
+ $ic_locale = $locale ? {
+ undef => $ic_xlog,
+ default => "${ic_xlog} --locale '${locale}'"
+ }
+
+ $initdb_command = $data_checksums ? {
+ undef => $ic_locale,
+ false => $ic_locale,
+ default => "${ic_locale} --data-checksums"
+ }
+
+ # This runs the initdb command, we use the existance of the PG_VERSION
+ # file to ensure we don't keep running this command.
+ exec { 'postgresql_initdb':
+ command => $initdb_command,
+ creates => "${datadir}/PG_VERSION",
+ user => $user,
+ group => $group,
+ logoutput => on_failure,
+ require => File[$require_before_initdb],
+ cwd => $module_workdir,
+ }
+ # The package will take care of this for us the first time, but if we
+ # ever need to init a new db we need to copy these files explicitly
+ if $::operatingsystem == 'Debian' or $::operatingsystem == 'Ubuntu' {
+ if $::operatingsystemrelease =~ /^6/ or $::operatingsystemrelease =~ /^7/ or $::operatingsystemrelease =~ /^10\.04/ or $::operatingsystemrelease =~ /^12\.04/ {
+ file { 'server.crt':
+ ensure => file,
+ path => "${datadir}/server.crt",
+ source => 'file:///etc/ssl/certs/ssl-cert-snakeoil.pem',
+ owner => $::postgresql::server::user,
+ group => $::postgresql::server::group,
+ mode => '0644',
+ require => Exec['postgresql_initdb'],
+ }
+ file { 'server.key':
+ ensure => file,
+ path => "${datadir}/server.key",
+ source => 'file:///etc/ssl/private/ssl-cert-snakeoil.key',
+ owner => $::postgresql::server::user,
+ group => $::postgresql::server::group,
+ mode => '0600',
+ require => Exec['postgresql_initdb'],
+ }
+ }
+ }
+ } elsif $encoding != undef {
+ # [workaround]
+ # by default pg_createcluster encoding derived from locale
+ # but it do does not work by installing postgresql via puppet because puppet
+ # always override LANG to 'C'
+ postgresql_psql { "Set template1 encoding to ${encoding}":
+ command => "UPDATE pg_database
+ SET datistemplate = FALSE
+ WHERE datname = 'template1'
+ ;
+ UPDATE pg_database
+ SET encoding = pg_char_to_encoding('${encoding}'), datistemplate = TRUE
+ WHERE datname = 'template1'",
+ unless => "SELECT datname FROM pg_database WHERE
+ datname = 'template1' AND encoding = pg_char_to_encoding('${encoding}')",
+ }
+ }
+}
--- /dev/null
+# PRIVATE CLASS: do not call directly
+class postgresql::server::install {
+ $package_ensure = $postgresql::server::package_ensure
+ $package_name = $postgresql::server::package_name
+
+ $_package_ensure = $package_ensure ? {
+ true => 'present',
+ false => 'purged',
+ 'absent' => 'purged',
+ default => $package_ensure,
+ }
+
+ package { 'postgresql-server':
+ ensure => $_package_ensure,
+ name => $package_name,
+
+ # This is searched for to create relationships with the package repos, be
+ # careful about its removal
+ tag => 'postgresql',
+ }
+
+}
--- /dev/null
+# PRIVATE CLASS: do not call directly
+class postgresql::server::passwd {
+ $postgres_password = $postgresql::server::postgres_password
+ $user = $postgresql::server::user
+ $group = $postgresql::server::group
+ $psql_path = $postgresql::server::psql_path
+ $port = $postgresql::server::port
+ $database = $postgresql::server::default_database
+ $module_workdir = $postgresql::server::module_workdir
+
+ # psql will default to connecting as $user if you don't specify name
+ $_datbase_user_same = $database == $user
+ $_dboption = $_datbase_user_same ? {
+ false => " --dbname ${database}",
+ default => ''
+ }
+
+ if ($postgres_password != undef) {
+ # NOTE: this password-setting logic relies on the pg_hba.conf being
+ # configured to allow the postgres system user to connect via psql
+ # without specifying a password ('ident' or 'trust' security). This is
+ # the default for pg_hba.conf.
+ $escaped = postgresql_escape($postgres_password)
+ exec { 'set_postgres_postgrespw':
+ # This command works w/no password because we run it as postgres system
+ # user
+ command => "${psql_path}${_dboption} -c \"ALTER ROLE \\\"${user}\\\" PASSWORD \${NEWPASSWD_ESCAPED}\"",
+ user => $user,
+ group => $group,
+ logoutput => true,
+ cwd => $module_workdir,
+ environment => [
+ "PGPASSWORD=${postgres_password}",
+ "PGPORT=${port}",
+ "NEWPASSWD_ESCAPED=${escaped}",
+ ],
+ # With this command we're passing -h to force TCP authentication, which
+ # does require a password. We specify the password via the PGPASSWORD
+ # environment variable. If the password is correct (current), this
+ # command will exit with an exit code of 0, which will prevent the main
+ # command from running.
+ unless => "${psql_path} -h localhost -p ${port} -c 'select 1' > /dev/null",
+ path => '/usr/bin:/usr/local/bin:/bin',
+ }
+ }
+}
--- /dev/null
+# This resource manages an individual rule that applies to the file defined in
+# $target. See README.md for more details.
+define postgresql::server::pg_hba_rule(
+ Enum['local', 'host', 'hostssl', 'hostnossl'] $type,
+ String $database,
+ String $user,
+ String $auth_method,
+ Optional[String] $address = undef,
+ String $description = 'none',
+ Optional[String] $auth_option = undef,
+ Variant[String, Integer] $order = 150,
+
+ # Needed for testing primarily, support for multiple files is not really
+ # working.
+ Stdlib::Absolutepath $target = $postgresql::server::pg_hba_conf_path,
+ String $postgresql_version = $postgresql::server::_version
+) {
+
+ #Allow users to manage pg_hba.conf even if they are not managing the whole PostgreSQL instance
+ if !defined( 'postgresql::server' ) {
+ $manage_pg_hba_conf = true
+ }
+ else {
+ $manage_pg_hba_conf = $postgresql::server::manage_pg_hba_conf
+ }
+
+ if $manage_pg_hba_conf == false {
+ fail('postgresql::server::manage_pg_hba_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests')
+ } else {
+
+ if($type =~ /^host/ and $address == undef) {
+ fail('You must specify an address property when type is host based')
+ }
+
+ $allowed_auth_methods = $postgresql_version ? {
+ '9.6' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'],
+ '9.5' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
+ '9.4' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
+ '9.3' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
+ '9.2' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
+ '9.1' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
+ '9.0' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'radius', 'cert', 'pam'],
+ '8.4' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'cert', 'pam'],
+ '8.3' => ['trust', 'reject', 'md5', 'crypt', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'pam'],
+ '8.2' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'ldap', 'pam'],
+ '8.1' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'pam'],
+ default => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'crypt', 'bsd']
+ }
+
+ assert_type(Enum[$allowed_auth_methods], $auth_method)
+
+ # Create a rule fragment
+ $fragname = "pg_hba_rule_${name}"
+ concat::fragment { $fragname:
+ target => $target,
+ content => template('postgresql/pg_hba_rule.conf'),
+ order => $order,
+ }
+ }
+}
--- /dev/null
+# This resource manages an individual rule that applies to the file defined in
+# $target. See README.md for more details.
+define postgresql::server::pg_ident_rule(
+ $map_name,
+ $system_username,
+ $database_username,
+ $description = 'none',
+ $order = '150',
+
+ # Needed for testing primarily, support for multiple files is not really
+ # working.
+ $target = $postgresql::server::pg_ident_conf_path
+) {
+
+ if $postgresql::server::manage_pg_ident_conf == false {
+ fail('postgresql::server::manage_pg_ident_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests')
+ } else {
+
+ # Create a rule fragment
+ $fragname = "pg_ident_rule_${name}"
+ concat::fragment { $fragname:
+ target => $target,
+ content => template('postgresql/pg_ident_rule.conf'),
+ order => $order,
+ }
+ }
+}
--- /dev/null
+# This class installs the PL/Perl procedural language for postgresql. See
+# README.md for more details.
+class postgresql::server::plperl(
+ $package_ensure = 'present',
+ $package_name = $postgresql::server::plperl_package_name
+) {
+ package { 'postgresql-plperl':
+ ensure => $package_ensure,
+ name => $package_name,
+ tag => 'postgresql',
+ }
+
+ anchor { 'postgresql::server::plperl::start': }
+ -> Class['postgresql::server::install']
+ -> Package['postgresql-plperl']
+ -> Class['postgresql::server::service']
+ anchor { 'postgresql::server::plperl::end': }
+
+}
--- /dev/null
+# This class installs the PL/Python procedural language for postgresql. See
+# README.md for more details.
+class postgresql::server::plpython(
+ $package_ensure = 'present',
+ $package_name = $postgresql::server::plpython_package_name,
+) {
+ package { 'postgresql-plpython':
+ ensure => $package_ensure,
+ name => $package_name,
+ tag => 'postgresql',
+ }
+
+ anchor { 'postgresql::server::plpython::start': }
+ -> Class['postgresql::server::install']
+ -> Package['postgresql-plpython']
+ -> Class['postgresql::server::service']
+ -> anchor { 'postgresql::server::plpython::end': }
+
+}
--- /dev/null
+# Install the postgis postgresql packaging. See README.md for more details.
+class postgresql::server::postgis (
+ String $package_name = $postgresql::params::postgis_package_name,
+ String[1] $package_ensure = 'present'
+) inherits postgresql::params {
+
+ package { 'postgresql-postgis':
+ ensure => $package_ensure,
+ name => $package_name,
+ tag => 'postgresql',
+ }
+
+ anchor { 'postgresql::server::postgis::start': }
+ -> Class['postgresql::server::install']
+ -> Package['postgresql-postgis']
+ -> Class['postgresql::server::service']
+ -> anchor { 'postgresql::server::postgis::end': }
+
+ if $postgresql::globals::manage_package_repo {
+ Class['postgresql::repo']
+ -> Package['postgresql-postgis']
+ }
+}
--- /dev/null
+# Define for reassigning the ownership of objects within a database. See README.md for more details.
+# This enables us to force the a particular ownership for objects within a database
+define postgresql::server::reassign_owned_by (
+ String $old_role,
+ String $new_role,
+ String $db,
+ String $psql_user = $postgresql::server::user,
+ Integer $port = $postgresql::server::port,
+ Hash $connect_settings = $postgresql::server::default_connect_settings,
+) {
+
+ $sql_command = "REASSIGN OWNED BY \"${old_role}\" TO \"${new_role}\""
+
+ $group = $postgresql::server::group
+ $psql_path = $postgresql::server::psql_path
+
+ #
+ # Port, order of precedence: $port parameter, $connect_settings[PGPORT], $postgresql::server::port
+ #
+ if $port != undef {
+ $port_override = $port
+ } elsif $connect_settings != undef and has_key( $connect_settings, 'PGPORT') {
+ $port_override = undef
+ } else {
+ $port_override = $postgresql::server::port
+ }
+
+ $onlyif = "SELECT tablename FROM pg_catalog.pg_tables WHERE
+ schemaname NOT IN ('pg_catalog', 'information_schema') AND
+ tableowner = '${old_role}'
+ UNION ALL SELECT proname FROM pg_catalog.pg_proc WHERE
+ pg_get_userbyid(proowner) = '${old_role}'
+ UNION ALL SELECT viewname FROM pg_catalog.pg_views WHERE
+ pg_views.schemaname NOT IN ('pg_catalog', 'information_schema') AND
+ viewowner = '${old_role}'
+ UNION ALL SELECT relname FROM pg_catalog.pg_class WHERE
+ relkind='S' AND pg_get_userbyid(relowner) = '${old_role}'"
+
+ postgresql_psql { "reassign_owned_by:${db}:${sql_command}":
+ command => $sql_command,
+ db => $db,
+ port => $port_override,
+ connect_settings => $connect_settings,
+ psql_user => $psql_user,
+ psql_group => $group,
+ psql_path => $psql_path,
+ onlyif => $onlyif,
+ require => Class['postgresql::server']
+ }
+
+ if($old_role != undef and defined(Postgresql::Server::Role[$old_role])) {
+ Postgresql::Server::Role[$old_role]->Postgresql_psql["reassign_owned_by:${db}:${sql_command}"]
+ }
+ if($new_role != undef and defined(Postgresql::Server::Role[$new_role])) {
+ Postgresql::Server::Role[$new_role]->Postgresql_psql["reassign_owned_by:${db}:${sql_command}"]
+ }
+
+ if($db != undef and defined(Postgresql::Server::Database[$db])) {
+ Postgresql::Server::Database[$db]->Postgresql_psql["reassign_owned_by:${db}:${sql_command}"]
+ }
+}
--- /dev/null
+# This resource manages the parameters that applies to the recovery.conf template. See README.md for more details.
+define postgresql::server::recovery(
+ $restore_command = undef,
+ $archive_cleanup_command = undef,
+ $recovery_end_command = undef,
+ $recovery_target_name = undef,
+ $recovery_target_time = undef,
+ $recovery_target_xid = undef,
+ $recovery_target_inclusive = undef,
+ $recovery_target = undef,
+ $recovery_target_timeline = undef,
+ $pause_at_recovery_target = undef,
+ $standby_mode = undef,
+ $primary_conninfo = undef,
+ $primary_slot_name = undef,
+ $trigger_file = undef,
+ $recovery_min_apply_delay = undef,
+ $target = $postgresql::server::recovery_conf_path
+) {
+
+ if $postgresql::server::manage_recovery_conf == false {
+ fail('postgresql::server::manage_recovery_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests')
+ } else {
+ if($restore_command == undef and $archive_cleanup_command == undef and $recovery_end_command == undef
+ and $recovery_target_name == undef and $recovery_target_time == undef and $recovery_target_xid == undef
+ and $recovery_target_inclusive == undef and $recovery_target == undef and $recovery_target_timeline == undef
+ and $pause_at_recovery_target == undef and $standby_mode == undef and $primary_conninfo == undef
+ and $primary_slot_name == undef and $trigger_file == undef and $recovery_min_apply_delay == undef) {
+ fail('postgresql::server::recovery use this resource but do not pass a parameter will avoid creating the recovery.conf, because it makes no sense.')
+ }
+
+ # Create the recovery.conf content
+ concat::fragment { 'recovery.conf':
+ target => $target,
+ content => template('postgresql/recovery.conf.erb'),
+ }
+ }
+}
--- /dev/null
+# PRIVATE CLASS: do not use directly
+class postgresql::server::reload {
+ $service_name = $postgresql::server::service_name
+ $service_status = $postgresql::server::service_status
+ $service_reload = $postgresql::server::service_reload
+
+ exec { 'postgresql_reload':
+ path => '/usr/bin:/usr/sbin:/bin:/sbin',
+ command => $service_reload,
+ onlyif => $service_status,
+ refreshonly => true,
+ require => Class['postgresql::server::service'],
+ }
+}
--- /dev/null
+# Define for creating a database role. See README.md for more information
+define postgresql::server::role(
+ $update_password = true,
+ $password_hash = false,
+ $createdb = false,
+ $createrole = false,
+ $db = $postgresql::server::default_database,
+ $port = undef,
+ $login = true,
+ $inherit = true,
+ $superuser = false,
+ $replication = false,
+ $connection_limit = '-1',
+ $username = $title,
+ $connect_settings = $postgresql::server::default_connect_settings,
+) {
+ $psql_user = $postgresql::server::user
+ $psql_group = $postgresql::server::group
+ $psql_path = $postgresql::server::psql_path
+ $module_workdir = $postgresql::server::module_workdir
+
+ #
+ # Port, order of precedence: $port parameter, $connect_settings[PGPORT], $postgresql::server::port
+ #
+ if $port != undef {
+ $port_override = $port
+ } elsif $connect_settings != undef and has_key( $connect_settings, 'PGPORT') {
+ $port_override = undef
+ } else {
+ $port_override = $postgresql::server::port
+ }
+
+ # If possible use the version of the remote database, otherwise
+ # fallback to our local DB version
+ if $connect_settings != undef and has_key( $connect_settings, 'DBVERSION') {
+ $version = $connect_settings['DBVERSION']
+ } else {
+ $version = $postgresql::server::_version
+ }
+
+ $login_sql = $login ? { true => 'LOGIN', default => 'NOLOGIN' }
+ $inherit_sql = $inherit ? { true => 'INHERIT', default => 'NOINHERIT' }
+ $createrole_sql = $createrole ? { true => 'CREATEROLE', default => 'NOCREATEROLE' }
+ $createdb_sql = $createdb ? { true => 'CREATEDB', default => 'NOCREATEDB' }
+ $superuser_sql = $superuser ? { true => 'SUPERUSER', default => 'NOSUPERUSER' }
+ $replication_sql = $replication ? { true => 'REPLICATION', default => '' }
+ if ($password_hash != false) {
+ $environment = "NEWPGPASSWD=${password_hash}"
+ $password_sql = "ENCRYPTED PASSWORD '\$NEWPGPASSWD'"
+ } else {
+ $password_sql = ''
+ $environment = []
+ }
+
+ Postgresql_psql {
+ db => $db,
+ port => $port_override,
+ psql_user => $psql_user,
+ psql_group => $psql_group,
+ psql_path => $psql_path,
+ connect_settings => $connect_settings,
+ cwd => $module_workdir,
+ require => [
+ Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"],
+ Class['postgresql::server'],
+ ],
+ }
+
+ postgresql_psql { "CREATE ROLE ${username} ENCRYPTED PASSWORD ****":
+ command => "CREATE ROLE \"${username}\" ${password_sql} ${login_sql} ${createrole_sql} ${createdb_sql} ${superuser_sql} ${replication_sql} CONNECTION LIMIT ${connection_limit}",
+ unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}'",
+ environment => $environment,
+ require => Class['Postgresql::Server'],
+ }
+
+ postgresql_psql {"ALTER ROLE \"${username}\" ${superuser_sql}":
+ unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolsuper = ${superuser}",
+ }
+
+ postgresql_psql {"ALTER ROLE \"${username}\" ${createdb_sql}":
+ unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolcreatedb = ${createdb}",
+ }
+
+ postgresql_psql {"ALTER ROLE \"${username}\" ${createrole_sql}":
+ unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolcreaterole = ${createrole}",
+ }
+
+ postgresql_psql {"ALTER ROLE \"${username}\" ${login_sql}":
+ unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolcanlogin = ${login}",
+ }
+
+ postgresql_psql {"ALTER ROLE \"${username}\" ${inherit_sql}":
+ unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolinherit = ${inherit}",
+ }
+
+ if(versioncmp($version, '9.1') >= 0) {
+ if $replication_sql == '' {
+ postgresql_psql {"ALTER ROLE \"${username}\" NOREPLICATION":
+ unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolreplication = ${replication}",
+ }
+ } else {
+ postgresql_psql {"ALTER ROLE \"${username}\" ${replication_sql}":
+ unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolreplication = ${replication}",
+ }
+ }
+ }
+
+ postgresql_psql {"ALTER ROLE \"${username}\" CONNECTION LIMIT ${connection_limit}":
+ unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolconnlimit = ${connection_limit}",
+ }
+
+ if $password_hash and $update_password {
+ if($password_hash =~ /^md5.+/) {
+ $pwd_hash_sql = $password_hash
+ } else {
+ $pwd_md5 = md5("${password_hash}${username}")
+ $pwd_hash_sql = "md5${pwd_md5}"
+ }
+ postgresql_psql { "ALTER ROLE ${username} ENCRYPTED PASSWORD ****":
+ command => "ALTER ROLE \"${username}\" ${password_sql}",
+ unless => "SELECT 1 FROM pg_shadow WHERE usename = '${username}' AND passwd = '${pwd_hash_sql}'",
+ environment => $environment,
+ }
+ }
+}
--- /dev/null
+# = Type: postgresql::server::schema
+#
+# Create a new schema. See README.md for more details.
+#
+# == Requires:
+#
+# The database must exist and the PostgreSQL user should have enough privileges
+#
+# == Sample Usage:
+#
+# postgresql::server::schema {'private':
+# db => 'template1',
+# }
+#
+define postgresql::server::schema(
+ $db = $postgresql::server::default_database,
+ $owner = undef,
+ $schema = $title,
+ $connect_settings = $postgresql::server::default_connect_settings,
+) {
+ $user = $postgresql::server::user
+ $group = $postgresql::server::group
+ $psql_path = $postgresql::server::psql_path
+ $version = $postgresql::server::_version
+ $module_workdir = $postgresql::server::module_workdir
+
+ Postgresql::Server::Db <| dbname == $db |> -> Postgresql::Server::Schema[$name]
+
+ # If the connection settings do not contain a port, then use the local server port
+ if $connect_settings != undef and has_key( $connect_settings, 'PGPORT') {
+ $port = undef
+ } else {
+ $port = $postgresql::server::port
+ }
+
+ Postgresql_psql {
+ db => $db,
+ psql_user => $user,
+ psql_group => $group,
+ psql_path => $psql_path,
+ port => $port,
+ cwd => $module_workdir,
+ connect_settings => $connect_settings,
+ }
+
+ postgresql_psql { "${db}: CREATE SCHEMA \"${schema}\"":
+ command => "CREATE SCHEMA \"${schema}\"",
+ unless => "SELECT 1 FROM pg_namespace WHERE nspname = '${schema}'",
+ require => Class['postgresql::server'],
+ }
+
+ if $owner {
+ postgresql_psql { "${db}: ALTER SCHEMA \"${schema}\" OWNER TO \"${owner}\"":
+ command => "ALTER SCHEMA \"${schema}\" OWNER TO ${owner}",
+ unless => "SELECT 1 FROM pg_namespace JOIN pg_roles rol ON nspowner = rol.oid WHERE nspname = '${schema}' AND rolname = '${owner}'",
+ require => Postgresql_psql["${db}: CREATE SCHEMA \"${schema}\""],
+ }
+
+ if defined(Postgresql::Server::Role[$owner]) {
+ Postgresql::Server::Role[$owner]->Postgresql_psql["${db}: ALTER SCHEMA \"${schema}\" OWNER TO \"${owner}\""]
+ }
+ }
+}
--- /dev/null
+# PRIVATE CLASS: do not call directly
+class postgresql::server::service {
+ $service_ensure = $postgresql::server::service_ensure
+ $service_enable = $postgresql::server::service_enable
+ $service_manage = $postgresql::server::service_manage
+ $service_name = $postgresql::server::service_name
+ $service_provider = $postgresql::server::service_provider
+ $service_status = $postgresql::server::service_status
+ $user = $postgresql::server::user
+ $port = $postgresql::server::port
+ $default_database = $postgresql::server::default_database
+ $psql_path = $postgresql::params::psql_path
+
+ anchor { 'postgresql::server::service::begin': }
+
+ if $service_manage {
+
+ service { 'postgresqld':
+ ensure => $service_ensure,
+ enable => $service_enable,
+ name => $service_name,
+ provider => $service_provider,
+ hasstatus => true,
+ status => $service_status,
+ }
+
+ if $service_ensure == 'running' {
+ # This blocks the class before continuing if chained correctly, making
+ # sure the service really is 'up' before continuing.
+ #
+ # Without it, we may continue doing more work before the database is
+ # prepared leading to a nasty race condition.
+ postgresql_conn_validator{ 'validate_service_is_running':
+ run_as => $user,
+ db_name => $default_database,
+ port => $port,
+ sleep => 1,
+ tries => 60,
+ psql_path => $psql_path,
+ require => Service['postgresqld'],
+ before => Anchor['postgresql::server::service::end']
+ }
+ Postgresql::Server::Database <| title == $default_database |> -> Postgresql_conn_validator['validate_service_is_running']
+ }
+ }
+
+ anchor { 'postgresql::server::service::end': }
+}
--- /dev/null
+# This resource wraps the grant resource to manage table grants specifically.
+# See README.md for more details.
+define postgresql::server::table_grant(
+ $privilege,
+ $table,
+ $db,
+ $role,
+ $port = undef,
+ $psql_db = undef,
+ $psql_user = undef,
+ $connect_settings = undef,
+ $onlyif_exists = false,
+) {
+ postgresql::server::grant { "table:${name}":
+ role => $role,
+ db => $db,
+ port => $port,
+ privilege => $privilege,
+ object_type => 'TABLE',
+ object_name => $table,
+ psql_db => $psql_db,
+ psql_user => $psql_user,
+ onlyif_exists => $onlyif_exists,
+ connect_settings => $connect_settings,
+ }
+}
\ No newline at end of file
--- /dev/null
+# This module creates tablespace. See README.md for more details.
+define postgresql::server::tablespace(
+ $location,
+ $owner = undef,
+ $spcname = $title,
+ $connect_settings = $postgresql::server::default_connect_settings,
+) {
+ $user = $postgresql::server::user
+ $group = $postgresql::server::group
+ $psql_path = $postgresql::server::psql_path
+ $module_workdir = $postgresql::server::module_workdir
+
+ # If the connection settings do not contain a port, then use the local server port
+ if $connect_settings != undef and has_key( $connect_settings, 'PGPORT') {
+ $port = undef
+ } else {
+ $port = $postgresql::server::port
+ }
+
+ Postgresql_psql {
+ psql_user => $user,
+ psql_group => $group,
+ psql_path => $psql_path,
+ port => $port,
+ connect_settings => $connect_settings,
+ cwd => $module_workdir,
+ }
+
+ file { $location:
+ ensure => directory,
+ owner => $user,
+ group => $group,
+ mode => '0700',
+ seluser => 'system_u',
+ selrole => 'object_r',
+ seltype => 'postgresql_db_t',
+ require => Class['postgresql::server'],
+ }
+
+ postgresql_psql { "CREATE TABLESPACE \"${spcname}\"":
+ command => "CREATE TABLESPACE \"${spcname}\" LOCATION '${location}'",
+ unless => "SELECT 1 FROM pg_tablespace WHERE spcname = '${spcname}'",
+ require => [Class['postgresql::server'], File[$location]],
+ }
+
+ if $owner {
+ postgresql_psql { "ALTER TABLESPACE \"${spcname}\" OWNER TO \"${owner}\"":
+ unless => "SELECT 1 FROM pg_tablespace JOIN pg_roles rol ON spcowner = rol.oid WHERE spcname = '${spcname}' AND rolname = '${owner}'",
+ require => Postgresql_psql["CREATE TABLESPACE \"${spcname}\""],
+ }
+
+ if defined(Postgresql::Server::Role[$owner]) {
+ Postgresql::Server::Role[$owner]->Postgresql_psql["ALTER TABLESPACE \"${spcname}\" OWNER TO \"${owner}\""]
+ }
+ }
+}
+++ /dev/null
-# Resource postgresql::table_grant
-define postgresql::table_grant(
- $privilege,
- $table,
- $db,
- $role,
- $psql_db = undef,
- $psql_user = undef
-) {
- include postgresql::params
- postgresql::grant { "table:${name}":
- role => $role,
- db => $db,
- privilege => $privilege,
- object_type => 'TABLE',
- object_name => $table,
- psql_db => $psql_db,
- psql_user => $psql_user,
- }
-}
+++ /dev/null
-# Define: postgresql::tablespace
-#
-# This module creates tablespace
-#
-# Parameters:
-# [*title*] - the name of a tablespace to be created. The name cannot begin with pg_, as such names are reserved for system tablespaces.
-# [*owner*] - the name of the user who will own the tablespace. If omitted, defaults to the user executing the command.
-# Only superusers can create tablespaces, but they can assign ownership of tablespaces to non-superusers.
-# [*location*] - The directory that will be used for the tablespace. The directory should be empty and must be owned by the PostgreSQL
-# system user. The directory must be specified by an absolute path name.
-#
-# Actions:
-#
-# Requires:
-#
-# class postgresql::server
-#
-# Sample Usage:
-#
-# postgresql::tablespace { 'dbspace':
-# location => '/data/dbs',
-# }
-#
-#
-define postgresql::tablespace(
- $location,
- $owner = undef,
- $spcname = $title)
-{
- include postgresql::params
-
- Postgresql_psql {
- psql_user => $postgresql::params::user,
- psql_group => $postgresql::params::group,
- psql_path => $postgresql::params::psql_path,
- }
-
- if ($owner == undef) {
- $owner_section = ''
- }
- else {
- $owner_section = "OWNER \"${owner}\""
- }
-
- $create_tablespace_command = "CREATE TABLESPACE \"${spcname}\" ${owner_section} LOCATION '${location}'"
-
- file { $location:
- ensure => directory,
- owner => $postgresql::params::user,
- group => $postgresql::params::group,
- mode => '0700',
- }
-
- postgresql_psql { "Create tablespace '${spcname}'":
- command => $create_tablespace_command,
- unless => "SELECT spcname FROM pg_tablespace WHERE spcname='${spcname}'",
- require => [Class['postgresql::server'], File[$location]],
- }
-}
-# Define: postgresql::validate_db_connection
-#
# This type validates that a successful postgres connection can be established
# between the node on which this resource is run and a specified postgres
# instance (host/port/user/password/database name).
#
-# Parameters:
-# [*database_host*] - the hostname or IP address of the machine where the
-# postgres server should be running.
-# [*database_port*] - the port on which postgres server should be
-# listening (defaults to 5432).
-# [*database_username*] - the postgres username
-# [*database_password*] - the postgres user's password
-# [*database_name*] - the database name that the connection should be
-# established against
-#
-# NOTE: to some degree this type assumes that you've created the corresponding
-# postgres database instance that you are validating by using the
-# `postgresql::db` or `postgresql::database` type provided by this module
-# elsewhere in your manifests.
-#
-# Actions:
-#
-# Attempts to establish a connection to the specified postgres database. If
-# a connection cannot be established, the resource will fail; this allows you
-# to use it as a dependency for other resources that would be negatively
-# impacted if they were applied without the postgres connection being available.
-#
-# Requires:
-#
-# `psql` commandline tool (will automatically install the system's postgres
-# client package if it is not already installed.)
-#
-# Sample Usage:
-#
-# postgresql::validate_db_connection { 'validate my postgres connection':
-# database_host => 'my.postgres.host',
-# database_username => 'mydbuser',
-# database_password => 'mydbpassword',
-# database_name => 'mydbname',
-# }
-#
-
+# See README.md for more details.
define postgresql::validate_db_connection(
- $database_host,
- $database_name,
- $database_password,
- $database_username,
- $database_port = 5432
+ $database_host = undef,
+ $database_name = undef,
+ $database_password = undef,
+ $database_username = undef,
+ $database_port = undef,
+ $connect_settings = undef,
+ $run_as = undef,
+ $sleep = 2,
+ $tries = 10,
+ $create_db_first = true
) {
- require postgresql::client
+ include postgresql::client
+ include postgresql::params
+
+ warning('postgresql::validate_db_connection is deprecated, please use postgresql_conn_validator.')
- # TODO: port to ruby
- $psql = "${postgresql::params::psql_path} --tuples-only --quiet -h ${database_host} -U ${database_username} -p ${database_port} --dbname ${database_name}"
+ $psql_path = $postgresql::params::psql_path
+ $module_workdir = $postgresql::params::module_workdir
+ $validcon_script_path = $postgresql::client::validcon_script_path
+
+ $cmd_init = "${psql_path} --tuples-only --quiet "
+ $cmd_host = $database_host ? {
+ undef => '',
+ default => "-h ${database_host} ",
+ }
+ $cmd_user = $database_username ? {
+ undef => '',
+ default => "-U ${database_username} ",
+ }
+ $cmd_port = $database_port ? {
+ undef => '',
+ default => "-p ${database_port} ",
+ }
+ $cmd_dbname = $database_name ? {
+ undef => "--dbname ${postgresql::params::default_database} ",
+ default => "--dbname ${database_name} ",
+ }
+ $pass_env = $database_password ? {
+ undef => undef,
+ default => "PGPASSWORD=${database_password}",
+ }
+ $cmd = join([$cmd_init, $cmd_host, $cmd_user, $cmd_port, $cmd_dbname], ' ')
+ $validate_cmd = "${validcon_script_path} ${sleep} ${tries} '${cmd}'"
+
+ # This is more of a safety valve, we add a little extra to compensate for the
+ # time it takes to run each psql command.
+ $timeout = (($sleep + 2) * $tries)
+
+ # Combine $database_password and $connect_settings into an array of environment
+ # variables, ensure $database_password is last, allowing it to override a password
+ # from the $connect_settings hash
+ if $connect_settings != undef {
+ if $pass_env != undef {
+ $env = concat(join_keys_to_values( $connect_settings, '='), $pass_env)
+ } else {
+ $env = join_keys_to_values( $connect_settings, '=')
+ }
+ } else {
+ $env = $pass_env
+ }
+
+ $exec_name = "validate postgres connection for ${database_username}@${database_host}:${database_port}/${database_name}"
- $exec_name = "validate postgres connection for ${database_host}/${database_name}"
exec { $exec_name:
- command => '/bin/false',
- unless => "/bin/echo \"SELECT 1\" | ${psql}",
- cwd => '/tmp',
- environment => "PGPASSWORD=${database_password}",
+ command => "echo 'Unable to connect to defined database using: ${cmd}' && false",
+ unless => $validate_cmd,
+ cwd => $module_workdir,
+ environment => $env,
logoutput => 'on_failure',
- require => Package['postgresql-client'],
+ user => $run_as,
+ path => '/bin:/usr/bin:/usr/local/bin',
+ timeout => $timeout,
+ require => Class['postgresql::client'],
}
# This is a little bit of puppet magic. What we want to do here is make
# We accomplish this by using Puppet's resource collection syntax to search
# for the Database resource in our current catalog; if it exists, the
# appropriate relationship is created here.
- Database<|title == $database_name|> -> Exec[$exec_name]
+ if($create_db_first) {
+ Postgresql::Server::Database<|title == $database_name|> -> Exec[$exec_name]
+ }
}
-
{
"name": "puppetlabs-postgresql",
- "version": "2.4.0",
- "source": "git://github.com/puppetlabs/puppet-postgresql.git",
+ "version": "5.1.0",
"author": "Inkling/Puppet Labs",
- "license": "Apache",
- "summary": "PostgreSQL defined resource types",
- "description": "PostgreSQL defined resource types",
- "project_page": "https://github.com/puppetlabs/puppet-postgresql",
+ "summary": "Offers support for basic management of PostgreSQL databases.",
+ "license": "Apache-2.0",
+ "source": "git://github.com/puppetlabs/puppetlabs-postgresql.git",
+ "project_page": "https://github.com/puppetlabs/puppetlabs-postgresql",
+ "issues_url": "https://tickets.puppetlabs.com/browse/MODULES",
"dependencies": [
{
"name": "puppetlabs/stdlib",
- "version_requirement": ">=3.2.0 <5.0.0"
- },
- {
- "name": "puppetlabs/firewall",
- "version_requirement": ">= 0.0.4"
+ "version_requirement": ">= 4.13.1 < 5.0.0"
},
{
"name": "puppetlabs/apt",
- "version_requirement": ">=1.1.0 <2.0.0"
+ "version_requirement": ">= 2.0.0 < 5.0.0"
},
{
- "name": "ripienaar/concat",
- "version_requirement": ">= 0.2.0"
+ "name": "puppetlabs/concat",
+ "version_requirement": ">= 1.1.0 < 5.0.0"
}
],
- "types": [
+ "data_provider": null,
+ "operatingsystem_support": [
+ {
+ "operatingsystem": "RedHat",
+ "operatingsystemrelease": [
+ "5",
+ "6",
+ "7"
+ ]
+ },
{
- "name": "postgresql_psql",
- "doc": "",
- "properties": [
- {
- "name": "command",
- "doc": "The SQL command to execute via psql."
- }
- ],
- "parameters": [
- {
- "name": "name",
- "doc": "An arbitrary tag for your own reference; the name of the message."
- },
- {
- "name": "unless",
- "doc": "An optional SQL command to execute prior to the main :command; this is generally intended to be used for idempotency, to check for the existence of an object in the database to determine whether or not the main SQL command needs to be executed at all."
- },
- {
- "name": "db",
- "doc": "The name of the database to execute the SQL command against."
- },
- {
- "name": "psql_path",
- "doc": "The path to psql executable."
- },
- {
- "name": "psql_user",
- "doc": "The system user account under which the psql command should be executed."
- },
- {
- "name": "psql_group",
- "doc": "The system user group account under which the psql command should be executed."
- },
- {
- "name": "cwd",
- "doc": "The working directory under which the psql command should be executed."
- },
- {
- "name": "refreshonly",
- "doc": "If 'true', then the SQL will only be executed via a notify/subscribe event."
- }
- ],
- "providers": [
- {
- "name": "ruby",
- "doc": ""
- }
+ "operatingsystem": "CentOS",
+ "operatingsystemrelease": [
+ "5",
+ "6",
+ "7"
+ ]
+ },
+ {
+ "operatingsystem": "OracleLinux",
+ "operatingsystemrelease": [
+ "5",
+ "6",
+ "7"
+ ]
+ },
+ {
+ "operatingsystem": "Scientific",
+ "operatingsystemrelease": [
+ "5",
+ "6",
+ "7"
+ ]
+ },
+ {
+ "operatingsystem": "Debian",
+ "operatingsystemrelease": [
+ "6",
+ "7",
+ "8"
+ ]
+ },
+ {
+ "operatingsystem": "Ubuntu",
+ "operatingsystemrelease": [
+ "10.04",
+ "12.04",
+ "14.04",
+ "16.04"
]
}
],
- "checksums": {
- "Changelog": "1bbbbb0bf3a2a9c45340a837a7d80cc9",
- "Gemfile": "1aeb148bd15a4ddc1f42327393accae3",
- "Gemfile.lock": "787c8db4b84e6469c8c0f2003579d0fc",
- "LICENSE": "a781715ebc5e3e0956ee6baec3140e58",
- "Modulefile": "f90b1249f08c5e7a779efc3ba64a831d",
- "README.md": "a0ce60f3260475d4d5fbc66eca49a9ca",
- "Rakefile": "7e458ced5c7b798430ee6371f860057e",
- "examples/init.pp": "f7772943903ec859df2e43b61b700fd4",
- "examples/official-postgresql-repos.pp": "44e02f3c93b7d5edf1647d608c4e6310",
- "examples/postgresql_database.pp": "8c631bdc1a57c3e82b203ec3d5dde5e1",
- "examples/postgresql_db.pp": "2db756a3dea26055fd9aa8e63201ec4d",
- "examples/postgresql_grant.pp": "6f1e08c4f7394b32573a70acc314c3a7",
- "examples/postgresql_pg_hba_rule.pp": "4591748c68d75a1014991de70a83aaaa",
- "examples/postgresql_pgconf_extras.pp": "51b8d3bf9847a7d7c2a33b131705496f",
- "examples/postgresql_tablespace.pp": "f3f6b0c2b6ff09b73ff36138604e2b92",
- "examples/postgresql_user.pp": "974917490d130306d45fbb8edee2d6b6",
- "examples/server.pp": "7a44884738b92730cdcc0282a581dce2",
- "files/RPM-GPG-KEY-PGDG": "78b5db170d33f80ad5a47863a7476b22",
- "lib/facter/postgres_default_version.rb": "53c88744595fa06f0ce7f08211a46ae2",
- "lib/puppet/parser/functions/postgresql_acls_to_resources_hash.rb": "d518a7959b950874820a3b0a7a324488",
- "lib/puppet/parser/functions/postgresql_password.rb": "820da02a888ab42357fe9bc2352b1c37",
- "lib/puppet/provider/postgresql_psql/ruby.rb": "ed5f97f93876db0b830c2596fff16ec6",
- "lib/puppet/type/postgresql_psql.rb": "ae147c9e12a1d0909bcf8d5374494fb1",
- "manifests/client.pp": "462bae5ffbcc40b1172e5fdbfdb909bf",
- "manifests/config/afterservice.pp": "033677b9d1aef3b7d941ee920c287d2c",
- "manifests/config/beforeservice.pp": "49869372f7d8f30aea1460c530ce5a0d",
- "manifests/config.pp": "40133151b124f3726f49cebe915583da",
- "manifests/contrib.pp": "27ff6b8df85a556d9f9a28ed2b01e0f1",
- "manifests/database.pp": "b105ae2f6aafa1adc4f23e2e28a8819c",
- "manifests/database_grant.pp": "3f9c69a817be47d8bf940f6a1002d4d0",
- "manifests/database_user.pp": "b5f9fdff0bdbd751dfc5f493bddcf1e3",
- "manifests/db.pp": "3632f3e819be95e8a4b6ce79d4256730",
- "manifests/devel.pp": "4ae7a114c635874555489c15a512b124",
- "manifests/grant.pp": "8d13bc521cd6396f69600a0fc94e0db1",
- "manifests/init.pp": "229910d441d3881e4389d3a2bcd37c3a",
- "manifests/initdb.pp": "9d14ae813bed54ad46d791ed490588d7",
- "manifests/java.pp": "be65d349b7657f3cc4b8dd4195e21a7c",
- "manifests/package_source/apt_postgresql_org.pp": "f2077dde857658cd3a12c9956ac879d7",
- "manifests/package_source/yum_postgresql_org.pp": "4a80fe043d9710da0bcc34a3450159ca",
- "manifests/params.pp": "1cc7fa9b165b916188a84661e6a903a5",
- "manifests/pg_hba.pp": "d5e130f3a2e1023061dcfb8cff8fad07",
- "manifests/pg_hba_rule.pp": "032477ffac94d72b30c8108394568e89",
- "manifests/plperl.pp": "f7fbc3c3b53ae18afdcbc9a740e3b5b9",
- "manifests/psql.pp": "339bae8e795f5bcf5550a88ad1e1105d",
- "manifests/python.pp": "cd2c8d7624ac6146fd0b9d4b8cc57ef5",
- "manifests/role.pp": "4ac572845c7c2fa223515a042936b310",
- "manifests/server.pp": "1d517c9c74c364f01d4381a580a6de2e",
- "manifests/table_grant.pp": "10909deaf4f26d8ea265076275919a89",
- "manifests/tablespace.pp": "37d8393a8d92b3b7ba1a6236cba13a9b",
- "manifests/validate_db_connection.pp": "3154199da6a6fb39c78ff86d1e5c50e7",
- "spec/spec_helper.rb": "21d45639cb46497b9196d7658eefbaa5",
- "spec/spec_helper_system.rb": "56e45808e53c1259b10870621606a891",
- "spec/system/install_spec.rb": "26e8ce8a147669479f9ef04412ce8727",
- "spec/system/non_defaults_spec.rb": "841055d4ebc15626bb8661415b59c4f9",
- "spec/unit/classes/client_spec.rb": "60e55a28a18b2370dac9c79fc175ba2f",
- "spec/unit/classes/contrib_spec.rb": "16713d2b385cb20b29d0cdb95480ed01",
- "spec/unit/classes/devel_spec.rb": "8f24f839c5ced188e5a373fe469d4f29",
- "spec/unit/classes/init_spec.rb": "d8fdd6f2b67570832606b56704fc48f6",
- "spec/unit/classes/params_spec.rb": "f35c148917971a3e50c48c22c17eab18",
- "spec/unit/classes/postgresql_java_spec.rb": "a073702d2443d45abba0b5e2a719c863",
- "spec/unit/classes/postgresql_python_spec.rb": "de978ff4029e0f7309b8a144553c01eb",
- "spec/unit/classes/server_spec.rb": "a89d34b468251a36ab7c55e7fb619a5f",
- "spec/unit/defines/database_grant_spec.rb": "b3ec60b58c6f917061bca0a48adbf0b7",
- "spec/unit/defines/database_spec.rb": "b9f0face88bc301d68f460208ba72df4",
- "spec/unit/defines/database_user_spec.rb": "2cb9eaf726859d82baeb6d4a6bf453c4",
- "spec/unit/defines/db_spec.rb": "9b99d7f4145b3081d1b025e30f13b3fc",
- "spec/unit/defines/pg_hba_rule_spec.rb": "9b7a77c48088d36f9a95b2d82caca8cf",
- "spec/unit/defines/pg_hba_spec.rb": "ea0c151170a9eab5398f66ca191b0383",
- "spec/unit/defines/psql_spec.rb": "c08ca62b81c68609cca83ec1c60fda55",
- "spec/unit/defines/role_spec.rb": "84def95468a82e156a01abfa5e5cb40d",
- "spec/unit/defines/tablespace_spec.rb": "fd65a12b4e447421ca0ef0f496aa7cf0",
- "spec/unit/defines/validate_db_connection_spec.rb": "1dfe61aca3e98cb96510b3d275097b02",
- "spec/unit/facts/postgres_default_version_spec.rb": "0a592d4c1a3948f9a661004cd22fcfc2",
- "spec/unit/functions/postgresql_acls_to_resources_hash_spec.rb": "e7740c3cd2110e2fcebab8356012267c",
- "spec/unit/functions/postgresql_password_spec.rb": "76034569a5ff627073c5e6ff69176ac3",
- "templates/pg_hba_rule.conf": "13b46eecdfd359eddff71fa485ef2f54"
- }
-}
\ No newline at end of file
+ "requirements": [
+ {
+ "name": "puppet",
+ "version_requirement": ">= 4.7.0 < 6.0.0"
+ }
+ ]
+}
--- /dev/null
+# postgresql
+
+#### 目次
+
+1. [モジュールの概要 - モジュールの機能](#module-description)
+2. [セットアップ - postgresqlモジュール導入の基本](#setup)
+ * [postgresqlの影響](#what-postgresql-affects)
+ * [postgresqlの導入](#getting-started-with-postgresql)
+3. [使用方法 - 設定オプションと追加機能](#usage)
+ * [サーバーの設定](#configure-a-server)
+ * [データベースの作成](#create-a-database)
+ * [ユーザ、ロール、パーミッションの管理](#manage-users-roles-and-permissions)
+ * [デフォルトのオーバーライド](#override-defaults)
+ * [pg_hba.confのアクセスルールの作成](#create-an-access-rule-for-pg_hbaconf)
+ * [pg_ident.confのユーザ名マップの作成](#create-user-name-maps-for-pg_identconf)
+ * [接続の検証](#validate-connectivity)
+4. [参考 - モジュールの機能と動作について](#reference)
+ * [クラス](#classes)
+ * [定義できるタイプ](#defined-types)
+ * [タイプ](#types)
+ * [関数](#functions)
+5. [制約事項 - OSの互換性など](#limitations)
+6. [開発 - モジュール貢献についてのガイド](#development)
+ * [コントリビュータ - モジュール貢献者の一覧](#contributors)
+7. [テスト](#tests)
+8. [コントリビュータ - モジュール貢献者のリスト](#contributors)
+
+## モジュールの概要
+
+postgresqlモジュールを使用すると、PuppetでPostgreSQLを管理できます。
+
+PostgreSQLは、高性能な無償のオープンソースリレーショナルデータベースサーバーです。postgresqlモジュールを使用すると、PostgreSQLのパッケージ、サービス、データベース、ユーザ、一般的なセキュリティ設定を管理できるようになります。
+
+## セットアップ
+
+### postgresqlの影響
+
+* PostgreSQLのパッケージ、サービス、設定ファイル
+* リッスンするポート
+* IPおよびマスク(オプション)
+
+### postgresqlの導入
+
+基本的なデフォルトのPostgreSQLサーバーを設定するには、`postgresql::server`クラスを宣言します。
+
+```puppet
+class { 'postgresql::server':
+}
+```
+
+## 使用方法
+
+### サーバーの設定
+
+デフォルト設定を使用する場合は、上記のように`postgresql::server`クラスを宣言します。PostgreSQLサーバーの設定をカスタマイズするには、次のように、変更する[パラメータ](#postgresqlserver)を指定します。
+
+```puppet
+class { 'postgresql::server':
+ ip_mask_deny_postgres_user => '0.0.0.0/32',
+ ip_mask_allow_all_users => '0.0.0.0/0',
+ ipv4acls => ['hostssl all johndoe 192.168.0.0/24 cert'],
+ postgres_password => 'TPSrep0rt!',
+}
+```
+
+設定後、コマンドラインで設定をテストします。
+
+```shell
+psql -h localhost -U postgres
+psql -h my.postgres.server -U
+```
+
+上記のコマンドでエラーメッセージが返ってくる場合は、パーミッションの設定によって現在の接続元からのアクセスが制限されています。その場所からの接続を許可するかどうかに応じて、パーミッション設定の変更が必要な場合があります。
+
+サーバー設定パラメータの詳細については、[PostgreSQLランタイム設定マニュアル](http://www.postgresql.org/docs/current/static/runtime-config.html)を参照してください。
+
+### データベースの作成
+
+さまざまなPostgreSQLデータベースを定義タイプ`postgresql::server::db`を使用してセットアップできます。例えば、PuppetDBのデータベースをセットアップするには、次のように記述します。
+
+```puppet
+class { 'postgresql::server':
+}
+
+postgresql::server::db { 'mydatabasename':
+ user => 'mydatabaseuser',
+ password => postgresql_password('mydatabaseuser', 'mypassword'),
+}
+```
+
+### ユーザ、ロール、パーミッションの管理
+
+ユーザ、ロール、パーミッションを管理するには、次のようにします。
+
+```puppet
+class { 'postgresql::server':
+}
+
+postgresql::server::role { 'marmot':
+ password_hash => postgresql_password('marmot', 'mypasswd'),
+}
+
+postgresql::server::database_grant { 'test1':
+ privilege => 'ALL',
+ db => 'test1',
+ role => 'marmot',
+}
+
+postgresql::server::table_grant { 'my_table of test2':
+ privilege => 'ALL',
+ table => 'my_table',
+ db => 'test2',
+ role => 'marmot',
+}
+```
+
+この例では、test1データベース上とtest2データベースの`my_table`テーブル上の**すべての**権限を、指定したユーザまたはグループに付与します。値がPuppetDB設定ファイルに追加されると、このデータベースは使用可能になります。
+
+### デフォルトのオーバーライド
+
+`postgresql::globals`クラスを使用すると、このモジュールの主な設定をグローバルに構成できます。この設定は、他のクラスや定義済みリソースから使用できます。単独では機能しません。
+
+例えば、すべてのクラスのデフォルトの`locale`と`encoding`をオーバーライドするには、次のように記述します。
+
+```puppet
+class { 'postgresql::globals':
+ encoding => 'UTF-8',
+ locale => 'en_US.UTF-8',
+}
+
+class { 'postgresql::server':
+}
+```
+
+特定のバージョンのPostgreSQLパッケージを使用するには、次のように記述します。
+
+```puppet
+class { 'postgresql::globals':
+ manage_package_repo => true,
+ version => '9.2',
+}
+
+class { 'postgresql::server':
+}
+```
+
+### リモートのユーザ、ロール、パーミッションの管理
+
+リモートのSQLオブジェクトは、ローカルのSQLオブジェクトと同じPuppetリソースと、[`connect_settings`](#connect_settings)ハッシュを使用して管理します。これは、PuppetがリモートのPostgresインスタンスに接続する方法と、SQLコマンドの生成に使用されるバージョンを制御します。
+
+`connect_settings`ハッシュには、'PGHOST'、'PGPORT'、'PGPASSWORD'、'PGSSLKEY'など、Postgresクライアント接続を制御する環境変数を含めることができます。変数の全リストについては、[PostgreSQL環境変数](http://www.postgresql.org/docs/9.4/static/libpq-envars.html)マニュアルを参照してください。
+
+さらに、特殊値の'DBVERSION'により、ターゲットデータベースのバージョンを指定できます。`connect_settings`ハッシュが省略されているか空の場合、PuppetはローカルのPostgreSQLインスタンスに接続します。
+
+Puppetリソースごとに`connect_settings`ハッシュを設定するか、`postgresql::globals`にデフォルトの`connect_settings`ハッシュを設定できます。リソースごとに`connect_settings`を設定すると、SQLオブジェクトが複数のユーザによって複数のデータベース上に作成できるようになります。
+
+```puppet
+$connection_settings_super2 = {
+ 'PGUSER' => 'super2',
+ 'PGPASSWORD' => 'foobar2',
+ 'PGHOST' => '127.0.0.1',
+ 'PGPORT' => '5432',
+ 'PGDATABASE' => 'postgres',
+}
+
+include postgresql::server
+
+# Connect with no special settings, i.e domain sockets, user postgres
+postgresql::server::role { 'super2':
+ password_hash => 'foobar2',
+ superuser => true,
+
+ connect_settings => {},
+}
+
+# Now using this new user connect via TCP
+postgresql::server::database { 'db1':
+ connect_settings => $connection_settings_super2,
+ require => Postgresql::Server::Role['super2'],
+}
+```
+
+### pg_hba.confのアクセスルールの作成
+
+`pg_hba.conf`のアクセスルールを作成するには、次のように記述します。
+
+```puppet
+postgresql::server::pg_hba_rule { 'allow application network to access app database':
+ description => 'Open up PostgreSQL for access from 200.1.2.0/24',
+ type => 'host',
+ database => 'app',
+ user => 'app',
+ address => '200.1.2.0/24',
+ auth_method => 'md5',
+}
+```
+
+これにより、以下のようなルールセットが`pg_hba.conf`内に作成されます。
+
+```
+# Rule Name: allow application network to access app database
+# Description: Open up PostgreSQL for access from 200.1.2.0/24
+# Order: 150
+host app app 200.1.2.0/24 md5
+```
+
+デフォルトでは、`pg_hba_rule`に`postgresql::server`を含める必要がありますが、ルールを宣言する際にtargetおよびpostgresql_versionを設定することで、その動作をオーバーライドできます。例えば次のようになります。
+
+```puppet
+postgresql::server::pg_hba_rule { 'allow application network to access app database':
+ description => 'Open up postgresql for access from 200.1.2.0/24',
+ type => 'host',
+ database => 'app',
+ user => 'app',
+ address => '200.1.2.0/24',
+ auth_method => 'md5',
+ target => '/path/to/pg_hba.conf',
+ postgresql_version => '9.4',
+}
+```
+
+### pg_ident.confのユーザ名マップの作成
+
+pg_ident.confのユーザ名マップを作成するには、次のように記述します。
+
+```puppet
+postgresql::server::pg_ident_rule { 'Map the SSL certificate of the backup server as a replication user':
+ map_name => 'sslrepli',
+ system_username => 'repli1.example.com',
+ database_username => 'replication',
+}
+```
+
+これにより、次のようなユーザ名マップが`pg_ident.conf`に作成されます。
+
+```
+#Rule Name: Map the SSL certificate of the backup server as a replication user
+#Description: none
+#Order: 150
+sslrepli repli1.example.com replication
+```
+
+### リカバリ設定の作成
+
+リカバリ設定ファイル(`recovery.conf`)を作成するには、次のように記述します。
+
+```puppet
+postgresql::server::recovery { 'Create a recovery.conf file with the following defined parameters':
+ restore_command => 'cp /mnt/server/archivedir/%f %p',
+ archive_cleanup_command => undef,
+ recovery_end_command => undef,
+ recovery_target_name => 'daily backup 2015-01-26',
+ recovery_target_time => '2015-02-08 22:39:00 EST',
+ recovery_target_xid => undef,
+ recovery_target_inclusive => true,
+ recovery_target => 'immediate',
+ recovery_target_timeline => 'latest',
+ pause_at_recovery_target => true,
+ standby_mode => 'on',
+ primary_conninfo => 'host=localhost port=5432',
+ primary_slot_name => undef,
+ trigger_file => undef,
+ recovery_min_apply_delay => 0,
+}
+```
+
+これにより、次の`recovery.conf`設定ファイルが作成されます。
+
+```
+restore_command = 'cp /mnt/server/archivedir/%f %p'
+recovery_target_name = 'daily backup 2015-01-26'
+recovery_target_time = '2015-02-08 22:39:00 EST'
+recovery_target_inclusive = true
+recovery_target = 'immediate'
+recovery_target_timeline = 'latest'
+pause_at_recovery_target = true
+standby_mode = 'on'
+primary_conninfo = 'host=localhost port=5432'
+recovery_min_apply_delay = 0
+```
+
+テンプレートでは、指定されたパラメータのみが認識されます。`recovery.conf`は、少なくとも1つのパラメータが設定済みで、**かつ**、[manage_recovery_conf](#manage_recovery_conf)がtrueの場合のみ作成されます。
+
+### 接続の検証
+
+従属タスクを開始する前に、リモートのPostgreSQLデータベースへのクライアント接続を検証するには、`postgresql_conn_validator`リソースを使用します。このリソースは、PostgreSQLクライアントソフトウェアがインストールされている任意のノード上で使用できます。アプリケーションサーバーの起動や、データベース移行の実行など、他のタスクと結合されることがよくあります。
+
+使用例:
+
+```puppet
+postgresql_conn_validator { 'validate my postgres connection':
+ host => 'my.postgres.host',
+ db_username => 'mydbuser',
+ db_password => 'mydbpassword',
+ db_name => 'mydbname',
+}->
+exec { 'rake db:migrate':
+ cwd => '/opt/myrubyapp',
+}
+```
+
+## 参考
+
+postgresqlモジュールには、サーバー設定用に多数のオプションがあります。以下の設定をすべて使うことはないかもしれませんが、これらを使用することで、セキュリティ設定をかなり制御することができます。
+
+**クラス:**
+
+* [postgresql::client](#postgresqlclient)
+* [postgresql::globals](#postgresqlglobals)
+* [postgresql::lib::devel](#postgresqllibdevel)
+* [postgresql::lib::java](#postgresqllibjava)
+* [postgresql::lib::perl](#postgresqllibperl)
+* [postgresql::lib::python](#postgresqllibpython)
+* [postgresql::server](#postgresqlserver)
+* [postgresql::server::plperl](#postgresqlserverplperl)
+* [postgresql::server::contrib](#postgresqlservercontrib)
+* [postgresql::server::postgis](#postgresqlserverpostgis)
+
+**定義できるタイプ:**
+
+* [postgresql::server::config_entry](#postgresqlserverconfig_entry)
+* [postgresql::server::database](#postgresqlserverdatabase)
+* [postgresql::server::database_grant](#postgresqlserverdatabase_grant)
+* [postgresql::server::db](#postgresqlserverdb)
+* [postgresql::server::extension](#postgresqlserverextension)
+* [postgresql::server::grant](#postgresqlservergrant)
+* [postgresql::server::grant_role](#postgresqlservergrant_role)
+* [postgresql::server::pg_hba_rule](#postgresqlserverpg_hba_rule)
+* [postgresql::server::pg_ident_rule](#postgresqlserverpg_ident_rule)
+* [postgresql::server::recovery](#postgresqlserverrecovery)
+* [postgresql::server::role](#postgresqlserverrole)
+* [postgresql::server::schema](#postgresqlserverschema)
+* [postgresql::server::table_grant](#postgresqlservertable_grant)
+* [postgresql::server::tablespace](#postgresqlservertablespace)
+
+**タイプ:**
+
+* [postgresql_psql](#custom-resource-postgresql_psql)
+* [postgresql_replication_slot](#custom-resource-postgresql_replication_slot)
+* [postgresql_conf](#custom-resource-postgresql_conf)
+* [postgresql_conn_validator](#custom-resource-postgresql_conn_validator)
+
+**関数:**
+
+* [postgresql_password](#function-postgresql_password)
+* [postgresql_acls_to_resources_hash](#function-postgresql_acls_to_resources_hashacl_array-id-order_offset)
+
+### クラス
+
+#### postgresql::client
+
+PostgreSQLクライアントソフトウェアをインストールします。カスタムのバージョンをインストールするには、次のパラメータを設定します。
+
+>**注意:** カスタムのバージョンを指定する場合、必要なyumまたはaptリポジトリを忘れずに追加してください。
+
+##### `package_ensure`
+
+PostgreSQLクライアントパッケージリソースが存在する必要があるかどうかを指定します。
+
+有効な値: 'present'、'absent'。
+
+デフォルト値: 'present'。
+
+##### `package_name`
+
+PostgreSQLクライアントパッケージの名前を設定します。
+
+デフォルト値: 'file'。
+
+#### postgresql::lib::docs
+
+Postgres-Docs向けのPostgreSQLバインディングをインストールします。カスタムのバージョンをインストールするには、次のパラメータを設定します。
+
+**注意:** カスタムのバージョンを指定する場合、必要なyumまたはaptリポジトリを忘れずに追加してください。
+
+##### `package_name`
+
+PostgreSQL docsパッケージの名前を指定します。
+
+##### `package_ensure`
+
+PostgreSQL docsパッケージリソースが存在する必要があるかどうかを指定します。
+
+有効な値: 'present'、'absent'。
+
+デフォルト値: 'present'。
+
+#### postgresql::globals
+
+**注意:** ほとんどのサーバー固有のデフォルト値は、`postgresql::server`クラスでオーバーライドする必要があります。このクラスは、標準以外のOSを使用している場合か、ここでしか変更できない要素(`version`や`manage_package_repo`)を変更する場合のみ使用します。
+
+##### `bindir`
+
+ターゲットプラットフォームのデフォルトのPostgreSQLバイナリディレクトリをオーバーライドします。
+
+デフォルト値: OSによって異なります。
+
+##### `client_package_name`
+
+デフォルトのPostgreSQLクライアントパッケージ名をオーバーライドします。
+
+デフォルト値: OSによって異なります。
+
+##### `confdir`
+
+ターゲットプラットフォームのデフォルトのPostgreSQL設定ディレクトリをオーバーライドします。
+
+デフォルト値: OSによって異なります。
+
+##### `contrib_package_name`
+
+デフォルトのPostgreSQL contribパッケージ名をオーバーライドします。
+
+デフォルト値: OSによって異なります。
+
+##### `createdb_path`
+
+**非推奨** `createdb`コマンドへのパス。
+
+デフォルト値: '${bindir}/createdb'。
+
+##### `datadir`
+
+ターゲットプラットフォームのデフォルトのPostgreSQLデータディレクトリをオーバーライドします。
+
+デフォルト値: OSによって異なります。
+
+**注意:** インストール後にdatadirを変更すると、変更が実行される前にサーバーが完全に停止します。Red Hatシステムでは、データディレクトリはSELinuxに適切にラベル付けする必要があります。Ubuntuでは、明示的に`needs_initdb = true`に設定して、Puppetが新しいdatadir内のデータベースを初期化できるようにする必要があります(他のシステムでは、`needs_initdb`はデフォルトでtrueになっています)。
+
+**警告:** datadirがデフォルトから変更された場合、Puppetは元のデータディレクトリのパージを管理しません。そのため、データディレクトリが元のディレクトリに戻ったときにエラーが発生します。
+
+##### `default_database`
+
+接続するデフォルトのデータベースの名前を指定します。
+
+デフォルト値: (ほとんどのシステムにおいて) 'postgres'。
+
+##### `devel_package_name`
+
+デフォルトのPostgreSQL develパッケージ名をオーバーライドします。
+
+デフォルト値: OSによって異なります。
+
+##### `docs_package_name`
+
+オプションです。
+
+デフォルトのPostgreSQL docsパッケージ名をオーバーライドします。
+
+デフォルト値: OSによって異なります。
+
+##### `encoding`
+
+このモジュールで作成されるすべてのデータベースのデフォルトエンコーディングを設定します。オペレーティングシステムによっては、`template1` の初期化にも使用されます。その場合、モジュール外部のデフォルトにもなります。
+
+デフォルト値: オペレーティングシステムのデフォルトエンコーディングによって決まります。
+
+##### `group`
+
+ファイルシステムの関連ファイルに使用されるデフォルトのpostgresユーザグループをオーバーライドします。
+
+デフォルト値: 'postgres'。
+
+##### `initdb_path`
+
+`initdb`コマンドへのパス。
+
+##### `java_package_name`
+
+デフォルトのPostgreSQL javaパッケージ名をオーバーライドします。
+
+デフォルト値: OSによって異なります。
+
+##### `locale`
+
+このモジュールで作成されるすべてのデータベースのデフォルトのデータベースロケールを設定します。オペレーティングシステムによっては、`template1` の初期化にも使用されます。その場合、モジュール外部のデフォルトにもなります。
+
+デフォルト値: `undef`、実質的には'C'。
+
+**Debianでは、PostgreSQLのフル機能が使用できるように'locales-all'パッケージがインストールされていることを確認する必要があります。**
+
+##### `timezone`
+
+postgresqlサーバーのデフォルトタイムゾーンを設定します。postgresqlのビルトインのデフォルト値は、システムのタイムゾーン情報を取得しています。
+
+##### `logdir`
+
+デフォルトのPostgreSQL logディレクトリをオーバーライドします。
+
+デフォルト値: initdbのデフォルトパス。
+
+##### `manage_package_repo`
+
+`true`に設定されている場合、お使いのホスト上に公式なPostgreSQLリポジトリをセットアップします。
+
+デフォルト値: `false`。
+
+##### `module_workdir`
+
+psqlコマンドを実行する作業ディレクトリを指定します。'/tmp'がnoexecオプションでマウントされたボリューム上にあるときに、指定が必要になる場合があります。
+
+デフォルト値: '/tmp'。
+
+##### `needs_initdb`
+
+サーバーパッケージをインストール後、PostgreSQLサービスを開始する前に、initdb動作を明示的に呼び出します。
+
+デフォルト値: OSによって異なります。
+
+##### `perl_package_name`
+
+デフォルトのPostgreSQL Perlパッケージ名をオーバーライドします。
+
+デフォルト値: OSによって異なります。
+
+##### `pg_hba_conf_defaults`
+
+`false`に設定すると、`pg_hba.conf`についてモジュールに設定されたデフォルト値を無効にします。デフォルト値をオーバーライドするときに役立ちます。ただし、基本的な`psql`動作など、一定の動作を行うためには一定のアクセスが要求されるので、ここでの変更内容がその他のモジュールと矛盾しないように注意してください。
+
+デフォルト値: `postgresql::globals::manage_pg_hba_conf`に設定されたグローバル値。デフォルトは`true`。
+
+##### `pg_hba_conf_path`
+
+`pg_hba.conf`ファイルへのパスを指定します。
+
+デフォルト値: '${confdir}/pg_hba.conf'。
+
+##### `pg_ident_conf_path`
+
+`pg_ident.conf`ファイルへのパスを指定します。
+
+デフォルト値: '${confdir}/pg_ident.conf'。
+
+##### `plperl_package_name`
+
+デフォルトのPostgreSQL PL/Perlパッケージ名をオーバーライドします。
+
+デフォルト値: OSによって異なります。
+
+##### `plpython_package_name`
+
+デフォルトのPostgreSQL PL/Pythonパッケージ名をオーバーライドします。
+
+デフォルト値: OSによって異なります。
+
+##### `postgis_version`
+
+PostGISをインストールする場合に、インストールするPostGISのバージョンを定義します。
+
+デフォルト値: インストールするPostgreSQLで利用可能な最下位のバージョン。
+
+##### `postgresql_conf_path`
+
+`postgresql.conf`ファイルへのパスを設定します。
+
+デフォルト値: '${confdir}/postgresql.conf'。
+
+##### `psql_path`
+
+`psql`コマンドへのパスを設定します。
+
+##### `python_package_name`
+
+デフォルトのPostgreSQL Pythonパッケージ名をオーバーライドします。
+
+デフォルト値: OSによって異なります。
+
+##### `recovery_conf_path`
+
+`recovery.conf`ファイルへのパス。
+
+##### `repo_proxy`
+
+公式のPostgreSQL yumリポジトリのみのプロキシオプションを設定します。これは、サーバーが企業のファイアウォール内にあり、外部への接続にプロキシを使用する必要がある場合に役立ちます。
+
+Debianは現在サポートされていません。
+
+##### `repo_baseurl`
+
+PostgreSQLリポジトリのbaseurlを設定します。リポジトリのミラーを所有している場合に便利です。
+
+デフォルト値: 公式なPostgreSQLリポジトリ。
+
+##### `server_package_name`
+
+デフォルトのPostgreSQLサーバーパッケージ名をオーバーライドします。
+
+デフォルト値: OSによって異なります。
+
+##### `service_name`
+
+デフォルトのPostgreSQLサービス名をオーバーライドします。
+
+デフォルト値: OSによって異なります。
+
+##### `service_provider`
+
+デフォルトのPostgreSQLサービスプロバイダをオーバーライドします。
+
+デフォルト値: OSによって異なります。
+
+##### `service_status`
+
+PostgreSQLサービスのデフォルトのステータスチェックコマンドをオーバーライドします。
+
+デフォルト値: OSによって異なります。
+
+##### `user`
+
+ファイルシステム内のPostgreSQL関連ファイルのデフォルトのPostgreSQLスーパーユーザおよび所有者をオーバーライドします。
+
+デフォルト値: 'postgres'。
+
+##### `version`
+
+インストールおよび管理するPostgreSQLのバージョン。
+
+デフォルト値: OSシステムのデフォルト値。
+
+##### `xlogdir`
+
+デフォルトのPostgreSQL xlogディレクトリをオーバーライドします。
+
+デフォルト値: initdbのデフォルトパス。
+
+#### postgresql::lib::devel
+
+PostgreSQLの開発ライブラリとシンボリックリンク`pg_config`を含むパッケージを`/usr/bin`にインストールします(`/usr/bin`または`/usr/local/bin`に存在しない場合)。
+
+##### `link_pg_config`
+
+PostgreSQLページが使用するbinディレクトリが`/usr/bin`でも`/usr/local/bin`でもない場合、パッケージのbinディレクトリから`usr/bin`に`pg_config`をシンボリックリンクします(Debianシステムには適用されません)。この動作を無効にするには、`false`に設定します。
+
+有効な値: `true`、`false`。
+
+デフォルト値: `true`。
+
+##### `package_ensure`
+
+パッケージのインストール中に'ensure'パラメータをオーバーライドします。
+
+デフォルト値: 'present'。
+
+##### `package_name`
+
+インストール先のディストリビューションのデフォルトパッケージ名をオーバーライドします。
+
+デフォルト値: ディストリビューションに応じて、'postgresql-devel'または'postgresql<version>-devel'。
+
+#### postgresql::lib::java
+
+Java (JDBC)向けのPostgreSQLバインディングをインストールします。カスタムのバージョンをインストールするには、次のパラメータを設定します。
+
+**注意:** カスタムのバージョンを指定する場合、必要なyumまたはaptリポジトリを忘れずに追加してください。
+
+##### `package_ensure`
+
+パッケージが存在するかどうかを指定します。
+
+有効な値: 'present'、'absent'。
+
+デフォルト値: 'present'。
+
+##### `package_name`
+
+PostgreSQL javaパッケージの名前を指定します。
+
+#### postgresql::lib::perl
+
+PostgreSQL Perlライブラリをインストールします。
+
+##### `package_ensure`
+
+パッケージが存在するかどうかを指定します。
+
+有効な値: 'present'、'absent'。
+
+デフォルト値: 'present'。
+
+##### `package_name`
+
+インストールするPostgreSQL perlパッケージの名前を指定します。
+
+#### postgresql::server::plpython
+
+PostgreSQLのPL/Python手続き型言語をインストールします。
+
+##### `package_name`
+
+postgresql PL/Pythonパッケージの名前を指定します。
+
+##### `package_ensure`
+
+パッケージが存在するかどうかを指定します。
+
+有効な値: 'present'、'absent'。
+
+デフォルト値: 'present'。
+
+#### postgresql::lib::python
+
+PostgreSQL Pythonライブラリをインストールします。
+
+##### `package_ensure`
+
+パッケージが存在するかどうかを指定します。
+
+有効な値: 'present'、'absent'。
+
+デフォルト値: 'present'。
+
+##### `package_name`
+
+PostgreSQL Pythonパッケージの名前。
+
+#### postgresql::server
+
+##### `createdb_path`
+
+**非推奨** `createdb`コマンドへのパスを指定します。
+
+デフォルト値: '${bindir}/createdb'。
+
+##### `default_database`
+
+接続するデフォルトのデータベースの名前を指定します。ほとんどのシステムで、'postgres'になります。
+
+##### `default_connect_settings`
+
+リモートサーバーに接続する際に使用される環境変数のハッシュを指定します。他の定義タイプのデフォルトとして使用されます(`postgresql::server::role`など)。
+
+##### `encoding`
+
+このモジュールで作成されるすべてのデータベースのデフォルトエンコーディングを設定します。オペレーティングシステムによっては、`template1` の初期化にも使用されます。その場合、モジュール外部のデフォルトにもなります。
+
+デフォルト値: `undef`。
+
+##### `group`
+
+ファイルシステムの関連ファイルに使用されるデフォルトのpostgresユーグループをオーバーライドします。
+
+デフォルト値: OSによって異なります。
+
+##### `initdb_path`
+
+`initdb`コマンドへのパスを指定します。
+
+デフォルト値: '${bindir}/initdb'。
+
+##### `ipv4acls`
+
+接続方法、ユーザ、データベース、IPv4アドレスのアクセス制御のための文字列を一覧表示します。
+
+詳細については、[PostgreSQLマニュアル](http://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html)の`pg_hba.conf`の項を参照してください。
+
+##### `ipv6acls`
+
+接続方法、ユーザ、データベース、IPv6アドレスのアクセス制御のための文字列を一覧表示します。
+
+詳細については、[PostgreSQLマニュアル](http://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html)の`pg_hba.conf`の項を参照してください。
+
+##### `ip_mask_allow_all_users`
+
+リモート接続に関するPostgreSQLのデフォルト動作をオーバーライドします。デフォルトでは、PostgreSQLは、データベースユーザアカウントがリモートマシンからTCP経由で接続することを許可しません。許可するには、この設定をオーバーライドします。
+
+データベースユーザによる任意のリモートマシンからの接続を許可するには、'0.0.0.0/0'に設定します。ローカルの'192.168'サブネット内の任意のマシンからの接続を許可するには、'192.168.0.0/1'に設定します。
+
+デフォルト値: '127.0.0.1/32'。
+
+##### `ip_mask_deny_postgres_user`
+
+postgresスーパーユーザについて、リモート接続を拒否するためのIPマスクを指定します。
+
+デフォルト値: '0.0.0.0/0'。デフォルト値ではリモート接続はすべて拒否されます。
+
+##### `locale`
+
+このモジュールで作成されるすべてのデータベースのデフォルトのデータベースロケールを設定します。オペレーティングシステムによっては、`template1` の初期化にも使用されます。その場合、モジュール外部のデフォルトになります。
+
+デフォルト値: `undef`、実質的には'C'。
+
+**Debianでは、PostgreSQLの全機能を使用できるよう、'locales-all'パッケージがインストールされていることを確認してください。**
+
+##### `manage_pg_hba_conf`
+
+`pg_hba.conf`を管理するかどうかを指定します。
+
+`true`に設定すると、Puppetはこのファイルを上書きします。
+
+`false`に設定すると、Puppetはこのファイルに変更を加えません。
+
+有効な値: `true`、`false`。
+
+デフォルト値: `true`
+
+##### `manage_pg_ident_conf`
+
+pg_ident.confファイルを上書きします。
+
+`true`に設定すると、Puppetはこのファイルを上書きします。
+
+`false`に設定すると、Puppetはこのファイルに変更を加えません。
+
+有効な値: `true`、`false`。
+
+デフォルト値: `true`。
+
+##### `manage_recovery_conf`
+
+`recovery.conf`を管理するかどうかを指定します。
+
+`true`に設定すると、Puppetはこのファイルを上書きします。
+
+有効な値: `true`、`false`。
+
+デフォルト値: `false`。
+
+##### `needs_initdb`
+
+サーバーパッケージをインストール後、PostgreSQLサービスを開始する前に、`initdb`動作を明示的に呼び出します。
+
+デフォルト値: OSによって異なります。
+
+##### `package_ensure`
+
+サーバーインスタンスを作成するときに、`package`リソースに値を受け渡します。
+
+デフォルト値: `undef`。
+
+##### `package_name`
+
+サーバーソフトウェアをインストールするときに使用するパッケージの名前を指定します。
+
+デフォルト値: OSによって異なります。
+
+##### `pg_hba_conf_defaults`
+
+`false`に設定すると、`pg_hba.conf`についてモジュールに設定されたデフォルト値を無効にします。これは、デフォルト値を使用せずにオーバーライドするときに役立ちます。だし、基本的な`psql`動作などを実行するには一定のアクセスが要求されるので、ここでの変更内容がその他のモジュールと矛盾しないように注意してください。
+
+##### `pg_hba_conf_path`
+
+`pg_hba.conf`ファイルへのパスを指定します。
+
+##### `pg_ident_conf_path`
+
+`pg_ident.conf`ファイルへのパスを指定します。
+
+デフォルト値: '${confdir}/pg_ident.conf'。
+
+##### `plperl_package_name`
+
+PL/Perl拡張のデフォルトパッケージ名を設定します。
+
+デフォルト値: OSによって異なります。
+
+##### `plpython_package_name`
+
+PL/Python拡張のデフォルトパッケージ名を設定します。
+
+デフォルト値: OSによって異なります。
+
+##### `port`
+
+PostgreSQLサーバーがリッスンするポートを指定します。**注意:** サーバーがリッスンする全IPアドレスで、同一のポート番号が使用されます。また、Red Hatシステムと初期のDebianシステムでは、ポート番号を変更するとき、変更実行前にサーバーが完全停止します。
+
+デフォルト値: 5432。これは、PostgresサーバーがTCPポート5432をリッスンすることを意味します。
+
+##### `postgres_password`
+
+postgresユーザのパスワードを特定の値に設定します。デフォルトでは、この設定はPostgresデータベース内のスーパーユーザアカウント(ユーザ名`postgres`、パスワードなし)を使用します。
+
+デフォルト値: `undef`。
+
+##### `postgresql_conf_path`
+
+`postgresql.conf`ファイルへのパスを指定します。
+
+デフォルト値: '${confdir}/postgresql.conf'。
+
+##### `psql_path`
+
+`psql`コマンドへのパスを指定します。
+
+デフォルト値: OSによって異なります。
+
+##### `service_manage`
+
+Puppetがサービスを管理するかどうかを定義します。
+
+デフォルト値: `true`。
+
+##### `service_name`
+
+デフォルトのPostgreSQLサービス名をオーバーライドします。
+
+デフォルト値: OSによって異なります。
+
+##### `service_provider`
+
+デフォルトのPostgreSQLサービスプロバイダをオーバーライドします。
+
+デフォルト値: `undef`。
+
+##### `service_reload`
+
+PostgreSQLサービスのデフォルトのリロードコマンドをオーバーライドします。
+
+デフォルト値: OSによって異なります。
+
+##### `service_restart_on_change`
+
+設定変更をアクティブにするにはサービスの再起動が必要な設定エントリが変更された場合に、PostgreSQLサービスを再起動する際のデフォルト動作をオーバーライドします。
+
+デフォルト値: `true`。
+
+##### `service_status`
+
+PostgreSQLサービスのデフォルトのステータスチェックコマンドをオーバーライドします。
+
+デフォルト値: OSによって異なります。
+
+##### `user`
+
+ファイルシステム内のPostgreSQL関連ファイルのデフォルトのPostgreSQLスーパーユーザおよびオーナーをオーバーライドします。
+
+デフォルト値: 'postgres'。
+
+#### postgresql::server::contrib
+
+PostgreSQL contribパッケージをインストールします。
+
+##### `package_ensure`
+
+PostgreSQL contribパッケージリソースに受け渡されたensureパラメータを設定します。
+
+##### `package_name`
+
+PostgreSQL contribパッケージの名前。
+
+#### postgresql::server::plperl
+
+postgresqlのPL/Perl手続き型言語をインストールします。
+
+##### `package_ensure`
+
+PostgreSQL PL/Perlパッケージリソースに受け渡されたensureパラメータ。
+
+##### `package_name`
+
+PostgreSQL PL/Perlパッケージの名前。
+
+#### postgresql::server::postgis
+
+PostgreSQL postgisパッケージをインストールします。
+
+### 定義できるタイプ
+
+#### postgresql::server::config_entry
+
+`postgresql.conf`設定ファイルを変更します。
+
+各リソースは、次の例のようにファイル内の各行にマッピングされています。
+
+```puppet
+postgresql::server::config_entry { 'check_function_bodies':
+ value => 'off',
+}
+```
+
+##### `ensure`
+
+'absent'に設定した場合、エントリを削除します。
+
+有効な値: 'present'、'absent'。
+
+デフォルト値: 'present'。
+
+##### `value`
+
+設定の値を定義します。
+
+#### postgresql::server::db
+
+ローカルのデータベース、ユーザを作成し、必要なパーミッションを割り当てます。
+
+##### `comment`
+
+PostgreSQLのCOMMENTコマンドを使用して、データベースについて保存するコメントを定義します。
+
+##### `connect_settings`
+
+リモートサーバーに接続する際に使用される環境変数のハッシュを指定します。
+
+デフォルト値: ローカルのPostgresインスタンスに接続します。
+
+##### `dbname`
+
+作成するデータベースの名前を設定します。
+
+デフォルト値: namevar。
+
+##### `encoding`
+
+データベースの作成中の文字セットをオーバーライドします。
+
+デフォルト値: インストール時に定義されたデフォルト値。
+
+##### `grant`
+
+作成中に付与するパーミッションを指定します。
+
+デフォルト値: 'ALL'。
+
+##### `istemplate`
+
+`true`に設定すると、そのデータベースをテンプレートとして指定します。
+
+デフォルト値: `false`。
+
+##### `locale`
+
+データベース作成中にロケールをオーバーライドします。
+
+デフォルト値: インストール時に定義されたデフォルト値。
+
+##### `owner`
+
+ユーザをデータベースの所有者として設定します。
+
+デフォルト値: `postgresql::server`または`postgresql::globals`で設定された'$user'変数。
+
+##### `password`
+
+**必須** 作成されたユーザのパスワードを設定します。
+
+##### `tablespace`
+
+作成したデータベースを割り当てるテーブル空間の名前を定義します。
+
+デフォルト値: PostgreSQLのデフォルト値。
+
+##### `template`
+
+このデータベースを構築する際にテンプレートとして使用するデータベースの名前を指定します。
+
+デフォルト値: `template0`。
+
+##### `user`
+
+データベースを作成し、作成後にデータベースへのアクセスを割り当てるユーザ。必須指定です。
+
+#### postgresql::server::database
+
+ユーザなし、パーミッションなしのデータベースを作成します。
+
+##### `dbname`
+
+データベースの名前を設定します。
+
+デフォルト値: namevar。
+
+##### `encoding`
+
+データベースの作成中の文字セットをオーバーライドします。
+
+デフォルト値: インストール時に定義されたデフォルト値。
+
+##### `istemplate`
+
+`true`に設定すると、そのデータベースをテンプレートとして定義します。
+
+デフォルト値: `false`。
+
+##### `locale`
+
+データベース作成中にロケールをオーバーライドします。
+
+デフォルト値: インストール時に定義されたデフォルト値。
+
+##### `owner`
+
+データベース所有者の名前を設定します。
+
+デフォルト値: `postgresql::server`または`postgresql::globals`で設定された'$user'変数。
+
+##### `tablespace`
+
+このデータベースを作成するテーブル空間を設定します。
+
+デフォルト値: インストール時に定義されたデフォルト値。
+
+##### `template`
+
+このデータベースを構築する際にテンプレートとして使用するデータベースの名前を指定します。
+
+デフォルト値: 'template0'。
+
+#### postgresql::server::database_grant
+
+データベース固有のパーミッションについて`postgresql::server::database_grant`をラッピングして、grantベースのユーザアクセス権を管理します。詳細については、[PostgreSQLマニュアルの`grant`](http://www.postgresql.org/docs/current/static/sql-grant.html)を参照してください。
+
+#### `connect_settings`
+
+リモートサーバーに接続する際に使用される環境変数のハッシュを指定します。
+
+デフォルト値: ローカルのPostgresインスタンスに接続します。
+
+##### `db`
+
+アクセス権を付与するデータベースを指定します。
+
+##### `privilege`
+
+付与する権限のコンマ区切りリストを指定します。
+
+有効なオプション: 'ALL'、'CREATE'、'CONNECT'、'TEMPORARY'、'TEMP'。
+
+##### `psql_db`
+
+権限付与を実行するデータベースを定義します。
+
+**通常、デフォルトを変更しないでください。**
+
+デフォルト値: 'postgres'。
+
+##### `psql_user`
+
+`psql`を実行するOSユーザを指定します。
+
+デフォルト値: モジュールのデフォルトユーザ。通常、'postgres'。
+
+##### `role`
+
+アクセスを付与するロールまたはユーザを指定します。
+
+#### postgresql::server::extension
+
+PostgreSQL拡張を管理します。
+
+##### `database`
+
+拡張を有効化するデータベースを指定します。
+
+##### `ensure`
+
+拡張を有効化するか無効化するかを指定します。
+
+有効なオプション: 'present'または'absent'。
+
+#### `extension`
+
+有効化する拡張を指定します。空欄にした場合、リソースの名前が使用されます。
+
+##### `package_name`
+
+拡張を有効化する前にインストールするパッケージを指定します。
+
+##### `package_ensure`
+
+デフォルトのパッケージ削除動作をオーバーライドします。
+
+デフォルトでは、`package_name`で指定されたパッケージが、拡張が有効のときインストールされ、拡張が無効のとき削除されます。この動作をオーバーライドするには、そのパッケージに`ensure`の値を設定してください。
+
+#### postgresql::server::grant
+
+ロールのgrantベースのアクセス権を管理します。詳細については、[PostgreSQLマニュアルの`grant`](http://www.postgresql.org/docs/current/static/sql-grant.html)を参照してください。
+
+##### `db`
+
+アクセス権を付与するデータベースを指定します。
+
+##### `object_type`
+
+権限を付与するオブジェクトのタイプを指定します。
+
+有効なオプション: 'DATABASE'、'SCHEMA'、'SEQUENCE'、'ALL SEQUENCES IN SCHEMA'、'TABLE'、または'ALL TABLES IN SCHEMA'。
+
+##### `object_name`
+
+アクセス権を付与する`object_type`の名前を指定します。
+
+##### `port`
+
+接続に使用するポート。
+
+デフォルト値: `undef`。PostgreSQLのパッケージングに応じて、通常、デフォルトでポート5432になります。
+
+##### `privilege`
+
+付与する権限を指定します。
+
+有効なオプション: 'ALL'、'ALL PRIVILEGES'、または'object_type'依存の文字列。
+
+##### `psql_db`
+
+権限付与を実行するデータベースを指定します。
+
+**通常、デフォルトを変更しないでください。**
+
+デフォルト値: 'postgres'。
+
+##### `psql_user`
+
+`psql`を実行するOSユーザを設定します。
+
+デフォルト値: モジュールのデフォルトユーザ。通常、'postgres'。
+
+##### `role`
+
+アクセスを付与するロールまたはユーザを指定します。
+
+#### postgresql::server::grant_role
+
+ロールを(グループ)ロールに割り当てられるようにします。詳細については、[PostgreSQLマニュアルの`Role Membership`](http://www.postgresql.org/docs/current/static/role-membership.html)を参照してください。
+
+##### `group`
+
+ロールを割り当てるグループロールを指定します。
+
+##### `role`
+
+グループに割り当てるロールを指定します。空欄にした場合、リソースの名前が使用されます。
+
+##### `ensure`
+
+メンバーシップを付与するか、無効化するかを指定します。
+
+有効なオプション: 'present'または'absent'。
+
+デフォルト値: 'present'。
+
+##### `port`
+
+接続に使用するポート。
+
+デフォルト値: `undef`。PostgreSQLのパッケージングに応じて、通常、デフォルトでポート5432になります。
+
+##### `psql_db`
+
+権限付与を実行するデータベースを指定します。
+
+**通常、デフォルトを変更しないでください。**
+
+デフォルト値: 'postgres'。
+
+##### `psql_user`
+
+`psql`を実行するOSユーザを設定します。
+
+デフォルト値: モジュールのデフォルトユーザ。通常、`postgres`。
+
+##### `connect_settings`
+
+リモートサーバーに接続する際に使用される環境変数のハッシュを指定します。
+
+デフォルト値: ローカルのPostgresインスタンスに接続します。
+
+#### postgresql::server::pg_hba_rule
+
+`pg_hba.conf`のアクセスルールを作成できるようにします。詳細については、[使用例](#create-an-access-rule-for-pghba.conf)および[PostgreSQLマニュアル](http://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html)を参照してください。
+
+##### `address`
+
+タイプが'local'ではないとき、このルール一致に対するCIDRベースのアドレスを設定します。
+
+##### `auth_method`
+
+このルールが一致する接続の認証に使用される方法を提供します。詳細な説明は、PostgreSQL `pg_hba.conf`のマニュアルに記載されています。
+
+##### `auth_option`
+
+特定の`auth_method`設定については、受け渡し可能な追加オプションがあります。詳細については、PostgreSQL `pg_hba.conf`マニュアルを参照してください。
+
+##### `database`
+
+このルールが一致するデータベースのコンマ区切りリストを設定します。
+
+##### `description`
+
+必要に応じて、このルールの長めの説明を定義します。この説明は、`pg_hba.conf`のルール上部のコメント内に挿入されます。
+
+デフォルト値: 'none'。
+
+そのリソースを一意に識別するための方法を指定しますが、機能的には何も実行しません。
+
+##### `order`
+
+`pg_hba.conf`にルールを配置する順序を設定します。
+
+デフォルト値: 150。
+
+#### `postgresql_version`
+
+PostgreSQLインスタンス全体を管理することなく、`pg_hba.conf`を管理します。
+
+デフォルト値: `postgresql::server`に設定されたバージョン。
+
+##### `target`
+
+ルールのターゲットを提供します。通常、内部使用のみのプロパティです。
+
+**注意して使用してください。**
+
+##### `type`
+
+ルールのタイプを設定します。
+
+有効なオプション: 'local'、'host'、'hostssl'、または'hostnossl'。
+
+##### `user`
+
+このルールが一致するユーザのコンマ区切りリストを設定します。
+
+
+#### postgresql::server::pg_ident_rule
+
+`pg_ident.conf`のユーザ名マップを作成可能にします。詳細については、上述の[使用例](#create-user-name-maps-for-pgidentconf)および[PostgreSQLマニュアル](http://www.postgresql.org/docs/current/static/auth-username-maps.html)を参照してください。
+
+##### `database_username`
+
+データベースユーザのユーザ名を指定します。このユーザ名には`system_username`がマッピングされています。
+
+##### `description`
+
+必要に応じて、このルールの長めの説明を設定します。この説明は、`pg_ident.conf`のルール上部のコメント内に挿入されます。
+
+デフォルト値: 'none'。
+
+##### `map_name`
+
+`pg_hba.conf`でこのマッピングを参照するために使用されるユーザマップの名前を設定します。
+
+##### `order`
+
+`pg_ident.conf`にマッピングを配置する際の順序を定義します。
+
+デフォルト値: 150。
+
+##### `system_username`
+
+オペレーティングシステムのユーザ名(データベースへの接続に使用するユーザ名)を指定します。
+
+##### `target`
+
+ルールのターゲットを提供します。通常、内部使用のみのプロパティです。
+
+**注意して使用してください。**
+
+#### postgresql::server::recovery
+
+`recovery.conf`の内容を作成可能にします。詳細については、[使用例](#create-recovery-configuration)および[PostgreSQLマニュアル](http://www.postgresql.org/docs/current/static/recovery-config.html)を参照してください。
+
+`recovery_target_inclusive`、 `pause_at_recovery_target`、`standby_mode`、`recovery_min_apply_delay`を除くすべてのパラメータ値は、テンプレートに含まれる文字列セットです。
+
+全パラメータリストの詳細な説明は、[PostgreSQLマニュアル](http://www.postgresql.org/docs/current/static/recovery-config.html)にあります。
+
+パラメータは、次の3つのセクションにグループ分けされています。
+
+##### [アーカイブリカバリパラメータ](http://www.postgresql.org/docs/current/static/archive-recovery-settings.html)
+
+* `restore_command`
+* `archive_cleanup_command`
+* `recovery_end_command`
+
+##### [リカバリターゲット設定](http://www.postgresql.org/docs/current/static/recovery-target-settings.html)
+* `recovery_target_name`
+* `recovery_target_time`
+* `recovery_target_xid`
+* `recovery_target_inclusive`
+* `recovery_target`
+* `recovery_target_timeline`
+* `pause_at_recovery_target`
+
+##### [スタンバイサーバー設定](http://www.postgresql.org/docs/current/static/standby-settings.html)
+* `standby_mode`: 文字列('on'/'off')またはブール値(`true`/`false`)で指定できます。
+* `primary_conninfo`
+* `primary_slot_name`
+* `trigger_file`
+* `recovery_min_apply_delay`
+
+##### `target`
+ルールのターゲットを提供します。通常、内部使用のみのプロパティです。
+
+**注意して使用してください。**
+
+#### postgresql::server::role
+PostgreSQLのロールまたはユーザを作成します。
+
+##### `connection_limit`
+ロールが同時に接続可能な数を指定します。
+
+デフォルト値: '-1'。これは、無制限を意味します。
+
+##### `connect_settings`
+リモートサーバーに接続する際に使用される環境変数のハッシュを指定します。
+
+デフォルト値: ローカルのPostgresインスタンスに接続します。
+
+##### `createdb`
+このロールに新しいデータベースを作成する能力を付与するかどうかを指定します。
+
+デフォルト値: `false`。
+
+##### `createrole`
+このロールに新しいロールを作成する権限を付与するかどうかを指定します。
+
+デフォルト値: `false`。
+
+##### `inherit`
+新しいロールに継承権限を付与するかどうかを指定します。
+
+デフォルト値: `true`。
+
+##### `login`
+新しいロールにログイン権限を付与するかどうかを指定します。
+
+デフォルト値: `true`。
+
+##### `password_hash`
+パスワード作成中に使用するハッシュを設定します。PostgreSQLがサポートする形式でパスワードが暗号化されていない場合、ここで、`postgresql_password`関数を使用して、MD5ハッシュを提供します。例は次のとおりです。
+
+##### `update_password`
+trueに設定すると、変更時にパスワードが更新されます。作成後にロールのパスワードを変更しない場合は、falseに設定してください。
+
+```puppet
+postgresql::server::role { 'myusername':
+ password_hash => postgresql_password('myusername', 'mypassword'),
+}
+```
+
+##### `replication`
+
+`true`に設定すると、このロールにレプリケーション機能が提供されます。
+
+デフォルト値: `false`。
+
+##### `superuser`
+
+新しいロールにスーパーユーザ権限を付与するかどうかを指定します。
+
+デフォルト値: `false`。
+
+##### `username`
+
+作成するロールのユーザ名を定義します。
+
+デフォルト値: namevar。
+
+#### postgresql::server::schema
+
+スキーマを作成します。
+
+##### `connect_settings`
+
+リモートサーバーに接続する際に使用される環境変数のハッシュを指定します。
+
+デフォルト値: ローカルのPostgresインスタンスに接続します。
+
+##### `db`
+
+必須。
+
+このスキーマを作成するデータベースの名前を設定します。
+
+##### `owner`
+
+スキーマのデフォルト所有者を設定します。
+
+##### `schema`
+
+スキーマの名前を設定します。
+
+デフォルト値: namevar。
+
+#### postgresql::server::table_grant
+
+ユーザのgrantベースのアクセス権を管理します。詳細については、PostgreSQLマニュアルの`grant`の項を参照してください。
+
+##### `connect_settings`
+
+リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。
+
+デフォルト値: ローカルのPostgresインスタンスに接続します。
+
+##### `db`
+
+そのテーブルが存在するデータベースを指定します。
+
+##### `privilege`
+
+付与する権限のコンマ区切りリストを指定します。有効なオプション: 'ALL'、'SELECT'、'INSERT'、'UPDATE'、'DELETE'、'TRUNCATE'、'REFERENCES'、'TRIGGER'。
+
+##### `psql_db`
+
+権限付与を実行するデータベースを指定します。
+
+通常、デフォルトを変更しないでください。
+
+デフォルト値: 'postgres'。
+
+##### `psql_user`
+
+`psql`を実行するOSユーザを指定します。
+
+デフォルト値: モジュールのデフォルトユーザ。通常、'postgres'。
+
+##### `role`
+
+アクセスを付与するロールまたはユーザを指定します。
+
+##### `table`
+
+アクセス権を付与するテーブルを指定します。
+
+#### postgresql::server::tablespace
+
+テーブル空間を作成します。必要な場合、場所も作成し、PostgreSQLサーバーと同じパーミッションを割り当てます。
+
+##### `connect_settings`
+
+リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。
+
+デフォルト値: ローカルのPostgresインスタンスに接続します。
+
+##### `location`
+
+このテーブル空間へのパスを指定します。
+
+##### `owner`
+
+そのテーブル空間のデフォルト所有者を指定します。
+
+##### `spcname`
+
+テーブル空間の名前を指定します。
+
+デフォルト値: namevar。
+
+### タイプ
+
+#### postgresql_psql
+
+Puppetがpsqlステートメントを実行できるようにします。
+
+##### `command`
+
+必須。
+
+psqlを介して実行するSQLコマンドを指定します。
+
+##### `cwd`
+
+psqlコマンドが実行される作業ディレクトリを指定します。
+
+デフォルト値: '/tmp'。
+
+##### `db`
+
+SQLコマンドを実行するデータベースの名前を指定します。
+
+##### `environment`
+
+SQLコマンドに対して追加の環境変数を設定する場合に指定します。複数の環境変数を使用する場合は、配列として指定します。
+
+##### `name`
+
+自身の参考用の任意のタグ、すなわちメッセージの名前を設定します。これはnamevarです。
+
+##### `onlyif`
+
+メインのコマンドの前に実行するオプションのSQLコマンドを設定します。通常、これはべき等性に基づいて、データベース内のオブジェクトの存在を確認し、メインのSQLコマンドを実行する必要があるかどうかを判断するため使用されます。
+
+##### `port`
+
+SQLコマンドを実行するデータベースサーバーのポートを指定します。
+
+##### `psql_group`
+
+psqlコマンドを実行するシステムユーザグループアカウントを指定します。
+
+デフォルト値: 'postgres'。
+
+##### `psql_path`
+
+psql実行ファイルへのパスを指定します。
+
+デフォルト値: 'psql'。
+
+##### `psql_user`
+
+psqlコマンドを実行するシステムユーザアカウントを指定します。
+
+デフォルト値: 'postgres'。
+
+##### `refreshonly`
+
+notifyイベントまたはsubscribeイベントが発生したときのみSQLを実行するかどうかを指定します。
+
+有効な値: `true`、`false`。
+
+デフォルト値: `false`。
+
+##### `search_path`
+
+SQLコマンドを実行するときに使用するスキーマ検索パスを定義します。
+
+##### `unless`
+
+`onlyif`の逆です。
+
+#### postgresql_conf
+
+Puppetが`postgresql.conf`パラメータを管理できるようにします。
+
+##### `name`
+
+管理するPostgreSQLパラメータ名を指定します。
+
+これはnamevarです。
+
+##### `target`
+
+`postgresql.conf`へのパスを指定します。
+
+デフォルト値: '/etc/postgresql.conf'。
+
+##### `value`
+
+このパラメータに設定する値を指定します。
+
+#### postgresql_replication_slot
+
+PostgreSQLマスターサーバー上でウォームスタンバイレプリケーションを登録するためのレプリケーションスロットを作成および消去できるようにします。
+
+##### `name`
+
+作成するスロットの名前を指定します。有効なレプリケーションスロット名である必要があります。
+
+これはnamevarです。
+
+#### postgresql_conn_validator
+
+このタイプを使用するローカルまたはリモートのPostgreSQLデータベースへの接続を検証します。
+
+##### `connect_settings`
+
+リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。個々のパラメータ(`host`など)を設定する代わりに使用されますが、個々のパラメータが設定されている場合は個々のパラメータが優先されます。
+
+デフォルト値: {}
+
+##### `db_name`
+
+テストするデータベースの名前を指定します。Specifies the name of the database you wish to test.
+
+デフォルト値: ''
+
+##### `db_password`
+
+接続するパスワードを指定します。`.pgpass`が使用されている場合は空欄にできます。それ以外の場合、空欄にすることは推奨されません。
+
+デフォルト値: ''
+
+##### `db_username`
+
+接続するユーザ名を指定します。
+
+デフォルト値: ''
+
+Unixソケットとident認証を使用するとき、このユーザとして実行されます。
+
+##### `command`
+
+接続性を検証するためにターゲットデータベースで実行されるコマンドです。
+
+デフォルト値: 'SELECT 1'
+
+##### `host`
+
+テストするデータベースのホスト名を設定します。
+
+デフォルト値: ''。これは、通常指定されたローカルUnixソケットを使用します。
+
+**ホストがリモートの場合、ユーザ名を指定する必要があります。**
+
+##### `port`
+
+接続するときに使用するポートを定義します。
+
+デフォルト値: ''
+
+##### `run_as`
+
+`psql`コマンドの実行ユーザを指定します。これは、Unixソケットと`ident`認証を使用してローカルにデータベースに接続するときに重要です。リモートテストには必要ありません。
+
+##### `sleep`
+
+失敗した後、再試行する前にスリープする時間を秒単位で設定します。
+
+##### `tries`
+
+失敗した後、リソースを失敗とみなすまで再試行する回数を設定します。
+
+### 関数
+
+#### postgresql_password
+
+PostgreSQL暗号化パスワードを生成します。次のように、`postgresql_password`をコマンドラインから呼び出し、暗号化されたパスワードをマニフェストにコピーペーストします。
+
+```shell
+puppet apply --execute 'notify { 'test': message => postgresql_password('username', 'password') }'
+```
+
+本番マニフェストからこの関数を呼び出すことも可能ですが、その場合、マニフェストには暗号化していない平文のパスワードを含める必要があります。
+
+#### postgresql_acls_to_resources_hash(acl_array, id, order_offset)
+
+この内部関数は、`pg_hba.conf`ベースのACLのリスト(文字列の配列として受け渡されたもの)を`postgresql::pg_hba_rule`リソースと互換性のある形式に変換します。
+
+**この関数は、モジュールによる内部的な使用のみ可能です。**
+
+## 制約事項
+
+PostgreSQLのバージョン8.1~9.5で動作します。
+
+現在、postgresqlモジュールは次のオペレーティングシステムでテスト済みです。
+
+* Debian 6.x、7.x、8.x。
+* CentOS 5.x、6.x、7.x。
+* Ubuntu 10.04および12.04、14.04。
+
+その他のシステムとも互換性がある可能性がありますが、積極的なテストは行っておりません。
+
+### Aptモジュールのサポート
+
+このモジュールは1.xと2.x両方のバージョンの'puppetlabs-apt'モジュールをサポートしていますが、'puppetlabs-apt'の2.0.0と2.0.1はサポートしていません。
+
+### PostGISのサポート
+
+PostGISは、現時点ではすべてのプラットフォームで正常に動作するわけではないため、サポート対象外の機能とみなします。
+
+### すべてのバージョンのRHEL/CentOS
+
+SELinuxが有効化されている場合、次の方法で`postgresql_port_t`コンテキストに使用中のカスタムポートを追加する必要があります。
+
+```shell
+semanage port -a -t postgresql_port_t -p tcp $customport
+```
+
+## 開発
+
+Puppet Forgeに公開されているPuppet Labsモジュールはオープンプロジェクトのため、維持するにはコミュニティの貢献が不可欠です。Puppetは、現在私たちがアクセスできない無数のプラットフォームやハードウェア、ソフトウェア、デプロイ構成にも利用されることを目的としています。私たちの目標は、できる限り簡単に変更に貢献し、みなさまの環境で私たちのモジュールが機能できるようにすることです。最高の状態を維持するため、コントリビュータにはいくつかのガイドラインを守っていただく必要があります。詳細については、[モジュールコントリビューションガイド](https://docs.puppetlabs.com/forge/contributing.html)を参照してください。
+
+### テスト
+
+このモジュールには、2種類のテストが配布されています。`rspec-puppet`のユニットテストと、`rspec-system`を使用したシステムテストです。
+
+ユニットテストを実行するには、以下がインストールされていることを確認してください。
+
+* rake
+* bundler
+
+次のように、必要なgemをインストールします。
+
+```shell
+bundle install --path=vendor
+```
+
+そして、次のように記述して、ユニットテストを実行します。
+
+```shell
+bundle exec rake spec
+```
+
+ユニットテストは、Travis-CIでも実行されます。自身のテスト結果を確認するには、このプロジェクトのご自身のGitHubクローンのアカウントセクションから、Travis-CIを介してサービスフックを登録してください。
+
+システムテストを実行するには、以下のツールもインストールされていることを確認してください。
+
+* Vagrant > 1.2.x
+* VirtualBox > 4.2.10
+
+次の記述を使用してテストを実行します。
+
+```shell
+bundle exec rspec spec/acceptance
+```
+
+異なるオペレーティングシステムでテストを実行するには、`.nodeset.yml`で利用可能なセットを確認して、次の構文で特定のセットを実行します。
+
+```shell
+RSPEC_SET=debian-607-x64 bundle exec rspec spec/acceptance
+```
+
+### コントリビュータ
+
+貢献してくださった方々の一覧を[Github](https://github.com/puppetlabs/puppetlabs-postgresql/graphs/contributors)でご覧いただけます。
--- /dev/null
+require 'spec_helper_acceptance'
+
+# These tests are designed to ensure that the module, when ran with defaults,
+# sets up everything correctly and allows us to connect to Postgres.
+describe 'postgresql::server', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ it 'with defaults' do
+ pp = <<-EOS
+ class { 'postgresql::globals':
+ encoding => 'UTF8',
+ locale => 'en_NG',
+ } ->
+ class { 'postgresql::server': }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+ end
+
+ describe port(5432) do
+ it { is_expected.to be_listening }
+ end
+
+ it 'can connect with psql' do
+ psql('--command="\l" postgres', 'postgres') do |r|
+ expect(r.stdout).to match(/List of databases/)
+ end
+ end
+
+ it 'must set UTF8 as template1 encoding' do
+ psql('--command="SELECT pg_encoding_to_char(encoding) FROM pg_database WHERE datname=\'template1\'"') do |r|
+ expect(r.stdout).to match(/UTF8/)
+ end
+ end
+end
+
+
+
--- /dev/null
+require 'spec_helper_acceptance'
+
+# These tests ensure that postgres can change itself to an alternative port
+# properly.
+describe 'postgresql::server', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ it 'on an alternative port' do
+ pp = <<-EOS
+ class { 'postgresql::server': port => '55433' }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+ end
+
+ describe port(55433) do
+ it { is_expected.to be_listening }
+ end
+
+ it 'can connect with psql' do
+ psql('-p 55433 --command="\l" postgres', 'postgres') do |r|
+ expect(r.stdout).to match(/List of databases/)
+ end
+ end
+
+end
+
+
+
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe 'postgresql::server::db', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ it 'creates a database' do
+ begin
+ tmpdir = default.tmpdir('postgresql')
+ pp = <<-EOS
+ class { 'postgresql::server':
+ postgres_password => 'space password',
+ }
+ postgresql::server::tablespace { 'postgresql-test-db':
+ location => '#{tmpdir}',
+ } ->
+ postgresql::server::db { 'postgresql-test-db':
+ comment => 'testcomment',
+ user => 'test-user',
+ password => 'test1',
+ tablespace => 'postgresql-test-db',
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+
+ # Verify that the postgres password works
+ shell("echo 'localhost:*:*:postgres:\'space password\'' > /root/.pgpass")
+ shell("chmod 600 /root/.pgpass")
+ shell("psql -U postgres -h localhost --command='\\l'")
+
+ psql('--command="select datname from pg_database" "postgresql-test-db"') do |r|
+ expect(r.stdout).to match(/postgresql-test-db/)
+ expect(r.stderr).to eq('')
+ end
+
+ psql('--command="SELECT 1 FROM pg_roles WHERE rolname=\'test-user\'"') do |r|
+ expect(r.stdout).to match(/\(1 row\)/)
+ end
+
+ result = shell('psql --version')
+ version = result.stdout.match(%r{\s(\d\.\d)})[1]
+ if version > "8.1"
+ comment_information_function = "shobj_description"
+ else
+ comment_information_function = "obj_description"
+ end
+ psql("--dbname postgresql-test-db --command=\"SELECT pg_catalog.#{comment_information_function}(d.oid, 'pg_database') FROM pg_catalog.pg_database d WHERE datname = 'postgresql-test-db' AND pg_catalog.#{comment_information_function}(d.oid, 'pg_database') = 'testcomment'\"") do |r|
+ expect(r.stdout).to match(/\(1 row\)/)
+ end
+ ensure
+ psql('--command=\'drop database "postgresql-test-db" postgres\'')
+ psql('--command="DROP USER test"')
+ end
+ end
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+# These tests are designed to ensure that the module, when ran with defaults,
+# sets up everything correctly and allows us to connect to Postgres.
+describe 'postgresql::server', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ it 'with defaults' do
+ pp = <<-EOS
+ class { 'postgresql::server': }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+ end
+
+ describe port(5432) do
+ it { is_expected.to be_listening }
+ end
+
+ it 'can connect with psql' do
+ psql('--command="\l" postgres', 'postgres') do |r|
+ expect(r.stdout).to match(/List of databases/)
+ end
+ end
+
+end
+
+
+
--- /dev/null
+HOSTS:
+ centos-7-x64:
+ roles:
+ - agent
+ - default
+ platform: el-7-x86_64
+ hypervisor: vagrant
+ box: puppetlabs/centos-7.2-64-nocm
+CONFIG:
+ type: foss
--- /dev/null
+HOSTS:
+ debian-8-x64:
+ roles:
+ - agent
+ - default
+ platform: debian-8-amd64
+ hypervisor: vagrant
+ box: puppetlabs/debian-8.2-64-nocm
+CONFIG:
+ type: foss
--- /dev/null
+HOSTS:
+ ubuntu-1404-x64:
+ roles:
+ - agent
+ - default
+ platform: ubuntu-14.04-amd64
+ hypervisor: vagrant
+ box: puppetlabs/ubuntu-14.04-64-nocm
+CONFIG:
+ type: foss
--- /dev/null
+HOSTS:
+ centos-7-x64:
+ platform: el-7-x86_64
+ hypervisor: docker
+ image: centos:7
+ docker_preserve_image: true
+ docker_cmd: '["/usr/sbin/init"]'
+ # install various tools required to get the image up to usable levels
+ docker_image_commands:
+ - 'yum install -y crontabs tar wget openssl sysvinit-tools iproute which initscripts'
+CONFIG:
+ trace_limit: 200
--- /dev/null
+HOSTS:
+ debian-8-x64:
+ platform: debian-8-amd64
+ hypervisor: docker
+ image: debian:8
+ docker_preserve_image: true
+ docker_cmd: '["/sbin/init"]'
+ docker_image_commands:
+ - 'apt-get update && apt-get install -y net-tools wget locales strace lsof && echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen'
+CONFIG:
+ trace_limit: 200
--- /dev/null
+HOSTS:
+ ubuntu-1404-x64:
+ platform: ubuntu-14.04-amd64
+ hypervisor: docker
+ image: ubuntu:14.04
+ docker_preserve_image: true
+ docker_cmd: '["/sbin/init"]'
+ docker_image_commands:
+ # ensure that upstart is booting correctly in the container
+ - 'rm /usr/sbin/policy-rc.d && rm /sbin/initctl && dpkg-divert --rename --remove /sbin/initctl && apt-get update && apt-get install -y net-tools wget && locale-gen en_US.UTF-8'
+CONFIG:
+ trace_limit: 200
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe 'postgresql_conn_validator', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+
+ let(:install_pp) { <<-EOS
+ class { 'postgresql::server':
+ postgres_password => 'space password',
+ }->
+ postgresql::server::role { 'testuser':
+ password_hash => postgresql_password('testuser','test1'),
+ }->
+ postgresql::server::database { 'testdb':
+ owner => 'testuser',
+ require => Postgresql::Server::Role['testuser']
+ }->
+ postgresql::server::database_grant { 'allow connect for testuser':
+ privilege => 'ALL',
+ db => 'testdb',
+ role => 'testuser',
+ }
+
+ EOS
+
+ }
+
+ context 'local connection' do
+ it 'validates successfully with defaults' do
+ pp = <<-EOS
+ #{install_pp}->
+ postgresql_conn_validator { 'validate this':
+ db_name => 'testdb',
+ db_username => 'testuser',
+ db_password => 'test1',
+ host => 'localhost',
+ psql_path => '/usr/bin/psql',
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+ end
+
+ it 'works with connect settings hash' do
+ pp = <<-EOS
+ #{install_pp}->
+ postgresql_conn_validator { 'validate this':
+ connect_settings => {
+ 'PGDATABASE' => 'testdb',
+ 'PGPORT' => '5432',
+ 'PGUSER' => 'testuser',
+ 'PGPASSWORD' => 'test1',
+ 'PGHOST' => 'localhost'
+ },
+ psql_path => '/usr/bin/psql'
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+
+ end
+
+ it 'fails gracefully' do
+ pp = <<-EOS
+ #{install_pp}->
+ postgresql_conn_validator { 'validate this':
+ psql_path => '/usr/bin/psql',
+ tries => 3
+ }
+ EOS
+
+ result = apply_manifest(pp)
+ expect(result.stderr).to match /Unable to connect to PostgreSQL server/
+ end
+ end
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe 'postgresql_psql', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+
+ it 'should always run SQL' do
+ pp = <<-EOS
+ class { 'postgresql::server': } ->
+ postgresql_psql { 'foobar':
+ db => 'postgres',
+ psql_user => 'postgres',
+ command => 'select 1',
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :expect_changes => true)
+ end
+
+ it 'should run some SQL when the unless query returns no rows' do
+ pp = <<-EOS
+ class { 'postgresql::server': } ->
+ postgresql_psql { 'foobar':
+ db => 'postgres',
+ psql_user => 'postgres',
+ command => 'select 1',
+ unless => 'select 1 where 1=2',
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :expect_changes => true)
+ end
+
+ it 'should not run SQL when the unless query returns rows' do
+ pp = <<-EOS
+ class { 'postgresql::server': } ->
+ postgresql_psql { 'foobar':
+ db => 'postgres',
+ psql_user => 'postgres',
+ command => 'select * from pg_database limit 1',
+ unless => 'select 1 where 1=1',
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+ end
+
+ it 'should not run SQL when refreshed and the unless query returns rows' do
+ pp = <<-EOS
+ class { 'postgresql::server': } ->
+ notify { 'trigger': } ~>
+ postgresql_psql { 'foobar':
+ db => 'postgres',
+ psql_user => 'postgres',
+ command => 'invalid sql statement',
+ unless => 'select 1 where 1=1',
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :expect_changes => true)
+ end
+
+ context 'with refreshonly' do
+ it 'should not run SQL when the unless query returns no rows' do
+ pp = <<-EOS
+ class { 'postgresql::server': } ->
+ postgresql_psql { 'foobar':
+ db => 'postgres',
+ psql_user => 'postgres',
+ command => 'select 1',
+ unless => 'select 1 where 1=2',
+ refreshonly => true,
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+ end
+
+ it 'should run SQL when refreshed and the unless query returns no rows' do
+ pp = <<-EOS.unindent
+ class { 'postgresql::server': } ->
+ notify { 'trigger': } ~>
+ postgresql_psql { 'foobar':
+ db => 'postgres',
+ psql_user => 'postgres',
+ command => 'select 1',
+ unless => 'select 1 where 1=2',
+ refreshonly => true,
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :expect_changes => true)
+ end
+
+ it 'should not run SQL when refreshed and the unless query returns rows' do
+ pp = <<-EOS.unindent
+ class { 'postgresql::server': } ->
+ notify { 'trigger': } ~>
+ postgresql_psql { 'foobar':
+ db => 'postgres',
+ psql_user => 'postgres',
+ command => 'invalid sql query',
+ unless => 'select 1 where 1=1',
+ refreshonly => true,
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :expect_changes => true)
+ end
+ end
+
+ it 'should not run some SQL when the onlyif query returns no rows' do
+ pp = <<-EOS
+ class { 'postgresql::server': } ->
+ postgresql_psql { 'foobar':
+ db => 'postgres',
+ psql_user => 'postgres',
+ command => 'select 1',
+ onlyif => 'select 1 where 1=2',
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+ end
+
+ it 'should run SQL when the onlyif query returns rows' do
+ pp = <<-EOS
+ class { 'postgresql::server': } ->
+ postgresql_psql { 'foobar':
+ db => 'postgres',
+ psql_user => 'postgres',
+ command => 'select * from pg_database limit 1',
+ onlyif => 'select 1 where 1=1',
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :expect_changes => true)
+ end
+
+ context 'with secure password passing by environment' do
+ it 'should run SQL that contanins password passed by environment' do
+ select = "select \\'$PASS_TO_EMBED\\'"
+ pp = <<-EOS.unindent
+ class { 'postgresql::server': } ->
+ postgresql_psql { 'password embedded by environment: #{select}':
+ db => 'postgres',
+ psql_user => 'postgres',
+ command => '#{select}',
+ environment => [
+ 'PASS_TO_EMBED=pa$swD',
+ ],
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :expect_changes => false)
+ end
+ it 'should run SQL that contanins password passed by environment in check' do
+ select = "select 1 where \\'$PASS_TO_EMBED\\'=\\'passwD\\'"
+ pp = <<-EOS.unindent
+ class { 'postgresql::server': } ->
+ postgresql_psql { 'password embedded by environment in check: #{select}':
+ db => 'postgres',
+ psql_user => 'postgres',
+ command => 'invalid sql query',
+ unless => '#{select}',
+ environment => [
+ 'PASS_TO_EMBED=passwD',
+ ],
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :expect_changes => false)
+ end
+ end
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe 'remote-access', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ before do
+ skip "These tests require the spec/acceptance/nodesets/centos-64-x64-2-hosts nodeset"
+ end
+
+ describe "configuring multi-node postgresql" do
+
+ # Get the database's IP to connect to from the database
+ let(:database_ip_address) do
+ hosts_as('database').inject({}) do |memo,host|
+ fact_on host, "ipaddress_eth1"
+ end
+ end
+
+ hosts_as('database').each do |host|
+ it "should be able to configure a host as database on #{host}" do
+ pp = <<-EOS
+ # Stop firewall so we can easily connect
+ service {'iptables':
+ ensure => 'stopped',
+ }
+
+ class { 'postgresql::server':
+ ip_mask_allow_all_users => '0.0.0.0/0',
+ listen_addresses => '*',
+ }
+
+ postgresql::server::db { 'puppet':
+ user => 'puppet',
+ password => postgresql_password('puppet', 'puppet'),
+ }
+
+ postgresql::server::pg_hba_rule { 'allow full yolo access password':
+ type => 'host',
+ database => 'all',
+ user => 'all',
+ address => '0.0.0.0/0',
+ auth_method => 'password',
+ order => '002',
+ }
+ EOS
+ apply_manifest_on(host, pp, :catch_failures => true)
+ end
+ end
+
+ hosts_as('client').each do |host|
+ it "should be able to configure a host as client on #{host} and then access database" do
+ pp = <<-EOS
+ class { 'postgresql::client':}
+
+ $connection_settings = {
+ 'PGUSER' => "puppet",
+ 'PGPASSWORD' => "puppet",
+ 'PGHOST' => "#{database_ip_address}",
+ 'PGPORT' => "5432",
+ 'PGDATABASE' => "puppet",
+ }
+
+ postgresql_psql { 'run using connection_settings':
+ command => 'select 1',
+ psql_user => 'root',
+ psql_group => 'root',
+ connect_settings => $connection_settings,
+ }
+ EOS
+ apply_manifest_on(host, pp, :catch_failures => true)
+ end
+ end
+ end
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe 'postgresql::server::config_entry' do
+
+ let(:pp_setup) { <<-EOS
+ class { 'postgresql::server':
+ postgresql_conf_path => '/tmp/postgresql.conf',
+ }
+ EOS
+ }
+
+ context 'unix_socket_directories' do
+ let(:pp_test) { pp_setup + <<-EOS
+ postgresql::server::config_entry { 'unix_socket_directories':
+ value => '/var/socket/, /root/'
+ }
+ EOS
+ }
+
+ #get postgresql version
+ apply_manifest("class { 'postgresql::server': }")
+ result = shell('psql --version')
+ version = result.stdout.match(%r{\s(\d\.\d)})[1]
+
+ if version >= '9.3'
+ it 'is expected to run idempotently' do
+ apply_manifest(pp_test, :catch_failures => true)
+ apply_manifest(pp_test, :catch_changes => true)
+ end
+
+ it 'is expected to contain directories' do
+ shell('cat /tmp/postgresql.conf') do |output|
+ expect(output.stdout).to contain("unix_socket_directories = '/var/socket/, /root/'")
+ end
+ end
+ end
+ end
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe 'postgresql::server::grant_role:', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+
+ let(:db) { 'grant_role_test' }
+ let(:user) { 'psql_grant_role_tester' }
+ let(:group) { 'test_group' }
+ let(:password) { 'psql_grant_role_pw' }
+ let(:version) do
+ if fact('osfamily') == 'RedHat' and fact('operatingsystemrelease') =~ /5/
+ '8.1'
+ end
+ end
+
+ it 'should grant a role to a user' do
+ begin
+ pp = <<-EOS.unindent
+ $db = #{db}
+ $user = #{user}
+ $group = #{group}
+ $password = #{password}
+ $version = '#{version}'
+
+ class { 'postgresql::server': }
+
+ # Since we are not testing pg_hba or any of that, make a local user for ident auth
+ user { $user:
+ ensure => present,
+ }
+
+ postgresql::server::role { $user:
+ password_hash => postgresql_password($user, $password),
+ }
+
+ postgresql::server::database { $db:
+ owner => $user,
+ require => Postgresql::Server::Role[$user],
+ }
+
+ # Lets setup the base rules
+ $local_auth_option = $version ? {
+ '8.1' => 'sameuser',
+ default => undef,
+ }
+
+ # Create a rule for the user
+ postgresql::server::pg_hba_rule { "allow ${user}":
+ type => 'local',
+ database => $db,
+ user => $user,
+ auth_method => 'ident',
+ auth_option => $local_auth_option,
+ order => 1,
+ }
+
+ # Create a role to grant to the user
+ postgresql::server::role { $group:
+ db => $db,
+ login => false,
+ require => Postgresql::Server::Database[$db],
+ }
+
+ # Grant the role to the user
+ postgresql::server::grant_role { "grant_role ${group} to ${user}":
+ role => $user,
+ group => $group,
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+
+ ## Check that the role was granted to the user
+ psql('--command="SELECT 1 WHERE pg_has_role(\'psql_grant_role_tester\', \'test_group\', \'MEMBER\') = true" grant_role_test', 'psql_grant_role_tester') do |r|
+ expect(r.stdout).to match(/\(1 row\)/)
+ expect(r.stderr).to eq('')
+ end
+ end
+ end
+
+ it 'should grant a role to a superuser' do
+ begin
+ pp = <<-EOS.unindent
+ $db = "#{db}"
+ $user = "#{user}"
+ $group = "#{group}"
+ $password = #{password}
+ $version = '#{version}'
+
+ class { 'postgresql::server': }
+
+ # Since we are not testing pg_hba or any of that, make a local user for ident auth
+ user { $user:
+ ensure => present,
+ }
+
+ postgresql::server::role { $user:
+ password_hash => postgresql_password($user, $password),
+ superuser => true,
+ }
+
+ postgresql::server::database { $db:
+ owner => $user,
+ require => Postgresql::Server::Role[$user],
+ }
+
+ # Lets setup the base rules
+ $local_auth_option = $version ? {
+ '8.1' => 'sameuser',
+ default => undef,
+ }
+
+ # Create a rule for the user
+ postgresql::server::pg_hba_rule { "allow ${user}":
+ type => 'local',
+ database => $db,
+ user => $user,
+ auth_method => 'ident',
+ auth_option => $local_auth_option,
+ order => 1,
+ }
+
+ # Create a role to grant to the user
+ postgresql::server::role { $group:
+ db => $db,
+ login => false,
+ require => Postgresql::Server::Database[$db],
+ }
+
+ # Grant the role to the user
+ postgresql::server::grant_role { "grant_role ${group} to ${user}":
+ role => $user,
+ group => $group,
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+
+ ## Check that the role was granted to the user
+ psql('--command="SELECT 1 FROM pg_roles AS r_role JOIN pg_auth_members AS am ON r_role.oid = am.member JOIN pg_roles AS r_group ON r_group.oid = am.roleid WHERE r_group.rolname = \'test_group\' AND r_role.rolname = \'psql_grant_role_tester\'" grant_role_test', 'psql_grant_role_tester') do |r|
+ expect(r.stdout).to match(/\(1 row\)/)
+ expect(r.stderr).to eq('')
+ end
+ end
+ end
+
+ it 'should revoke a role from a user' do
+ begin
+ pp = <<-EOS
+
+ $db = "#{db}"
+ $user = "#{user}"
+ $group = "#{group}"
+ $password = #{password}
+ $version = '#{version}'
+
+ class { 'postgresql::server': }
+
+ # Since we are not testing pg_hba or any of that, make a local user for ident auth
+ user { $user:
+ ensure => present,
+ }
+
+ postgresql::server::role { $user:
+ password_hash => postgresql_password($user, $password),
+ }
+
+ postgresql::server::database { $db:
+ owner => $user,
+ require => Postgresql::Server::Role[$user],
+ }
+
+ # Lets setup the base rules
+ $local_auth_option = $version ? {
+ '8.1' => 'sameuser',
+ default => undef,
+ }
+
+ # Create a rule for the user
+ postgresql::server::pg_hba_rule { "allow ${user}":
+ type => 'local',
+ database => $db,
+ user => $user,
+ auth_method => 'ident',
+ auth_option => $local_auth_option,
+ order => 1,
+ }
+
+ # Create a role to grant to the user
+ postgresql::server::role { $group:
+ db => $db,
+ login => false,
+ require => Postgresql::Server::Database[$db],
+ }
+
+ # Grant the role to the user
+ postgresql::server::grant_role { "grant_role ${group} to ${user}":
+ role => $user,
+ group => $group,
+ }
+
+ postgresql::server::grant_role {"revoke ${group} from ${user}":
+ ensure => absent,
+ role => $user,
+ group => $group,
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :expect_changes => true)
+
+ psql('--command="SELECT 1 WHERE pg_has_role(\'psql_grant_role_tester\', \'test_group\', \'MEMBER\') = true" grant_role_test', 'psql_grant_role_tester') do |r|
+ expect(r.stdout).to match(/\(0 rows\)/)
+ expect(r.stderr).to eq('')
+ end
+ end
+ end
+
+ it 'should not grant permission to a nonexistent user' do
+ begin
+ pp = <<-EOS
+
+ $db = "#{db}"
+ $user = "#{user}"
+ $group = "#{group}"
+ $password = #{password}
+
+ class { 'postgresql::server': }
+
+ # Since we are not testing pg_hba or any of that, make a local user for ident auth
+ user { $user:
+ ensure => absent,
+ }
+
+ postgresql::server::database { $db:
+ }
+
+ # Create a role to grant to the nonexistent user
+ postgresql::server::role { $group:
+ db => $db,
+ login => false,
+ require => Postgresql::Server::Database[$db],
+ }
+
+ # Grant the role to the nonexistent user
+ postgresql::server::grant_role { "grant_role ${group} to ${user}":
+ role => $user
+ group => $group,
+ }
+ EOS
+ apply_manifest(pp, :expect_failures => true)
+
+ psql('--command="SELECT 1 WHERE pg_has_role(\'psql_grant_role_tester\', \'test_group\', \'MEMBER\') = true" grant_role_test', 'psql_grant_role_tester') do |r|
+ expect(r.stdout).to match(/\(0 rows\)/)
+ expect(r.stderr).to eq('')
+ end
+ end
+ end
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe 'postgresql::server::grant:', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+
+ let(:db) { 'grant_priv_test' }
+ let(:owner) { 'psql_grant_priv_owner' }
+ let(:user) { 'psql_grant_priv_tester' }
+ let(:password) { 'psql_grant_role_pw' }
+ let(:pp_install) { "class {'postgresql::server': }"}
+
+ let(:pp_setup) { pp_setup = <<-EOS.unindent
+ $db = #{db}
+ $owner = #{owner}
+ $user = #{user}
+ $password = #{password}
+
+ class { 'postgresql::server': }
+
+ postgresql::server::role { $owner:
+ password_hash => postgresql_password($owner, $password),
+ }
+
+ # Since we are not testing pg_hba or any of that, make a local user for ident auth
+ user { $owner:
+ ensure => present,
+ }
+
+ postgresql::server::database { $db:
+ owner => $owner,
+ require => Postgresql::Server::Role[$owner],
+ }
+
+ # Create a user to grant privileges to
+ postgresql::server::role { $user:
+ db => $db,
+ require => Postgresql::Server::Database[$db],
+ }
+
+ # Make a local user for ident auth
+ user { $user:
+ ensure => present,
+ }
+
+ # Grant them connect to the database
+ postgresql::server::database_grant { "allow connect for ${user}":
+ privilege => 'CONNECT',
+ db => $db,
+ role => $user,
+ }
+ EOS
+ }
+
+ context 'LANGUAGE' do
+ describe 'GRANT * ON LANGUAGE' do
+ #testing grants on language requires a superuser
+ let(:superuser) { 'postgres' }
+ let(:pp_lang) { pp_setup + <<-EOS.unindent
+
+ postgresql_psql { 'make sure plpgsql exists':
+ command => 'CREATE LANGUAGE plpgsql',
+ db => $db,
+ psql_user => '#{superuser}',
+ unless => "SELECT 1 from pg_language where lanname = 'plpgsql'",
+ require => Postgresql::Server::Database[$db],
+ }
+
+ postgresql::server::grant { 'grant usage on plpgsql':
+ psql_user => '#{superuser}',
+ privilege => 'USAGE',
+ object_type => 'LANGUAGE',
+ object_name => 'plpgsql',
+ role => $user,
+ db => $db,
+ require => [ Postgresql_psql['make sure plpgsql exists'],
+ Postgresql::Server::Role[$user], ]
+ }
+ EOS
+ }
+
+ it 'is expected to run idempotently' do
+ apply_manifest(pp_install)
+
+ #postgres version
+ result = shell('psql --version')
+ version = result.stdout.match(%r{\s(\d\.\d)})[1]
+
+ if version >= '8.4.0'
+ apply_manifest(pp_lang, :catch_failures => true)
+ apply_manifest(pp_lang, :catch_changes => true)
+ end
+ end
+
+ it 'is expected to GRANT USAGE ON LANGUAGE plpgsql to ROLE' do
+ result = shell('psql --version')
+ version = result.stdout.match(%r{\s(\d\.\d)})[1]
+
+ if version >= '8.4.0'
+ ## Check that the privilege was granted to the user
+ psql("-d #{db} --command=\"SELECT 1 WHERE has_language_privilege('#{user}', 'plpgsql', 'USAGE')\"", superuser) do |r|
+ expect(r.stdout).to match(/\(1 row\)/)
+ expect(r.stderr).to eq('')
+ end
+ end
+ end
+
+ let(:pp_onlyif) { pp_setup + <<-EOS.unindent
+ postgresql::server::grant { 'grant usage on BSql':
+ psql_user => '#{superuser}',
+ privilege => 'USAGE',
+ object_type => 'LANGUAGE',
+ object_name => 'bsql',
+ role => $user,
+ db => $db,
+ onlyif_exists => true,
+ }
+ EOS
+ }
+
+ #test onlyif_exists function
+ it 'is expected to not GRANT USAGE ON (dummy)LANGUAGE BSql to ROLE' do
+ apply_manifest(pp_install)
+
+ #postgres version
+ result = shell('psql --version')
+ version = result.stdout.match(%r{\s(\d\.\d)})[1]
+
+ if version >= '8.4.0'
+ apply_manifest(pp_onlyif, :catch_failures => true)
+ apply_manifest(pp_onlyif, :catch_changes => true)
+ end
+ end
+ end
+ end
+
+ context 'sequence' do
+ it 'should grant usage on a sequence to a user' do
+ begin
+ pp = pp_setup + <<-EOS.unindent
+
+ postgresql_psql { 'create test sequence':
+ command => 'CREATE SEQUENCE test_seq',
+ db => $db,
+ psql_user => $owner,
+ unless => "SELECT 1 FROM information_schema.sequences WHERE sequence_name = 'test_seq'",
+ require => Postgresql::Server::Database[$db],
+ }
+
+ postgresql::server::grant { 'grant usage on test_seq':
+ privilege => 'USAGE',
+ object_type => 'SEQUENCE',
+ object_name => 'test_seq',
+ db => $db,
+ role => $user,
+ require => [ Postgresql_psql['create test sequence'],
+ Postgresql::Server::Role[$user], ]
+ }
+ EOS
+
+ apply_manifest(pp_install, :catch_failures => true)
+
+ #postgres version
+ result = shell('psql --version')
+ version = result.stdout.match(%r{\s(\d\.\d)})[1]
+
+ if version >= '9.0'
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+
+ ## Check that the privilege was granted to the user
+ psql("-d #{db} --command=\"SELECT 1 WHERE has_sequence_privilege('#{user}', 'test_seq', 'USAGE')\"", user) do |r|
+ expect(r.stdout).to match(/\(1 row\)/)
+ expect(r.stderr).to eq('')
+ end
+ end
+ end
+ end
+
+ it 'should grant update on a sequence to a user' do
+ begin
+ pp = pp_setup + <<-EOS.unindent
+
+ postgresql_psql { 'create test sequence':
+ command => 'CREATE SEQUENCE test_seq',
+ db => $db,
+ psql_user => $owner,
+ unless => "SELECT 1 FROM information_schema.sequences WHERE sequence_name = 'test_seq'",
+ require => Postgresql::Server::Database[$db],
+ }
+
+ postgresql::server::grant { 'grant update on test_seq':
+ privilege => 'UPDATE',
+ object_type => 'SEQUENCE',
+ object_name => 'test_seq',
+ db => $db,
+ role => $user,
+ require => [ Postgresql_psql['create test sequence'],
+ Postgresql::Server::Role[$user], ]
+ }
+ EOS
+
+ apply_manifest(pp_install, :catch_failures => true)
+
+ #postgres version
+ result = shell('psql --version')
+ version = result.stdout.match(%r{\s(\d\.\d)})[1]
+
+ if version >= '9.0'
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+
+ ## Check that the privilege was granted to the user
+ psql("-d #{db} --command=\"SELECT 1 WHERE has_sequence_privilege('#{user}', 'test_seq', 'UPDATE')\"", user) do |r|
+ expect(r.stdout).to match(/\(1 row\)/)
+ expect(r.stderr).to eq('')
+ end
+ end
+ end
+ end
+ end
+
+ context 'all sequences' do
+ it 'should grant usage on all sequences to a user' do
+ begin
+ pp = pp_setup + <<-EOS.unindent
+
+ postgresql_psql { 'create test sequences':
+ command => 'CREATE SEQUENCE test_seq2; CREATE SEQUENCE test_seq3;',
+ db => $db,
+ psql_user => $owner,
+ unless => "SELECT 1 FROM information_schema.sequences WHERE sequence_name = 'test_seq2'",
+ require => Postgresql::Server::Database[$db],
+ }
+
+ postgresql::server::grant { 'grant usage on all sequences':
+ privilege => 'USAGE',
+ object_type => 'ALL SEQUENCES IN SCHEMA',
+ object_name => 'public',
+ db => $db,
+ role => $user,
+ require => [ Postgresql_psql['create test sequences'],
+ Postgresql::Server::Role[$user], ]
+ }
+ EOS
+
+ apply_manifest(pp_install, :catch_failures => true)
+
+ #postgres version
+ result = shell('psql --version')
+ version = result.stdout.match(%r{\s(\d\.\d)})[1]
+
+ if version >= '9.0'
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+
+ ## Check that the privileges were granted to the user, this check is not available on version < 9.0
+ psql("-d #{db} --command=\"SELECT 1 WHERE has_sequence_privilege('#{user}', 'test_seq2', 'USAGE') AND has_sequence_privilege('#{user}', 'test_seq3', 'USAGE')\"", user) do |r|
+ expect(r.stdout).to match(/\(1 row\)/)
+ expect(r.stderr).to eq('')
+ end
+ end
+ end
+ end
+
+ it 'should grant update on all sequences to a user' do
+ begin
+ pp = pp_setup + <<-EOS.unindent
+
+ postgresql_psql { 'create test sequences':
+ command => 'CREATE SEQUENCE test_seq2; CREATE SEQUENCE test_seq3;',
+ db => $db,
+ psql_user => $owner,
+ unless => "SELECT 1 FROM information_schema.sequences WHERE sequence_name = 'test_seq2'",
+ require => Postgresql::Server::Database[$db],
+ }
+
+ postgresql::server::grant { 'grant usage on all sequences':
+ privilege => 'UPDATE',
+ object_type => 'ALL SEQUENCES IN SCHEMA',
+ object_name => 'public',
+ db => $db,
+ role => $user,
+ require => [ Postgresql_psql['create test sequences'],
+ Postgresql::Server::Role[$user], ]
+ }
+ EOS
+
+ apply_manifest(pp_install, :catch_failures => true)
+
+ #postgres version
+ result = shell('psql --version')
+ version = result.stdout.match(%r{\s(\d\.\d)})[1]
+
+ if version >= '9.0'
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+
+ ## Check that the privileges were granted to the user
+ psql("-d #{db} --command=\"SELECT 1 WHERE has_sequence_privilege('#{user}', 'test_seq2', 'UPDATE') AND has_sequence_privilege('#{user}', 'test_seq3', 'UPDATE')\"", user) do |r|
+ expect(r.stdout).to match(/\(1 row\)/)
+ expect(r.stderr).to eq('')
+ end
+ end
+ end
+ end
+ end
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe 'postgresql::server::reassign_owned_by:', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+
+ let(:db) { 'reassign_test' }
+ let(:old_owner) { 'psql_reassign_old_owner' }
+ let(:new_owner) { 'psql_reassign_new_owner' }
+ let(:password) { 'psql_reassign_pw' }
+ let(:superuser) { 'postgres' }
+
+ let(:pp_setup) { pp_setup = <<-EOS.unindent
+ $db = #{db}
+ $old_owner = #{old_owner}
+ $new_owner = #{new_owner}
+ $password = #{password}
+
+ class { 'postgresql::server': }
+
+ postgresql::server::role { $old_owner:
+ password_hash => postgresql_password($old_owner, $password),
+ }
+
+ # Since we are not testing pg_hba or any of that, make a local user for ident auth
+ user { $old_owner:
+ ensure => present,
+ }
+
+ # Create a user to reassign ownership to
+ postgresql::server::role { $new_owner:
+ db => $db,
+ require => Postgresql::Server::Database[$db],
+ }
+
+ # Make a local user for ident auth
+ user { $new_owner:
+ ensure => present,
+ }
+
+ # Grant the new owner membership of the old owner (must have both for REASSIGN OWNED BY to work)
+ postgresql::server::grant_role { "grant_role to ${new_owner}":
+ role => $new_owner,
+ group => $old_owner,
+ }
+
+ # Grant them connect to the database
+ postgresql::server::database_grant { "allow connect for ${old_owner}":
+ privilege => 'CONNECT',
+ db => $db,
+ role => $old_owner,
+ }
+ EOS
+ }
+
+ let(:pp_db_old_owner) { <<-EOS.unindent
+ postgresql::server::database { $db:
+ owner => $old_owner,
+ require => Postgresql::Server::Role[$old_owner],
+ }
+ EOS
+ }
+
+ let(:pp_db_no_owner) { <<-EOS.unindent
+ postgresql::server::database { $db:
+ }
+ EOS
+ }
+
+ context 'reassign_owned_by' do
+ describe 'REASSIGN OWNED BY tests' do
+ let(:db) { 'reassign_test' }
+ let(:old_owner) { 'psql_reassign_old_owner' }
+ let(:new_owner) { 'psql_reassign_new_owner' }
+
+ let(:pp_setup_objects) { <<-EOS.unindent
+ postgresql_psql { 'create test table':
+ command => 'CREATE TABLE test_tbl (col1 integer)',
+ db => '#{db}',
+ psql_user => '#{old_owner}',
+ unless => "SELECT tablename FROM pg_catalog.pg_tables WHERE tablename = 'test_tbl'",
+ require => Postgresql::Server::Database['#{db}'],
+ }
+ postgresql_psql { 'create test sequence':
+ command => 'CREATE SEQUENCE test_seq',
+ db => '#{db}',
+ psql_user => '#{old_owner}',
+ unless => "SELECT relname FROM pg_catalog.pg_class WHERE relkind='S' AND relname = 'test_seq'",
+ require => [ Postgresql_psql['create test table'], Postgresql::Server::Database['#{db}'] ],
+ }
+ EOS
+ }
+ let(:pp_reassign_owned_by) { <<-EOS.unindent
+ postgresql::server::reassign_owned_by { 'test reassign to new_owner':
+ db => '#{db}',
+ old_role => '#{old_owner}',
+ new_role => '#{new_owner}',
+ psql_user => '#{new_owner}',
+ }
+ EOS
+ }
+
+ it 'should reassign all objects to new_owner' do
+ begin
+ #postgres version
+ result = shell('psql --version')
+ version = result.stdout.match(%r{\s(\d\.\d)})[1]
+ if version >= '9.0'
+
+ apply_manifest(pp_setup + pp_db_old_owner + pp_setup_objects, :catch_failures => true)
+
+ apply_manifest(pp_setup + pp_db_no_owner + pp_reassign_owned_by, :catch_failures => true)
+ apply_manifest(pp_setup + pp_db_no_owner + pp_reassign_owned_by, :catch_changes => true)
+
+ ## Check that the ownership was transferred
+ psql("-d #{db} --tuples-only --no-align --command=\"SELECT tablename,tableowner FROM pg_catalog.pg_tables WHERE schemaname NOT IN ('pg_catalog', 'information_schema')\"", superuser) do |r|
+ expect(r.stdout).to match(/test_tbl.#{new_owner}/)
+ expect(r.stderr).to eq('')
+ end
+ psql("-d #{db} --tuples-only --no-align --command=\"SELECT relname,pg_get_userbyid(relowner) FROM pg_catalog.pg_class c WHERE relkind='S'\"", superuser) do |r|
+ expect(r.stdout).to match(/test_seq.#{new_owner}/)
+ expect(r.stderr).to eq('')
+ end
+ if version >= '9.3'
+ psql("-d #{db} --tuples-only --no-align --command=\"SELECT pg_get_userbyid(datdba) FROM pg_database WHERE datname = current_database()\"", superuser) do |r|
+ expect(r.stdout).to match(/#{new_owner}/)
+ expect(r.stderr).to eq('')
+ end
+ end
+ end
+ end
+ end # it should reassign all objects
+ end
+ end
+ #####################
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe 'postgresql::server::recovery', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ describe 'should manage recovery' do
+ after(:all) do
+ pp = <<-EOS.unindent
+ file { '/tmp/recovery.conf':
+ ensure => absent,
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ it 'adds conf file' do
+ pp = <<-EOS.unindent
+ class { 'postgresql::globals':
+ recovery_conf_path => '/tmp/recovery.conf',
+ manage_recovery_conf => true,
+ }
+
+ class { 'postgresql::server': }
+
+ # Create a recovery.conf file
+ postgresql::server::recovery { "recovery.conf":
+ restore_command => 'restore_command',
+ recovery_target_timeline => 'recovery_target_timeline',
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+ end
+
+ describe file('/tmp/recovery.conf') do
+ it { is_expected.to be_file }
+ it { is_expected.to contain /restore_command = 'restore_command'/ }
+ it { is_expected.to contain /recovery_target_timeline = 'recovery_target_timeline'/ }
+ end
+ end
+
+ describe 'should not manage recovery' do
+ it 'does not add conf file' do
+ pp = <<-EOS.unindent
+ class { 'postgresql::globals':
+ manage_recovery_conf => false,
+ }
+
+ class { 'postgresql::server': }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+ end
+
+ describe file('/tmp/recovery.conf') do
+ it { is_expected.not_to be_file }
+ end
+ end
+end
+
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe 'postgresql::server::schema:', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+
+ let(:version) do
+ if fact('osfamily') == 'RedHat' and fact('operatingsystemrelease') =~ /5/
+ '8.1'
+ end
+ end
+
+ it 'should create a schema for a user' do
+ begin
+ pp = <<-EOS.unindent
+ $db = 'schema_test'
+ $user = 'psql_schema_tester'
+ $password = 'psql_schema_pw'
+ $version = '#{version}'
+
+ class { 'postgresql::server': }
+
+ # Since we are not testing pg_hba or any of that, make a local user for ident auth
+ user { $user:
+ ensure => present,
+ }
+
+ postgresql::server::role { $user:
+ password_hash => postgresql_password($user, $password),
+ }
+
+ postgresql::server::database { $db:
+ owner => $user,
+ require => Postgresql::Server::Role[$user],
+ }
+
+ # Lets setup the base rules
+ $local_auth_option = $version ? {
+ '8.1' => 'sameuser',
+ default => undef,
+ }
+
+ # Create a rule for the user
+ postgresql::server::pg_hba_rule { "allow ${user}":
+ type => 'local',
+ database => $db,
+ user => $user,
+ auth_method => 'ident',
+ auth_option => $local_auth_option,
+ order => 1,
+ }
+
+ postgresql::server::schema { $user:
+ db => $db,
+ owner => $user,
+ require => Postgresql::Server::Database[$db],
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+
+ ## Check that the user can create a table in the database
+ psql('--command="create table psql_schema_tester.foo (foo int)" schema_test', 'psql_schema_tester') do |r|
+ expect(r.stdout).to match(/CREATE TABLE/)
+ expect(r.stderr).to eq('')
+ end
+ ensure
+ psql('--command="drop table psql_schema_tester.foo" schema_test', 'psql_schema_tester')
+ end
+ end
+
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+# These tests ensure that postgres can change itself to an alternative pgdata
+# location properly.
+
+# Allow postgresql to use /tmp/* as a datadir
+if fact('osfamily') == 'RedHat' and fact('selinux') == 'true'
+ shell 'setenforce 0'
+end
+
+describe 'postgresql::server', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ it 'on an alternative pgdata location' do
+ pp = <<-EOS
+ #file { '/var/lib/pgsql': ensure => directory, } ->
+ # needs_initdb will be true by default for all OS's except Debian
+ # in order to change the datadir we need to tell it explicitly to call initdb
+ class { 'postgresql::server': datadir => '/tmp/data', needs_initdb => true }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+ end
+
+ describe file('/tmp/data') do
+ it { should be_directory }
+ end
+
+ it 'can connect with psql' do
+ psql('--command="\l" postgres', 'postgres') do |r|
+ expect(r.stdout).to match(/List of databases/)
+ end
+ end
+
+end
+#This file is generated by ModuleSync, do not edit.
require 'puppetlabs_spec_helper/module_spec_helper'
-RSpec.configure do |c|
- c.include PuppetlabsSpec::Files
-
- c.before :each do
- # Ensure that we don't accidentally cache facts and environment
- # between test cases.
- Facter::Util::Loader.any_instance.stubs(:load_all)
- Facter.clear
- Facter.clear_messages
-
- # Store any environment variables away to be restored later
- @old_env = {}
- ENV.each_key {|k| @old_env[k] = ENV[k]}
- end
-
- c.after :each do
- PuppetlabsSpec::Files.cleanup
- end
-end
-
-# Convenience helper for returning parameters for a type from the
-# catalogue.
-def param(type, title, param)
- param_value(catalogue, type, title, param)
+# put local configuration and setup into spec_helper_local
+begin
+ require 'spec_helper_local'
+rescue LoadError
end
--- /dev/null
+require 'beaker-rspec/spec_helper'
+require 'beaker-rspec/helpers/serverspec'
+require 'beaker/puppet_install_helper'
+require 'beaker/module_install_helper'
+
+run_puppet_install_helper
+install_ca_certs unless ENV['PUPPET_INSTALL_TYPE'] =~ /pe/i
+install_module_on(hosts)
+install_module_dependencies_on(hosts)
+
+UNSUPPORTED_PLATFORMS = ['AIX','windows','Solaris','Suse']
+
+class String
+ # Provide ability to remove indentation from strings, for the purpose of
+ # left justifying heredoc blocks.
+ def unindent
+ gsub(/^#{scan(/^\s*/).min_by{|l|l.length}}/, "")
+ end
+end
+
+def shellescape(str)
+ str = str.to_s
+
+ # An empty argument will be skipped, so return empty quotes.
+ return "''" if str.empty?
+
+ str = str.dup
+
+ # Treat multibyte characters as is. It is caller's responsibility
+ # to encode the string in the right encoding for the shell
+ # environment.
+ str.gsub!(/([^A-Za-z0-9_\-.,:\/@\n])/, "\\\\\\1")
+
+ # A LF cannot be escaped with a backslash because a backslash + LF
+ # combo is regarded as line continuation and simply ignored.
+ str.gsub!(/\n/, "'\n'")
+
+ return str
+end
+
+def psql(psql_cmd, user = 'postgres', exit_codes = [0,1], &block)
+ psql = "psql #{psql_cmd}"
+ shell("su #{shellescape(user)} -c #{shellescape(psql)}", :acceptable_exit_codes => exit_codes, &block)
+end
+
+RSpec.configure do |c|
+ # Readable test descriptions
+ c.formatter = :documentation
+
+ # Configure all nodes in nodeset
+ c.before :suite do
+ # Set up selinux if appropriate.
+ if fact('osfamily') == 'RedHat' && fact('selinux') == 'true'
+ pp = <<-EOS
+ if $::osfamily == 'RedHat' and $::selinux == 'true' {
+ $semanage_package = $::operatingsystemmajrelease ? {
+ '5' => 'policycoreutils',
+ default => 'policycoreutils-python',
+ }
+
+ package { $semanage_package: ensure => installed }
+ exec { 'set_postgres':
+ command => 'semanage port -a -t postgresql_port_t -p tcp 5433',
+ path => '/bin:/usr/bin/:/sbin:/usr/sbin',
+ subscribe => Package[$semanage_package],
+ }
+ }
+ EOS
+
+ apply_manifest_on(agents, pp, :catch_failures => false)
+ end
+
+ # net-tools required for netstat utility being used by be_listening
+ if fact('osfamily') == 'RedHat' && fact('operatingsystemmajrelease') == '7'
+ pp = <<-EOS
+ package { 'net-tools': ensure => installed }
+ EOS
+
+ apply_manifest_on(agents, pp, :catch_failures => false)
+ end
+
+ hosts.each do |host|
+ on host, "/bin/touch #{host['puppetpath']}/hiera.yaml"
+ on host, 'chmod 755 /root'
+ if fact_on(host, 'osfamily') == 'Debian'
+ on host, "echo \"en_US ISO-8859-1\nen_NG.UTF-8 UTF-8\nen_US.UTF-8 UTF-8\n\" > /etc/locale.gen"
+ on host, '/usr/sbin/locale-gen'
+ on host, '/usr/sbin/update-locale'
+ end
+ end
+ end
+end
--- /dev/null
+RSpec.configure do |c|
+ c.mock_with :rspec
+
+ c.include PuppetlabsSpec::Files
+ c.after :each do
+ PuppetlabsSpec::Files.cleanup
+ end
+end
+
+# Convenience helper for returning parameters for a type from the
+# catalogue.
+def param(type, title, param)
+ param_value(catalogue, type, title, param)
+end
+++ /dev/null
-require 'rspec-system/spec_helper'
-require 'rspec-system-puppet/helpers'
-require 'tempfile'
-
-module LocalHelpers
- include RSpecSystem::Util
-
- def psql(psql_cmd, user = 'postgres', &block)
- psql = "psql #{psql_cmd}"
- shell("su #{shellescape(user)} -c #{shellescape(psql)}", &block)
- end
-end
-
-include RSpecSystemPuppet::Helpers
-
-RSpec.configure do |c|
- # Project root for the firewall code
- proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
-
- # Enable colour in Jenkins
- c.tty = true
-
- # Include in our local helpers
- c.include ::LocalHelpers
-
- # Puppet helpers
- c.include RSpecSystemPuppet::Helpers
- c.extend RSpecSystemPuppet::Helpers
-
- # This is where we 'setup' the nodes before running our tests
- c.before :suite do
- # Install puppet
- puppet_install
-
- # Copy this module into the module path of the test node
- puppet_module_install(:source => proj_root, :module_name => 'postgresql')
- shell('puppet module install puppetlabs/stdlib')
- shell('puppet module install puppetlabs/firewall')
- shell('puppet module install puppetlabs/apt')
- shell('puppet module install ripienaar/concat')
-
- file = Tempfile.new('foo')
- begin
- file.write(<<-EOS)
----
-:logger: noop
- EOS
- file.close
- rcp(:sp => file.path, :dp => '/etc/puppet/hiera.yaml')
- ensure
- file.unlink
- end
- end
-end
+++ /dev/null
-require 'spec_helper_system'
-
-describe 'install:' do
- after :all do
- # Cleanup after tests have ran
- puppet_apply("class { 'postgresql::server': ensure => absent }") do |r|
- r.exit_code.should_not == 1
- end
- end
-
- it 'test postgresql::server' do
- pp = <<-EOS
- class { 'postgresql::server': }
- EOS
-
- puppet_apply(pp) do |r|
- r.exit_code.should_not == 1
- end
-
- puppet_apply(pp) do |r|
- r.exit_code.should be_zero
- end
- end
-
- describe 'postgresql::db' do
- it 'should idempotently create a db that we can connect to' do
- begin
- pp = <<-EOS
- $db = 'postgresql_test_db'
- include postgresql::server
-
- postgresql::db { $db:
- user => $db,
- password => postgresql_password($db, $db),
- }
- EOS
-
- puppet_apply(pp) do |r|
- r.exit_code.should_not == 1
- end
-
- puppet_apply(pp) do |r|
- r.exit_code.should == 0
- end
-
- psql('--command="select datname from pg_database" postgresql_test_db') do |r|
- r.stdout.should =~ /postgresql_test_db/
- r.stderr.should be_empty
- r.exit_code.should == 0
- end
- ensure
- psql('--command="drop database postgresql_test_db" postgres')
- end
- end
-
- it 'should take a locale parameter' do
- pending('no support for locale parameter with centos 5', :if => (node.facts['osfamily'] == 'RedHat' and node.facts['lsbmajdistrelease'] == '5'))
- begin
- pp = <<-EOS
- class { 'postgresql::server': }
- if($::operatingsystem == 'Debian') {
- # Need to make sure the correct locale is installed first
- file { '/etc/locale.gen':
- content => "en_US ISO-8859-1\nen_NG UTF-8\n",
- }~>
- exec { '/usr/sbin/locale-gen':
- logoutput => true,
- refreshonly => true,
- }
- }
- postgresql::db { 'test1':
- user => 'test1',
- password => postgresql_password('test1', 'test1'),
- charset => 'UTF8',
- locale => 'en_NG',
- }
- EOS
-
- puppet_apply(pp) do |r|
- r.exit_code.should_not == 1
- end
-
- puppet_apply(pp) do |r|
- r.exit_code.should == 0
- end
-
- psql('-c "show lc_ctype" test1') do |r|
- r.stdout.should =~ /en_NG/
- end
-
- psql('-c "show lc_collate" test1') do |r|
- r.stdout.should =~ /en_NG/
- end
- ensure
- psql('--command="drop database test1" postgres')
- end
- end
-
- it 'should take an istemplate parameter' do
- begin
- pp = <<-EOS
- $db = 'template2'
- include postgresql::server
-
- postgresql::db { $db:
- user => $db,
- password => postgresql_password($db, $db),
- istemplate => true,
- }
- EOS
-
- puppet_apply(pp) do |r|
- r.exit_code.should_not == 1
- end
-
- puppet_apply(pp) do |r|
- r.exit_code.should == 0
- end
-
- psql('--command="select datname from pg_database" template2') do |r|
- r.stdout.should =~ /template2/
- r.stderr.should be_empty
- r.exit_code.should == 0
- end
- ensure
- psql('--command="drop database template2" postgres') do |r|
- r.stdout.should be_empty
- r.stderr.should =~ /cannot drop a template database/
- r.exit_code.should_not == 0
- end
- end
- end
-
- it 'should update istemplate parameter' do
- begin
- pp = <<-EOS
- $db = 'template2'
- include postgresql::server
-
- postgresql::db { $db:
- user => $db,
- password => postgresql_password($db, $db),
- istemplate => false,
- }
- EOS
-
- puppet_apply(pp) do |r|
- r.exit_code.should_not == 1
- end
-
- puppet_apply(pp) do |r|
- r.exit_code.should == 0
- end
-
- psql('--command="select datname from pg_database" template2') do |r|
- r.stdout.should =~ /template2/
- r.stderr.should be_empty
- r.exit_code.should == 0
- end
- ensure
- psql('--command="drop database template2" postgres') do |r|
- r.exit_code.should == 0
- end
- end
- end
- end
-
- describe 'postgresql::psql' do
- it 'should work but emit a deprecation warning' do
- pp = <<-EOS
- include postgresql::server
-
- postgresql::psql { 'foobar':
- db => 'postgres',
- user => 'postgres',
- command => 'select * from pg_database limit 1',
- unless => 'select 1 where 1=1',
- require => Class['postgresql::server'],
- }
- EOS
-
- puppet_apply(pp) do |r|
- r.exit_code.should_not == 1
- r.stdout.should =~ /postgresql::psql is deprecated/
- end
-
- puppet_apply(pp) do |r|
- r.exit_code.should == 2
- r.stdout.should =~ /postgresql::psql is deprecated/
- end
- end
- end
-
- describe 'postgresql_psql' do
- it 'should run some SQL when the unless query returns no rows' do
- pp = <<-EOS
- include postgresql::server
-
- postgresql_psql { 'foobar':
- db => 'postgres',
- psql_user => 'postgres',
- command => 'select 1',
- unless => 'select 1 where 1=2',
- require => Class['postgresql::server'],
- }
- EOS
-
- puppet_apply(pp) do |r|
- r.exit_code.should_not == 1
- end
-
- puppet_apply(pp) do |r|
- r.exit_code.should == 2
- end
- end
-
- it 'should not run SQL when the unless query returns rows' do
- pp = <<-EOS
- include postgresql::server
-
- postgresql_psql { 'foobar':
- db => 'postgres',
- psql_user => 'postgres',
- command => 'select * from pg_database limit 1',
- unless => 'select 1 where 1=1',
- require => Class['postgresql::server'],
- }
- EOS
-
- puppet_apply(pp) do |r|
- r.exit_code.should_not == 1
- end
-
- puppet_apply(pp) do |r|
- r.exit_code.should be_zero
- end
- end
- end
-
- describe 'postgresql::user' do
- it 'should idempotently create a user who can log in' do
- pp = <<-EOS
- $user = "postgresql_test_user"
- $password = "postgresql_test_password"
-
- include postgresql::server
-
- # Since we are not testing pg_hba or any of that, make a local user for ident auth
- user { $user:
- ensure => present,
- }
-
- postgresql::database_user { $user:
- password_hash => postgresql_password($user, $password),
- require => [ Class['postgresql::server'],
- User[$user] ],
- }
- EOS
-
- puppet_apply(pp) do |r|
- r.exit_code.should_not == 1
- end
-
- puppet_apply(pp) do |r|
- r.exit_code.should be_zero
- end
-
- # Check that the user can log in
- psql('--command="select datname from pg_database" postgres', 'postgresql_test_user') do |r|
- r.stdout.should =~ /template1/
- r.stderr.should be_empty
- r.exit_code.should == 0
- end
- end
-
- it 'should idempotently alter a user who can log in' do
- pp = <<-EOS
- $user = "postgresql_test_user"
- $password = "postgresql_test_password2"
-
- include postgresql::server
-
- # Since we are not testing pg_hba or any of that, make a local user for ident auth
- user { $user:
- ensure => present,
- }
-
- postgresql::database_user { $user:
- password_hash => postgresql_password($user, $password),
- require => [ Class['postgresql::server'],
- User[$user] ],
- }
- EOS
-
- puppet_apply(pp) do |r|
- r.exit_code.should_not == 1
- end
-
- puppet_apply(pp) do |r|
- r.exit_code.should be_zero
- end
-
- # Check that the user can log in
- psql('--command="select datname from pg_database" postgres', 'postgresql_test_user') do |r|
- r.stdout.should =~ /template1/
- r.stderr.should be_empty
- r.exit_code.should == 0
- end
- end
- end
-
- describe 'postgresql::database_grant' do
- it 'should grant access so a user can create in a database' do
- begin
- pp = <<-EOS
- $db = 'postgres'
- $user = 'psql_grant_tester'
- $password = 'psql_grant_pw'
-
- include postgresql::server
-
- # Since we are not testing pg_hba or any of that, make a local user for ident auth
- user { $user:
- ensure => present,
- }
-
- postgresql::database_user { $user:
- password_hash => postgresql_password($user, $password),
- require => [
- Class['postgresql::server'],
- User[$user],
- ],
- }
-
- postgresql::database { $db:
- require => Class['postgresql::server'],
- }
-
- postgresql::database_grant { 'grant create test':
- privilege => 'CREATE',
- db => $db,
- role => $user,
- require => [
- Postgresql::Database[$db],
- Postgresql::Database_user[$user],
- ],
- }
- EOS
-
- puppet_apply(pp) do |r|
- r.exit_code.should_not == 1
- end
-
- puppet_apply(pp) do |r|
- r.exit_code.should be_zero
- end
-
- # Check that the user can create a table in the database
- psql('--command="create table foo (foo int)" postgres', 'psql_grant_tester') do |r|
- r.stdout.should =~ /CREATE TABLE/
- r.stderr.should be_empty
- r.exit_code.should == 0
- end
- ensure
- psql('--command="drop table foo" postgres', 'psql_grant_tester')
- end
- end
- end
-
- describe 'postgresql::table_grant' do
- it 'should grant access so a user can insert in a table' do
- begin
- pp = <<-EOS
- $db = 'table_grant'
- $user = 'psql_table_tester'
- $password = 'psql_table_pw'
-
- include postgresql::server
-
- # Since we are not testing pg_hba or any of that, make a local user for ident auth
- user { $user:
- ensure => present,
- }
-
- postgresql::database_user { $user:
- password_hash => postgresql_password($user, $password),
- require => [
- Class['postgresql::server'],
- User[$user],
- ],
- }
-
- postgresql::database { $db:
- require => Class['postgresql::server'],
- }
-
- postgresql_psql { 'Create testing table':
- command => 'CREATE TABLE "test_table" (field integer NOT NULL)',
- db => $db,
- unless => "SELECT * FROM pg_tables WHERE tablename = 'test_table'",
- require => Postgresql::Database[$db],
- }
-
- postgresql::table_grant { 'grant insert test':
- privilege => 'INSERT',
- table => 'test_table',
- db => $db,
- role => $user,
- require => [
- Postgresql::Database[$db],
- Postgresql::Database_user[$user],
- Postgresql_psql['Create testing table'],
- ],
- }
- EOS
-
- puppet_apply(pp) do |r|
- r.exit_code.should_not == 1
- end
-
- puppet_apply(pp) do |r|
- r.exit_code.should be_zero
- end
-
- ## Check that the user can create a table in the database
- #psql('--command="create table foo (foo int)" postgres', 'psql_grant_tester') do |r|
- # r.stdout.should =~ /CREATE TABLE/
- # r.stderr.should be_empty
- # r.exit_code.should == 0
- #end
- ensure
- #psql('--command="drop table foo" postgres', 'psql_grant_tester')
- end
- end
- end
-
- describe 'postgresql::validate_db_connections' do
- it 'should run puppet with no changes declared if database connectivity works' do
- pp = <<-EOS
- $db = 'foo'
- include postgresql::server
-
- postgresql::db { $db:
- user => $db,
- password => postgresql_password($db, $db),
- }
- EOS
-
- puppet_apply(pp) do |r|
- r.exit_code.should_not == 1
- end
-
- puppet_apply(pp) do |r|
- r.exit_code.should be_zero
- end
-
- pp = <<-EOS
- postgresql::validate_db_connection { 'foo':
- database_host => 'localhost',
- database_name => 'foo',
- database_username => 'foo',
- database_password => 'foo',
- }
- EOS
-
- puppet_apply(pp) do |r|
- r.exit_code.should be_zero
- end
- end
-
- it 'should fail catalogue if database connectivity fails' do
- pp = <<-EOS
- postgresql::validate_db_connection { 'foobarbaz':
- database_host => 'localhost',
- database_name => 'foobarbaz',
- database_username => 'foobarbaz',
- database_password => 'foobarbaz',
- }
- EOS
-
- puppet_apply(pp) do |r|
- r.exit_code.should == 4
- end
- end
- end
-
- describe 'postgresql::tablespace' do
- it 'should idempotently create tablespaces and databases that are using them' do
- pp = <<-EOS
- include postgresql::server
-
- file { '/tmp/pg_tablespaces':
- ensure => 'directory',
- owner => 'postgres',
- group => 'postgres',
- mode => '0700',
- }~>
- # This works around rubies that lack Selinux support, I'm looking at you RHEL5
- exec { "chcon -u system_u -r object_r -t postgresql_db_t /tmp/pg_tablespaces":
- refreshonly => true,
- path => "/bin:/usr/bin",
- onlyif => "which chcon",
- before => File["/tmp/pg_tablespaces/space1", "/tmp/pg_tablespaces/space2"]
- }
-
- postgresql::tablespace{ 'tablespace1':
- location => '/tmp/pg_tablespaces/space1',
- require => [Class['postgresql::server'], File['/tmp/pg_tablespaces']],
- }
- postgresql::database{ 'tablespacedb1':
- charset => 'utf8',
- tablespace => 'tablespace1',
- require => Postgresql::Tablespace['tablespace1'],
- }
- postgresql::db{ 'tablespacedb2':
- user => 'dbuser2',
- password => postgresql_password('dbuser2', 'dbuser2'),
- tablespace => 'tablespace1',
- require => Postgresql::Tablespace['tablespace1'],
- }
-
- postgresql::database_user{ 'spcuser':
- password_hash => postgresql_password('spcuser', 'spcuser'),
- require => Class['postgresql::server'],
- }
- postgresql::tablespace{ 'tablespace2':
- location => '/tmp/pg_tablespaces/space2',
- owner => 'spcuser',
- require => [Postgresql::Database_user['spcuser'], File['/tmp/pg_tablespaces']],
- }
- postgresql::database{ 'tablespacedb3':
- charset => 'utf8',
- tablespace => 'tablespace2',
- require => Postgresql::Tablespace['tablespace2'],
- }
- EOS
-
- puppet_apply(pp) do |r|
- r.exit_code.should_not == 1
- end
-
- puppet_apply(pp) do |r|
- r.exit_code.should == 0
- end
-
- # Check that databases use correct tablespaces
- psql('--command="select ts.spcname from pg_database db, pg_tablespace ts where db.dattablespace = ts.oid and db.datname = \'"\'tablespacedb1\'"\'"') do |r|
- r.stdout.should =~ /tablespace1/
- r.stderr.should be_empty
- r.exit_code.should == 0
- end
-
- psql('--command="select ts.spcname from pg_database db, pg_tablespace ts where db.dattablespace = ts.oid and db.datname = \'"\'tablespacedb3\'"\'"') do |r|
- r.stdout.should =~ /tablespace2/
- r.stderr.should be_empty
- r.exit_code.should == 0
- end
- end
- end
-
- describe 'postgresql::pg_hba_rule' do
- it 'should create a ruleset in pg_hba.conf' do
- pp = <<-EOS
- include postgresql::server
- postgresql::pg_hba_rule { "allow application network to access app database":
- type => "host",
- database => "app",
- user => "app",
- address => "200.1.2.0/24",
- auth_method => md5,
- }
- EOS
-
- puppet_apply(pp) do |r|
- r.exit_code.should_not == 1
- end
-
- puppet_apply(pp) do |r|
- r.exit_code.should be_zero
- end
-
- shell("grep '200.1.2.0/24' /etc/postgresql/*/*/pg_hba.conf || grep '200.1.2.0/24' /var/lib/pgsql/data/pg_hba.conf") do |r|
- r.exit_code.should be_zero
- end
- end
-
- it 'should create a ruleset in pg_hba.conf that denies db access to db test1' do
- pp = <<-EOS
- include postgresql::server
- postgresql::db { "test1":
- user => "test1",
- password => postgresql_password('test1', 'test1'),
- grant => "all",
- }
- postgresql::pg_hba_rule { "allow anyone to have access to db test1":
- type => "local",
- database => "test1",
- user => "test1",
- auth_method => reject,
- order => '001',
- }
- user { "test1":
- shell => "/bin/bash",
- managehome => true,
- }
- EOS
- puppet_apply(pp) do |r|
- r.exit_code.should_not == 1
- end
-
- shell('su - test1 -c \'psql -U test1 -c "\q" test1\'') do |r|
- r.exit_code.should == 2
- end
- end
- end
-
- describe 'postgresql.conf include' do
- it "should support an 'include' directive at the end of postgresql.conf" do
- pending('no support for include directive with centos 5/postgresql 8.1', :if => (node.facts['osfamily'] == 'RedHat' and node.facts['lsbmajdistrelease'] == '5'))
- pp = <<-EOS
- class pg_test {
- class { 'postgresql::server': }
-
- $pg_conf_include_file = "${postgresql::params::confdir}/postgresql_puppet_extras.conf"
-
- file { $pg_conf_include_file :
- content => 'max_connections = 123',
- notify => Service['postgresqld'],
- }
- }
- class { 'pg_test': }
- EOS
-
- puppet_apply(pp) do |r|
- r.exit_code.should_not == 1
- end
-
- puppet_apply(pp) do |r|
- r.exit_code.should be_zero
- end
-
- psql('--command="show max_connections" -t') do |r|
- r.stdout.should =~ /123/
- r.stderr.should be_empty
- r.exit_code.should be_zero
- end
-
- pp = <<-EOS
- class cleanup {
- require postgresql::params
-
- $pg_conf_include_file = "${postgresql::params::confdir}/postgresql_puppet_extras.conf"
-
- file { $pg_conf_include_file :
- ensure => absent
- }
- }
- class { 'cleanup': }
- EOS
- puppet_apply(pp)
- end
- end
-end
+++ /dev/null
-require 'spec_helper_system'
-
-describe 'non defaults:' do
- before :all do
- puppet_apply(<<-EOS)
- if($::operatingsystem =~ /Debian|Ubuntu/) {
- # Need to make sure the correct utf8 locale is ready for our
- # non-standard tests
- file { '/etc/locale.gen':
- content => "en_US ISO-8859-1\nen_NG UTF-8\nen_US UTF-8\n",
- }~>
- exec { '/usr/sbin/locale-gen':
- logoutput => true,
- refreshonly => true,
- }
- }
- EOS
- end
-
- context 'test installing non-default version of postgresql' do
- after :each do
- # Cleanup
- psql('--command="drop database postgresql_test_db" postgres')
- pp = <<-EOS
- class { "postgresql":
- version => "9.2",
- manage_package_repo => true,
- }->
- class { 'postgresql::server':
- ensure => absent,
- service_status => 'service postgresql-9.2 status',
- }
- EOS
- puppet_apply(pp)
- end
-
- it 'perform installation and create a db' do
- pp = <<-EOS
- # Configure version and manage_package_repo globally, install postgres
- # and then try to install a new database.
- class { "postgresql":
- version => "9.2",
- manage_package_repo => true,
- charset => 'UTF8',
- locale => 'en_US.UTF-8',
- }->
- class { "postgresql::server": }->
- postgresql::db { "postgresql_test_db":
- user => "foo1",
- password => postgresql_password('foo1', 'foo1'),
- }->
- class { "postgresql::plperl": }
- EOS
-
- puppet_apply(pp) do |r|
- # Currently puppetlabs/apt shows deprecated messages
- #r.stderr.should be_empty
- [2,6].should include(r.exit_code)
- end
-
- puppet_apply(pp) do |r|
- # Currently puppetlabs/apt shows deprecated messages
- #r.stderr.should be_empty
- # It also returns a 4
- [0,4].should include(r.exit_code)
- end
-
- psql('postgresql_test_db --command="select datname from pg_database limit 1"')
- end
- end
-
- context 'override locale and charset' do
- it 'perform installation with different locale and charset' do
- puts node.facts.inspect
- pending('no support for locale parameter with centos 5', :if => (node.facts['osfamily'] == 'RedHat' and node.facts['lsbmajdistrelease'] == '5'))
- pending('no support for initdb with debian/ubuntu', :if => (node.facts['osfamily'] == 'Debian'))
-
- # TODO: skip for ubuntu and centos 5
- pp = <<-EOS
- # Set global locale and charset option, and try installing postgres
- class { 'postgresql':
- locale => 'en_NG',
- charset => 'UTF8',
- }->
- class { 'postgresql::server': }
- EOS
-
- puppet_apply(pp) do |r|
- # Currently puppetlabs/apt shows deprecated messages
- #r.stderr.should be_empty
- # It also returns a 6
- [2,6].should include(r.exit_code)
- end
-
- puppet_apply(pp) do |r|
- # Currently puppetlabs/apt shows deprecated messages
- #r.stderr.should be_empty
- # It also returns a 2
- [0,4].should include(r.exit_code)
- end
-
- # Remove db first, if it exists for some reason
- shell('su postgres -c "dropdb test1"')
- shell('su postgres -c "createdb test1"')
- shell('su postgres -c \'psql -c "show lc_ctype" test1\'') do |r|
- r.stdout.should =~ /en_NG/
- end
-
- shell('su postgres -c \'psql -c "show lc_collate" test1\'') do |r|
- r.stdout.should =~ /en_NG/
- end
- end
- end
-end
describe 'postgresql::client', :type => :class do
let :facts do
{
- :postgres_default_version => '8.4',
:osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
}
end
- it { should include_class("postgresql::client") }
+
+ describe 'with parameters' do
+ let :params do
+ {
+ :validcon_script_path => '/opt/bin/my-validate-con.sh',
+ :package_ensure => 'absent',
+ :package_name => 'mypackage',
+ :file_ensure => 'file'
+ }
+ end
+
+ it 'should modify package' do
+ is_expected.to contain_package("postgresql-client").with({
+ :ensure => 'absent',
+ :name => 'mypackage',
+ :tag => 'postgresql',
+ })
+ end
+
+ it 'should have specified validate connexion' do
+ should contain_file('/opt/bin/my-validate-con.sh').with({
+ :ensure => 'file',
+ :owner => 0,
+ :group => 0,
+ :mode => '0755'
+ })
+ end
+ end
+
+ describe 'with no parameters' do
+ it 'should create package with postgresql tag' do
+ is_expected.to contain_package('postgresql-client').with({
+ :tag => 'postgresql',
+ })
+ end
+ end
+
+ describe 'with client package name explicitly set undef' do
+ let :params do
+ {
+ :package_name => 'UNSET'
+ }
+ end
+ it 'should not manage postgresql-client package' do
+ is_expected.not_to contain_package('postgresql-client')
+ end
+ end
end
+++ /dev/null
-require 'spec_helper'
-
-describe 'postgresql::contrib', :type => :class do
- let :facts do
- {
- :postgres_default_version => '8.4',
- :osfamily => 'Debian',
- }
- end
- it { should include_class("postgresql::contrib") }
-end
+++ /dev/null
-require 'spec_helper'
-
-describe 'postgresql::devel', :type => :class do
- let :facts do
- {
- :postgres_default_version => '8.4',
- :osfamily => 'Debian',
- }
- end
- it { should include_class("postgresql::devel") }
-end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::globals', type: :class do
+ context 'on a debian 6' do
+ let (:facts) do
+ {
+ :os => {
+ :family => 'Debian',
+ :name => 'Debian',
+ :release => {
+ :full => '6.0'
+ }
+ },
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
+ :lsbdistid => 'Debian',
+ :lsbdistcodename => 'squeeze'
+ }
+ end
+
+ describe 'with no parameters' do
+ it 'should work' do
+ is_expected.to contain_class('postgresql::globals')
+ end
+ end
+
+ describe 'manage_package_repo => true' do
+ let(:params) do
+ {
+ manage_package_repo: true
+ }
+ end
+ it 'should pull in class postgresql::repo' do
+ is_expected.to contain_class('postgresql::repo')
+ end
+ end
+ end
+
+ context 'on redhat family systems' do
+ let (:facts) do
+ {
+ osfamily: 'RedHat',
+ operatingsystem: 'RedHat',
+ operatingsystemrelease: '7.1'
+ }
+ end
+ describe 'with no parameters' do
+ it 'should work' do
+ is_expected.to contain_class('postgresql::globals')
+ end
+ end
+
+ describe 'manage_package_repo on RHEL => true' do
+ let(:params) do
+ {
+ manage_package_repo: true,
+ repo_proxy: 'http://proxy-server:8080'
+ }
+ end
+
+ it 'should pull in class postgresql::repo' do
+ is_expected.to contain_class('postgresql::repo')
+ end
+
+ it do
+ should contain_yumrepo('yum.postgresql.org').with(
+ 'enabled' => '1',
+ 'proxy' => 'http://proxy-server:8080'
+ )
+ end
+ end
+
+ describe 'repo_baseurl on RHEL => mirror.localrepo.com' do
+ let(:params) do
+ {
+ manage_package_repo: true,
+ repo_baseurl: 'http://mirror.localrepo.com'
+ }
+ end
+
+ it 'should pull in class postgresql::repo' do
+ is_expected.to contain_class('postgresql::repo')
+ end
+
+ it do
+ should contain_yumrepo('yum.postgresql.org').with(
+ 'enabled' => '1',
+ 'baseurl' => 'http://mirror.localrepo.com'
+ )
+ end
+ end
+ end
+end
+++ /dev/null
-require 'spec_helper'
-
-describe 'postgresql', :type => :class do
- describe 'with supported os' do
- let :facts do
- {
- :postgres_default_version => '8.4',
- :osfamily => 'Debian',
- }
- end
- it { should include_class("postgresql") }
-
- context 'support override params' do
- let(:params) {{
- :version => '8.4',
- :manage_package_repo => true,
- :package_source => '',
- :locale => 'en_NG',
- :charset => 'UTF8',
- :datadir => '/srv/pgdata',
- :confdir => '/opt/pg/etc',
- :bindir => '/opt/pg/bin',
- :client_package_name => 'my-postgresql-client',
- :server_package_name => 'my-postgresql-server',
- :contrib_package_name => 'my-postgresql-contrib',
- :devel_package_name => 'my-postgresql-devel',
- :java_package_name => 'my-postgresql-java',
- :service_name => 'my-postgresql',
- :user => 'my-postgresql',
- :group => 'my-postgresql',
- :run_initdb => true,
- }}
-
- it { should include_class("postgresql") }
- it { should include_class("postgresql::params") }
- end
- end
-
- describe 'with unsupported os' do
- let :facts do
- {
- :postgres_default_version => '8.4',
- :osfamily => 'foo',
- }
- end
-
- context 'support override params' do
- let(:params) {{
- :version => '8.4',
- :package_source => '',
- :locale => 'en_NG',
- :charset => 'UTF8',
- :datadir => '/srv/pgdata',
- :confdir => '/opt/pg/etc',
- :bindir => '/opt/pg/bin',
- :client_package_name => 'my-postgresql-client',
- :server_package_name => 'my-postgresql-server',
- :contrib_package_name => 'my-postgresql-contrib',
- :devel_package_name => 'my-postgresql-devel',
- :java_package_name => 'my-postgresql-java',
- :service_name => 'my-postgresql',
- :user => 'my-postgresql',
- :group => 'my-postgresql',
- :run_initdb => true,
- }}
-
- it { should include_class("postgresql") }
- it { should include_class("postgresql::params") }
- end
- end
-end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::lib::devel', :type => :class do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
+ }
+ end
+ it { is_expected.to contain_class("postgresql::lib::devel") }
+
+ describe 'link pg_config to /usr/bin' do
+ it { should_not contain_file('/usr/bin/pg_config') \
+ .with_ensure('link') \
+ .with_target('/usr/lib/postgresql/8.4/bin/pg_config')
+ }
+ end
+
+ describe 'disable link_pg_config' do
+ let(:params) {{
+ :link_pg_config => false,
+ }}
+ it { should_not contain_file('/usr/bin/pg_config') }
+ end
+
+ describe 'should not link pg_config on RedHat with default version' do
+ let(:facts) {{
+ :osfamily => 'RedHat',
+ :operatingsystem => 'CentOS',
+ :operatingsystemrelease => '6.3',
+ :operatingsystemmajrelease => '6',
+ }}
+ it { should_not contain_file('/usr/bin/pg_config') }
+ end
+
+ describe 'link pg_config on RedHat with non-default version' do
+ let(:facts) {{
+ :osfamily => 'RedHat',
+ :operatingsystem => 'CentOS',
+ :operatingsystemrelease => '6.3',
+ :operatingsystemmajrelease => '6',
+ }}
+ let :pre_condition do
+ "class { '::postgresql::globals': version => '9.3' }"
+ end
+
+ it { should contain_file('/usr/bin/pg_config') \
+ .with_ensure('link') \
+ .with_target('/usr/pgsql-9.3/bin/pg_config')
+ }
+ end
+
+ describe 'on Gentoo' do
+ let :facts do
+ {
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ }
+ end
+ let :params do
+ {
+ :link_pg_config => false,
+ }
+ end
+
+ it 'should fail to compile' do
+ expect {
+ is_expected.to compile
+ }.to raise_error(/is not supported/)
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::lib::java', :type => :class do
+
+ describe 'on a debian based os' do
+ let :facts do {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
+ }
+ end
+ it { is_expected.to contain_package('postgresql-jdbc').with(
+ :name => 'libpg-java',
+ :ensure => 'present',
+ :tag => 'postgresql'
+ )}
+ end
+
+ describe 'on a redhat based os' do
+ let :facts do {
+ :osfamily => 'RedHat',
+ :operatingsystem => 'RedHat',
+ :operatingsystemrelease => '6.4',
+ }
+ end
+ it { is_expected.to contain_package('postgresql-jdbc').with(
+ :name => 'postgresql-jdbc',
+ :ensure => 'present',
+ :tag => 'postgresql'
+ )}
+ describe 'when parameters are supplied' do
+ let :params do
+ {:package_ensure => 'latest', :package_name => 'somepackage'}
+ end
+ it { is_expected.to contain_package('postgresql-jdbc').with(
+ :name => 'somepackage',
+ :ensure => 'latest',
+ :tag => 'postgresql'
+ )}
+ end
+ end
+
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::lib::perl', :type => :class do
+
+ describe 'on a redhat based os' do
+ let :facts do {
+ :osfamily => 'RedHat',
+ :operatingsystem => 'RedHat',
+ :operatingsystemrelease => '6.4',
+ }
+ end
+ it { is_expected.to contain_package('perl-DBD-Pg').with(
+ :name => 'perl-DBD-Pg',
+ :ensure => 'present'
+ )}
+ end
+
+ describe 'on a debian based os' do
+ let :facts do {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
+ }
+ end
+ it { is_expected.to contain_package('perl-DBD-Pg').with(
+ :name => 'libdbd-pg-perl',
+ :ensure => 'present'
+ )}
+ end
+
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::lib::docs', :type => :class do
+
+ describe 'on a redhat based os' do
+ let :facts do {
+ :osfamily => 'RedHat',
+ :operatingsystem => 'RedHat',
+ :operatingsystemrelease => '6.4',
+ }
+ end
+ it { is_expected.to contain_package('postgresql-docs').with(
+ :name => 'postgresql-docs',
+ :ensure => 'present',
+ :tag => 'postgresql'
+ )}
+ describe 'when parameters are supplied' do
+ let :params do
+ {:package_ensure => 'latest', :package_name => 'somepackage'}
+ end
+ it { is_expected.to contain_package('postgresql-docs').with(
+ :name => 'somepackage',
+ :ensure => 'latest',
+ :tag => 'postgresql'
+ )}
+ end
+ end
+
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::lib::python', :type => :class do
+
+ describe 'on a redhat based os' do
+ let :facts do {
+ :osfamily => 'RedHat',
+ :operatingsystem => 'RedHat',
+ :operatingsystemrelease => '6.4',
+ }
+ end
+ it { is_expected.to contain_package('python-psycopg2').with(
+ :name => 'python-psycopg2',
+ :ensure => 'present'
+ )}
+ end
+
+ describe 'on a debian based os' do
+ let :facts do {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
+ }
+ end
+ it { is_expected.to contain_package('python-psycopg2').with(
+ :name => 'python-psycopg2',
+ :ensure => 'present'
+ )}
+ end
+
+end
describe 'postgresql::params', :type => :class do
let :facts do
{
- :postgres_default_version => '8.4',
:osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
}
end
- it { should include_class("postgresql::params") }
+ it { is_expected.to contain_class("postgresql::params") }
end
+++ /dev/null
-require 'spec_helper'
-
-describe 'postgresql::java', :type => :class do
-
- describe 'on a debian based os' do
- let :facts do {
- :osfamily => 'Debian',
- :postgres_default_version => 'foo',
- }
- end
- it { should contain_package('postgresql-jdbc').with(
- :name => 'libpostgresql-jdbc-java',
- :ensure => 'present'
- )}
- end
-
- describe 'on a redhat based os' do
- let :facts do {
- :osfamily => 'RedHat',
- :postgres_default_version => 'foo',
- }
- end
- it { should contain_package('postgresql-jdbc').with(
- :name => 'postgresql-jdbc',
- :ensure => 'present'
- )}
- describe 'when parameters are supplied' do
- let :params do
- {:package_ensure => 'latest', :package_name => 'somepackage'}
- end
- it { should contain_package('postgresql-jdbc').with(
- :name => 'somepackage',
- :ensure => 'latest'
- )}
- end
- end
-
- describe 'on any other os' do
- let :facts do {
- :osfamily => 'foo',
- :postgres_default_version => 'foo',
- }
- end
-
- it 'should fail without all the necessary parameters' do
- expect { subject }.to raise_error(/Module postgresql does not provide defaults for osfamily: foo/)
- end
- end
-
-end
+++ /dev/null
-require 'spec_helper'
-
-describe 'postgresql::python', :type => :class do
-
- describe 'on a redhat based os' do
- let :facts do {
- :osfamily => 'RedHat',
- :postgres_default_version => 'foo',
- }
- end
- it { should contain_package('python-psycopg2').with(
- :name => 'python-psycopg2',
- :ensure => 'present'
- )}
- end
-
- describe 'on a debian based os' do
- let :facts do {
- :osfamily => 'Debian',
- :postgres_default_version => 'foo',
- }
- end
- it { should contain_package('python-psycopg2').with(
- :name => 'python-psycopg2',
- :ensure => 'present'
- )}
- end
-
- describe 'on any other os' do
- let :facts do {
- :osfamily => 'foo',
- :postgres_default_version => 'foo',
- }
- end
-
- it 'should fail without all the necessary parameters' do
- expect { subject }.to raise_error(/Module postgresql does not provide defaults for osfamily: foo/)
- end
- end
-
- describe 'on any other os without all the necessary parameters' do
- let :facts do {
- :osfamily => 'foo',
- :postgres_default_version => 'foo',
- }
- end
-
- it 'should fail' do
- expect { subject }.to raise_error(/Module postgresql does not provide defaults for osfamily: foo/)
- end
- end
-
-end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::repo', :type => :class do
+ let :facts do
+ {
+ :os => {
+ :name => 'Debian',
+ :family => 'Debian',
+ :release => {
+ :full => '6.0'
+ }
+ },
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
+ :lsbdistid => 'Debian',
+ :lsbdistcodename => 'squeeze',
+ }
+ end
+
+ describe 'with no parameters' do
+ it 'should instantiate apt_postgresql_org class' do
+ is_expected.to contain_class('postgresql::repo::apt_postgresql_org')
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::server::config', :type => :class do
+ let (:pre_condition) do
+ "include postgresql::server"
+ end
+
+ describe 'on RedHat 7' do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystem => 'CentOS',
+ :operatingsystemrelease => '7.0',
+ :concat_basedir => tmpfilename('server'),
+ :kernel => 'Linux',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :selinux => true,
+ }
+ end
+ it 'should have the correct systemd-override file' do
+ is_expected.to contain_file('systemd-override').with ({
+ :ensure => 'present',
+ :path => '/etc/systemd/system/postgresql.service',
+ :owner => 'root',
+ :group => 'root',
+ })
+ is_expected.to contain_file('systemd-override') \
+ .with_content(/.include \/usr\/lib\/systemd\/system\/postgresql.service/)
+ end
+
+ describe 'with manage_package_repo => true and a version' do
+ let (:pre_condition) do
+ <<-EOS
+ class { 'postgresql::globals':
+ manage_package_repo => true,
+ version => '9.4',
+ }->
+ class { 'postgresql::server': }
+ EOS
+ end
+
+ it 'should have the correct systemd-override file' do
+ is_expected.to contain_file('systemd-override').with ({
+ :ensure => 'present',
+ :path => '/etc/systemd/system/postgresql-9.4.service',
+ :owner => 'root',
+ :group => 'root',
+ })
+ is_expected.to contain_file('systemd-override') \
+ .with_content(/.include \/usr\/lib\/systemd\/system\/postgresql-9.4.service/)
+ end
+ end
+ end
+
+ describe 'on Fedora 21' do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystem => 'Fedora',
+ :operatingsystemrelease => '21',
+ :concat_basedir => tmpfilename('server'),
+ :kernel => 'Linux',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :selinux => true,
+ }
+ end
+ it 'should have the correct systemd-override file' do
+ is_expected.to contain_file('systemd-override').with ({
+ :ensure => 'present',
+ :path => '/etc/systemd/system/postgresql.service',
+ :owner => 'root',
+ :group => 'root',
+ })
+ is_expected.to contain_file('systemd-override') \
+ .with_content(/.include \/lib\/systemd\/system\/postgresql.service/)
+ end
+
+ describe 'with manage_package_repo => true and a version' do
+ let (:pre_condition) do
+ <<-EOS
+ class { 'postgresql::globals':
+ manage_package_repo => true,
+ version => '9.4',
+ }->
+ class { 'postgresql::server': }
+ EOS
+ end
+
+ it 'should have the correct systemd-override file' do
+ is_expected.to contain_file('systemd-override').with ({
+ :ensure => 'present',
+ :path => '/etc/systemd/system/postgresql-9.4.service',
+ :owner => 'root',
+ :group => 'root',
+ })
+ is_expected.to contain_file('systemd-override') \
+ .with_content(/.include \/lib\/systemd\/system\/postgresql-9.4.service/)
+ end
+ end
+ end
+
+ describe 'on Gentoo' do
+ let (:pre_condition) do
+ <<-EOS
+ class { 'postgresql::globals':
+ version => '9.5',
+ }->
+ class { 'postgresql::server': }
+ EOS
+ end
+ let :facts do
+ {
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :operatingsystemrelease => 'unused',
+ :concat_basedir => tmpfilename('server'),
+ :kernel => 'Linux',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :selinux => false,
+ }
+ end
+ it 'should have the correct systemd-override file' do
+ is_expected.to contain_file('systemd-override').with ({
+ :ensure => 'present',
+ :path => '/etc/systemd/system/postgresql-9.5.service',
+ :owner => 'root',
+ :group => 'root',
+ })
+ is_expected.to contain_file('systemd-override') \
+ .with_content(/.include \/usr\/lib64\/systemd\/system\/postgresql-9.5.service/)
+ end
+ end
+
+ describe 'with managed pg_hba_conf and ipv4acls' do
+ let (:pre_condition) do
+ <<-EOS
+ class { 'postgresql::globals':
+ version => '9.5',
+ }->
+ class { 'postgresql::server':
+ manage_pg_hba_conf => true,
+ ipv4acls => [
+ 'hostnossl all all 0.0.0.0/0 reject',
+ 'hostssl all all 0.0.0.0/0 md5'
+ ]
+ }
+ EOS
+ end
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystem => 'CentOS',
+ :operatingsystemrelease => '7.0',
+ :concat_basedir => tmpfilename('server'),
+ :kernel => 'Linux',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :selinux => true,
+ }
+ end
+ it 'should have hba rule default' do
+ is_expected.to contain_postgresql__server__pg_hba_rule('local access as postgres user')
+ end
+ it 'should have hba rule ipv4acls' do
+ is_expected.to contain_postgresql__server__pg_hba_rule('postgresql class generated rule ipv4acls 0')
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::server::contrib', :type => :class do
+ let :pre_condition do
+ "class { 'postgresql::server': }"
+ end
+
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
+ :kernel => 'Linux',
+ :concat_basedir => tmpfilename('contrib'),
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ }
+ end
+
+ describe 'with parameters' do
+ let(:params) do
+ {
+ :package_name => 'mypackage',
+ :package_ensure => 'absent',
+ }
+ end
+
+ it 'should create package with correct params' do
+ is_expected.to contain_package('postgresql-contrib').with({
+ :ensure => 'absent',
+ :name => 'mypackage',
+ :tag => 'postgresql',
+ })
+ end
+ end
+
+ describe 'with no parameters' do
+ it 'should create package with postgresql tag' do
+ is_expected.to contain_package('postgresql-contrib').with({
+ :tag => 'postgresql',
+ })
+ end
+ end
+
+ describe 'on Gentoo' do
+ let :facts do
+ {
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ }
+ end
+
+ it 'should fail to compile' do
+ expect {
+ is_expected.to compile
+ }.to raise_error(/is not supported/)
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::server::initdb', :type => :class do
+ let (:pre_condition) do
+ "include postgresql::server"
+ end
+ describe 'on RedHat' do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystem => 'CentOS',
+ :operatingsystemrelease => '6.0',
+ :concat_basedir => tmpfilename('server'),
+ :kernel => 'Linux',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :selinux => true,
+ }
+ end
+ it { is_expected.to contain_file('/var/lib/pgsql/data').with_ensure('directory') }
+ end
+ describe 'on Amazon' do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystem => 'Amazon',
+ :operatingsystemrelease => '1.0',
+ :concat_basedir => tmpfilename('server'),
+ :kernel => 'Linux',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :selinux => true,
+ }
+ end
+ it { is_expected.to contain_file('/var/lib/pgsql92/data').with_ensure('directory') }
+ end
+
+ describe 'exec with module_workdir => /var/tmp' do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystem => 'CentOS',
+ :operatingsystemrelease => '6.0',
+ :concat_basedir => tmpfilename('server'),
+ :kernel => 'Linux',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :selinux => true,
+ }
+ end
+ let (:pre_condition) do
+ <<-EOS
+ class { 'postgresql::globals':
+ module_workdir => '/var/tmp',
+ }->
+ class { 'postgresql::server': }
+ EOS
+ end
+
+ it 'should contain exec with specified working directory' do
+ is_expected.to contain_exec('postgresql_initdb').with ({
+ :cwd => '/var/tmp',
+ })
+ end
+ end
+
+ describe 'exec with module_workdir => undef' do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystem => 'CentOS',
+ :operatingsystemrelease => '6.0',
+ :concat_basedir => tmpfilename('server'),
+ :kernel => 'Linux',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :selinux => true,
+ }
+ end
+ let (:pre_condition) do
+ <<-EOS
+ class { 'postgresql::globals':
+ }->
+ class { 'postgresql::server': }
+ EOS
+ end
+
+ it 'should contain exec with default working directory' do
+ is_expected.to contain_exec('postgresql_initdb').with ({
+ :cwd => '/tmp',
+ })
+ end
+ end
+
+
+ describe 'postgresql_psql with module_workdir => /var/tmp' do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystem => 'CentOS',
+ :operatingsystemrelease => '6.0',
+ :concat_basedir => tmpfilename('server'),
+ :kernel => 'Linux',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :selinux => true,
+ }
+ end
+
+ let (:pre_condition) do
+ <<-EOS
+ class { 'postgresql::globals':
+ module_workdir => '/var/tmp',
+ encoding => 'test',
+ needs_initdb => false,
+ }->
+ class { 'postgresql::server': }
+ EOS
+ end
+ it 'should contain postgresql_psql with specified working directory' do
+ is_expected.to contain_postgresql_psql('Set template1 encoding to test').with({
+ :cwd => '/var/tmp',
+ })
+ end
+ end
+end
+
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::server::plperl', :type => :class do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
+ :kernel => 'Linux',
+ :concat_basedir => tmpfilename('plperl'),
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ }
+ end
+
+ let :pre_condition do
+ "class { 'postgresql::server': }"
+ end
+
+ describe 'with no parameters' do
+ it { is_expected.to contain_class("postgresql::server::plperl") }
+ it 'should create package' do
+ is_expected.to contain_package('postgresql-plperl').with({
+ :ensure => 'present',
+ :tag => 'postgresql',
+ })
+ end
+ end
+
+ describe 'with parameters' do
+ let :params do
+ {
+ :package_ensure => 'absent',
+ :package_name => 'mypackage',
+ }
+ end
+
+ it { is_expected.to contain_class("postgresql::server::plperl") }
+ it 'should create package with correct params' do
+ is_expected.to contain_package('postgresql-plperl').with({
+ :ensure => 'absent',
+ :name => 'mypackage',
+ :tag => 'postgresql',
+ })
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::server::plpython', :type => :class do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystem => 'CentOS',
+ :operatingsystemrelease => '6.0',
+ :concat_basedir => tmpfilename('plpython'),
+ :kernel => 'Linux',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :selinux => true,
+ }
+ end
+
+ let :pre_condition do
+ "class { 'postgresql::server': }"
+ end
+
+ describe 'on RedHat with no parameters' do
+ it { is_expected.to contain_class("postgresql::server::plpython") }
+ it 'should create package' do
+ is_expected.to contain_package('postgresql-plpython').with({
+ :ensure => 'present',
+ :tag => 'postgresql',
+ })
+ end
+ end
+
+ describe 'with parameters' do
+ let :params do
+ {
+ :package_ensure => 'absent',
+ :package_name => 'mypackage',
+ }
+ end
+
+ it { is_expected.to contain_class("postgresql::server::plpython") }
+ it 'should create package with correct params' do
+ is_expected.to contain_package('postgresql-plpython').with({
+ :ensure => 'absent',
+ :name => 'mypackage',
+ :tag => 'postgresql',
+ })
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::server::postgis', :type => :class do
+ let :pre_condition do
+ "class { 'postgresql::server': }"
+ end
+
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
+ :kernel => 'Linux',
+ :concat_basedir => tmpfilename('postgis'),
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ }
+ end
+
+ describe 'with parameters' do
+ let(:params) do
+ {
+ :package_name => 'mypackage',
+ :package_ensure => 'absent',
+ }
+ end
+
+ it 'should create package with correct params' do
+ is_expected.to contain_package('postgresql-postgis').with({
+ :ensure => 'absent',
+ :name => 'mypackage',
+ :tag => 'postgresql',
+ })
+ end
+ end
+
+ describe 'with no parameters' do
+ it 'should create package with postgresql tag' do
+ is_expected.to contain_package('postgresql-postgis').with({
+ :tag => 'postgresql',
+ })
+ end
+ end
+end
describe 'postgresql::server', :type => :class do
let :facts do
{
- :postgres_default_version => '8.4',
+ :os => {
+ :family => 'Debian',
+ :name => 'Debian',
+ :release => {
+ :full => '6.0'
+ }
+ },
:osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :lsbdistid => 'Debian',
+ :lsbdistcodename => 'jessie',
+ :operatingsystemrelease => '8.0',
:concat_basedir => tmpfilename('server'),
+ :kernel => 'Linux',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
}
end
- it { should include_class("postgresql::server") }
+
+ describe 'with no parameters' do
+ it { is_expected.to contain_class("postgresql::params") }
+ it { is_expected.to contain_class("postgresql::server") }
+ it { is_expected.to contain_exec('postgresql_reload').with({
+ 'command' => 'service postgresql reload',
+ })
+ }
+ it 'should validate connection' do
+ is_expected.to contain_postgresql_conn_validator('validate_service_is_running')
+ end
+ end
+
+ describe 'service_ensure => running' do
+ let(:params) do
+ {
+ :service_ensure => 'running',
+ :postgres_password => 'new-p@s$word-to-set'
+ }
+ end
+ it { is_expected.to contain_class("postgresql::params") }
+ it { is_expected.to contain_class("postgresql::server") }
+ it { is_expected.to contain_class("postgresql::server::passwd") }
+ it 'should validate connection' do
+ is_expected.to contain_postgresql_conn_validator('validate_service_is_running')
+ end
+ it 'should set postgres password' do
+ is_expected.to contain_exec('set_postgres_postgrespw').with({
+ 'command' => '/usr/bin/psql -c "ALTER ROLE \"postgres\" PASSWORD ${NEWPASSWD_ESCAPED}"',
+ 'user' => 'postgres',
+ 'environment' => [
+ "PGPASSWORD=new-p@s$word-to-set",
+ "PGPORT=5432",
+ "NEWPASSWD_ESCAPED=$$new-p@s$word-to-set$$"
+ ],
+ 'unless' => "/usr/bin/psql -h localhost -p 5432 -c 'select 1' > /dev/null",
+ })
+ end
+ end
+
+ describe 'service_ensure => stopped' do
+ let(:params) {{ :service_ensure => 'stopped' }}
+ it { is_expected.to contain_class("postgresql::params") }
+ it { is_expected.to contain_class("postgresql::server") }
+ it 'shouldnt validate connection' do
+ is_expected.not_to contain_postgresql_conn_validator('validate_service_is_running')
+ end
+ end
+
+ describe 'service_restart_on_change => false' do
+ let(:params) {{ :service_restart_on_change => false }}
+ it { is_expected.to contain_class("postgresql::params") }
+ it { is_expected.to contain_class("postgresql::server") }
+ it { is_expected.to_not contain_Postgresql_conf('data_directory').that_notifies('Class[postgresql::server::service]')
+ }
+ it 'should validate connection' do
+ is_expected.to contain_postgresql_conn_validator('validate_service_is_running')
+ end
+ end
+
+ describe 'service_restart_on_change => true' do
+ let(:params) {{ :service_restart_on_change => true }}
+ it { is_expected.to contain_class("postgresql::params") }
+ it { is_expected.to contain_class("postgresql::server") }
+ it { is_expected.to contain_Postgresql_conf('data_directory').that_notifies('Class[postgresql::server::service]')
+ }
+ it 'should validate connection' do
+ is_expected.to contain_postgresql_conn_validator('validate_service_is_running')
+ end
+ end
+
+ describe 'service_reload => /bin/true' do
+ let(:params) {{ :service_reload => '/bin/true' }}
+ it { is_expected.to contain_class("postgresql::params") }
+ it { is_expected.to contain_class("postgresql::server") }
+ it { is_expected.to contain_exec('postgresql_reload').with({
+ 'command' => '/bin/true',
+ })
+ }
+ it 'should validate connection' do
+ is_expected.to contain_postgresql_conn_validator('validate_service_is_running')
+ end
+ end
+
+ describe 'service_manage => true' do
+ let(:params) {{ :service_manage => true }}
+ it { is_expected.to contain_service('postgresqld') }
+ end
+
+ describe 'service_manage => false' do
+ let(:params) {{ :service_manage => false }}
+ it { is_expected.not_to contain_service('postgresqld') }
+ it 'shouldnt validate connection' do
+ is_expected.not_to contain_postgresql_conn_validator('validate_service_is_running')
+ end
+ end
+
+ describe 'package_ensure => absent' do
+ let(:params) do
+ {
+ :package_ensure => 'absent',
+ }
+ end
+
+ it 'should remove the package' do
+ is_expected.to contain_package('postgresql-server').with({
+ :ensure => 'purged',
+ })
+ end
+
+ it 'should still enable the service' do
+ is_expected.to contain_service('postgresqld').with({
+ :ensure => 'running',
+ })
+ end
+ end
+
+ describe 'needs_initdb => true' do
+ let(:params) do
+ {
+ :needs_initdb => true,
+ }
+ end
+
+ it 'should contain proper initdb exec' do
+ is_expected.to contain_exec('postgresql_initdb')
+ end
+ end
+
+ describe 'postgresql_version' do
+ let(:pre_condition) do
+ <<-EOS
+ class { 'postgresql::globals':
+ manage_package_repo => true,
+ version => '99.5',
+ before => Class['postgresql::server'],
+ }
+ EOS
+ end
+ it 'contains the correct package version' do
+ is_expected.to contain_class('postgresql::repo').with_version('99.5')
+ end
+ end
end
+++ /dev/null
-require 'spec_helper'
-
-describe 'postgresql::database_grant', :type => :define do
- let :facts do
- {
- :postgres_default_version => '8.4',
- :osfamily => 'Debian',
- }
- end
- let :title do
- 'test'
- end
- let :params do
- {
- :privilege => 'ALL',
- :db => 'test',
- :role => 'test',
- }
- end
- it { should include_class("postgresql::params") }
-end
+++ /dev/null
-require 'spec_helper'
-
-describe 'postgresql::database', :type => :define do
- let :facts do
- {
- :postgres_default_version => '8.4',
- :osfamily => 'Debian',
- }
- end
- let :title do
- 'test'
- end
- it { should include_class("postgresql::params") }
-end
+++ /dev/null
-require 'spec_helper'
-
-describe 'postgresql::database_user', :type => :define do
- let :facts do
- {
- :postgres_default_version => '8.4',
- :osfamily => 'Debian',
- }
- end
- let :title do
- 'test'
- end
- let :params do
- {
- :password_hash => 'test',
- }
- end
- it { should include_class("postgresql::params") }
-end
+++ /dev/null
-require 'spec_helper'
-
-describe 'postgresql::db', :type => :define do
- let :facts do
- {
- :postgres_default_version => '8.4',
- :osfamily => 'Debian',
- }
- end
- let :title do
- 'test'
- end
- let :params do
- {
- :user => 'test',
- :password => 'test',
- }
- end
- it { should include_class("postgresql::params") }
-end
+++ /dev/null
-require 'spec_helper'
-
-describe 'postgresql::pg_hba_rule', :type => :define do
- let :facts do
- {
- :postgres_default_version => '8.4',
- :osfamily => 'Debian',
- :concat_basedir => tmpfilename('pg_hba'),
- }
- end
- let :title do
- 'test'
- end
- let :target do
- tmpfilename('pg_hba_rule')
- end
-
- context 'test template 1' do
- let :params do
- {
- :type => 'host',
- :database => 'all',
- :user => 'all',
- :address => '1.1.1.1/24',
- :auth_method => 'md5',
- :target => target,
- }
- end
- it do
- content = param('concat::fragment', 'pg_hba_rule_test', 'content')
- content.should =~ /host\s+all\s+all\s+1\.1\.1\.1\/24\s+md5/
- end
- end
-
- context 'test template 2' do
- let :params do
- {
- :type => 'local',
- :database => 'all',
- :user => 'all',
- :auth_method => 'ident',
- :target => target,
- }
- end
- it do
- content = param('concat::fragment', 'pg_hba_rule_test', 'content')
- content.should =~ /local\s+all\s+all\s+ident/
- end
- end
-
- context 'test template 3' do
- let :params do
- {
- :type => 'host',
- :database => 'all',
- :user => 'all',
- :address => '0.0.0.0/0',
- :auth_method => 'ldap',
- :auth_option => 'foo=bar',
- :target => target,
- }
- end
- it do
- content = param('concat::fragment', 'pg_hba_rule_test', 'content')
- content.should =~ /host\s+all\s+all\s+0\.0\.0\.0\/0\s+ldap\s+foo=bar/
- end
- end
-
- context 'validation' do
- context 'validate type test 1' do
- let :params do
- {
- :type => 'invalid',
- :database => 'all',
- :user => 'all',
- :address => '0.0.0.0/0',
- :auth_method => 'ldap',
- :target => target,
- }
- end
- it 'should fail parsing when type is not valid' do
- expect {subject}.to raise_error(Puppet::Error,
- /The type you specified \[invalid\] must be one of/)
- end
- end
-
- context 'validate auth_method' do
- let :params do
- {
- :type => 'local',
- :database => 'all',
- :user => 'all',
- :address => '0.0.0.0/0',
- :auth_method => 'invalid',
- :target => target,
- }
- end
- it 'should fail parsing when auth_method is not valid' do
- expect {subject}.to raise_error(Puppet::Error,
- /The auth_method you specified \[invalid\] must be one of/)
- end
- end
- end
-end
+++ /dev/null
-require 'spec_helper'
-
-describe 'postgresql::pg_hba', :type => :define do
- let :facts do
- {
- :postgres_default_version => '8.4',
- :osfamily => 'Debian',
- :concat_basedir => tmpfilename('pg_hba'),
- }
- end
- let :title do
- 'test'
- end
- let :params do
- {
- :target => tmpfilename('pg_hba_target'),
- }
- end
- it { should include_class("postgresql::params") }
-end
+++ /dev/null
-require 'spec_helper'
-
-describe 'postgresql::psql', :type => :define do
- let :facts do
- {
- :postgres_default_version => '8.4',
- :osfamily => 'Debian',
- }
- end
- let :title do
- 'test'
- end
- let :params do
- {
- :db => 'test',
- :unless => 'test',
- }
- end
- it { should include_class("postgresql::params") }
-end
+++ /dev/null
-require 'spec_helper'
-
-describe 'postgresql::role', :type => :define do
- let :facts do
- {
- :postgres_default_version => '8.4',
- :osfamily => 'Debian',
- }
- end
- let :title do
- 'test'
- end
- it { should include_class("postgresql::params") }
-end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::server::config_entry', :type => :define do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystem => 'RedHat',
+ :operatingsystemrelease => '6.4',
+ :kernel => 'Linux',
+ :concat_basedir => tmpfilename('contrib'),
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :selinux => true,
+ }
+ end
+
+ let(:title) { 'config_entry'}
+
+ let :target do
+ tmpfilename('postgresql_conf')
+ end
+
+ let :pre_condition do
+ "class {'postgresql::server':}"
+ end
+
+ context "syntax check" do
+ let(:params) { { :ensure => 'present'} }
+ it { is_expected.to contain_postgresql__server__config_entry('config_entry') }
+ end
+
+ context 'ports' do
+ context 'redhat 6' do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystem => 'RedHat',
+ :operatingsystemrelease => '6.4',
+ :kernel => 'Linux',
+ :concat_basedir => tmpfilename('contrib'),
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :selinux => true,
+ }
+ end
+ let(:params) {{ :ensure => 'present', :name => 'port_spec', :value => '5432' }}
+
+ it 'stops postgresql and changes the port' do
+ is_expected.to contain_exec('postgresql_stop_port')
+ is_expected.to contain_augeas('override PGPORT in /etc/sysconfig/pgsql/postgresql')
+ end
+ end
+ context 'redhat 7' do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystem => 'RedHat',
+ :operatingsystemrelease => '7.0',
+ :kernel => 'Linux',
+ :concat_basedir => tmpfilename('contrib'),
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :selinux => true,
+ }
+ end
+ let(:params) {{ :ensure => 'present', :name => 'port_spec', :value => '5432' }}
+
+ it 'stops postgresql and changes the port' do
+ is_expected.to contain_file('systemd-override')
+ is_expected.to contain_exec('restart-systemd')
+ end
+ end
+ context 'fedora 19' do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystem => 'Fedora',
+ :operatingsystemrelease => '19',
+ :kernel => 'Linux',
+ :concat_basedir => tmpfilename('contrib'),
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :selinux => true,
+ }
+ end
+ let(:params) {{ :ensure => 'present', :name => 'port_spec', :value => '5432' }}
+
+ it 'stops postgresql and changes the port' do
+ is_expected.to contain_file('systemd-override')
+ is_expected.to contain_exec('restart-systemd')
+ end
+ end
+ end
+
+ context "data_directory" do
+ let(:params) {{ :ensure => 'present', :name => 'data_directory_spec', :value => '/var/pgsql' }}
+
+ it 'stops postgresql and changes the data directory' do
+ is_expected.to contain_exec('postgresql_data_directory')
+ is_expected.to contain_augeas('override PGDATA in /etc/sysconfig/pgsql/postgresql')
+ end
+ end
+
+ context "passes values through appropriately" do
+ let(:params) {{ :ensure => 'present', :name => 'check_function_bodies', :value => 'off' }}
+
+ it 'with no quotes' do
+ is_expected.to contain_postgresql_conf('check_function_bodies').with({
+ :name => 'check_function_bodies',
+ :value => 'off' })
+ end
+ end
+
+ context 'unix_socket_directories' do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystem => 'RedHat',
+ :operatingsystemrelease => '7.0',
+ :kernel => 'Linux',
+ :concat_basedir => tmpfilename('contrib'),
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :selinux => true,
+ }
+ end
+ let(:params) {{ :ensure => 'present', :name => 'unix_socket_directories', :value => '/var/pgsql, /opt/postgresql, /root/' }}
+
+ it 'should restart the server and change unix_socket_directories to the provided list' do
+ is_expected.to contain_postgresql_conf('unix_socket_directories')
+ .with({ :name => 'unix_socket_directories',
+ :value => '/var/pgsql, /opt/postgresql, /root/'})
+ .that_notifies('Class[postgresql::server::service]')
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::server::database_grant', :type => :define do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
+ :kernel => 'Linux',
+ :concat_basedir => tmpfilename('contrib'),
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ }
+ end
+
+ let :title do
+ 'test'
+ end
+
+ let :params do
+ {
+ :privilege => 'ALL',
+ :db => 'test',
+ :role => 'test',
+ }
+ end
+
+ let :pre_condition do
+ "class {'postgresql::server':}"
+ end
+
+ it { is_expected.to contain_postgresql__server__database_grant('test') }
+ it { is_expected.to contain_postgresql__server__grant('database:test') }
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::server::database', :type => :define do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
+ :kernel => 'Linux',
+ :concat_basedir => tmpfilename('contrib'),
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ }
+ end
+ let :title do
+ 'test'
+ end
+
+ let :pre_condition do
+ "class {'postgresql::server':}"
+ end
+
+ it { is_expected.to contain_postgresql__server__database('test') }
+ it { is_expected.to contain_postgresql_psql('CREATE DATABASE "test"') }
+
+ context "with comment set to 'test comment'" do
+ let (:params) {{ :comment => 'test comment' }}
+
+ it { is_expected.to contain_postgresql_psql("COMMENT ON DATABASE \"test\" IS 'test comment'").with_connect_settings( {} ) }
+ end
+
+ context "with specific db connection settings - default port" do
+ let :pre_condition do
+ "class {'postgresql::server':}"
+ end
+
+ let (:params) {{ :connect_settings => { 'PGHOST' => 'postgres-db-server',
+ 'DBVERSION' => '9.1', }}}
+
+ it { is_expected.to contain_postgresql_psql('CREATE DATABASE "test"').with_connect_settings( { 'PGHOST' => 'postgres-db-server','DBVERSION' => '9.1' } ).with_port( 5432 ) }
+ end
+
+ context "with specific db connection settings - including port" do
+ let :pre_condition do
+ "class {'postgresql::globals':}
+
+ class {'postgresql::server':}"
+ end
+
+ let (:params) {{ :connect_settings => { 'PGHOST' => 'postgres-db-server',
+ 'DBVERSION' => '9.1',
+ 'PGPORT' => '1234' }}}
+
+ it { is_expected.to contain_postgresql_psql('CREATE DATABASE "test"').with_connect_settings( { 'PGHOST' => 'postgres-db-server','DBVERSION' => '9.1','PGPORT' => '1234' } ).with_port( nil ) }
+
+ end
+
+ context "with global db connection settings - including port" do
+ let :pre_condition do
+ "class {'postgresql::globals':
+ default_connect_settings => { 'PGHOST' => 'postgres-db-server',
+ 'DBVERSION' => '9.2',
+ 'PGPORT' => '1234' }
+ }
+
+ class {'postgresql::server':}"
+ end
+
+ it { is_expected.to contain_postgresql_psql('CREATE DATABASE "test"').with_connect_settings( { 'PGHOST' => 'postgres-db-server','DBVERSION' => '9.2','PGPORT' => '1234' } ).with_port( nil ) }
+
+ end
+
+ context "with different owner" do
+ let (:params) {{ :owner => 'test_owner' }}
+
+ it { is_expected.to contain_postgresql_psql('ALTER DATABASE "test" OWNER TO "test_owner"') }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::server::db', :type => :define do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
+ :kernel => 'Linux',
+ :concat_basedir => tmpfilename('contrib'),
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ }
+ end
+
+ let :title do
+ 'test'
+ end
+
+ context 'without dbname param' do
+
+ let :params do
+ {
+ :user => 'test',
+ :password => 'test',
+ :owner => 'tester',
+ }
+ end
+
+ let :pre_condition do
+ "class {'postgresql::server':}"
+ end
+
+ it { is_expected.to contain_postgresql__server__db('test') }
+ it { is_expected.to contain_postgresql__server__database('test').with_owner('tester') }
+ it { is_expected.to contain_postgresql__server__role('test').that_comes_before('Postgresql::Server::Database[test]') }
+ it { is_expected.to contain_postgresql__server__database_grant('GRANT test - ALL - test') }
+
+ end
+
+ context 'dbname' do
+
+ let :params do
+ {
+ :dbname => 'testtest',
+ :user => 'test',
+ :password => 'test',
+ :owner => 'tester',
+ }
+ end
+
+ let :pre_condition do
+ "class {'postgresql::server':}"
+ end
+
+ it { is_expected.to contain_postgresql__server__database('testtest') }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::server::extension', :type => :define do
+ let :pre_condition do
+ "class { 'postgresql::server': }
+ postgresql::server::database { 'template_postgis':
+ template => 'template1',
+ }"
+ end
+
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
+ :kernel => 'Linux',
+ :concat_basedir => tmpfilename('postgis'),
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ }
+ end
+
+ let (:title) { 'postgis' }
+ let (:params) { {
+ :database => 'template_postgis',
+ } }
+
+ context "with mandatory arguments only" do
+ it {
+ is_expected.to contain_postgresql_psql('Add postgis extension to template_postgis').with({
+ :db => 'template_postgis',
+ :command => 'CREATE EXTENSION "postgis"',
+ :unless => "SELECT t.count FROM (SELECT count(extname) FROM pg_extension WHERE extname = 'postgis') as t WHERE t.count = 1",
+ }).that_requires('Postgresql::Server::Database[template_postgis]')
+ }
+ end
+
+ context "when setting package name" do
+ let (:params) { super().merge({
+ :package_name => 'postgis',
+ }) }
+
+ it {
+ is_expected.to contain_package('postgis').with({
+ :ensure => 'present',
+ :name => 'postgis',
+ }).that_comes_before('Postgresql_psql[Add postgis extension to template_postgis]')
+ }
+ end
+
+ context "when ensuring absence" do
+ let (:params) { super().merge({
+ :ensure => 'absent',
+ :package_name => 'postgis',
+ }) }
+
+ it {
+ is_expected.to contain_postgresql_psql('Add postgis extension to template_postgis').with({
+ :db => 'template_postgis',
+ :command => 'DROP EXTENSION "postgis"',
+ :unless => "SELECT t.count FROM (SELECT count(extname) FROM pg_extension WHERE extname = 'postgis') as t WHERE t.count != 1",
+ }).that_requires('Postgresql::Server::Database[template_postgis]')
+ }
+
+ it {
+ is_expected.to contain_package('postgis').with({
+ :ensure => 'absent',
+ :name => 'postgis',
+ })
+ }
+
+ context "when keeping package installed" do
+ let (:params) { super().merge({
+ :package_ensure => 'present',
+ }) }
+
+ it {
+ is_expected.to contain_postgresql_psql('Add postgis extension to template_postgis').with({
+ :db => 'template_postgis',
+ :command => 'DROP EXTENSION "postgis"',
+ :unless => "SELECT t.count FROM (SELECT count(extname) FROM pg_extension WHERE extname = 'postgis') as t WHERE t.count != 1",
+ }).that_requires('Postgresql::Server::Database[template_postgis]')
+ }
+
+ it {
+ is_expected.to contain_package('postgis').with({
+ :ensure => 'present',
+ :name => 'postgis',
+ }).that_requires('Postgresql_psql[Add postgis extension to template_postgis]')
+ }
+ end
+ end
+end
+
+describe 'postgresql::server::extension', :type => :define do
+ let :pre_condition do
+ "class { 'postgresql::server': }
+ postgresql::server::database { 'template_postgis2':
+ template => 'template1',
+ }"
+ end
+
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
+ :kernel => 'Linux',
+ :concat_basedir => tmpfilename('postgis'),
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ }
+ end
+
+ let (:title) { 'postgis_db2' }
+ let (:params) { {
+ :database => 'template_postgis2',
+ :extension => 'postgis',
+ } }
+
+ context "with mandatory arguments only" do
+ it {
+ is_expected.to contain_postgresql_psql('Add postgis extension to template_postgis2').with({
+ :db => 'template_postgis2',
+ :command => 'CREATE EXTENSION "postgis"',
+ :unless => "SELECT t.count FROM (SELECT count(extname) FROM pg_extension WHERE extname = 'postgis') as t WHERE t.count = 1",
+ }).that_requires('Postgresql::Server::Database[template_postgis2]')
+ }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::server::grant_role', :type => :define do
+ let :pre_condition do
+ "class { 'postgresql::server': }"
+ end
+
+ let :facts do
+ {:osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
+ :kernel => 'Linux', :concat_basedir => tmpfilename('postgis'),
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ }
+ end
+
+ let (:title) { 'test' }
+
+ let (:params) { {
+ :group => 'my_group',
+ :role => 'my_role',
+ } }
+
+ context "with mandatory arguments only" do
+ it {
+ is_expected.to contain_postgresql_psql("grant_role:#{title}").with({
+ :command => "GRANT \"#{params[:group]}\" TO \"#{params[:role]}\"",
+ :unless => "SELECT 1 WHERE EXISTS (SELECT 1 FROM pg_roles AS r_role JOIN pg_auth_members AS am ON r_role.oid = am.member JOIN pg_roles AS r_group ON r_group.oid = am.roleid WHERE r_group.rolname = '#{params[:group]}' AND r_role.rolname = '#{params[:role]}') = true",
+ }).that_requires('Class[postgresql::server]')
+ }
+ end
+
+ context "with db arguments" do
+ let (:params) { super().merge({
+ :psql_db => 'postgres',
+ :psql_user => 'postgres',
+ :port => '5432',
+ }) }
+
+ it {
+ is_expected.to contain_postgresql_psql("grant_role:#{title}").with({
+ :command => "GRANT \"#{params[:group]}\" TO \"#{params[:role]}\"",
+ :unless => "SELECT 1 WHERE EXISTS (SELECT 1 FROM pg_roles AS r_role JOIN pg_auth_members AS am ON r_role.oid = am.member JOIN pg_roles AS r_group ON r_group.oid = am.roleid WHERE r_group.rolname = '#{params[:group]}' AND r_role.rolname = '#{params[:role]}') = true",
+ :db => params[:psql_db],
+ :psql_user => params[:psql_user],
+ :port => params[:port],
+ }).that_requires('Class[postgresql::server]')
+ }
+ end
+
+ context "with ensure => absent" do
+ let (:params) { super().merge({
+ :ensure => 'absent',
+ }) }
+
+ it {
+ is_expected.to contain_postgresql_psql("grant_role:#{title}").with({
+ :command => "REVOKE \"#{params[:group]}\" FROM \"#{params[:role]}\"",
+ :unless => "SELECT 1 WHERE EXISTS (SELECT 1 FROM pg_roles AS r_role JOIN pg_auth_members AS am ON r_role.oid = am.member JOIN pg_roles AS r_group ON r_group.oid = am.roleid WHERE r_group.rolname = '#{params[:group]}' AND r_role.rolname = '#{params[:role]}') != true",
+ }).that_requires('Class[postgresql::server]')
+ }
+ end
+
+ context "with user defined" do
+ let :pre_condition do
+ "class { 'postgresql::server': }
+postgresql::server::role { '#{params[:role]}': }"
+ end
+
+ it {
+ is_expected.to contain_postgresql_psql("grant_role:#{title}").that_requires("Postgresql::Server::Role[#{params[:role]}]")
+ }
+ it {
+ is_expected.not_to contain_postgresql_psql("grant_role:#{title}").that_requires("Postgresql::Server::Role[#{params[:group]}]")
+ }
+ end
+
+ context "with group defined" do
+ let :pre_condition do
+ "class { 'postgresql::server': }
+postgresql::server::role { '#{params[:group]}': }"
+ end
+
+ it {
+ is_expected.to contain_postgresql_psql("grant_role:#{title}").that_requires("Postgresql::Server::Role[#{params[:group]}]")
+ }
+ it {
+ is_expected.not_to contain_postgresql_psql("grant_role:#{title}").that_requires("Postgresql::Server::Role[#{params[:role]}]")
+ }
+ end
+
+ context "with connect_settings" do
+ let (:params) { super().merge({
+ :connect_settings => { 'PGHOST' => 'postgres-db-server' },
+ }) }
+
+ it {
+ is_expected.to contain_postgresql_psql("grant_role:#{title}").with_connect_settings( { 'PGHOST' => 'postgres-db-server' } )
+ }
+ it {
+ is_expected.not_to contain_postgresql_psql("grant_role:#{title}").that_requires('Class[postgresql::server]')
+ }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::server::grant', :type => :define do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
+ :kernel => 'Linux',
+ :concat_basedir => tmpfilename('contrib'),
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ }
+ end
+
+ let :title do
+ 'test'
+ end
+
+ context 'plain' do
+ let :params do
+ {
+ :db => 'test',
+ :role => 'test',
+ }
+ end
+
+ let :pre_condition do
+ "class {'postgresql::server':}"
+ end
+
+ it { is_expected.to contain_postgresql__server__grant('test') }
+ end
+
+ context 'sequence' do
+ let :params do
+ {
+ :db => 'test',
+ :role => 'test',
+ :privilege => 'usage',
+ :object_type => 'sequence',
+ }
+ end
+
+ let :pre_condition do
+ "class {'postgresql::server':}"
+ end
+
+ it { is_expected.to contain_postgresql__server__grant('test') }
+ it { is_expected.to contain_postgresql_psql('grant:test').with(
+ {
+ 'command' => /GRANT USAGE ON SEQUENCE "test" TO\s* "test"/m,
+ 'unless' => /SELECT 1 WHERE has_sequence_privilege\('test',\s* 'test', 'USAGE'\)/m,
+ }
+ ) }
+ end
+
+ context 'all sequences' do
+ let :params do
+ {
+ :db => 'test',
+ :role => 'test',
+ :privilege => 'usage',
+ :object_type => 'all sequences in schema',
+ :object_name => 'public',
+ }
+ end
+
+ let :pre_condition do
+ "class {'postgresql::server':}"
+ end
+
+ it { is_expected.to contain_postgresql__server__grant('test') }
+ it { is_expected.to contain_postgresql_psql('grant:test').with(
+ {
+ 'command' => /GRANT USAGE ON ALL SEQUENCES IN SCHEMA "public" TO\s* "test"/m,
+ 'unless' => /SELECT 1 FROM \(\s*SELECT sequence_name\s* FROM information_schema\.sequences\s* WHERE sequence_schema='public'\s* EXCEPT DISTINCT\s* SELECT object_name as sequence_name\s* FROM .* WHERE .*grantee='test'\s* AND object_schema='public'\s* AND privilege_type='USAGE'\s*\) P\s* HAVING count\(P\.sequence_name\) = 0/m,
+ }
+ ) }
+ end
+
+ context "with specific db connection settings - default port" do
+ let :params do
+ {
+ :db => 'test',
+ :role => 'test',
+ :connect_settings => { 'PGHOST' => 'postgres-db-server',
+ 'DBVERSION' => '9.1', },
+ }
+ end
+
+ let :pre_condition do
+ "class {'postgresql::server':}"
+ end
+
+ it { is_expected.to contain_postgresql__server__grant('test') }
+ it { is_expected.to contain_postgresql_psql("grant:test").with_connect_settings( { 'PGHOST' => 'postgres-db-server','DBVERSION' => '9.1' } ).with_port( 5432 ) }
+ end
+
+ context "with specific db connection settings - including port" do
+ let :params do
+ {
+ :db => 'test',
+ :role => 'test',
+ :connect_settings => { 'PGHOST' => 'postgres-db-server',
+ 'DBVERSION' => '9.1',
+ 'PGPORT' => '1234', },
+ }
+ end
+
+ let :pre_condition do
+ "class {'postgresql::server':}"
+ end
+
+ it { is_expected.to contain_postgresql__server__grant('test') }
+ it { is_expected.to contain_postgresql_psql("grant:test").with_connect_settings( { 'PGHOST' => 'postgres-db-server','DBVERSION' => '9.1','PGPORT' => '1234' } ) }
+ end
+
+ context "with specific db connection settings - port overriden by explicit parameter" do
+ let :params do
+ {
+ :db => 'test',
+ :role => 'test',
+ :connect_settings => { 'PGHOST' => 'postgres-db-server',
+ 'DBVERSION' => '9.1',
+ 'PGPORT' => '1234', },
+ :port => 5678,
+ }
+ end
+
+ let :pre_condition do
+ "class {'postgresql::server':}"
+ end
+
+ it { is_expected.to contain_postgresql__server__grant('test') }
+ it { is_expected.to contain_postgresql_psql("grant:test").with_connect_settings( { 'PGHOST' => 'postgres-db-server','DBVERSION' => '9.1','PGPORT' => '1234' } ).with_port( '5678' ) }
+ end
+
+ context 'invalid objectype' do
+ let :params do
+ {
+ :db => 'test',
+ :role => 'test',
+ :privilege => 'usage',
+ :object_type => 'invalid',
+ }
+ end
+
+ let :pre_condition do
+ "class {'postgresql::server':}"
+ end
+
+ it { is_expected.to compile.and_raise_error(/"INVALID" does not match/) }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::server::pg_hba_rule', :type => :define do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
+ :kernel => 'Linux',
+ :concat_basedir => tmpfilename('pg_hba'),
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ }
+ end
+ let :title do
+ 'test'
+ end
+ let :target do
+ tmpfilename('pg_hba_rule')
+ end
+
+ context 'test template 1' do
+ let :pre_condition do
+ <<-EOS
+ class { 'postgresql::server': }
+ EOS
+ end
+
+ let :params do
+ {
+ :type => 'host',
+ :database => 'all',
+ :user => 'all',
+ :address => '1.1.1.1/24',
+ :auth_method => 'md5',
+ :target => target,
+ }
+ end
+ it do
+ is_expected.to contain_concat__fragment('pg_hba_rule_test').with({
+ :content => /host\s+all\s+all\s+1\.1\.1\.1\/24\s+md5/
+ })
+ end
+ end
+
+ context 'test template 2' do
+ let :pre_condition do
+ <<-EOS
+ class { 'postgresql::server': }
+ EOS
+ end
+
+ let :params do
+ {
+ :type => 'local',
+ :database => 'all',
+ :user => 'all',
+ :auth_method => 'ident',
+ :target => target,
+ }
+ end
+ it do
+ is_expected.to contain_concat__fragment('pg_hba_rule_test').with({
+ :content => /local\s+all\s+all\s+ident/
+ })
+ end
+ end
+
+ context 'test template 3' do
+ let :pre_condition do
+ <<-EOS
+ class { 'postgresql::server': }
+ EOS
+ end
+
+ let :params do
+ {
+ :type => 'host',
+ :database => 'all',
+ :user => 'all',
+ :address => '0.0.0.0/0',
+ :auth_method => 'ldap',
+ :auth_option => 'foo=bar',
+ :target => target,
+ }
+ end
+ it do
+ is_expected.to contain_concat__fragment('pg_hba_rule_test').with({
+ :content => /host\s+all\s+all\s+0\.0\.0\.0\/0\s+ldap\s+foo=bar/
+ })
+ end
+ end
+
+ context 'validation' do
+ context 'validate supported auth_method' do
+ let :pre_condition do
+ <<-EOS
+ class { 'postgresql::globals':
+ version => '9.2',
+ }
+ class { 'postgresql::server': }
+ EOS
+ end
+
+ let :params do
+ {
+ :type => 'local',
+ :database => 'all',
+ :user => 'all',
+ :address => '0.0.0.0/0',
+ :auth_method => 'peer',
+ :target => target,
+ }
+ end
+
+ it do
+ is_expected.to contain_concat__fragment('pg_hba_rule_test').with(
+ {
+ :content => /local\s+all\s+all\s+0\.0\.0\.0\/0\s+peer/
+ }
+ )
+ end
+ end
+
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::server::pg_ident_rule', :type => :define do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
+ :kernel => 'Linux',
+ :concat_basedir => tmpfilename('pg_ident'),
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ }
+ end
+ let :title do
+ 'test'
+ end
+ let :target do
+ tmpfilename('pg_ident_rule')
+ end
+
+ context 'managing pg_ident' do
+ let :pre_condition do
+ <<-EOS
+ class { 'postgresql::globals':
+ manage_pg_ident_conf => true,
+ }
+ class { 'postgresql::server': }
+ EOS
+ end
+
+ let :params do
+ {
+ :map_name => 'thatsmymap',
+ :system_username => 'systemuser',
+ :database_username => 'dbuser',
+ }
+ end
+ it do
+ is_expected.to contain_concat__fragment('pg_ident_rule_test').with({
+ :content => /thatsmymap\s+systemuser\s+dbuser/
+ })
+ end
+ end
+ context 'not managing pg_ident' do
+ let :pre_condition do
+ <<-EOS
+ class { 'postgresql::globals':
+ manage_pg_ident_conf => false,
+ }
+ class { 'postgresql::server': }
+ EOS
+ end
+ let :params do
+ {
+ :map_name => 'thatsmymap',
+ :system_username => 'systemuser',
+ :database_username => 'dbuser',
+ }
+ end
+ it 'should fail because $manage_pg_ident_conf is false' do
+ expect { catalogue }.to raise_error(Puppet::Error,
+ /postgresql::server::manage_pg_ident_conf has been disabled/)
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::server::reassign_owned_by', :type => :define do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
+ :kernel => 'Linux',
+ :concat_basedir => tmpfilename('reassign_owned_by'),
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ }
+ end
+
+ let :title do
+ 'test'
+ end
+
+ let :params do
+ {
+ :db => 'test',
+ :old_role => 'test_old_role',
+ :new_role => 'test_new_role',
+ }
+ end
+
+ let :pre_condition do
+ <<-EOS
+ class {'postgresql::server':}
+ postgresql::server::role{ ['test_old_role','test_new_role']: }
+ EOS
+ end
+
+ it { is_expected.to contain_postgresql__server__reassign_owned_by('test') }
+
+ it {
+ is_expected.to contain_postgresql_psql('reassign_owned_by:test:REASSIGN OWNED BY "test_old_role" TO "test_new_role"').with({
+ 'command' => "REASSIGN OWNED BY \"test_old_role\" TO \"test_new_role\"",
+ 'onlyif' => /SELECT tablename FROM pg_catalog.pg_tables WHERE\s*schemaname NOT IN \('pg_catalog', 'information_schema'\) AND\s*tableowner = 'test_old_role'.*/m,
+ }).that_requires('Class[postgresql::server]')
+ }
+
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::server::recovery', :type => :define do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
+ :kernel => 'Linux',
+ :concat_basedir => tmpfilename('recovery'),
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ }
+ end
+ let :title do
+ 'test'
+ end
+ let :target do
+ tmpfilename('recovery')
+ end
+
+ context 'managing recovery' do
+ let :pre_condition do
+ <<-EOS
+ class { 'postgresql::globals':
+ manage_recovery_conf => true,
+ }
+ class { 'postgresql::server': }
+ EOS
+ end
+
+ let :params do
+ {
+ :restore_command => 'restore_command',
+ :recovery_target_timeline => 'recovery_target_timeline',
+ }
+ end
+ it do
+ is_expected.to contain_concat__fragment('recovery.conf').with({
+ :content => /restore_command = 'restore_command'[\n]+recovery_target_timeline = 'recovery_target_timeline'/
+ })
+ end
+ end
+ context 'not managing recovery' do
+ let :pre_condition do
+ <<-EOS
+ class { 'postgresql::globals':
+ manage_recovery_conf => false,
+ }
+ class { 'postgresql::server': }
+ EOS
+ end
+ let :params do
+ {
+ :restore_command => '',
+ }
+ end
+ it 'should fail because $manage_recovery_conf is false' do
+ expect { catalogue }.to raise_error(Puppet::Error,
+ /postgresql::server::manage_recovery_conf has been disabled/)
+ end
+ end
+ context 'not managing recovery, missing param' do
+ let :pre_condition do
+ <<-EOS
+ class { 'postgresql::globals':
+ manage_recovery_conf => true,
+ }
+ class { 'postgresql::server': }
+ EOS
+ end
+ it 'should fail because no param set' do
+ expect { catalogue }.to raise_error(Puppet::Error,
+ /postgresql::server::recovery use this resource but do not pass a parameter will avoid creating the recovery.conf, because it makes no sense./)
+ end
+ end
+
+ context 'managing recovery with all params' do
+ let :pre_condition do
+ <<-EOS
+ class { 'postgresql::globals':
+ manage_recovery_conf => true,
+ }
+ class { 'postgresql::server': }
+ EOS
+ end
+
+ let :params do
+ {
+ :restore_command => 'restore_command',
+ :archive_cleanup_command => 'archive_cleanup_command',
+ :recovery_end_command => 'recovery_end_command',
+ :recovery_target_name => 'recovery_target_name',
+ :recovery_target_time => 'recovery_target_time',
+ :recovery_target_xid => 'recovery_target_xid',
+ :recovery_target_inclusive => true,
+ :recovery_target => 'recovery_target',
+ :recovery_target_timeline => 'recovery_target_timeline',
+ :pause_at_recovery_target => true,
+ :standby_mode => 'on',
+ :primary_conninfo => 'primary_conninfo',
+ :primary_slot_name => 'primary_slot_name',
+ :trigger_file => 'trigger_file',
+ :recovery_min_apply_delay => 0,
+ }
+ end
+ it do
+ is_expected.to contain_concat__fragment('recovery.conf').with({
+ :content => /restore_command = 'restore_command'[\n]+archive_cleanup_command = 'archive_cleanup_command'[\n]+recovery_end_command = 'recovery_end_command'[\n]+recovery_target_name = 'recovery_target_name'[\n]+recovery_target_time = 'recovery_target_time'[\n]+recovery_target_xid = 'recovery_target_xid'[\n]+recovery_target_inclusive = true[\n]+recovery_target = 'recovery_target'[\n]+recovery_target_timeline = 'recovery_target_timeline'[\n]+pause_at_recovery_target = true[\n]+standby_mode = on[\n]+primary_conninfo = 'primary_conninfo'[\n]+primary_slot_name = 'primary_slot_name'[\n]+trigger_file = 'trigger_file'[\n]+recovery_min_apply_delay = 0[\n]+/
+ })
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::server::role', :type => :define do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
+ :kernel => 'Linux',
+ :concat_basedir => tmpfilename('contrib'),
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ }
+ end
+
+ let :title do
+ 'test'
+ end
+
+ let :params do
+ {
+ :password_hash => 'new-pa$s',
+ }
+ end
+
+ let :pre_condition do
+ "class {'postgresql::server':}"
+ end
+
+ it { is_expected.to contain_postgresql__server__role('test') }
+ it 'should have create role for "test" user with password as ****' do
+ is_expected.to contain_postgresql_psql('CREATE ROLE test ENCRYPTED PASSWORD ****').with({
+ 'command' => "CREATE ROLE \"test\" ENCRYPTED PASSWORD '$NEWPGPASSWD' LOGIN NOCREATEROLE NOCREATEDB NOSUPERUSER CONNECTION LIMIT -1",
+ 'environment' => "NEWPGPASSWD=new-pa$s",
+ 'unless' => "SELECT 1 FROM pg_roles WHERE rolname = 'test'",
+ 'port' => "5432",
+ })
+ end
+ it 'should have alter role for "test" user with password as ****' do
+ is_expected.to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****').with({
+ 'command' => "ALTER ROLE \"test\" ENCRYPTED PASSWORD '$NEWPGPASSWD'",
+ 'environment' => "NEWPGPASSWD=new-pa$s",
+ 'unless' => "SELECT 1 FROM pg_shadow WHERE usename = 'test' AND passwd = 'md5b6f7fcbbabb4befde4588a26c1cfd2fa'",
+ 'port' => "5432",
+ })
+ end
+
+ context "with specific db connection settings - default port" do
+ let :params do
+ {
+ :password_hash => 'new-pa$s',
+ :connect_settings => { 'PGHOST' => 'postgres-db-server',
+ 'DBVERSION' => '9.1',
+ 'PGUSER' => 'login-user',
+ 'PGPASSWORD' => 'login-pass' },
+ }
+ end
+
+ let :pre_condition do
+ "class {'postgresql::server':}"
+ end
+
+ it { is_expected.to contain_postgresql__server__role('test') }
+ it 'should have create role for "test" user with password as ****' do
+ is_expected.to contain_postgresql_psql('CREATE ROLE test ENCRYPTED PASSWORD ****').with({
+ 'command' => "CREATE ROLE \"test\" ENCRYPTED PASSWORD '$NEWPGPASSWD' LOGIN NOCREATEROLE NOCREATEDB NOSUPERUSER CONNECTION LIMIT -1",
+ 'environment' => "NEWPGPASSWD=new-pa$s",
+ 'unless' => "SELECT 1 FROM pg_roles WHERE rolname = 'test'",
+ 'port' => "5432",
+
+ 'connect_settings' => { 'PGHOST' => 'postgres-db-server',
+ 'DBVERSION' => '9.1',
+ 'PGUSER' => 'login-user',
+ 'PGPASSWORD' => 'login-pass' },
+ })
+ end
+ it 'should have alter role for "test" user with password as ****' do
+ is_expected.to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****').with({
+ 'command' => "ALTER ROLE \"test\" ENCRYPTED PASSWORD '$NEWPGPASSWD'",
+ 'environment' => "NEWPGPASSWD=new-pa$s",
+ 'unless' => "SELECT 1 FROM pg_shadow WHERE usename = 'test' AND passwd = 'md5b6f7fcbbabb4befde4588a26c1cfd2fa'",
+ 'port' => "5432",
+
+ 'connect_settings' => { 'PGHOST' => 'postgres-db-server',
+ 'DBVERSION' => '9.1',
+ 'PGUSER' => 'login-user',
+ 'PGPASSWORD' => 'login-pass' },
+ })
+ end
+ end
+
+ context "with specific db connection settings - including port" do
+ let :params do
+ {
+ :password_hash => 'new-pa$s',
+ :connect_settings => { 'PGHOST' => 'postgres-db-server',
+ 'DBVERSION' => '9.1',
+ 'PGPORT' => '1234',
+ 'PGUSER' => 'login-user',
+ 'PGPASSWORD' => 'login-pass' },
+ }
+ end
+
+ let :pre_condition do
+ "class {'postgresql::server':}"
+ end
+
+ it { is_expected.to contain_postgresql__server__role('test') }
+ it 'should have create role for "test" user with password as ****' do
+ is_expected.to contain_postgresql_psql('CREATE ROLE test ENCRYPTED PASSWORD ****').with({
+ 'command' => "CREATE ROLE \"test\" ENCRYPTED PASSWORD '$NEWPGPASSWD' LOGIN NOCREATEROLE NOCREATEDB NOSUPERUSER CONNECTION LIMIT -1",
+ 'environment' => "NEWPGPASSWD=new-pa$s",
+ 'unless' => "SELECT 1 FROM pg_roles WHERE rolname = 'test'",
+ 'connect_settings' => { 'PGHOST' => 'postgres-db-server',
+ 'DBVERSION' => '9.1',
+ 'PGPORT' => '1234',
+ 'PGUSER' => 'login-user',
+ 'PGPASSWORD' => 'login-pass' },
+ })
+ end
+ it 'should have alter role for "test" user with password as ****' do
+ is_expected.to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****').with({
+ 'command' => "ALTER ROLE \"test\" ENCRYPTED PASSWORD '$NEWPGPASSWD'",
+ 'environment' => "NEWPGPASSWD=new-pa$s",
+ 'unless' => "SELECT 1 FROM pg_shadow WHERE usename = 'test' AND passwd = 'md5b6f7fcbbabb4befde4588a26c1cfd2fa'",
+ 'connect_settings' => { 'PGHOST' => 'postgres-db-server',
+ 'DBVERSION' => '9.1',
+ 'PGPORT' => '1234',
+ 'PGUSER' => 'login-user',
+ 'PGPASSWORD' => 'login-pass' },
+ })
+ end
+ end
+
+ context 'with update_password set to false' do
+ let :params do
+ {
+ :password_hash => 'new-pa$s',
+ :update_password => false,
+ }
+ end
+
+ let :pre_condition do
+ "class {'postgresql::server':}"
+ end
+
+ it 'should not have alter role for "test" user with password as **** if update_password is false' do
+ is_expected.not_to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****')
+ end
+ end
+
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::server::schema', :type => :define do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
+ :kernel => 'Linux',
+ :concat_basedir => tmpfilename('schema'),
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ }
+ end
+
+ let :title do
+ 'test'
+ end
+
+ let :params do
+ {
+ :owner => 'jane',
+ :db => 'janedb',
+ }
+ end
+
+ let :pre_condition do
+ "class {'postgresql::server':}"
+ end
+
+ it { should contain_postgresql__server__schema('test') }
+
+ context "with different owner" do
+ let :params do
+ {
+ :owner => 'nate',
+ :db => 'natedb',
+ }
+ end
+
+ it { is_expected.to contain_postgresql_psql('natedb: ALTER SCHEMA "test" OWNER TO "nate"') }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::server::table_grant', :type => :define do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
+ :kernel => 'Linux',
+ :concat_basedir => tmpfilename('table_grant'),
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ }
+ end
+
+ let :title do
+ 'test'
+ end
+
+ let :params do
+ {
+ :privilege => 'ALL',
+ :db => 'test',
+ :role => 'test',
+ :table => 'foo',
+ }
+ end
+
+ let :pre_condition do
+ "class {'postgresql::server':}"
+ end
+
+ it { is_expected.to contain_postgresql__server__table_grant('test') }
+ it { is_expected.to contain_postgresql__server__grant('table:test') }
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql::server::tablespace', :type => :define do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
+ :kernel => 'Linux',
+ :concat_basedir => tmpfilename('tablespace'),
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ }
+ end
+
+ let :title do
+ 'test'
+ end
+
+ let :params do
+ {
+ :location => '/srv/data/foo',
+ }
+ end
+
+ let :pre_condition do
+ "class {'postgresql::server':}"
+ end
+
+ it { is_expected.to contain_postgresql__server__tablespace('test') }
+
+ context "with different owner" do
+ let :params do
+ {
+ :location => '/srv/data/foo',
+ :owner => 'test_owner',
+ }
+ end
+
+ it { is_expected.to contain_postgresql_psql('ALTER TABLESPACE "test" OWNER TO "test_owner"') }
+ end
+end
+++ /dev/null
-require 'spec_helper'
-
-describe 'postgresql::tablespace', :type => :define do
- let :facts do
- {
- :postgres_default_version => '8.4',
- :osfamily => 'Debian',
- }
- end
- let :title do
- 'test'
- end
- let :params do
- {
- :location => '/srv/data/foo',
- }
- end
- it { should include_class("postgresql::params") }
-end
describe 'postgresql::validate_db_connection', :type => :define do
let :facts do
{
- :postgres_default_version => '8.4',
:osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6.0',
}
end
+
let :title do
'test'
end
- let :params do
- {
- :database_host => 'test',
- :database_name => 'test',
- :database_password => 'test',
- :database_username => 'test',
- }
+
+ describe 'should work with only default parameters' do
+ it { is_expected.to contain_postgresql__validate_db_connection('test') }
+ end
+
+ describe 'should work with all parameters' do
+ let :params do
+ {
+ :database_host => 'test',
+ :database_name => 'test',
+ :database_password => 'test',
+ :database_username => 'test',
+ :database_port => 5432,
+ :run_as => 'postgresq',
+ :sleep => 4,
+ :tries => 30,
+ }
+ end
+ it { is_expected.to contain_postgresql__validate_db_connection('test') }
+
+ it 'should have proper path for validate command' do
+ is_expected.to contain_exec('validate postgres connection for test@test:5432/test').with({
+ :unless => %r'^/usr/local/bin/validate_postgresql_connection.sh\s+\d+'
+ })
+ end
end
- it { should include_class("postgresql::params") }
+
+ describe 'should work while specifying validate_connection in postgresql::client' do
+
+ let :params do
+ {
+ :database_host => 'test',
+ :database_name => 'test',
+ :database_password => 'test',
+ :database_username => 'test',
+ :database_port => 5432
+ }
+ end
+
+ let :pre_condition do
+ <<-EOS
+ class { 'postgresql::globals':
+ module_workdir => '/var/tmp',
+ } ->
+ class { 'postgresql::client': validcon_script_path => '/opt/something/validate.sh' }
+ EOS
+ end
+
+ it 'should have proper path for validate command and correct cwd' do
+ is_expected.to contain_exec('validate postgres connection for test@test:5432/test').with({
+ :unless => %r'^/opt/something/validate.sh\s+\d+',
+ :cwd => '/var/tmp',
+ })
+ end
+
+ end
+
end
+++ /dev/null
-require 'spec_helper'
-
-describe 'postgres_default_version', :type => :fact do
- it 'should handle redhat 6.0' do
- Facter.fact(:osfamily).stubs(:value).returns 'RedHat'
- Facter.fact(:operatingsystemrelease).stubs(:value).returns '6.0'
- Facter.fact(:postgres_default_version).value.should == '8.4'
- end
-
- it 'should return unknown if osfamily is unknown' do
- Facter.fact(:osfamily).expects(:value).returns 'test'
- Facter.fact(:postgres_default_version).value.should eq 'unknown'
- end
-end
},
}
- should run.with_params([input], 'test', 100).and_return(result)
+ is_expected.to run.with_params([input], 'test', 100).and_return(result)
end
it do
},
}
- should run.with_params([input], 'test', 100).and_return(result)
+ is_expected.to run.with_params([input], 'test', 100).and_return(result)
end
it do
},
}
- should run.with_params(input_array, 'test', 100).and_return(result)
+ is_expected.to run.with_params(input_array, 'test', 100).and_return(result)
end
it do
},
}
- should run.with_params([input], 'test', 100).and_return(result)
+ is_expected.to run.with_params([input], 'test', 100).and_return(result)
end
it do
},
}
- should run.with_params([input], 'test', 100).and_return(result)
+ is_expected.to run.with_params([input], 'test', 100).and_return(result)
end
it do
},
}
- should run.with_params([input], 'test', 100).and_return(result)
+ is_expected.to run.with_params([input], 'test', 100).and_return(result)
end
it do
},
}
- should run.with_params([input], 'test', 100).and_return(result)
+ is_expected.to run.with_params([input], 'test', 100).and_return(result)
end
it do
},
}
- should run.with_params([input], 'test', 100).and_return(result)
+ is_expected.to run.with_params([input], 'test', 100).and_return(result)
end
end
it 'should return an empty hash when input is empty array' do
- should run.with_params([], 'test', 100).and_return({})
+ is_expected.to run.with_params([], 'test', 100).and_return({})
end
end
--- /dev/null
+require 'spec_helper'
+
+describe 'postgresql_escape', :type => :puppet_function do
+ it { is_expected.to run.with_params('foo').
+ and_return('$$foo$$') }
+end
+describe 'postgresql_escape', :type => :puppet_function do
+ it { is_expected.to run.with_params('fo$$o').
+ and_return('$ed$fo$$o$ed$') }
+end
+describe 'postgresql_escape', :type => :puppet_function do
+ it { is_expected.to run.with_params('foo$').
+ and_return('$a$foo$$a$') }
+end
require 'spec_helper'
describe 'postgresql_password', :type => :puppet_function do
- it { should run.with_params('foo', 'bar').
+ it { is_expected.to run.with_params('foo', 'bar').
and_return('md596948aad3fcae80c08a35c9b5958cd89') }
+ it { is_expected.to run.with_params('foo', 1234).
+ and_return('md539a0e1b308278a8de5e007cd1f795920') }
end
--- /dev/null
+require 'spec_helper'
+require "tempfile"
+
+provider_class = Puppet::Type.type(:postgresql_conf).provider(:parsed)
+
+describe provider_class do
+ let(:title) { 'postgresql_conf' }
+ let(:provider) {
+ conf_class = Puppet::Type.type(:postgresql_conf)
+ provider = conf_class.provider(:parsed)
+ conffile = tmpfilename('postgresql.conf')
+ provider.any_instance.stub(:target).and_return conffile
+ provider
+ }
+
+ before do
+ end
+
+ after :each do
+ provider.initvars
+ end
+
+ describe "simple configuration that should be allowed" do
+ it "should parse a simple ini line" do
+ expect(provider.parse_line("listen_addreses = '*'")).to eq(
+ { :name=>"listen_addreses", :value=>"*", :comment=>nil, :record_type=>:parsed }
+ )
+ end
+
+ it "should parse a simple ini line (2)" do
+ expect(provider.parse_line(" listen_addreses = '*'")).to eq(
+ { :name=>"listen_addreses", :value=>"*", :comment=>nil, :record_type=>:parsed }
+ )
+ end
+
+ it "should parse a simple ini line (3)" do
+ expect(provider.parse_line("listen_addreses = '*' # dont mind me")).to eq(
+ { :name=>"listen_addreses", :value=>"*", :comment=>"dont mind me", :record_type=>:parsed }
+ )
+ end
+
+ it "should parse a comment" do
+ expect(provider.parse_line("# dont mind me")).to eq(
+ { :line=>"# dont mind me", :record_type=>:comment }
+ )
+ end
+
+ it "should parse a comment (2)" do
+ expect(provider.parse_line(" \t# dont mind me")).to eq(
+ { :line=>" \t# dont mind me", :record_type=>:comment }
+ )
+ end
+
+ it "should allow includes" do
+ expect(provider.parse_line("include puppetextra")).to eq(
+ { :name=>"include", :value=>"puppetextra", :comment=>nil, :record_type=>:parsed }
+ )
+ end
+
+ it "should allow numbers through without quotes" do
+ expect(provider.parse_line("wal_keep_segments = 32")).to eq(
+ { :name=>"wal_keep_segments", :value=>"32", :comment=>nil, :record_type=>:parsed }
+ )
+ end
+
+ it "should allow blanks through " do
+ expect(provider.parse_line("")).to eq(
+ { :line=>"", :record_type=>:blank }
+ )
+ end
+
+ it "should parse keys with dots " do
+ expect(provider.parse_line("auto_explain.log_min_duration = 1ms")).to eq(
+ { :name => "auto_explain.log_min_duration", :value => "1ms", :comment => nil, :record_type => :parsed }
+ )
+ end
+ end
+
+ describe "configuration that should be set" do
+ it "should set comment lines" do
+ expect(provider.to_line({ :line=>"# dont mind me", :record_type=>:comment })).to eq(
+ '# dont mind me'
+ )
+ end
+
+ it "should set blank lines" do
+ expect(provider.to_line({ :line=>"", :record_type=>:blank })).to eq(
+ ''
+ )
+ end
+
+ it "should set simple configuration" do
+ expect(provider.to_line({:name=>"listen_addresses", :value=>"*", :comment=>nil, :record_type=>:parsed })).to eq(
+ "listen_addresses = '*'"
+ )
+ end
+
+ it "should set simple configuration with period in name" do
+ expect(provider.to_line({:name => "auto_explain.log_min_duration", :value => '100ms', :comment => nil, :record_type => :parsed })).to eq(
+ "auto_explain.log_min_duration = 100ms"
+ )
+ end
+
+ it "should set simple configuration even with comments" do
+ expect(provider.to_line({:name=>"listen_addresses", :value=>"*", :comment=>'dont mind me', :record_type=>:parsed })).to eq(
+ "listen_addresses = '*' # dont mind me"
+ )
+ end
+
+ it 'should quote includes' do
+ expect(provider.to_line( {:name=>"include", :value=>"puppetextra", :comment=>nil, :record_type=>:parsed })).to eq(
+ "include 'puppetextra'"
+ )
+ end
+
+ it 'should quote multiple words' do
+ expect(provider.to_line( {:name=>"archive_command", :value=>"rsync up", :comment=>nil, :record_type=>:parsed })).to eq(
+ "archive_command = 'rsync up'"
+ )
+ end
+
+ it 'shouldn\'t quote numbers' do
+ expect(provider.to_line( {:name=>"wal_segments", :value=>"32", :comment=>nil, :record_type=>:parsed })).to eq(
+ "wal_segments = 32"
+ )
+ end
+
+ it "should allow numbers" do
+ expect(provider.to_line( {:name=>"integer", :value=>42, :comment=>nil, :record_type=>:parsed })).to eq(
+ "integer = 42"
+ )
+ end
+
+ it "should allow floats" do
+ expect(provider.to_line( {:name=>"float", :value=>2.71828182845, :comment=>nil, :record_type=>:parsed })).to eq(
+ "float = 2.71828182845"
+ )
+ end
+
+ it "quotes addresses" do
+ expect(provider.to_line( {:name=>"listen_addresses", :value=>"0.0.0.0", :comment=>nil, :record_type=>:parsed })).to eq(
+ "listen_addresses = '0.0.0.0'"
+ )
+ end
+ end
+end
+
--- /dev/null
+require 'spec_helper'
+
+describe Puppet::Type.type(:postgresql_conn_validator).provider(:ruby) do
+
+ let(:resource) { Puppet::Type.type(:postgresql_conn_validator).new({
+ :name => "testname"
+ }.merge attributes) }
+ let(:provider) { resource.provider }
+
+ let(:attributes) do
+ {
+ :psql_path => '/usr/bin/psql',
+ :host => 'db.test.com',
+ :port => 4444,
+ :db_username => 'testuser',
+ :db_password => 'testpass'
+ }
+ end
+
+ describe '#build_psql_cmd' do
+ it 'contains expected commandline options' do
+ expect(provider.validator.build_psql_cmd).to match /\/usr\/bin\/psql.*--host.*--port.*--username.*/
+ end
+ end
+
+ describe '#parse_connect_settings' do
+ it 'returns array if password is present' do
+ expect(provider.validator.parse_connect_settings).to eq(['PGPASSWORD=testpass'])
+ end
+
+ it 'returns an empty array if password is nil' do
+ attributes.delete(:db_password)
+ expect(provider.validator.parse_connect_settings).to eq([])
+ end
+
+ let(:connect_settings) do
+ {
+ :connect_settings => {
+ :PGPASSWORD => 'testpass',
+ :PGHOST => 'db.test.com',
+ :PGPORT => '1234'
+ }
+ }
+ end
+ it 'returns an array of settings' do
+ attributes.delete(:db_password)
+ attributes.merge! connect_settings
+ expect(provider.validator.parse_connect_settings).to eq(['PGPASSWORD=testpass','PGHOST=db.test.com','PGPORT=1234'])
+ end
+ end
+
+ describe '#attempt_connection' do
+ let(:sleep_length) {1}
+ let(:tries) {3}
+ let(:exec) {
+ provider.validator.stub(:execute_command).and_return(true)
+ }
+
+ it 'tries the correct number of times' do
+ expect(provider.validator).to receive(:execute_command).exactly(3).times
+
+ provider.validator.attempt_connection(sleep_length,tries)
+
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe Puppet::Type.type(:postgresql_psql).provider(:ruby) do
+ let(:name) { 'rspec psql test' }
+ let(:resource) do
+ Puppet::Type.type(:postgresql_psql).new({ :name => name, :provider => :ruby }.merge attributes)
+ end
+
+ let(:provider) { resource.provider }
+
+ context("#run_sql_command") do
+ describe "with default attributes" do
+ let(:attributes) do { :db => 'spec_db' } end
+
+ it "executes with the given psql_path on the given DB" do
+ expect(provider).to receive(:run_command).with(['psql', '-d',
+ attributes[:db], '-t', '-c', '"SELECT \'something\' as \"Custom column\""'], 'postgres',
+ 'postgres', {})
+
+ provider.run_sql_command('SELECT \'something\' as "Custom column"')
+ end
+ end
+ describe "with psql_path and db" do
+ let(:attributes) do {
+ :psql_path => '/opt/postgres/psql',
+ :psql_user => 'spec_user',
+ :psql_group => 'spec_group',
+ :cwd => '/spec',
+ :db => 'spec_db'
+ } end
+
+ it "executes with the given psql_path on the given DB" do
+ expect(Dir).to receive(:chdir).with(attributes[:cwd]).and_yield
+ expect(provider).to receive(:run_command).with([attributes[:psql_path],
+ '-d', attributes[:db], '-t', '-c', '"SELECT \'something\' as \"Custom column\""'],
+ attributes[:psql_user], attributes[:psql_group], {})
+
+ provider.run_sql_command('SELECT \'something\' as "Custom column"')
+ end
+ end
+ describe "with search_path string" do
+ let(:attributes) do {
+ :search_path => "schema1"
+ } end
+
+ it "executes with the given search_path" do
+ expect(provider).to receive(:run_command).with(['psql', '-t', '-c',
+ '"set search_path to schema1; SELECT \'something\' as \"Custom column\""'],
+ 'postgres', 'postgres', {})
+
+ provider.run_sql_command('SELECT \'something\' as "Custom column"')
+ end
+ end
+ describe "with search_path array" do
+ let(:attributes) do {
+ :search_path => ['schema1','schema2'],
+ } end
+
+ it "executes with the given search_path" do
+ expect(provider).to receive(:run_command).with(['psql', '-t', '-c',
+ '"set search_path to schema1,schema2; SELECT \'something\' as \"Custom column\""'],
+ 'postgres',
+ 'postgres',
+ {}
+ )
+
+ provider.run_sql_command('SELECT \'something\' as "Custom column"')
+ end
+ end
+ end
+ describe "with port string" do
+ let(:attributes) do { :port => '5555' } end
+
+ it "executes with the given port" do
+ expect(provider).to receive(:run_command).with(["psql",
+ "-p", "5555",
+ "-t", "-c", "\"SELECT something\""],
+ "postgres", "postgres", {} )
+
+ provider.run_sql_command("SELECT something")
+ end
+ end
+ describe "with connect_settings" do
+ let(:attributes) do { :connect_settings => { 'PGHOST' => '127.0.0.1' } } end
+
+ it "executes with the given host" do
+ expect(provider).to receive(:run_command).with(["psql",
+ "-t", "-c",
+ "\"SELECT something\""],
+ "postgres", "postgres", { 'PGHOST' => '127.0.0.1' } )
+
+ provider.run_sql_command("SELECT something")
+ end
+ end
+
+ context("#run_unless_sql_command") do
+ let(:attributes) do { } end
+
+ it "calls #run_sql_command with SQL" do
+ expect(provider).to receive(:run_sql_command).with('SELECT COUNT(*) FROM (SELECT 1) count')
+ provider.run_unless_sql_command('SELECT 1')
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+type = Puppet::Type.type(:postgresql_replication_slot)
+describe type.provider(:ruby) do
+ let(:name) { 'standby' }
+ let(:resource) do
+ type.new({ :name => name, :provider => :ruby }.merge attributes)
+ end
+
+ let(:sql_instances) do
+ "abc | | physical | | | t | | | 0/3000420
+def | | physical | | | t | | | 0/3000420\n"
+ end
+
+ class SuccessStatus
+ def success?
+ true
+ end
+ end
+ let(:success_status) { SuccessStatus.new }
+
+ class FailStatus
+ def success?
+ false
+ end
+ end
+ let(:fail_status) { FailStatus.new }
+
+ let(:provider) { resource.provider }
+
+ context 'when listing instances' do
+ let(:attributes) do { } end
+
+ it 'should list instances' do
+ provider.class.expects(:run_command).with(
+ ['psql', '-t', '-c', 'SELECT * FROM pg_replication_slots;'],
+ 'postgres', 'postgres').returns([sql_instances, nil])
+ instances = provider.class.instances
+ expect(instances.size).to eq 2
+ expect(instances[0].name).to eq 'abc'
+ expect(instances[1].name).to eq 'def'
+ end
+ end
+
+ context 'when creating slot' do
+ let(:attributes) do { :ensure => 'present' } end
+
+ context 'when creation works' do
+ it 'should call psql and succeed' do
+ provider.class.expects(:run_command).with(
+ ['psql', '-t', '-c', "SELECT * FROM pg_create_physical_replication_slot('standby');"],
+ 'postgres', 'postgres').returns([nil, success_status])
+
+ expect { provider.create }.not_to raise_error
+ end
+ end
+
+ context 'when creation fails' do
+ it 'should call psql and fail' do
+ provider.class.expects(:run_command).with(
+ ['psql', '-t', '-c', "SELECT * FROM pg_create_physical_replication_slot('standby');"],
+ 'postgres', 'postgres').returns([nil, fail_status])
+
+ expect { provider.create }.to raise_error(Puppet::Error, /Failed to create replication slot standby:/)
+ end
+ end
+ end
+
+ context 'when destroying slot' do
+ let(:attributes) do { :ensure => 'absent' } end
+
+ context 'when destruction works' do
+ it 'should call psql and succeed' do
+ provider.class.expects(:run_command).with(
+ ['psql', '-t', '-c', "SELECT pg_drop_replication_slot('standby');"],
+ 'postgres', 'postgres').returns([nil, success_status])
+
+ expect { provider.destroy }.not_to raise_error
+ end
+ end
+
+ context 'when destruction fails' do
+ it 'should call psql and fail' do
+ provider.class.expects(:run_command).with(
+ ['psql', '-t', '-c', "SELECT pg_drop_replication_slot('standby');"],
+ 'postgres', 'postgres').returns([nil, fail_status])
+
+ expect { provider.destroy }.to raise_error(Puppet::Error, /Failed to destroy replication slot standby:/)
+ end
+ end
+ end
+end
--- /dev/null
+#! /usr/bin/env ruby
+require 'spec_helper'
+
+describe Puppet::Type.type(:postgresql_conn_validator) do
+ before do
+ @provider_class = described_class.provide(:simple) { mk_resource_methods }
+ @provider_class.stub(:suitable?).and_return true
+ described_class.stub(:defaultprovider).and_return @provider_class
+ end
+
+ describe "when validating attributes" do
+ [:name, :db_name, :db_username, :command, :host, :port, :connect_settings, :sleep, :tries, :psql_path].each do |param|
+ it "should have a #{param} parameter" do
+ expect(described_class.attrtype(param)).to eq(:param)
+ end
+ end
+ end
+
+ describe "when validating values" do
+ describe "tries and sleep" do
+ [:tries, :sleep, :port].each do |param|
+ it "#{param} should be able to cast value as integer" do
+ expect { described_class.new(:name => 'test', param => '1') }.to_not raise_error
+ expect { described_class.new(:name => 'test', param => 1) }.to_not raise_error
+ end
+ it "#{param} should not accept non-numeric string" do
+ expect { described_class.new(:name => 'test', param => 'test') }.to raise_error Puppet::ResourceError
+ end
+ end
+ end
+ describe "connect_settings" do
+ it "should accept a hash" do
+ expect { described_class.new(:name => 'test', :connect_settings => { "PGPASSWORD" => "test1" }) }.to_not raise_error
+ end
+ end
+ describe "port" do
+ it "does not accept a word" do
+ expect { described_class.new(:name => 'test', :port => 'test')}.to raise_error Puppet::Error
+ end
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe Puppet::Type.type(:postgresql_psql), "when validating attributes" do
+ [:name, :unless, :db, :psql_path, :psql_user, :psql_group, :connect_settings].each do |attr|
+ it "should have a #{attr} parameter" do
+ expect(Puppet::Type.type(:postgresql_psql).attrtype(attr)).to eq(:param)
+ end
+ end
+
+ [:command].each do |attr|
+ it "should have a #{attr} property" do
+ expect(Puppet::Type.type(:postgresql_psql).attrtype(attr)).to eq(:property)
+ end
+ end
+end
+
+describe Puppet::Type.type(:postgresql_psql), :unless => Puppet.features.microsoft_windows? do
+ subject do
+ Puppet::Type.type(:postgresql_psql).new({:name => 'rspec'}.merge attributes)
+ end
+
+ describe "available attributes" do
+ {
+ :name => "rspec",
+ :command => "SELECT stuff",
+ :unless => "SELECT other,stuff",
+ :db => "postgres",
+ :psql_path => "/bin/false",
+ :psql_user => "postgres",
+ :psql_group => "postgres",
+ :cwd => "/var/lib",
+ :refreshonly => :true,
+ :search_path => [ "schema1", "schema2"],
+ :connect_settings => { 'PGHOST' => 'postgres-db-server',
+ 'DBVERSION' => '9.1', },
+ }.each do |attr, value|
+ context attr do
+ let(:attributes) do { attr => value } end
+
+ describe [attr] do
+ subject { super()[attr] }
+ it { is_expected.to eq(value) }
+ end
+ end
+ end
+
+ context "default values" do
+ let(:attributes) do {} end
+
+ describe '[:psql_path]' do
+ subject { super()[:psql_path] }
+ it { is_expected.to eq("psql") }
+ end
+
+ describe '[:psql_user]' do
+ subject { super()[:psql_user] }
+ it { is_expected.to eq("postgres") }
+ end
+
+ describe '[:psql_group]' do
+ subject { super()[:psql_group] }
+ it { is_expected.to eq("postgres") }
+ end
+
+ describe '[:cwd]' do
+ subject { super()[:cwd] }
+ it { is_expected.to eq("/tmp") }
+ end
+
+ describe '#refreshonly?' do
+ subject { super().refreshonly? }
+ it { is_expected.to be_falsey }
+ end
+ end
+ end
+
+ describe "#command" do
+ let(:attributes) do {:command => 'SELECT stuff'} end
+
+ it "will have the value :notrun if the command should execute" do
+ expect(subject).to receive(:should_run_sql).and_return(true)
+ expect(subject.property(:command).retrieve).to eq(:notrun)
+ end
+
+ it "will be the 'should' value if the command should not execute" do
+ expect(subject).to receive(:should_run_sql).and_return(false)
+ expect(subject.property(:command).retrieve).to eq('SELECT stuff')
+ end
+
+ it "will call provider#run_sql_command on sync" do
+ expect(subject.provider).to receive(:run_sql_command).with('SELECT stuff').and_return(["done", 0])
+ subject.property(:command).sync
+ end
+ end
+
+ describe "#unless" do
+ let(:attributes) do {:unless => 'SELECT something'} end
+
+ describe "#matches" do
+ it "does not fail when the status is successful" do
+ expect(subject.provider).to receive(:run_unless_sql_command).and_return ["1 row returned", 0]
+ subject.parameter(:unless).matches('SELECT something')
+ end
+
+ it "returns true when rows are returned" do
+ expect(subject.provider).to receive(:run_unless_sql_command).and_return ["1 row returned", 0]
+ expect(subject.parameter(:unless).matches('SELECT something')).to be_truthy
+ end
+
+ it "returns false when no rows are returned" do
+ expect(subject.provider).to receive(:run_unless_sql_command).and_return ["0 rows returned", 0]
+ expect(subject.parameter(:unless).matches('SELECT something')).to be_falsey
+ end
+
+ it "raises an error when the sql command fails" do
+ allow(subject.provider).to receive(:run_unless_sql_command).and_return ["Something went wrong", 1]
+ expect {
+ subject.parameter(:unless).matches('SELECT something')
+ }.to raise_error(Puppet::Error, /Something went wrong/)
+ end
+ end
+ end
+
+ describe "#should_run_sql" do
+ context "without 'unless'" do
+ [true, :true].each do |refreshonly|
+ context "refreshonly => #{refreshonly.inspect}" do
+ let(:attributes) do {
+ :refreshonly => refreshonly,
+ } end
+
+ context "not refreshing" do
+ it { expect(subject.should_run_sql).to be_falsey }
+ end
+
+ context "refreshing" do
+ it { expect(subject.should_run_sql(true)).to be_truthy }
+ end
+ end
+ end
+
+ [false, :false].each do |refreshonly|
+ context "refreshonly => #{refreshonly.inspect}" do
+ let(:attributes) do {
+ :refreshonly => refreshonly,
+ } end
+
+ context "not refreshing" do
+ it { expect(subject.should_run_sql).to be_truthy }
+ end
+
+ context "refreshing" do
+ it { expect(subject.should_run_sql(true)).to be_truthy }
+ end
+ end
+ end
+ end
+
+ context "with matching 'unless'" do
+ before { expect(subject.parameter(:unless)).to receive(:matches).with('SELECT something').and_return(true) }
+
+ [true, :true].each do |refreshonly|
+ context "refreshonly => #{refreshonly.inspect}" do
+ let(:attributes) do {
+ :refreshonly => refreshonly,
+ :unless => 'SELECT something',
+ } end
+
+ context "not refreshing" do
+ it { expect(subject.should_run_sql).to be_falsey }
+ end
+
+ context "refreshing" do
+ it { expect(subject.should_run_sql(true)).to be_falsey }
+ end
+ end
+ end
+
+ [false, :false].each do |refreshonly|
+ context "refreshonly => #{refreshonly.inspect}" do
+ let(:attributes) do {
+ :refreshonly => refreshonly,
+ :unless => 'SELECT something',
+ } end
+
+ context "not refreshing" do
+ it { expect(subject.should_run_sql).to be_falsey }
+ end
+
+ context "refreshing" do
+ it { expect(subject.should_run_sql(true)).to be_falsey }
+ end
+ end
+ end
+ end
+
+ context "when not matching 'unless'" do
+ before { expect(subject.parameter(:unless)).to receive(:matches).with('SELECT something').and_return(false) }
+
+ [true, :true].each do |refreshonly|
+ context "refreshonly => #{refreshonly.inspect}" do
+ let(:attributes) do {
+ :refreshonly => refreshonly,
+ :unless => 'SELECT something',
+ } end
+
+ context "not refreshing" do
+ it { expect(subject.should_run_sql).to be_falsey }
+ end
+
+ context "refreshing" do
+ it { expect(subject.should_run_sql(true)).to be_truthy }
+ end
+ end
+ end
+
+ [false, :false].each do |refreshonly|
+ context "refreshonly => #{refreshonly.inspect}" do
+ let(:attributes) do {
+ :refreshonly => refreshonly,
+ :unless => 'SELECT something',
+ } end
+
+ context "not refreshing" do
+ it { expect(subject.should_run_sql).to be_truthy }
+ end
+
+ context "refreshing" do
+ it { expect(subject.should_run_sql(true)).to be_truthy }
+ end
+ end
+ end
+ end
+ end
+
+ describe "#refresh" do
+ let(:attributes) do {} end
+
+ it "syncs command property when command should run" do
+ expect(subject).to receive(:should_run_sql).with(true).and_return(true)
+ expect(subject.property(:command)).to receive(:sync)
+ subject.refresh
+ end
+
+ it "does not sync command property when command should not run" do
+ expect(subject).to receive(:should_run_sql).with(true).and_return(false)
+ expect(subject.property(:command)).not_to receive(:sync)
+ subject.refresh
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe Puppet::Type.type(:postgresql_replication_slot) do
+ subject do
+ Puppet::Type.type(:postgresql_psql).new({:name => 'standby'})
+ end
+
+ it 'should have a name parameter' do
+ expect(subject[:name]).to eq 'standby'
+ end
+end
--- /dev/null
+#! /usr/bin/env ruby
+require 'spec_helper'
+
+describe Puppet::Type.type(:postgresql_conf) do
+ before do
+ @provider_class = described_class.provide(:simple) { mk_resource_methods }
+ @provider_class.stub(:suitable?).and_return true
+ described_class.stub(:defaultprovider).and_return @provider_class
+ end
+
+ describe "namevar validation" do
+ it "should have :name as its namevar" do
+ expect(described_class.key_attributes).to eq([:name])
+ end
+ it "should not invalid names" do
+ expect { described_class.new(:name => 'foo bar') }.to raise_error(Puppet::Error, /Invalid value/)
+ end
+ it "should allow dots in names" do
+ expect { described_class.new(:name => 'foo.bar') }.to_not raise_error
+ end
+ end
+
+ describe "when validating attributes" do
+ [:name, :provider].each do |param|
+ it "should have a #{param} parameter" do
+ expect(described_class.attrtype(param)).to eq(:param)
+ end
+ end
+
+ [:value, :target].each do |property|
+ it "should have a #{property} property" do
+ expect(described_class.attrtype(property)).to eq(:property)
+ end
+ end
+ end
+
+ describe "when validating values" do
+ describe "ensure" do
+ it "should support present as a value for ensure" do
+ expect { described_class.new(:name => 'foo', :ensure => :present) }.to_not raise_error
+ end
+ it "should support absent as a value for ensure" do
+ expect { described_class.new(:name => 'foo', :ensure => :absent) }.to_not raise_error
+ end
+ it "should not support other values" do
+ expect { described_class.new(:name => 'foo', :ensure => :foo) }.to raise_error(Puppet::Error, /Invalid value/)
+ end
+ end
+ end
+end
--- /dev/null
+
+# Rule Name: <%=@name%>
+# Description: <%=@description%>
+# Order: <%=@order%>
+<%=@map_name%> <%=@system_username%> <%=@database_username%>
--- /dev/null
+<% if @restore_command -%>
+restore_command = '<%= @restore_command %>'
+<% end -%>
+<% if @archive_cleanup_command -%>
+archive_cleanup_command = '<%= @archive_cleanup_command %>'
+<% end -%>
+<% if @recovery_end_command -%>
+recovery_end_command = '<%= @recovery_end_command %>'
+<% end -%>
+
+<% if @recovery_target_name -%>
+recovery_target_name = '<%= @recovery_target_name %>'
+<% end -%>
+<% if @recovery_target_time -%>
+recovery_target_time = '<%= @recovery_target_time %>'
+<% end -%>
+<% if @recovery_target_xid -%>
+recovery_target_xid = '<%= @recovery_target_xid %>'
+<% end -%>
+<% if @recovery_target_inclusive -%>
+recovery_target_inclusive = <%= @recovery_target_inclusive %>
+<% end -%>
+<% if @recovery_target -%>
+recovery_target = '<%= @recovery_target %>'
+<% end -%>
+<% if @recovery_target_timeline -%>
+recovery_target_timeline = '<%= @recovery_target_timeline %>'
+<% end -%>
+<% if @pause_at_recovery_target -%>
+pause_at_recovery_target = <%= @pause_at_recovery_target %>
+<% end -%>
+
+<% if @standby_mode -%>
+standby_mode = <%= @standby_mode %>
+<% end -%>
+<% if @primary_conninfo -%>
+primary_conninfo = '<%= @primary_conninfo %>'
+<% end -%>
+<% if @primary_slot_name -%>
+primary_slot_name = '<%= @primary_slot_name %>'
+<% end -%>
+<% if @trigger_file -%>
+trigger_file = '<%= @trigger_file %>'
+<% end -%>
+<% if @recovery_min_apply_delay -%>
+recovery_min_apply_delay = <%= @recovery_min_apply_delay %>
+<% end -%>
--- /dev/null
+<%- if scope.lookupvar('::osfamily') == 'Gentoo' -%>
+.include /usr/lib64/systemd/system/<%= @service_name %>.service
+<%- elsif scope.lookupvar('::operatingsystem') == 'Fedora' -%>
+.include /lib/systemd/system/<%= @service_name %>.service
+<% else -%>
+.include /usr/lib/systemd/system/<%= @service_name %>.service
+<% end -%>
+[Service]
+Environment=PGPORT=<%= @port %>
+<%- if scope.lookupvar('::osfamily') == 'Gentoo' -%>
+Environment=DATA_DIR=<%= @datadir %>
+<%- else -%>
+Environment=PGDATA=<%= @datadir %>
+<%- end -%>
projects / mirror / dsa-puppet.git / commitdiff