diff --git a/.gitignore b/.gitignore index ab1b3b93..901d9486 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,110 @@ -.kitchen/ -*.swp -*.swo +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +env/ +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +*.egg-info/ +.installed.cfg +*.egg + +# PyInstaller +# Usually these files are written by a python script from a packager +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +.hypothesis/ +.kitchen +.kitchen.local.yml +kitchen.local.yml + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# pyenv +.python-version + +# celery beat schedule file +celerybeat-schedule + +# SageMath parsed files +*.sage.py + +# dotenv +.env + +# virtualenv +.venv +venv/ +ENV/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ + +# copied `.md` files used for conversion to `.rst` using `m2r` +docs/*.md + +# Vim +*.sw[nop] \ No newline at end of file diff --git a/.kitchen.yml b/.kitchen.yml deleted file mode 100644 index d9c06bf6..00000000 --- a/.kitchen.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -driver: - name: vagrant - network: - - ["private_network", { ip: "192.168.33.33" }] - -provisioner: - name: salt_solo - formula: postgres - pillars-from-files: - postgres.sls: pillar.example - pillars: - top.sls: - base: - "*": - - postgres - state_top: - base: - "*": - - postgres - -platforms: - - name: ubuntu-14.04 - -suites: - - name: default diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 00000000..5aa3a9b0 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,76 @@ +stages: + - test + - commitlint + - name: release + if: branch = master AND type != pull_request + +sudo: required +cache: bundler +language: ruby + +services: + - docker + +before_install: + - bundle install + +# Make sure the instances listed below match up with +# the `platforms` defined in `kitchen.yml` +env: + matrix: + - INSTANCE: default-debian-9-2019-2-py3 + # TODO: Re-enable this once the `systemd` service can be restarted reliably + # - INSTANCE: default-ubuntu-1804-2019-2-py3 + - INSTANCE: default-centos-7-2019-2-py3 + # - INSTANCE: default-fedora-29-2019-2-py3 + - INSTANCE: default-opensuse-leap-15-2019-2-py3 + # - INSTANCE: default-debian-9-2018-3-py2 + - INSTANCE: default-ubuntu-1604-2018-3-py2 + # - INSTANCE: default-centos-7-2018-3-py2 + - INSTANCE: default-fedora-29-2018-3-py2 + # TODO: Use this when fixed instead of `opensuse-423` + # NOTE: Having to temporarily disable `opensuse-423` due to slow mirror + # - INSTANCE: default-opensuse-leap-15-2018-3-py2 + # - INSTANCE: default-opensuse-423-2018-3-py2 + # - INSTANCE: default-debian-8-2017-7-py2 + # - INSTANCE: default-ubuntu-1604-2017-7-py2 + - INSTANCE: default-centos-6-2017-7-py2 + # - INSTANCE: default-fedora-28-2017-7-py2 + # - INSTANCE: default-opensuse-leap-42-2017-7-py2 + +script: + - bundle exec kitchen verify ${INSTANCE} + +jobs: + include: + # Define the commitlint stage + - stage: commitlint + language: node_js + node_js: lts/* + before_install: skip + script: + - npm install @commitlint/config-conventional -D + - npm install @commitlint/travis-cli -D + - commitlint-travis + # Define the release stage that runs semantic-release + - stage: release + language: node_js + node_js: lts/* + before_install: skip + script: + # Update `AUTHORS.md` + - export MAINTAINER_TOKEN=${GH_TOKEN} + - go get github.com/myii/maintainer + - maintainer contributor + + # Install all dependencies required for `semantic-release` + - npm install @semantic-release/changelog@3 -D + - npm install @semantic-release/exec@3 -D + - npm install @semantic-release/git@7 -D + deploy: + provider: script + skip_cleanup: true + script: + # Run `semantic-release` + - npx semantic-release@15 + diff --git a/AUTHORS.md b/AUTHORS.md new file mode 100644 index 00000000..8bd7087b --- /dev/null +++ b/AUTHORS.md @@ -0,0 +1,73 @@ +# Authors + +This list is sorted by the number of commits per contributor in _descending_ order. + +Avatar|Contributor|Contributions +:-:|---|:-: +@noelmcloughlin|[@noelmcloughlin](https://github.com/noelmcloughlin)|57 +@aboe76|[@aboe76](https://github.com/aboe76)|47 +@myii|[@myii](https://github.com/myii)|45 +@gravyboat|[@gravyboat](https://github.com/gravyboat)|41 +@vutny|[@vutny](https://github.com/vutny)|31 +@javierbertoli|[@javierbertoli](https://github.com/javierbertoli)|19 +@nmadhok|[@nmadhok](https://github.com/nmadhok)|19 +@puneetk|[@puneetk](https://github.com/puneetk)|11 +@EvaSDK|[@EvaSDK](https://github.com/EvaSDK)|9 +@dferrantelli|[@dferrantelli](https://github.com/dferrantelli)|8 +@whiteinge|[@whiteinge](https://github.com/whiteinge)|8 +@babilen5|[@babilen5](https://github.com/babilen5)|8 +@iggy|[@iggy](https://github.com/iggy)|7 +@dynjnelson|[@dynjnelson](https://github.com/dynjnelson)|7 +@rominf|[@rominf](https://github.com/rominf)|7 +@alfredopalhares|[@alfredopalhares](https://github.com/alfredopalhares)|6 +@johnkeates|[@johnkeates](https://github.com/johnkeates)|6 +@alxwr|[@alxwr](https://github.com/alxwr)|5 +@audreyr|[@audreyr](https://github.com/audreyr)|5 +@blast-hardcheese|[@blast-hardcheese](https://github.com/blast-hardcheese)|5 +@gilou|[@gilou](https://github.com/gilou)|5 +@techhat|[@techhat](https://github.com/techhat)|5 +@t0fik|[@t0fik](https://github.com/t0fik)|5 +@stp-ip|[@stp-ip](https://github.com/stp-ip)|4 +@blbradley|[@blbradley](https://github.com/blbradley)|3 +@abrefort|[@abrefort](https://github.com/abrefort)|3 +@renoirb|[@renoirb](https://github.com/renoirb)|3 +@Ken-2scientists|[@Ken-2scientists](https://github.com/Ken-2scientists)|2 +@madssj|[@madssj](https://github.com/madssj)|2 +@h3|[@h3](https://github.com/h3)|2 +@tgoodaire|[@tgoodaire](https://github.com/tgoodaire)|2 +@durana|[@durana](https://github.com/durana)|1 +@bebosudo|[@bebosudo](https://github.com/bebosudo)|1 +@coffee-powered-coder|[@coffee-powered-coder](https://github.com/coffee-powered-coder)|1 +@SuperTux88|[@SuperTux88](https://github.com/SuperTux88)|1 +@brot|[@brot](https://github.com/brot)|1 +@xbglowx|[@xbglowx](https://github.com/xbglowx)|1 +@cro|[@cro](https://github.com/cro)|1 +@campbellmc|[@campbellmc](https://github.com/campbellmc)|1 +@UtahDave|[@UtahDave](https://github.com/UtahDave)|1 +@fcrozat|[@fcrozat](https://github.com/fcrozat)|1 +@Laogeodritt|[@Laogeodritt](https://github.com/Laogeodritt)|1 +@itbabu|[@itbabu](https://github.com/itbabu)|1 +@mkotsbak|[@mkotsbak](https://github.com/mkotsbak)|1 +@mattysads|[@mattysads](https://github.com/mattysads)|1 +@mbrannigan|[@mbrannigan](https://github.com/mbrannigan)|1 +@n-rodriguez|[@n-rodriguez](https://github.com/n-rodriguez)|1 +@fortunejuggle|[@fortunejuggle](https://github.com/fortunejuggle)|1 +@rmoorman|[@rmoorman](https://github.com/rmoorman)|1 +@skurfer|[@skurfer](https://github.com/skurfer)|1 +@RobRuana|[@RobRuana](https://github.com/RobRuana)|1 +@rmartins90|[@rmartins90](https://github.com/rmartins90)|1 +@sbrefort|[@sbrefort](https://github.com/sbrefort)|1 +@sbellem|[@sbellem](https://github.com/sbellem)|1 +@retrry|[@retrry](https://github.com/retrry)|1 +@thomasrossetto|[@thomasrossetto](https://github.com/thomasrossetto)|1 +@thatch45|[@thatch45](https://github.com/thatch45)|1 +@tobio|[@tobio](https://github.com/tobio)|1 +@XRasher|[@XRasher](https://github.com/XRasher)|1 +@YetAnotherMinion|[@YetAnotherMinion](https://github.com/YetAnotherMinion)|1 +@ek9|[@ek9](https://github.com/ek9)|1 +@Strade288|[@Strade288](https://github.com/Strade288)|1 +@daks|[@daks](https://github.com/daks)|1 + +--- + +Auto-generated by a [forked version](https://github.com/myii/maintainer) of [gaocegege/maintainer](https://github.com/gaocegege/maintainer) on 2019-05-31. diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 00000000..17fe6a21 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,70 @@ +# Changelog + +## [0.37.4](https://github.com/saltstack-formulas/postgres-formula/compare/v0.37.3...v0.37.4) (2019-05-31) + + +### Continuous Integration + +* **travis:** reduce matrix down to 6 instances ([2ff919f](https://github.com/saltstack-formulas/postgres-formula/commit/2ff919f)) + + +### Tests + +* **`services_spec`:** remove temporary `suse` conditional ([81165fc](https://github.com/saltstack-formulas/postgres-formula/commit/81165fc)) +* **command_spec:** use cleaner `match` string using `%r` ([a054cea](https://github.com/saltstack-formulas/postgres-formula/commit/a054cea)) +* **locale:** improve test using locale `en_US.UTF-8` ([7796064](https://github.com/saltstack-formulas/postgres-formula/commit/7796064)) + +## [0.37.3](https://github.com/saltstack-formulas/postgres-formula/compare/v0.37.2...v0.37.3) (2019-05-16) + + +### Bug Fixes + +* **freebsd-user:** fix FreeBSD daemon's user for PostgreSQL >= 9.6 ([8745365](https://github.com/saltstack-formulas/postgres-formula/commit/8745365)), closes [#263](https://github.com/saltstack-formulas/postgres-formula/issues/263) + +## [0.37.2](https://github.com/saltstack-formulas/postgres-formula/compare/v0.37.1...v0.37.2) (2019-05-12) + + +### Bug Fixes + +* **sysrc-svc:** workaround *BSD minion indefinitely hanging on start ([0aa8b4a](https://github.com/saltstack-formulas/postgres-formula/commit/0aa8b4a)) + +## [0.37.1](https://github.com/saltstack-formulas/postgres-formula/compare/v0.37.0...v0.37.1) (2019-05-06) + + +### Documentation + +* **readme:** fix link for Travis badge ([850ca6a](https://github.com/saltstack-formulas/postgres-formula/commit/850ca6a)) + +# [0.37.0](https://github.com/saltstack-formulas/postgres-formula/compare/v0.36.0...v0.37.0) (2019-05-06) + + +### Code Refactoring + +* **kitchen:** prefer `kitchen.yml` to `.kitchen.yml` ([8f7cbde](https://github.com/saltstack-formulas/postgres-formula/commit/8f7cbde)) + + +### Continuous Integration + +* **gemfile:** prepare for `inspec` testing ([157e169](https://github.com/saltstack-formulas/postgres-formula/commit/157e169)) +* **kitchen:** use pre-salted images as used in `template-formula` ([611ec11](https://github.com/saltstack-formulas/postgres-formula/commit/611ec11)) +* **kitchen+travis:** use newly available pre-salted images ([7b7aadc](https://github.com/saltstack-formulas/postgres-formula/commit/7b7aadc)) +* **pillar_from_files:** use custom pillar based on `pillar.example` ([c64d9e4](https://github.com/saltstack-formulas/postgres-formula/commit/c64d9e4)) +* **travis:** add `.travis.yml` based on `template-formula` ([6467df7](https://github.com/saltstack-formulas/postgres-formula/commit/6467df7)) + + +### Documentation + +* **readme:** update `Testing` section for `inspec` ([4cfde8d](https://github.com/saltstack-formulas/postgres-formula/commit/4cfde8d)) + + +### Features + +* implement `semantic-release` ([7d3aa19](https://github.com/saltstack-formulas/postgres-formula/commit/7d3aa19)) + + +### Tests + +* **inspec:** add tests for multiple ports and postgres versions ([bf6a653](https://github.com/saltstack-formulas/postgres-formula/commit/bf6a653)) +* **inspec:** enable `use_upstream_repo` for `debian` & `centos-6` ([49fdd33](https://github.com/saltstack-formulas/postgres-formula/commit/49fdd33)) +* **inspec:** replace `serverspec` with `inspec` tests ([58ac122](https://github.com/saltstack-formulas/postgres-formula/commit/58ac122)) +* **inspec:** use relaxed command output match for the time being ([3c53684](https://github.com/saltstack-formulas/postgres-formula/commit/3c53684)) diff --git a/FORMULA b/FORMULA new file mode 100644 index 00000000..21af564a --- /dev/null +++ b/FORMULA @@ -0,0 +1,9 @@ +name: postgres +os: Debian, Ubuntu, Raspbian, RedHat, Fedora, CentOS, Suse, openSUSE, Gentoo, Funtoo, Arch, Manjaro, Alpine, FreeBSD, OpenBSD, Solaris, SmartOS, Windows, MacOS +os_family: Debian, RedHat, Suse, Gentoo, Arch, Alpine, FreeBSD, OpenBSD, Solaris, Windows, MacOS +version: 0.37.4 +release: 1 +minimum_version: 2016.11 +summary: Postgres formula +description: Formula to install and configure PostgreSQL +top_level_dir: postgres diff --git a/Gemfile b/Gemfile index 4c95fc12..c13c0a29 100644 --- a/Gemfile +++ b/Gemfile @@ -1,5 +1,5 @@ source "https://rubygems.org" -gem "test-kitchen", "> 1.2.0" -gem "kitchen-vagrant" -gem "kitchen-salt" +gem 'kitchen-docker', '>= 2.9' +gem 'kitchen-salt', '>= 0.6.0' +gem 'kitchen-inspec', '>= 1.1' diff --git a/README.rst b/README.rst deleted file mode 100644 index bd90d90d..00000000 --- a/README.rst +++ /dev/null @@ -1,109 +0,0 @@ -======== -postgres -======== - -.. note:: - - See the full `Salt Formulas installation and usage instructions - `_. - -Available states -================ - -.. contents:: - :local: - -``postgres`` ------------- - -Installs and configures both PostgreSQL server and client with creation of various DB objects in -the cluster. - -``postgres.client`` -------------------- - -Installs the PostgreSQL client binaries and libraries. - -``postgres.manage`` -------------------- - -Creates such DB objects as: users, tablespaces, databases, schemas and extensions. -See ``pillar.example`` file for details. - -``postgres.python`` -------------------- - -Installs the PostgreSQL adapter for Python. - -``postgres.server`` -------------------- - -Installs the PostgreSQL server package, prepares the DB cluster and starts the server using -packaged init script, job or unit. - -``postgres.server.image`` -------------------------- - -Installs the PostgreSQL server package, prepares the DB cluster and starts the server by issuing -raw ``pg_ctl`` command. The ``postgres:bake_image`` Pillar toggles this behaviour. For example: - -.. code:: yaml - - postgres: - bake_image: True - -If set ``True``, then it becomes possible to fully provision PostgreSQL with all supported entities -from ``postgres.manage`` state during the build ("baking") of AMI / VM / Container images (using -Packer, Docker or similar tools), i.e. when OS ``init`` process is not available to start the -service and enable it on "boot" of resulting appliance. - -Also it allows to make Docker images with PostgreSQL using functionality being available since Salt -2016.11.0 release: - -.. code:: console - - salt 'minion.with.docker' dockerng.sls_build my-postgres base=centos/systemd mods=postgres - -If a lookup dictionary or Pillar has ``postgres:bake_image`` set ``False`` (this is default), it is -equivalent of applying ``postgres.server`` state. - -``postgres.upstream`` ---------------------- - -Configures the PostgreSQL Official (upstream) repository on target system if -applicable. - -The state relies on the ``postgres:use_upstream_repo`` Pillar value which could be set as following: - -* ``True`` (default): adds the upstream repository to install packages from -* ``False``: makes sure that the repository configuration is absent - -The ``postgres:version`` Pillar controls which version of the PostgreSQL packages should be -installed from the upstream repository. Defaults to ``9.5``. - -Testing -======= - -Testing is done with the ``kitchen-salt``. - -``kitchen converge`` --------------------- - -Runs the ``postgres`` main state. - -``kitchen verify`` ------------------- - -Runs ``serverspec`` tests on the actual instance. - -``kitchen test`` ----------------- - -Builds and runs tests from scratch. - -``kitchen login`` ------------------ - -Gives you ssh to the vagrant machine for manual testing. - -.. vim: fenc=utf-8 spell spl=en cc=100 tw=99 fo=want sts=2 sw=2 et diff --git a/commitlint.config.js b/commitlint.config.js new file mode 100644 index 00000000..2f9d1aa0 --- /dev/null +++ b/commitlint.config.js @@ -0,0 +1,3 @@ +module.exports = { + extends: ['@commitlint/config-conventional'], +}; diff --git a/docs/AUTHORS.rst b/docs/AUTHORS.rst new file mode 100644 index 00000000..c87520e4 --- /dev/null +++ b/docs/AUTHORS.rst @@ -0,0 +1,209 @@ +.. role:: raw-html-m2r(raw) + :format: html + + +Authors +======= + +This list is sorted by the number of commits per contributor in *descending* order. + +.. list-table:: + :header-rows: 1 + + * - Avatar + - Contributor + - Contributions + * - :raw-html-m2r:`@noelmcloughlin` + - `@noelmcloughlin `_ + - 57 + * - :raw-html-m2r:`@aboe76` + - `@aboe76 `_ + - 47 + * - :raw-html-m2r:`@myii` + - `@myii `_ + - 45 + * - :raw-html-m2r:`@gravyboat` + - `@gravyboat `_ + - 41 + * - :raw-html-m2r:`@vutny` + - `@vutny `_ + - 31 + * - :raw-html-m2r:`@javierbertoli` + - `@javierbertoli `_ + - 19 + * - :raw-html-m2r:`@nmadhok` + - `@nmadhok `_ + - 19 + * - :raw-html-m2r:`@puneetk` + - `@puneetk `_ + - 11 + * - :raw-html-m2r:`@EvaSDK` + - `@EvaSDK `_ + - 9 + * - :raw-html-m2r:`@dferrantelli` + - `@dferrantelli `_ + - 8 + * - :raw-html-m2r:`@whiteinge` + - `@whiteinge `_ + - 8 + * - :raw-html-m2r:`@babilen5` + - `@babilen5 `_ + - 8 + * - :raw-html-m2r:`@iggy` + - `@iggy `_ + - 7 + * - :raw-html-m2r:`@dynjnelson` + - `@dynjnelson `_ + - 7 + * - :raw-html-m2r:`@rominf` + - `@rominf `_ + - 7 + * - :raw-html-m2r:`@alfredopalhares` + - `@alfredopalhares `_ + - 6 + * - :raw-html-m2r:`@johnkeates` + - `@johnkeates `_ + - 6 + * - :raw-html-m2r:`@alxwr` + - `@alxwr `_ + - 5 + * - :raw-html-m2r:`@audreyr` + - `@audreyr `_ + - 5 + * - :raw-html-m2r:`@blast-hardcheese` + - `@blast-hardcheese `_ + - 5 + * - :raw-html-m2r:`@gilou` + - `@gilou `_ + - 5 + * - :raw-html-m2r:`@techhat` + - `@techhat `_ + - 5 + * - :raw-html-m2r:`@t0fik` + - `@t0fik `_ + - 5 + * - :raw-html-m2r:`@stp-ip` + - `@stp-ip `_ + - 4 + * - :raw-html-m2r:`@blbradley` + - `@blbradley `_ + - 3 + * - :raw-html-m2r:`@abrefort` + - `@abrefort `_ + - 3 + * - :raw-html-m2r:`@renoirb` + - `@renoirb `_ + - 3 + * - :raw-html-m2r:`@Ken-2scientists` + - `@Ken-2scientists `_ + - 2 + * - :raw-html-m2r:`@madssj` + - `@madssj `_ + - 2 + * - :raw-html-m2r:`@h3` + - `@h3 `_ + - 2 + * - :raw-html-m2r:`@tgoodaire` + - `@tgoodaire `_ + - 2 + * - :raw-html-m2r:`@durana` + - `@durana `_ + - 1 + * - :raw-html-m2r:`@bebosudo` + - `@bebosudo `_ + - 1 + * - :raw-html-m2r:`@coffee-powered-coder` + - `@coffee-powered-coder `_ + - 1 + * - :raw-html-m2r:`@SuperTux88` + - `@SuperTux88 `_ + - 1 + * - :raw-html-m2r:`@brot` + - `@brot `_ + - 1 + * - :raw-html-m2r:`@xbglowx` + - `@xbglowx `_ + - 1 + * - :raw-html-m2r:`@cro` + - `@cro `_ + - 1 + * - :raw-html-m2r:`@campbellmc` + - `@campbellmc `_ + - 1 + * - :raw-html-m2r:`@UtahDave` + - `@UtahDave `_ + - 1 + * - :raw-html-m2r:`@fcrozat` + - `@fcrozat `_ + - 1 + * - :raw-html-m2r:`@Laogeodritt` + - `@Laogeodritt `_ + - 1 + * - :raw-html-m2r:`@itbabu` + - `@itbabu `_ + - 1 + * - :raw-html-m2r:`@mkotsbak` + - `@mkotsbak `_ + - 1 + * - :raw-html-m2r:`@mattysads` + - `@mattysads `_ + - 1 + * - :raw-html-m2r:`@mbrannigan` + - `@mbrannigan `_ + - 1 + * - :raw-html-m2r:`@n-rodriguez` + - `@n-rodriguez `_ + - 1 + * - :raw-html-m2r:`@fortunejuggle` + - `@fortunejuggle `_ + - 1 + * - :raw-html-m2r:`@rmoorman` + - `@rmoorman `_ + - 1 + * - :raw-html-m2r:`@skurfer` + - `@skurfer `_ + - 1 + * - :raw-html-m2r:`@RobRuana` + - `@RobRuana `_ + - 1 + * - :raw-html-m2r:`@rmartins90` + - `@rmartins90 `_ + - 1 + * - :raw-html-m2r:`@sbrefort` + - `@sbrefort `_ + - 1 + * - :raw-html-m2r:`@sbellem` + - `@sbellem `_ + - 1 + * - :raw-html-m2r:`@retrry` + - `@retrry `_ + - 1 + * - :raw-html-m2r:`@thomasrossetto` + - `@thomasrossetto `_ + - 1 + * - :raw-html-m2r:`@thatch45` + - `@thatch45 `_ + - 1 + * - :raw-html-m2r:`@tobio` + - `@tobio `_ + - 1 + * - :raw-html-m2r:`@XRasher` + - `@XRasher `_ + - 1 + * - :raw-html-m2r:`@YetAnotherMinion` + - `@YetAnotherMinion `_ + - 1 + * - :raw-html-m2r:`@ek9` + - `@ek9 `_ + - 1 + * - :raw-html-m2r:`@Strade288` + - `@Strade288 `_ + - 1 + * - :raw-html-m2r:`@daks` + - `@daks `_ + - 1 + + +---- + +Auto-generated by a `forked version `_ of `gaocegege/maintainer `_ on 2019-05-31. diff --git a/docs/CHANGELOG.rst b/docs/CHANGELOG.rst new file mode 100644 index 00000000..f4ed3be2 --- /dev/null +++ b/docs/CHANGELOG.rst @@ -0,0 +1,87 @@ + +Changelog +========= + +`0.37.4 `_ (2019-05-31) +------------------------------------------------------------------------------------------------------------- + +Continuous Integration +^^^^^^^^^^^^^^^^^^^^^^ + + +* **travis:** reduce matrix down to 6 instances (\ `2ff919f `_\ ) + +Tests +^^^^^ + + +* **\ ``services_spec``\ :** remove temporary ``suse`` conditional (\ `81165fc `_\ ) +* **command_spec:** use cleaner ``match`` string using ``%r`` (\ `a054cea `_\ ) +* **locale:** improve test using locale ``en_US.UTF-8`` (\ `7796064 `_\ ) + +`0.37.3 `_ (2019-05-16) +------------------------------------------------------------------------------------------------------------- + +Bug Fixes +^^^^^^^^^ + + +* **freebsd-user:** fix FreeBSD daemon's user for PostgreSQL >= 9.6 (\ `8745365 `_\ ), closes `#263 `_ + +`0.37.2 `_ (2019-05-12) +------------------------------------------------------------------------------------------------------------- + +Bug Fixes +^^^^^^^^^ + + +* **sysrc-svc:** workaround *BSD minion indefinitely hanging on start (\ `0aa8b4a `_\ ) + +`0.37.1 `_ (2019-05-06) +------------------------------------------------------------------------------------------------------------- + +Documentation +^^^^^^^^^^^^^ + + +* **readme:** fix link for Travis badge (\ `850ca6a `_\ ) + +`0.37.0 `_ (2019-05-06) +------------------------------------------------------------------------------------------------------------- + +Code Refactoring +^^^^^^^^^^^^^^^^ + + +* **kitchen:** prefer ``kitchen.yml`` to ``.kitchen.yml`` (\ `8f7cbde `_\ ) + +Continuous Integration +^^^^^^^^^^^^^^^^^^^^^^ + + +* **gemfile:** prepare for ``inspec`` testing (\ `157e169 `_\ ) +* **kitchen:** use pre-salted images as used in ``template-formula`` (\ `611ec11 `_\ ) +* **kitchen+travis:** use newly available pre-salted images (\ `7b7aadc `_\ ) +* **pillar_from_files:** use custom pillar based on ``pillar.example`` (\ `c64d9e4 `_\ ) +* **travis:** add ``.travis.yml`` based on ``template-formula`` (\ `6467df7 `_\ ) + +Documentation +^^^^^^^^^^^^^ + + +* **readme:** update ``Testing`` section for ``inspec`` (\ `4cfde8d `_\ ) + +Features +^^^^^^^^ + + +* implement ``semantic-release`` (\ `7d3aa19 `_\ ) + +Tests +^^^^^ + + +* **inspec:** add tests for multiple ports and postgres versions (\ `bf6a653 `_\ ) +* **inspec:** enable ``use_upstream_repo`` for ``debian`` & ``centos-6`` (\ `49fdd33 `_\ ) +* **inspec:** replace ``serverspec`` with ``inspec`` tests (\ `58ac122 `_\ ) +* **inspec:** use relaxed command output match for the time being (\ `3c53684 `_\ ) diff --git a/docs/CONTRIBUTING.rst b/docs/CONTRIBUTING.rst new file mode 100644 index 00000000..5da9ae84 --- /dev/null +++ b/docs/CONTRIBUTING.rst @@ -0,0 +1,158 @@ +.. _contributing: + +How to contribute +================= + +This document will eventually outline all aspects of guidance to make your contributing experience a fruitful and enjoyable one. +What it already contains is information about *commit message formatting* and how that directly affects the numerous automated processes that are used for this repo. +It also covers how to contribute to this *formula's documentation*. + +.. contents:: **Table of Contents** + +Overview +-------- + +Submitting a pull request is more than just code! +To achieve a quality product, the *tests* and *documentation* need to be updated as well. +An excellent pull request will include these in the changes, wherever relevant. + +Commit message formatting +------------------------- + +Since every type of change requires making Git commits, +we will start by covering the importance of ensuring that all of your commit +messages are in the correct format. + +Automation of multiple processes +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This formula uses `semantic-release `_ for automating numerous processes such as bumping the version number appropriately, creating new tags/releases and updating the changelog. +The entire process relies on the structure of commit messages to determine the version bump, which is then used for the rest of the automation. + +Full details are available in the upstream docs regarding the `Angular Commit Message Conventions `_. +The key factor is that the first line of the commit message must follow this format: + +.. code-block:: + + type(scope): subject + + +* E.g. ``docs(contributing): add commit message formatting instructions``. + +Besides the version bump, the changelog and release notes are formatted accordingly. +So based on the example above: + +.. + + .. raw:: html + +

Documentation

+ + * **contributing:** add commit message formatting instructions + + +* The ``type`` translates into a ``Documentation`` sub-heading. +* The ``(scope):`` will be shown in bold text without the brackets. +* The ``subject`` follows the ``scope`` as standard text. + +Linting commit messages in Travis CI +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This formula uses `commitlint `_ for checking commit messages during CI testing. +This ensures that they are in accordance with the ``semantic-release`` settings. + +For more details about the default settings, refer back to the ``commitlint`` `reference rules `_. + +Relationship between commit type and version bump +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This formula applies some customisations to the defaults, as outlined in the table below, +based upon the `type `_ of the commit: + +.. list-table:: + :name: commit-type-vs-version-bump + :header-rows: 1 + :stub-columns: 0 + :widths: 1,2,3,1,1 + + * - Type + - Heading + - Description + - Bump (default) + - Bump (custom) + * - ``build`` + - Build System + - Changes related to the build system + - – + - + * - ``chore`` + - – + - Changes to the build process or auxiliary tools and libraries such as + documentation generation + - – + - + * - ``ci`` + - Continuous Integration + - Changes to the continuous integration configuration + - – + - + * - ``docs`` + - Documentation + - Documentation only changes + - – + - 0.0.1 + * - ``feat`` + - Features + - A new feature + - 0.1.0 + - + * - ``fix`` + - Bug Fixes + - A bug fix + - 0.0.1 + - + * - ``perf`` + - Performance Improvements + - A code change that improves performance + - 0.0.1 + - + * - ``refactor`` + - Code Refactoring + - A code change that neither fixes a bug nor adds a feature + - – + - 0.0.1 + * - ``revert`` + - Reverts + - A commit used to revert a previous commit + - – + - 0.0.1 + * - ``style`` + - Styles + - Changes that do not affect the meaning of the code (white-space, + formatting, missing semi-colons, etc.) + - – + - 0.0.1 + * - ``test`` + - Tests + - Adding missing or correcting existing tests + - – + - 0.0.1 + +Use ``BREAKING CHANGE`` to trigger a ``major`` version change +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Adding ``BREAKING CHANGE`` to the footer of the extended description of the commit message will **always** trigger a ``major`` version change, no matter which type has been used. +This will be appended to the changelog and release notes as well. +To preserve good formatting of these notes, the following format is prescribed: + +* ``BREAKING CHANGE: .`` + +An example of that: + +.. code-block:: git + + ... + + BREAKING CHANGE: With the removal of all of the `.sls` files under + `template package`, this formula no longer supports the installation of + packages. diff --git a/docs/README.rst b/docs/README.rst new file mode 100644 index 00000000..844001fc --- /dev/null +++ b/docs/README.rst @@ -0,0 +1,183 @@ +.. _readme: + +postgres-formula +================ + +|img_travis| |img_sr| + +.. |img_travis| image:: https://travis-ci.com/saltstack-formulas/postgres-formula.svg?branch=master + :alt: Travis CI Build Status + :scale: 100% + :target: https://travis-ci.com/saltstack-formulas/postgres-formula +.. |img_sr| image:: https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg + :alt: Semantic Release + :scale: 100% + :target: https://github.com/semantic-release/semantic-release + +A formula to install and configure PostgreSQL server. + +.. contents:: **Table of Contents** + +General notes +------------- + +See the full `SaltStack Formulas installation and usage instructions +`_. + +If you are interested in writing or contributing to formulas, please pay attention to the `Writing Formula Section +`_. + +If you want to use this formula, please pay attention to the ``FORMULA`` file and/or ``git tag``, +which contains the currently released version. This formula is versioned according to `Semantic Versioning `_. + +See `Formula Versioning Section `_ for more details. + +Contributing to this repo +------------------------- + +**Commit message formatting is significant!!** + +Please see :ref:`How to contribute ` for more details. + +Available states +---------------- + +.. contents:: + :local: + +``postgres`` +^^^^^^^^^^^^ + +Installs and configures both PostgreSQL server and client with creation of various DB objects in +the cluster. This state applies to both Linux and MacOS. + +``postgres.client`` +^^^^^^^^^^^^^^^^^^^ + +Installs the PostgreSQL client binaries and libraries on Linux. + +``postgres.manage`` +^^^^^^^^^^^^^^^^^^^ + +Creates such DB objects as: users, tablespaces, databases, schemas and extensions. +See ``pillar.example`` file for details. + +``postgres.python`` +^^^^^^^^^^^^^^^^^^^^^^ + +Installs the PostgreSQL adapter for Python on Linux. + +``postgres.server`` +^^^^^^^^^^^^^^^^^^^ + +Installs the PostgreSQL server package on Linux, prepares the DB cluster and starts the server using +packaged init script, job or unit. + + +.. note:: + + For PostgreSQL server before version 10 to work inside a **FreeBSD Jail** + set ``sysvshm=new`` and ``sysvsem=new``. + DO NOT SET ``allow.sysvipc=1``. It defeats the purpose of using Jails. + + Further information: https://blog.tyk.nu/blog/freebsd-jails-and-sysv-ipc/ + + +``postgres.server.image`` +^^^^^^^^^^^^^^^^^^^^^^^^^ + +Installs the PostgreSQL server package on Linux, prepares the DB cluster and starts the server by issuing +raw ``pg_ctl`` command. The ``postgres:bake_image`` Pillar toggles this behaviour. For example: + +.. code:: yaml + + postgres: + bake_image: True + +If set ``True``, then it becomes possible to fully provision PostgreSQL with all supported entities +from ``postgres.manage`` state during the build ("baking") of AMI / VM / Container images (using +Packer, Docker or similar tools), i.e. when OS ``init`` process is not available to start the +service and enable it on "boot" of resulting appliance. + +Also it allows to make Docker images with PostgreSQL using functionality being available since Salt +2016.11.0 release: + +.. code:: console + + salt 'minion.with.docker' dockerng.sls_build my-postgres base=centos/systemd mods=postgres + +If a lookup dictionary or Pillar has ``postgres:bake_image`` set ``False`` (this is default), it is +equivalent of applying ``postgres.server`` state. + +``postgres.upstream`` +^^^^^^^^^^^^^^^^^^^^^ + +Configures the PostgreSQL Official (upstream) repository on target system if +applicable. + +The state relies on the ``postgres:use_upstream_repo`` Pillar value which could be set as following: + +* ``True`` (default): adds the upstream repository to install packages from +* ``False``: makes sure that the repository configuration is absent +* ``'postgresapp'`` (MacOS) uses upstream PostgresApp package repository. +* ``'homebrew'`` (MacOS) uses Homebrew postgres + +The ``postgres:version`` Pillar controls which version of the PostgreSQL packages should be +installed from the upstream Linux repository. Defaults to ``9.5``. + + +Removal states +-------------- + +``postgres.dropped`` +^^^^^^^^^^^^^^^^^^^^ + +Meta state to remove Postgres software. By default the release installed by formula is targeted only. To target multiple releases, set pillar ``postgres.remove.multiple_releases: True``. + +``postgres.server.remove`` +^^^^^^^^^^^^^^^^^^^^^^^^ + +Remove server, lib, and contrib packages. The ``postgres.server.remove`` will retain data by default (no data loss) - set pillar ``postgres.remove.data: True`` to remove data and configuration directories also. + +``postgres.client.remove`` +^^^^^^^^^^^^^^^^^^^^^^^^ + +Remove client package. + +``postgres.dev.remove`` +^^^^^^^^^^^^^^^^^^^^^^ + +Remove development and python packages. + + +Testing +------- + +Linux testing is done with ``kitchen-salt``. + +``kitchen converge`` +^^^^^^^^^^^^^^^^^^^^ + +Creates the docker instance and runs the ``postgres`` main state, ready for testing. + +``kitchen verify`` +^^^^^^^^^^^^^^^^^^ + +Runs the ``inspec`` tests on the actual instance. + +``kitchen destroy`` +^^^^^^^^^^^^^^^^ + +Removes the docker instance. + +``kitchen test`` +^^^^^^^^^^^^^^^^ + +Runs all of the stages above in one go: i.e. ``destroy`` + ``converge`` + ``verify`` + ``destroy``. + +``kitchen login`` +^^^^^^^^^^^^^^^^^ + +Gives you SSH access to the instance for manual testing. + +.. vim: fenc=utf-8 spell spl=en cc=100 tw=99 fo=want sts=2 sw=2 et diff --git a/docs/TOFS_pattern.rst b/docs/TOFS_pattern.rst new file mode 100644 index 00000000..13c01e97 --- /dev/null +++ b/docs/TOFS_pattern.rst @@ -0,0 +1,443 @@ +.. _tofs_pattern: + +TOFS: A pattern for using SaltStack +=================================== + +.. list-table:: + :name: tofs-authors + :header-rows: 1 + :stub-columns: 1 + :widths: 2,2,3,2 + + * - + - Person + - Contact + - Date + * - Authored by + - Roberto Moreda + - moreda@allenta.com + - 29/12/2014 + * - Modified by + - Daniel Dehennin + - daniel.dehennin@baby-gnu.org + - 07/02/2019 + * - Modified by + - Imran Iqbal + - https://github.com/myii + - 23/02/2019 + +All that follows is a proposal based on my experience with `SaltStack `_. The good thing of a piece of software like this is that you can "bend it" to suit your needs in many possible ways, and this is one of them. All the recommendations and thoughts are given "as it is" with no warranty of any type. + +.. contents:: **Table of Contents** + +Usage of values in pillar vs templates in ``file_roots`` +-------------------------------------------------------- + +Among other functions, the *master* (or *salt-master*) serves files to the *minions* (or *salt-minions*). The `file_roots `_ is the list of directories used in sequence to find a file when a minion requires it: the first match is served to the minion. Those files could be `state files `_ or configuration templates, among others. + +Using SaltStack is a simple and effective way to implement configuration management, but even in a `non-multitenant `_ scenario, it is not a good idea to generally access some data (e.g. the database password in our `Zabbix `_ server configuration file or the private key of our `Nginx `_ TLS certificate). + +To avoid this situation we can use the `pillar mechanism `_, which is designed to provide controlled access to data from the minions based on some selection rules. As pillar data could be easily integrated in the `Jinja `_ templates, it is a good mechanism to store values to be used in the final rendering of state files and templates. + +There are a variety of approaches on the usage of pillar and templates as seen in the `saltstack-formulas `_' repositories. `Some `_ `developments `_ stress the initial purpose of pillar data into a storage for most of the possible variables for a determined system configuration. This, in my opinion, is shifting too much load from the original template files approach. Adding up some `non-trivial Jinja `_ code as essential part of composing the state file definitely makes SaltStack state files (hence formulas) more difficult to read. The extreme of this approach is that we could end up with a new render mechanism, implemented in Jinja, storing everything needed in pillar data to compose configurations. Additionally, we are establishing a strong dependency with the Jinja renderer. + +In opposition to the *put the code in file_roots and the data in pillars* approach, there is the *pillar as a store for a set of key-values* approach. A full-blown configuration file abstracted in pillar and jinja is complicated to develop, understand and maintain. I think a better and simpler approach is to keep a configuration file templated using just a basic (non-extensive but extensible) set of pillar values. + +On the reusability of SaltStack state files +------------------------------------------- + +There is a brilliant initiative of the SaltStack community called `salt-formulas `_. Their goal is to provide state files, pillar examples and configuration templates ready to be used for provisioning. I am a contributor for two small ones: `zabbix-formula `_ and `varnish-formula `_. + +The `design guidelines `_ for formulas are clear in many aspects and it is a recommended reading for anyone willing to write state files, even non-formulaic ones. + +In the next section, I am going to describe my proposal to extend further the reusability of formulas, suggesting some patterns of usage. + +The Template Override and Files Switch (TOFS) pattern +----------------------------------------------------- + +I understand a formula as a **complete, independent set of SaltStack state and configuration template files sufficient to configure a system**. A system could be something as simple as an NTP server or some other much more complex service that requires many state and configuration template files. + +The customization of a formula should be done mainly by providing pillar data used later to render either the state or the configuration template files. + +Example: NTP before applying TOFS +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Let's work with the NTP example. A basic formula that follows the `design guidelines `_ has the following files and directories tree: + +.. code-block:: + + /srv/saltstack/salt-formulas/ntp-saltstack-formula/ + ntp/ + map.jinja + init.sls + conf.sls + files/ + default/ + etc/ + ntp.conf.jinja + +In order to use it, let's assume a `masterless configuration `_ and this relevant section of ``/etc/salt/minion``: + +.. code-block:: yaml + + pillar_roots: + base: + - /srv/saltstack/pillar + file_client: local + file_roots: + base: + - /srv/saltstack/salt + - /srv/saltstack/salt-formulas/ntp-saltstack-formula + +.. code-block:: jinja + + {#- /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/map.jinja #} + {%- set ntp = salt['grains.filter_by']({ + 'default': { + 'pkg': 'ntp', + 'service': 'ntp', + 'config': '/etc/ntp.conf', + }, + }, merge=salt['pillar.get']('ntp:lookup')) %} + +In ``init.sls`` we have the minimal states required to have NTP configured. In many cases ``init.sls`` is almost equivalent to an ``apt-get install`` or a ``yum install`` of the package. + +.. code-block:: sls + + ## /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/init.sls + {%- from 'ntp/map.jinja' import ntp with context %} + + Install NTP: + pkg.installed: + - name: {{ ntp.pkg }} + + Enable and start NTP: + service.running: + - name: {{ ntp.service }} + - enabled: True + - require: + - pkg: Install NTP package + +In ``conf.sls`` we have the configuration states. In most cases, that is just managing configuration file templates and making them to be watched by the service. + +.. code-block:: sls + + ## /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/conf.sls + include: + - ntp + + {%- from 'ntp/map.jinja' import ntp with context %} + + Configure NTP: + file.managed: + - name: {{ ntp.config }} + - template: jinja + - source: salt://ntp/files/default/etc/ntp.conf.jinja + - watch_in: + - service: Enable and start NTP service + - require: + - pkg: Install NTP package + +Under ``files/default``, there is a structure that mimics the one in the minion in order to avoid clashes and confusion on where to put the needed templates. There you can find a mostly standard template for the configuration file. + +.. code-block:: jinja + + {#- /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/files/default/etc/ntp.conf.jinja #} + {#- Managed by saltstack #} + {#- Edit pillars or override this template in saltstack if you need customization #} + {%- set settings = salt['pillar.get']('ntp', {}) %} + {%- set default_servers = ['0.ubuntu.pool.ntp.org', + '1.ubuntu.pool.ntp.org', + '2.ubuntu.pool.ntp.org', + '3.ubuntu.pool.ntp.org'] %} + + driftfile /var/lib/ntp/ntp.drift + statistics loopstats peerstats clockstats + filegen loopstats file loopstats type day enable + filegen peerstats file peerstats type day enable + filegen clockstats file clockstats type day enable + + {%- for server in settings.get('servers', default_servers) %} + server {{ server }} + {%- endfor %} + + restrict -4 default kod notrap nomodify nopeer noquery + restrict -6 default kod notrap nomodify nopeer noquery + + restrict 127.0.0.1 + restrict ::1 + +With all this, it is easy to install and configure a simple NTP server by just running ``salt-call state.sls ntp.conf``: the package will be installed, the service will be running and the configuration should be correct for most of cases, even without pillar data. + +Alternatively, you can define a highstate in ``/srv/saltstack/salt/top.sls`` and run ``salt-call state.highstate``. + +.. code-block:: sls + + ## /srv/saltstack/salt/top.sls + base: + '*': + - ntp.conf + +**Customizing the formula just with pillar data**, we have the option to define the NTP servers. + +.. code-block:: sls + + ## /srv/saltstack/pillar/top.sls + base: + '*': + - ntp + +.. code-block:: sls + + ## /srv/saltstack/pillar/ntp.sls + ntp: + servers: + - 0.ch.pool.ntp.org + - 1.ch.pool.ntp.org + - 2.ch.pool.ntp.org + - 3.ch.pool.ntp.org + +Template Override +^^^^^^^^^^^^^^^^^ + +If the customization based on pillar data is not enough, we can override the template by creating a new one in ``/srv/saltstack/salt/ntp/files/default/etc/ntp.conf.jinja`` + +.. code-block:: jinja + + {#- /srv/saltstack/salt/ntp/files/default/etc/ntp.conf.jinja #} + {#- Managed by saltstack #} + {#- Edit pillars or override this template in saltstack if you need customization #} + + {#- Some bizarre configurations here #} + {#- ... #} + + {%- for server in settings.get('servers', default_servers) %} + server {{ server }} + {%- endfor %} + +This way we are locally **overriding the template files** offered by the formula in order to make a more complex adaptation. Of course, this could be applied as well to any of the files, including the state files. + +Files Switch +^^^^^^^^^^^^ + +To bring some order into the set of template files included in a formula, as we commented, we suggest having a similar structure to a normal final file system under ``files/default``. + +We can make different templates coexist for different minions, classified by any `grain `_ value, by simply creating new directories under ``files``. This mechanism is based on **using values of some grains as a switch for the directories under** ``files/``. + +If we decide that we want ``os_family`` as switch, then we could provide the formula template variants for both the ``RedHat`` and ``Debian`` families. + +.. code-block:: + + /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/files/ + default/ + etc/ + ntp.conf.jinja + RedHat/ + etc/ + ntp.conf.jinja + Debian/ + etc/ + ntp.conf.jinja + +To make this work we need a ``conf.sls`` state file that takes a list of possible files as the configuration template. + +.. code-block:: sls + + ## /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/conf.sls + include: + - ntp + + {%- from 'ntp/map.jinja' import ntp with context %} + + Configure NTP: + file.managed: + - name: {{ ntp.config }} + - template: jinja + - source: + - salt://ntp/files/{{ grains.get('os_family', 'default') }}/etc/ntp.conf.jinja + - salt://ntp/files/default/etc/ntp.conf.jinja + - watch_in: + - service: Enable and start NTP service + - require: + - pkg: Install NTP package + +If we want to cover the possibility of a special template for a minion identified by ``node01`` then we could have a specific template in ``/srv/saltstack/salt/ntp/files/node01/etc/ntp.conf.jinja``. + +.. code-block:: jinja + + {#- /srv/saltstack/salt/ntp/files/node01/etc/ntp.conf.jinja #} + {#- Managed by saltstack #} + {#- Edit pillars or override this template in saltstack if you need customization #} + + {#- Some crazy configurations here for node01 #} + {#- ... #} + +To make this work we could write a specially crafted ``conf.sls``. + +.. code-block:: sls + + ## /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/conf.sls + include: + - ntp + + {%- from 'ntp/map.jinja' import ntp with context %} + + Configure NTP: + file.managed: + - name: {{ ntp.config }} + - template: jinja + - source: + - salt://ntp/files/{{ grains.get('id') }}/etc/ntp.conf.jinja + - salt://ntp/files/{{ grains.get('os_family') }}/etc/ntp.conf.jinja + - salt://ntp/files/default/etc/ntp.conf.jinja + - watch_in: + - service: Enable and start NTP service + - require: + - pkg: Install NTP package + +Using the ``files_switch`` macro +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +We can simplify the ``conf.sls`` with the new ``files_switch`` macro to use in the ``source`` parameter for the ``file.managed`` state. + +.. code-block:: sls + + ## /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/conf.sls + include: + - ntp + + {%- set tplroot = tpldir.split('/')[0] %} + {%- from 'ntp/map.jinja' import ntp with context %} + {%- from 'ntp/libtofs.jinja' import files_switch %} + + Configure NTP: + file.managed: + - name: {{ ntp.config }} + - template: jinja + - source: {{ files_switch(['/etc/ntp.conf.jinja'], + lookup='Configure NTP' + ) + }} + - watch_in: + - service: Enable and start NTP service + - require: + - pkg: Install NTP package + + +* This uses ``config.get``, searching for ``ntp:tofs:source_files:Configure NTP`` to determine the list of template files to use. +* If this does not yield any results, the default of ``['/etc/ntp.conf.jinja']`` will be used. + +In ``libtofs.jinja``, we define this new macro ``files_switch``. + +.. literalinclude:: ../template/libtofs.jinja + :caption: /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/libtofs.jinja + :language: jinja + +How to customise the ``source`` further +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The examples below are based on an ``Ubuntu`` minion called ``theminion`` being configured via. pillar. + +Using the default settings of the ``files_switch`` macro above, +the ``source`` will be: + +.. code-block:: sls + + - source: + - salt://ntp/files/theminion/etc/ntp.conf.jinja + - salt://ntp/files/Debian/etc/ntp.conf.jinja + - salt://ntp/files/default/etc/ntp.conf.jinja + +Customise ``files`` +~~~~~~~~~~~~~~~~~~~ + +The ``files`` portion can be customised: + +.. code-block:: sls + + ntp: + tofs: + dirs: + files: files_alt + +Resulting in: + +.. code-block:: sls + + - source: + - salt://ntp/files_alt/theminion/etc/ntp.conf.jinja + - salt://ntp/files_alt/Debian/etc/ntp.conf.jinja + - salt://ntp/files_alt/default/etc/ntp.conf.jinja + +Customise the use of grains +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Grains can be customised and even arbitrary paths can be supplied: + +.. code-block:: sls + + ntp: + tofs: + files_switch: + - any/path/can/be/used/here + - id + - os + - os_family + +Resulting in: + +.. code-block:: sls + + - source: + - salt://ntp/files/any/path/can/be/used/here/etc/ntp.conf.jinja + - salt://ntp/files/theminion/etc/ntp.conf.jinja + - salt://ntp/files/Ubuntu/etc/ntp.conf.jinja + - salt://ntp/files/Debian/etc/ntp.conf.jinja + - salt://ntp/files/default/etc/ntp.conf.jinja + +Customise the ``default`` path +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The ``default`` portion of the path can be customised: + +.. code-block:: sls + + ntp: + tofs: + dirs: + default: default_alt + +Resulting in: + +.. code-block:: sls + + - source: + ... + - salt://ntp/files/default_alt/etc/ntp.conf.jinja + +Customise the list of ``source_files`` +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The list of ``source_files`` can be given: + +.. code-block:: sls + + ntp: + tofs: + source_files: + Configure NTP: + - '/etc/ntp.conf.jinja' + - '/etc/ntp.conf_alt.jinja' + +Resulting in: + +.. code-block:: sls + + - source: + - salt://ntp/files/theminion/etc/ntp.conf.jinja + - salt://ntp/files/theminion/etc/ntp.conf_alt.jinja + - salt://ntp/files/Debian/etc/ntp.conf.jinja + - salt://ntp/files/Debian/etc/ntp.conf_alt.jinja + - salt://ntp/files/default/etc/ntp.conf.jinja + - salt://ntp/files/default/etc/ntp.conf_alt.jinja + diff --git a/kitchen.yml b/kitchen.yml new file mode 100644 index 00000000..4e9542ec --- /dev/null +++ b/kitchen.yml @@ -0,0 +1,110 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +# For help on this file's format, see https://kitchen.ci/ +driver: + name: docker + use_sudo: false + privileged: true + run_command: /lib/systemd/systemd + +# Make sure the platforms listed below match up with +# the `env.matrix` instances defined in `.travis.yml` +platforms: + ## SALT 2019.2 + - name: debian-9-2019-2-py3 + driver: + image: netmanagers/salt-2019.2-py3:debian-9 + - name: ubuntu-1804-2019-2-py3 + driver: + image: netmanagers/salt-2019.2-py3:ubuntu-18.04 + - name: centos-7-2019-2-py3 + driver: + image: netmanagers/salt-2019.2-py3:centos-7 + - name: fedora-29-2019-2-py3 + driver: + image: netmanagers/salt-2019.2-py3:fedora-29 + - name: opensuse-leap-15-2019-2-py3 + driver: + image: netmanagers/salt-2019.2-py3:opensuse-leap-15 + run_command: /usr/lib/systemd/systemd + + ## SALT 2018.3 + - name: debian-9-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:debian-9 + - name: ubuntu-1604-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:ubuntu-16.04 + - name: centos-7-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:centos-7 + - name: fedora-29-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:fedora-29 + # TODO: Use this when fixed instead of `opensuse-423` + - name: opensuse-leap-15-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:opensuse-leap-15 + run_command: /usr/lib/systemd/systemd + - name: opensuse-423-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:opensuse-423 + provision_command: + - zypper refresh && zypper install -y net-tools + run_command: /usr/lib/systemd/systemd + + ## SALT 2017.7 + - name: debian-8-2017-7-py2 + driver: + image: netmanagers/salt-2017.7-py2:debian-8 + - name: ubuntu-1604-2017-7-py2 + driver: + image: netmanagers/salt-2017.7-py2:ubuntu-16.04 + - name: centos-6-2017-7-py2 + driver: + image: netmanagers/salt-2017.7-py2:centos-6 + run_command: /sbin/init + - name: fedora-28-2017-7-py2 + driver: + image: netmanagers/salt-2017.7-py2:fedora-28 + - name: opensuse-leap-42-2017-7-py2 + driver: + image: netmanagers/salt-2017.7-py2:opensuse-leap-42 + provision_command: + - zypper refresh && zypper install -y python-pip + run_command: /usr/lib/systemd/systemd + +provisioner: + name: salt_solo + log_level: info + salt_install: none + require_chef: false + formula: postgres + salt_copy_filter: + - .kitchen + - .git + state_top: + base: + '*': + - postgres + pillars: + top.sls: + base: + '*': + - postgres + pillars_from_files: + postgres.sls: test/salt/pillar/postgres.sls + +verifier: + # https://www.inspec.io/ + name: inspec + sudo: true + # cli, documentation, html, progress, json, json-min, json-rspec, junit + reporter: + - cli + inspec_tests: + - path: test/integration/default + +suites: + - name: default diff --git a/pillar.example b/pillar.example index e4b2c52b..aa68a03a 100644 --- a/pillar.example +++ b/pillar.example @@ -1,30 +1,59 @@ +# Port to use for the cluster -- can be used to provide a non-standard port +# NOTE: If already set in the minion config, that value takes priority +postgres.port: '5432' + postgres: - # Set True to configure upstream postgresql.org repository for YUM or APT + # UPSTREAM REPO + # Set True to configure upstream postgresql.org repository for YUM/APT/ZYPP use_upstream_repo: False - # Version to install from upstream repository - version: '9.3' - - # These are Debian/Ubuntu specific package names - pkg: 'postgresql-9.3' - pkg_client: 'postgresql-client-9.3' - - # Additional packages to install with PostgreSQL server, - # this should be in a list format + # Version to install from upstream repository (if upstream_repo: True) + version: '10' + # Set True to add a file in /etc/profile.d adding the bin dir in $PATH + # as packages from upstream put them somewhere like /usr/pgsql-10/bin + add_profile: False + # If automatic package installation fails, use `fromrepo` to specify the + # upstream repo to install packages from [#133, #185] (if upstream_repo: True) + fromrepo: 'jessie-pgdg' + + ### MACOS + # Set to 'postgresapp' OR 'homebrew' for MacOS + #use_upstream_repo: 'postgresapp' + #use_upstream_repo: 'homebrew' + + # PACKAGE + # These pillars are typically never required. + # pkg: 'postgresql' + # pkg_client: 'postgresql-client' + # service: + # name: 'postgresql' + # flags: -w -s -m fast + # sysrc: True pkgs_extra: - postgresql-contrib - postgresql-plpython + # CLUSTER + # The default `encoding` is derived from the `locale` so not recommended + # to provide a value for it unless necessary + cluster: + locale: en_US.UTF-8 + # encoding: UTF8 + + #'Alternatives system' priority incremental. 0 disables feature. + linux: + altpriority: 30 + + # macos limits + limits: + soft: 64000 + hard: 128000 + + # POSTGRES # Append the lines under this item to your postgresql.conf file. # Pay attention to indent exactly with 4 spaces for all lines. - postgresconf: | + postgresconf: |- listen_addresses = '*' # listen on all interfaces - # Backup extension for postgresql.conf file, defaults to ``.bak``. - # Set to False to stop creation of backup on postgresql.conf changes. - {%- if 'status.time' in salt.keys() %} - postgresconf_backup: ".backup@{{ salt['status.time']('%y-%m-%d_%H:%M:%S') }}" - {%- endif %} - # Path to the `pg_hba.conf` file Jinja template on Salt Fileserver pg_hba.conf: salt://postgres/templates/pg_hba.conf.j2 @@ -45,11 +74,19 @@ postgres: # If ``acls`` item value is empty ('', [], null), then the contents of # ``pg_hba.conf`` file will not be touched at all. acls: + - ['local', 'db0', 'connuser', 'peer map=users_as_appuser'] - ['local', 'db1', 'localUser'] - ['host', 'db2', 'remoteUser', '192.168.33.0/24'] - # PostgreSQL service name - service: postgresql + identity_map: + - ['users_as_appuser', 'jdoe', 'connuser'] + - ['users_as_appuser', 'jsmith', 'connuser'] + + # Backup extension for configuration files, defaults to ``.bak``. + # Set ``False`` to stop creation of backups when config files change. + {%- if salt['status.time']|default(none) is callable %} + config_backup: ".backup@{{ salt['status.time']('%y-%m-%d_%H:%M:%S') }}" + {%- endif %} {%- if grains['init'] == 'unknown' %} @@ -96,7 +133,6 @@ postgres: password: '98ruj923h4rf' createdb: False createroles: False - createuser: False inherit: True replication: False @@ -105,7 +141,6 @@ postgres: password: '98ruj923h4rf' createdb: False createroles: False - createuser: False inherit: True replication: False @@ -142,15 +177,20 @@ postgres: # optional schemas to enable on database schemas: - uuid_ossp: + uuid-ossp: dbname: db1 owner: localUser # optional extensions to install in schema extensions: uuid-ossp: - schema: uuid_ossp + schema: uuid-ossp maintenance_db: db1 #postgis: {} + remove: + data: True + multiple_releases: True + releases: ['9.6', '10',] + # vim: ft=yaml ts=2 sts=2 sw=2 et diff --git a/postgres/client.sls b/postgres/client.sls deleted file mode 100644 index c51ca116..00000000 --- a/postgres/client.sls +++ /dev/null @@ -1,47 +0,0 @@ -{%- from "postgres/map.jinja" import postgres with context -%} - -{%- set pkgs = [] %} -{%- for pkg in (postgres.pkg_client, postgres.pkg_libpq_dev) %} - {%- if pkg %} - {%- do pkgs.append(pkg) %} - {%- endif %} -{%- endfor %} - -{%- if postgres.use_upstream_repo %} - -include: - - postgres.upstream - -{%- endif %} - -# Install PostgreSQL client and libraries - -postgresql-client-libs: - pkg.installed: - - pkgs: {{ pkgs }} -{%- if postgres.use_upstream_repo %} - - refresh: True - - require: - - pkgrepo: postgresql-repo -{%- endif %} - -{%- if 'bin_dir' in postgres %} - -# Make client binaries available in $PATH - - {%- for bin in postgres.client_bins %} - - {%- set path = salt['file.join'](postgres.bin_dir, bin) %} - -{{ bin }}: - alternatives.install: - - link: {{ salt['file.join']('/usr/bin', bin) }} - - path: {{ path }} - - priority: 30 - - onlyif: test -f {{ path }} - - require: - - pkg: postgresql-client-libs - - {%- endfor %} - -{%- endif %} diff --git a/postgres/client/init.sls b/postgres/client/init.sls new file mode 100644 index 00000000..839eecd0 --- /dev/null +++ b/postgres/client/init.sls @@ -0,0 +1,49 @@ +{%- from salt.file.dirname(tpldir) ~ "/map.jinja" import postgres with context -%} + +{%- set pkgs = [] %} +{%- for pkg in (postgres.pkg_client,) %} + {%- if pkg %} + {%- do pkgs.append(pkg) %} + {%- endif %} +{%- endfor %} + +{%- if postgres.use_upstream_repo == true %} +include: + - postgres.upstream +{%- endif %} + +# Install PostgreSQL client and libraries +postgresql-client-libs: + pkg.installed: + - pkgs: {{ pkgs | json }} + {%- if postgres.use_upstream_repo == true %} + - refresh: True + - require: + - pkgrepo: postgresql-repo + {%- endif %} + {%- if postgres.fromrepo %} + - fromrepo: {{ postgres.fromrepo }} + {%- endif %} + +# Alternatives system. Make client binaries available in $PATH +{%- if 'bin_dir' in postgres and postgres.linux.altpriority %} + {%- for bin in postgres.client_bins %} + {%- set path = salt['file.join'](postgres.bin_dir, bin) %} + +postgresql-{{ bin }}-altinstall: + alternatives.install: + - name: {{ bin }} + - link: {{ salt['file.join']('/usr/bin', bin) }} + - path: {{ path }} + - priority: {{ postgres.linux.altpriority }} + - onlyif: test -f {{ path }} + - require: + - pkg: postgresql-client-libs + {%- if grains['saltversioninfo'] < [2018, 11, 0, 0] %} + - retry: + attempts: 2 + until: True + {%- endif %} + + {%- endfor %} +{%- endif %} diff --git a/postgres/client/remove.sls b/postgres/client/remove.sls new file mode 100644 index 00000000..96b12019 --- /dev/null +++ b/postgres/client/remove.sls @@ -0,0 +1,45 @@ +{%- from salt.file.dirname(tpldir) ~ "/map.jinja" import postgres with context -%} + +#remove release installed by formula +postgresql-client-removed: + pkg.removed: + - pkgs: + {% if postgres.pkg_client %} + - {{ postgres.pkg_client }} + {% endif %} + +{%- if postgres.remove.multiple_releases %} + #search for and cleandown multiple releases + + {% for release in postgres.remove.releases %} + {% if 'bin_dir' in postgres %} + {%- for bin in postgres.client_bins %} + {% set path = '/usr/pgsql-' + release|string + '/bin/' + bin %} + +postgresql{{ release }}-client-{{ bin }}-alternative-remove: + alternatives.remove: + - name: {{ bin }} + - path: {{ path }} + {% if grains.os in ('Fedora', 'CentOS',) %} + {# bypass bug #} + - onlyif: alternatives --display {{ bin }} + {% else %} + - onlyif: test -f {{ path }} + {% endif %} + - require_in: + - pkg: postgresql{{ release }}-client-pkgs-removed + {%- endfor %} + {%- endif %} + +postgresql{{ release }}-client-pkgs-removed: + pkg.purged: + - pkgs: + - postgresql + - postgresql-{{ release }} + - postgresql-{{ release|replace('.', '') }} + - postgresql{{ release }}-common + - postgresql{{ release }}-jdbc + + {% endfor %} + +{%- endif %} diff --git a/postgres/codenamemap.yaml b/postgres/codenamemap.yaml index eb98aa12..f888fb4f 100644 --- a/postgres/codenamemap.yaml +++ b/postgres/codenamemap.yaml @@ -2,53 +2,75 @@ {% import_yaml "postgres/repo.yaml" as repo %} -{% macro debian_codename(name, version, codename=none) %} - {# - Generate lookup dictionary map for Debian and derivative distributions - - name: - distro codename - version: - PostgreSQL release version - codename: - optional grain value if `name` does not match the one returned by - `oscodename` grain + {# Generate lookup dictionary map for OS and derivative distributions + name: distro codename + version: PostgreSQL release version + codename: optional grain value if `name` does not match the one returned by `oscodename` grain #} - {# use upstream version if configured #} - {% if repo.use_upstream_repo %} +{% macro debian_codename(name, version, codename=none) %} + + {% if repo.use_upstream_repo == true %} {% set version = repo.version %} + {% set fromrepo = repo.fromrepo|default(name ~ '-pgdg', true) %} + {% else %} + {% set fromrepo = name %} {% endif %} + {% set cluster_name = repo.cluster_name %} + {% set conf_dir = '/etc/postgresql/{0}/{1}'.format(version, cluster_name) %} + {% set data_dir = '/var/lib/postgresql/{0}/{1}'.format(version, cluster_name) %} {{ codename|default(name, true) }}: # PostgreSQL packages are mostly downloaded from `main` repo component + conf_dir: {{ conf_dir }} + data_dir: {{ data_dir }} + fromrepo: {{ fromrepo }} pkg_repo: - name: 'deb http://apt.postgresql.org/pub/repos/apt {{ name }}-pgdg main {{ repo.version }}' + name: 'deb http://apt.postgresql.org/pub/repos/apt {{ name }}-pgdg main' pkg: postgresql-{{ version }} pkg_client: postgresql-client-{{ version }} - conf_dir: /etc/postgresql/{{ version }}/main prepare_cluster: - command: pg_createcluster {{ version }} main - test: test -f /var/lib/postgresql/{{ version }}/main/PG_VERSION && test -f /etc/postgresql/{{ version }}/main/postgresql.conf + pgcommand: pg_createcluster {{ version }} {{ cluster_name }} -d user: root {% endmacro %} + +{% macro fedora_codename(name, version, codename=none) %} + + {# use upstream version if configured #} + {% if repo.use_upstream_repo == true %} + {% set version = repo.version %} + {% endif %} + +{{ codename|default(name, true) }}: + # PostgreSQL packages are mostly downloaded from `main` repo component + pkg_repo: + baseurl: 'https://download.postgresql.org/pub/repos/yum/{{ version }}/fedora/fedora-$releasever-$basearch' + +{% endmacro %} + ## Debian GNU/Linux {{ debian_codename('wheezy', '9.1') }} {{ debian_codename('jessie', '9.4') }} +{{ debian_codename('stretch', '9.6') }} # `oscodename` grain has long distro name # if `lsb-release` package not installed {{ debian_codename('wheezy', '9.1', 'Debian GNU/Linux 7 (wheezy)') }} {{ debian_codename('jessie', '9.4', 'Debian GNU/Linux 8 (jessie)') }} +{{ debian_codename('stretch', '9.6', 'Debian GNU/Linux 9 (stretch)') }} ## Ubuntu {{ debian_codename('trusty', '9.3') }} -{{ debian_codename('precise', '9.4') }} -{{ debian_codename('utopic', '9.4') }} -{{ debian_codename('vivid', '9.4') }} -{{ debian_codename('wily', '9.4') }} {{ debian_codename('xenial', '9.5') }} +{{ debian_codename('artful', '9.6') }} +{{ debian_codename('bionic', '10') }} +{{ debian_codename('cosmic', '10') }} + +## Fedora +# `oscodename` grain has long distro name +{{ fedora_codename('Fedora-27', '9.6', 'Fedora 27 (Twenty Seven)') }} +{{ fedora_codename('Fedora-26', '9.6', 'Fedora 26 (Twenty Six)') }} # vim: ft=sls diff --git a/postgres/defaults.yaml b/postgres/defaults.yaml index d421aff2..c5ce3e07 100644 --- a/postgres/defaults.yaml +++ b/postgres/defaults.yaml @@ -2,25 +2,51 @@ postgres: use_upstream_repo: True - version: '9.5' + add_profile: False # add bin_dir to $PATH, if installed from repos + version: '10' pkg: postgresql pkgs_extra: [] pkg_client: postgresql-client pkg_dev: postgresql-devel - pkg_libpq_dev: postgresql-libs - python: python-psycopg2 + pkg_dev_deps: [] + pkg_libpq_dev: libpq-dev + pkg_libs: postgresql-libs + pkg_python: python-psycopg2 + userhomes: /home user: postgres group: postgres prepare_cluster: - command: initdb --pgdata=/var/lib/pgsql/data - test: test -f /var/lib/pgsql/data/PG_VERSION + run: True + pgcommand: initdb -D + pgtestfile: PG_VERSION user: postgres - env: {} + env: [] + + cluster: + name: main # Debian-based only + locale: '' # Defaults to `C` + encoding: '' # Defaults to `SQL_ASCII` if `locale` not provided conf_dir: /var/lib/pgsql/data + data_dir: /var/lib/pgsql/data + conf_dir_mode: '0700' postgresconf: "" - postgresconf_backup: '.bak' + + macos: + archive: postgres.dmg + tmpdir: /tmp/postgrestmp + postgresapp: + #See: https://github.com/PostgresApp/PostgresApp/releases/ + url: https://github.com/PostgresApp/PostgresApp/releases/download/v2.1.1/Postgres-2.1.1.dmg + sum: sha256=ac0656b522a58fd337931313f09509c09610c4a6078fe0b8e469e69af1e1750b + homebrew: + url: '' + sum: '' + dl: + opts: -s -L + interval: 60 + retries: 2 pg_hba.conf: salt://postgres/templates/pg_hba.conf.j2 acls: @@ -30,13 +56,36 @@ postgres: - ['host', 'all', 'all', '127.0.0.1/32', 'md5'] # IPv6 local connections: - ['host', 'all', 'all', '::1/128', 'md5'] + # Allow replication connections from localhost, by a user with the + # replication privilege. + - ['local', 'replication', 'all', 'peer'] + - ['host', 'replication', 'all', '127.0.0.1/32', 'md5'] + - ['host', 'replication', 'all', '::1/128', 'md5'] + + pg_ident.conf: salt://postgres/templates/pg_ident.conf.j2 + identity_map: [] + + config_backup: '.bak' - service: postgresql + service: + name: postgresql + sysrc: False bake_image: False + fromrepo: '' + users: {} tablespaces: {} databases: {} schemas: {} extensions: {} + + linux: + #Alternatives system are disabled by a 'altpriority=0' pillar. + altpriority: 0 + + remove: + data: False + multiple_releases: False + releases: ['9.2', '9.3', '9.4', '9.5', '9.6', '10',] diff --git a/postgres/dev.sls b/postgres/dev.sls deleted file mode 100644 index 451d4781..00000000 --- a/postgres/dev.sls +++ /dev/null @@ -1,13 +0,0 @@ -{% from "postgres/map.jinja" import postgres with context %} - -{% if postgres.pkg_dev %} -install-postgres-dev-package: - pkg.installed: - - name: {{ postgres.pkg_dev }} -{% endif %} - -{% if postgres.pkg_libpq_dev %} -install-postgres-libpq-dev: - pkg.installed: - - name: {{ postgres.pkg_libpq_dev }} -{% endif %} diff --git a/postgres/dev/init.sls b/postgres/dev/init.sls new file mode 100644 index 00000000..b3e07b92 --- /dev/null +++ b/postgres/dev/init.sls @@ -0,0 +1,76 @@ +{%- from salt.file.dirname(tpldir) ~ "/map.jinja" import postgres with context -%} + +{% if grains.os not in ('Windows', 'MacOS',) %} + {%- set pkgs = [postgres.pkg_dev, postgres.pkg_libpq_dev] + postgres.pkg_dev_deps %} + + {% if pkgs %} +install-postgres-dev-packages: + pkg.installed: + - pkgs: {{ pkgs | json }} + {% if postgres.fromrepo %} + - fromrepo: {{ postgres.fromrepo }} + {% endif %} + {% endif %} + + # Alternatives system. Make devclient binaries available in $PATH + {%- if 'bin_dir' in postgres and postgres.linux.altpriority %} + {%- for bin in postgres.dev_bins %} + {%- set path = salt['file.join'](postgres.bin_dir, bin) %} + +postgresql-{{ bin }}-altinstall: + alternatives.install: + - name: {{ bin }} + - link: {{ salt['file.join']('/usr/bin', bin) }} + - path: {{ path }} + - priority: {{ postgres.linux.altpriority }} + - onlyif: test -f {{ path }} + {%- if grains['saltversioninfo'] < [2018, 11, 0, 0] %} + - retry: + attempts: 2 + until: True + {%- endif %} + + {%- endfor %} + {%- endif %} + +{% elif grains.os == 'MacOS' %} + + # Darwin maxfiles limits + {% if postgres.limits.soft or postgres.limits.hard %} + +postgres_maxfiles_limits_conf: + file.managed: + - name: /Library/LaunchDaemons/limit.maxfiles.plist + - source: salt://postgres/templates/limit.maxfiles.plist + - template: jinja + - context: + soft_limit: {{ postgres.limits.soft }} + hard_limit: {{ postgres.limits.hard }} + - group: {{ postgres.group }} + {% endif %} + + {% if postgres.use_upstream_repo == 'postgresapp' %} + # Shortcut for PostgresApp +postgres-desktop-shortcut-clean: + file.absent: + - name: '{{ postgres.userhomes }}/{{ postgres.user }}/Desktop/Postgres ({{ postgres.use_upstream_repo }})' + - require_in: + - file: postgres-desktop-shortcut-add + +postgres-desktop-shortcut-add: + file.managed: + - name: /tmp/mac_shortcut.sh + - source: salt://postgres/templates/mac_shortcut.sh + - mode: 755 + - template: jinja + - context: + user: {{ postgres.user }} + homes: {{ postgres.userhomes }} + cmd.run: + - name: '/tmp/mac_shortcut.sh "Postgres ({{ postgres.use_upstream_repo }})"' + - runas: {{ postgres.user }} + - require: + - file: postgres-desktop-shortcut-add + {% endif %} + +{% endif %} diff --git a/postgres/dev/remove.sls b/postgres/dev/remove.sls new file mode 100644 index 00000000..45817760 --- /dev/null +++ b/postgres/dev/remove.sls @@ -0,0 +1,55 @@ +{%- from salt.file.dirname(tpldir) ~ "/map.jinja" import postgres with context -%} + +# remove release installed by formula +postgresql-devel-removed: + pkg.removed: + - pkgs: + {% if postgres.pkg_dev %} + - {{ postgres.pkg_dev }} + {% endif %} + {% if postgres.pkg_libpq_dev %} + - {{ postgres.pkg_libpq_dev }} + {% endif %} + {% if postgres.pkg_python %} + - {{ postgres.pkg_python }} + {% endif %} + +{%- if postgres.remove.multiple_releases %} + #search for and cleandown multiple releases + + {% for release in postgres.remove.releases %} + {% if 'bin_dir' in postgres %} + {%- for bin in postgres.dev_bins %} + {% set path = '/usr/pgsql-' + release|string + '/bin/' + bin %} + +postgresql{{ release }}-devel-{{ bin }}-alternative-remove: + alternatives.remove: + - name: {{ bin }} + - path: {{ path }} + {% if grains.os in ('Fedora', 'CentOS',) %} + {# bypass bug #} + - onlyif: alternatives --display {{ bin }} + {% else %} + - onlyif: test -f {{ path }} + {% endif %} + - require_in: + - pkg: postgresql{{ release }}-devel-pkgs-removed + {%- endfor %} + {%- endif %} + +postgresql{{ release }}-devel-pkgs-removed: + pkg.purged: + - pkgs: + - postgresql-dev + - postgresql-dev-{{ release|replace('.', '') }} + - postgresql-server-dev + - postgresql-server-dev-{{ release|replace('.', '') }} + - postgresql{{ release }}-jdbc + - postgresql{{ release|replace('.', '') }}-jdbc + - postgresql-{{ release }} + - postgresql-{{ release|replace('.', '') }} + - {{ postgres.pkg_python or "postgresql-python" }} + + {% endfor %} + +{%- endif %} diff --git a/postgres/dropped.sls b/postgres/dropped.sls index 8c88d7b9..c0a9226d 100644 --- a/postgres/dropped.sls +++ b/postgres/dropped.sls @@ -1,30 +1,5 @@ -{% from "postgres/map.jinja" import postgres with context %} -postgresql-dead: - service.dead: - - name: {{ postgres.service }} - -postgresql-removed: - pkg.removed: - - pkgs: - {% if postgres.pkg %} - - {{ postgres.pkg }} - {% endif %} - {% if postgres.pkg_client %} - - {{ postgres.pkg_client }} - {% endif %} - {% if postgres.pkg_dev %} - - {{ postgres.pkg_dev }} - {% endif %} - {% if postgres.pkg_libpq_dev %} - - {{ postgres.pkg_libpq_dev }} - {% endif %} - {% if postgres.pkgs_extra %} - {% for pkg in postgres.pkgs_extra %} - - {{ pkg }} - {% endfor %} - {% endif %} - -postgres-dir-absent: - file.absent: - - name: {{ postgres.conf_dir }} +include: + - postgres.server.remove + - postgres.client.remove + - postgres.dev.remove diff --git a/postgres/init.sls b/postgres/init.sls index 0409e62a..a28a0ed7 100644 --- a/postgres/init.sls +++ b/postgres/init.sls @@ -1,4 +1,9 @@ + include: +{% if grains.os == 'MacOS' %} + - postgres.macos +{% else %} - postgres.server - postgres.client - postgres.manage +{% endif %} diff --git a/postgres/libtofs.jinja b/postgres/libtofs.jinja new file mode 100644 index 00000000..ab0d0f6c --- /dev/null +++ b/postgres/libtofs.jinja @@ -0,0 +1,100 @@ +{%- macro files_switch(source_files, + lookup=None, + default_files_switch=['id', 'os_family'], + indent_width=6, + v1_path_prefix='') %} + {#- + Returns a valid value for the "source" parameter of a "file.managed" + state function. This makes easier the usage of the Template Override and + Files Switch (TOFS) pattern. + + Params: + * source_files: ordered list of files to look for + * lookup: key under ':tofs:source_files' to override + list of source files + * default_files_switch: if there's no config (e.g. pillar) + ':tofs:files_switch' this is the ordered list of grains to + use as selector switch of the directories under + "/files" + * indent_witdh: indentation of the result value to conform to YAML + * v1_path_prefix: (deprecated) only used for injecting a path prefix into + the source, to support older TOFS configs + + Example (based on a `tplroot` of `xxx`): + + If we have a state: + + Deploy configuration: + file.managed: + - name: /etc/yyy/zzz.conf + - source: {{ files_switch(['/etc/yyy/zzz.conf', '/etc/yyy/zzz.conf.jinja'], + lookup='Deploy configuration' + ) }} + - template: jinja + + In a minion with id=theminion and os_family=RedHat, it's going to be + rendered as: + + Deploy configuration: + file.managed: + - name: /etc/yyy/zzz.conf + - source: + - salt://xxx/files/theminion/etc/yyy/zzz.conf + - salt://xxx/files/theminion/etc/yyy/zzz.conf.jinja + - salt://xxx/files/RedHat/etc/yyy/zzz.conf + - salt://xxx/files/RedHat/etc/yyy/zzz.conf.jinja + - salt://xxx/files/default/etc/yyy/zzz.conf + - salt://xxx/files/default/etc/yyy/zzz.conf.jinja + - template: jinja + #} + {#- Get the `tplroot` from `tpldir` #} + {%- set tplroot = tpldir.split('/')[0] %} + {%- set path_prefix = salt['config.get'](tplroot ~ ':tofs:path_prefix', tplroot) %} + {%- set files_dir = salt['config.get'](tplroot ~ ':tofs:dirs:files', 'files') %} + {%- set files_switch_list = salt['config.get']( + tplroot ~ ':tofs:files_switch', + default_files_switch + ) %} + {#- Lookup source_files (v2), files (v1), or fallback to source_files parameter #} + {%- set src_files = salt['config.get']( + tplroot ~ ':tofs:source_files:' ~ lookup, + salt['config.get']( + tplroot ~ ':tofs:files:' ~ lookup, + source_files + ) + ) %} + {#- Only add to [''] when supporting older TOFS implementations #} + {%- set path_prefix_exts = [''] %} + {%- if v1_path_prefix != '' %} + {%- do path_prefix_exts.append(v1_path_prefix) %} + {%- endif %} + {%- for path_prefix_ext in path_prefix_exts %} + {%- set path_prefix_inc_ext = path_prefix ~ path_prefix_ext %} + {#- For older TOFS implementation, use `files_switch` from the config #} + {#- Use the default, new method otherwise #} + {%- set fsl = salt['config.get']( + tplroot ~ path_prefix_ext|replace('/', ':') ~ ':files_switch', + files_switch_list + ) %} + {#- Append an empty value to evaluate as `default` in the loop below #} + {%- if '' not in fsl %} + {%- do fsl.append('') %} + {%- endif %} + {%- for fs in fsl %} + {%- for src_file in src_files %} + {%- if fs %} + {%- set fs_dir = salt['config.get'](fs, fs) %} + {%- else %} + {%- set fs_dir = salt['config.get'](tplroot ~ ':tofs:dirs:default', 'default') %} + {%- endif %} + {%- set url = '- salt://' ~ '/'.join([ + path_prefix_inc_ext, + files_dir, + fs_dir, + src_file.lstrip('/') + ]) %} +{{ url | indent(indent_width, true) }} + {%- endfor %} + {%- endfor %} + {%- endfor %} +{%- endmacro %} diff --git a/postgres/macos/init.sls b/postgres/macos/init.sls new file mode 100644 index 00000000..33d33ed4 --- /dev/null +++ b/postgres/macos/init.sls @@ -0,0 +1,10 @@ +{%- from salt.file.dirname(tpldir) ~ "/map.jinja" import postgres with context -%} + +include: +{% if postgres.use_upstream_repo == 'postgresapp' %} + - postgres.macos.postgresapp +{% elif postgres.use_upstream_repo == 'homebrew' %} + - postgres.server + - postgres.client +{% endif %} + - postgres.dev diff --git a/postgres/macos/postgresapp.sls b/postgres/macos/postgresapp.sls new file mode 100644 index 00000000..9dd19e3d --- /dev/null +++ b/postgres/macos/postgresapp.sls @@ -0,0 +1,52 @@ +{%- from salt.file.dirname(tpldir) ~ "/map.jinja" import postgres as pg with context -%} + +pg-extract-dirs: + file.directory: + - names: + - '{{ pg.macos.tmpdir }}' + - makedirs: True + - require_in: + - pg-download-archive + +pg-download-archive: + pkg.installed: + - name: curl + cmd.run: + - name: curl {{ pg.macos.dl.opts }} -o {{ pg.macos.tmpdir }}/{{ pg.macos.archive }} {{ pg.macos.postgresapp.url }} + - unless: test -f {{ pg.macos.tmpdir }}/{{ pg.macos.archive }} + {% if grains['saltversioninfo'] >= [2017, 7, 0] %} + - retry: + attempts: {{ pg.macos.dl.retries }} + interval: {{ pg.macos.dl.interval }} + until: True + splay: 10 + {% endif %} + + {%- if pg.macos.postgresapp.sum %} +pg-check-archive-hash: + module.run: + - name: file.check_hash + - path: '{{ pg.macos.tmpdir }}/{{ pg.macos.archive }}' + - file_hash: {{ pg.macos.postgresapp.sum }} + - require: + - cmd: pg-download-archive + - require_in: + - archive: pg-package-install + {%- endif %} + +pg-package-install: + macpackage.installed: + - name: '{{ pg.macos.tmpdir }}/{{ pg.macos.archive }}' + - store: True + - dmg: True + - app: True + - force: True + - allow_untrusted: True + - onchanges: + - cmd: pg-download-archive + - require_in: + - file: pg-package-install + file.append: + - name: {{ pg.userhomes }}/{{ pg.user }}/.bash_profile + - text: 'export PATH=$PATH:/Applications/Postgres.app/Contents/Versions/latest/bin' + diff --git a/postgres/macros.jinja b/postgres/macros.jinja index 3732df6e..e61754ae 100644 --- a/postgres/macros.jinja +++ b/postgres/macros.jinja @@ -12,7 +12,9 @@ {%- macro format_state(name, state, kwarg) %} - {%- do kwarg.update({'name': name}) %} + {%- if 'name' not in kwarg %} + {%- do kwarg.update({'name': name}) %} + {%- endif %} {%- if 'ensure' in kwarg %} {%- set ensure = kwarg.pop('ensure') %} {%- endif %} @@ -23,6 +25,8 @@ {{ state }}-{{ name }}: {{ state }}.{{ ensure|default('present') }}: {{- format_kwargs(kwarg) }} + - onchanges: + - test: postgres-reload-modules {%- endmacro %} diff --git a/postgres/manage.sls b/postgres/manage.sls index 66f5865e..b2cfae30 100644 --- a/postgres/manage.sls +++ b/postgres/manage.sls @@ -1,7 +1,7 @@ -{%- from "postgres/map.jinja" import postgres with context -%} -{%- from "postgres/macros.jinja" import format_state with context -%} +{%- from tpldir + "/map.jinja" import postgres with context -%} +{%- from tpldir + "/macros.jinja" import format_state with context -%} -{%- if not salt.get('postgres.user_create') %} +{%- if salt['postgres.user_create']|default(none) is not callable %} # Salt states for managing PostgreSQL is not available, # need to provision client binaries first @@ -18,7 +18,7 @@ include: # Ensure that Salt is able to use postgres modules postgres-reload-modules: - test.nop: + test.succeed_with_changes: - reload_modules: True # User states @@ -26,8 +26,6 @@ postgres-reload-modules: {%- for name, user in postgres.users|dictsort() %} {{ format_state(name, 'postgres_user', user) }} - - require: - - test: postgres-reload-modules {%- endfor %} @@ -36,9 +34,8 @@ postgres-reload-modules: {%- for name, tblspace in postgres.tablespaces|dictsort() %} {{ format_state(name, 'postgres_tablespace', tblspace) }} - - require: - - test: postgres-reload-modules {%- if 'owner' in tblspace %} + - require: - postgres_user: postgres_user-{{ tblspace.owner }} {%- endif %} @@ -47,10 +44,34 @@ postgres-reload-modules: # Database states {%- for name, db in postgres.databases|dictsort() %} + {%- if 'extensions' in db %} + {%- for ext_name, extension in db.pop('extensions')|dictsort() %} + {%- do extension.update({'name': ext_name, 'maintenance_db': name}) %} + +{{ format_state( name + '-' + ext_name, 'postgres_extension', extension) }} + - require: + - postgres_database: postgres_database-{{ name }} + {%- if 'schema' in extension and 'schemas' in postgres %} + - postgres_schema: postgres_schema-{{ name }}-{{ extension.schema }} + {%- endif %} + + {%- endfor %} + {%- endif %} + {%- if 'schemas' in db %} + {%- for schema_name, schema in db.pop('schemas')|dictsort() %} + {%- do schema.update({'name': schema_name, 'dbname': name }) %} + +{{ format_state( name + '-' + schema_name, 'postgres_schema', schema) }} + - require: + - postgres_database: postgres_database-{{ name }} + + {%- endfor %} + {%- endif %} {{ format_state(name, 'postgres_database', db) }} + {%- if 'owner' in db or 'tablespace' in db %} - require: - - test: postgres-reload-modules + {%- endif %} {%- if 'owner' in db %} - postgres_user: postgres_user-{{ db.owner }} {%- endif %} @@ -66,7 +87,7 @@ postgres-reload-modules: {{ format_state(name, 'postgres_schema', schema) }} - require: - - test: postgres-reload-modules + - postgres_database-{{ schema.dbname }} {%- if 'owner' in schema %} - postgres_user: postgres_user-{{ schema.owner }} {%- endif %} @@ -78,8 +99,9 @@ postgres-reload-modules: {%- for name, extension in postgres.extensions|dictsort() %} {{ format_state(name, 'postgres_extension', extension) }} + {%- if 'maintenance_db' in extension or 'schema' in extension %} - require: - - test: postgres-reload-modules + {%- endif %} {%- if 'maintenance_db' in extension %} - postgres_database: postgres_database-{{ extension.maintenance_db }} {%- endif %} diff --git a/postgres/map.jinja b/postgres/map.jinja index 1b947ace..50c59532 100644 --- a/postgres/map.jinja +++ b/postgres/map.jinja @@ -1,17 +1,32 @@ {% import_yaml "postgres/defaults.yaml" as defaults %} +{% import_yaml "postgres/osfamilymap.yaml" as osfamilymap %} {% import_yaml "postgres/osmap.yaml" as osmap %} {% import_yaml "postgres/codenamemap.yaml" as oscodenamemap %} {% set postgres = salt['grains.filter_by']( defaults, merge=salt['grains.filter_by']( - osmap, + osfamilymap, grain='os_family', merge=salt['grains.filter_by']( - oscodenamemap, - grain='oscodename', - merge=salt['pillar.get']('postgres', {}), + osmap, + grain='os', + merge=salt['grains.filter_by']( + oscodenamemap, + grain='oscodename', + merge=salt['pillar.get']('postgres', {}), + ), ), ), base='postgres', ) %} + +{# Concatenate the cluster preparation command and then append it to the `postgres` dict #} +{% set pc_cmd = '{0} {1}'.format(postgres.prepare_cluster.pgcommand, postgres.data_dir) %} +{% if postgres.cluster.locale %} + {% set pc_cmd = '{0} --locale={1}'.format(pc_cmd, postgres.cluster.locale) %} +{% endif %} +{% if postgres.cluster.encoding %} + {% set pc_cmd = '{0} --encoding={1}'.format(pc_cmd, postgres.cluster.encoding) %} +{% endif %} +{% do postgres.update({'prepare_cluster_cmd': pc_cmd}) %} diff --git a/postgres/osfamilymap.yaml b/postgres/osfamilymap.yaml new file mode 100644 index 00000000..226a6005 --- /dev/null +++ b/postgres/osfamilymap.yaml @@ -0,0 +1,216 @@ +{% import_yaml "postgres/repo.yaml" as repo %} + +{% set release = repo.version|replace('.', '') %} + +Arch: + conf_dir: /var/lib/postgres/data + data_dir: /var/lib/postgres/data + pkg_client: postgresql-libs + pkg_dev: postgresql + +Debian: + pkg_repo: + humanname: PostgreSQL Official Repository + key_url: 'https://www.postgresql.org/media/keys/ACCC4CF8.asc' + file: /etc/apt/sources.list.d/pgdg.list + pkg_repo_keyid: ACCC4CF8 + {% if repo.use_upstream_repo == true %} + pkg_dev: '' + {% else %} + pkg_dev: postgresql-server-dev-all + {% endif %} + +FreeBSD: + {% if repo.version|float >= 9.6 %} + user: &freebsd-user postgres + group: &freebsd-group postgres + conf_dir: {{ '/var/db/postgres/data' ~ release }} + data_dir: {{ '/var/db/postgres/data' ~ release }} + {% else %} + user: &freebsd-user pgsql + group: &freebsd-group pgsql + conf_dir: /usr/local/pgsql/data + data_dir: /usr/local/pgsql/data + {% endif %} + pkg_client: postgresql{{ release }}-client + pkg: postgresql{{ release }}-server + prepare_cluster: + user: *freebsd-user + group: *freebsd-group + service: + flags: -w -s -m fast + sysrc: True + +OpenBSD: + conf_dir: /var/postgresql/data + data_dir: /var/postgresql/data + user: _postgresql + service: + flags: -w -s -m fast + sysrc: True + +RedHat: + pkg_repo: + name: pgdg{{ release }} + humanname: PostgreSQL {{ repo.version }} $releasever - $basearch + gpgcheck: 1 + gpgkey: 'https://download.postgresql.org/pub/repos/yum/RPM-GPG-KEY-PGDG-{{ release }}' + baseurl: 'https://download.postgresql.org/pub/repos/yum/{{ repo.version }}/redhat/rhel-$releasever-$basearch' + +{% if repo.use_upstream_repo == true %} + {% set data_dir = '/var/lib/pgsql/' ~ repo.version ~ '/data' %} + + fromrepo: pgdg{{ release }} + pkg: postgresql{{ release }}-server + pkg_client: postgresql{{ release }} + pkg_libs: postgresql{{ release }}-libs + pkg_dev: postgresql{{ release }}-devel + conf_dir: {{ data_dir }} + data_dir: {{ data_dir }} + service: + name: postgresql-{{ repo.version }} + + # Alternatives system + linux: + altpriority: 30 + + # directory containing PostgreSQL client executables + bin_dir: /usr/pgsql-{{ repo.version }}/bin + dev_bins: + - ecg + client_bins: + - clusterdb + - createdb + - createlang + - createuser + - dropdb + - droplang + - dropuser + - pg_archivecleanup + - pg_basebackup + - pg_config + - pg_dump + - pg_dumpall + - pg_isready + - pg_receivexlog + - pg_restore + - pg_rewind + - pg_test_fsync + - pg_test_timing + - pg_upgrade + - pg_xlogdump + - pgbench + - psql + - reindexdb + - vacuumdb + server_bins: + - initdb + - pg_controldata + - pg_ctl + - pg_resetxlog + - postgres + - postgresql{{ release }}-check-db-dir + - postgresql{{ release }}-setup + - postmaster + +{% else %} + + pkg: postgresql-server + pkg_client: postgresql + +{% endif %} + pkg_libpq_dev: libpqxx-devel + pkg_dev_deps: + - perl-Time-HiRes + - libicu-devel + - perl-IPC-Run + - perl-Test-Simple + +Suse: + pkg_repo: + name: pgdg-sles-{{ release }} + humanname: PostgreSQL {{ repo.version }} $releasever - $basearch + #Using sles-12 upstream repo for opensuse + baseurl: 'https://download.postgresql.org/pub/repos/zypp/{{ repo.version }}/suse/sles-12-$basearch' + key_url: 'https://download.postgresql.org/pub/repos/zypp/{{ repo.version }}/suse/sles-12-$basearch/repodata/repomd.xml.key' + gpgcheck: 1 + gpgautoimport: True + +{% if repo.use_upstream_repo == true %} + {% set data_dir = '/var/lib/pgsql/' ~ repo.version ~ '/data' %} + + fromrepo: pgdg-sles-{{ release }} + pkg: postgresql{{ release }}-server + pkg_client: postgresql{{ release }} + pkg_dev: postgresql{{ release }}-devel + pkg_libs: postgresql{{ release }}-libs + conf_dir: {{ data_dir }} + data_dir: {{ data_dir }} + service: + name: postgresql-{{ repo.version }} + + # Alternatives system + linux: + altpriority: 30 + + # directory containing PostgreSQL client executables + bin_dir: /usr/pgsql-{{ repo.version }}/bin + dev_bins: + - ecg + client_bins: + - pg_archivecleanup + - pg_config + - pg_isready + - pg_receivexlog + - pg_rewind + - pg_test_fsync + - pg_test_timing + - pg_upgrade + - pg_xlogdump + - pgbench + server_bins: + - initdb + - pg_controldata + - pg_ctl + - pg_resetxlog + - postgres + - postgresql{{ release }}-check-db-dir + - postgresql{{ release }}-setup + - postmaster + +{% else %} + + pkg: postgresql-server + pkg_client: postgresql + +{% endif %} + pkg_libpq_dev: libpqxx + +{%- if grains.os == 'MacOS' %} +## jinja check avoids rendering noise/failure on Linux +MacOS: + {%- if repo.use_upstream_repo == 'homebrew' %} + service: + name: homebrew.mxcl.postgresql + {%- elif repo.use_upstream_repo == 'postgresapp' %} + service: + name: com.postgresapp.Postgres2 + {%- endif %} + pkg: postgresql + pkg_client: + pkg_libpq_dev: + userhomes: /Users + user: {{ repo.user }} + group: {{ repo.group }} + conf_dir: /Users/{{ repo.user }}/Library/AppSupport/postgres_{{ repo.use_upstream_repo }} + data_dir: /Users/{{ repo.user }}/Library/AppSupport/postgres_{{ repo.use_upstream_repo }} + prepare_cluster: + user: {{ repo.user }} + group: {{ repo.group }} + # macos limits + limits: + soft: 64000 + hard: 64000 +{%- endif %} + +# vim: ft=sls diff --git a/postgres/osmap.yaml b/postgres/osmap.yaml index f41a93e2..0e04e970 100644 --- a/postgres/osmap.yaml +++ b/postgres/osmap.yaml @@ -1,97 +1,9 @@ {% import_yaml "postgres/repo.yaml" as repo %} -{% set release = repo.version|replace('.', '') %} - -Arch: - conf_dir: /var/lib/postgres/data - prepare_cluster: - command: initdb -D /var/lib/postgresql/data - test: test -f /var/lib/postgres/data/PG_VERSION - pkg_client: postgresql - pkg_dev: postgresql - -Debian: - pkg_repo: - humanname: PostgreSQL Official Repository - key_url: 'https://www.postgresql.org/media/keys/ACCC4CF8.asc' - file: /etc/apt/sources.list.d/pgdg.list - pkg_repo_keyid: ACCC4CF8 - pkg_dev: postgresql-server-dev-all - pkg_libpq_dev: libpq-dev - -FreeBSD: - user: pgsql - -OpenBSD: - user: _postgresql - -RedHat: +Fedora: pkg_repo: - name: pgdg{{ release }} - humanname: PostgreSQL {{ repo.version }} $releasever - $basearch - baseurl: 'https://download.postgresql.org/pub/repos/yum/{{ repo.version }}/redhat/rhel-$releasever-$basearch' - gpgcheck: 1 - gpgkey: 'https://download.postgresql.org/pub/repos/yum/RPM-GPG-KEY-PGDG-{{ release }}' - -{% if repo.use_upstream_repo %} - - {% set data_dir = '/var/lib/pgsql/' ~ repo.version ~ '/data' %} - - pkg: postgresql{{ release }}-server - pkg_client: postgresql{{ release }} - conf_dir: /var/lib/pgsql/{{ repo.version }}/data - service: postgresql-{{ repo.version }} - - prepare_cluster: - command: initdb --pgdata='{{ data_dir }}' - test: test -f '{{ data_dir }}/PG_VERSION' - - # Directory containing PostgreSQL client executables - bin_dir: /usr/pgsql-{{ repo.version }}/bin - client_bins: - - clusterdb - - createdb - - createlang - - createuser - - dropdb - - droplang - - dropuser - - pg_archivecleanup - - pg_basebackup - - pg_config - - pg_dump - - pg_dumpall - - pg_isready - - pg_receivexlog - - pg_restore - - pg_rewind - - pg_test_fsync - - pg_test_timing - - pg_upgrade - - pg_xlogdump - - pgbench - - psql - - reindexdb - - vacuumdb - server_bins: - - initdb - - pg_controldata - - pg_ctl - - pg_resetxlog - - postgres - - postgresql{{ release }}-check-db-dir - - postgresql{{ release }}-setup - - postmaster - -{% else %} - - pkg: postgresql-server - pkg_client: postgresql - -{% endif %} - -Suse: - pkg: postgresql-server - pkg_client: postgresql + baseurl: 'https://download.postgresql.org/pub/repos/yum/{{ repo.version }}/fedora/fedora-$releasever-$basearch' + remove: + releases: ['9.4', '9.5', '9.6', '10',] # vim: ft=sls diff --git a/postgres/python.sls b/postgres/python.sls index a35d721f..4a5ee21b 100644 --- a/postgres/python.sls +++ b/postgres/python.sls @@ -1,5 +1,16 @@ -{% from "postgres/map.jinja" import postgres with context %} +{% from tpldir + "/map.jinja" import postgres with context %} + +include: + - postgres.upstream postgresql-python: pkg.installed: - - name: {{ postgres.python}} + - name: {{ postgres.pkg_python}} + {% if postgres.fromrepo %} + - fromrepo: {{ postgres.fromrepo }} + {% endif %} + {% if postgres.use_upstream_repo == true %} + - refresh: True + - require: + - pkgrepo: postgresql-repo + {% endif %} diff --git a/postgres/repo.yaml b/postgres/repo.yaml index e37eec73..49fb9b90 100644 --- a/postgres/repo.yaml +++ b/postgres/repo.yaml @@ -3,9 +3,17 @@ {% import_yaml "postgres/defaults.yaml" as defaults %} -use_upstream_repo: {{ salt['pillar.get']('postgres:use_upstream_repo', - defaults.postgres.use_upstream_repo) }} -version: {{ salt['pillar.get']('postgres:version', - defaults.postgres.version) }} +use_upstream_repo: {{ salt['pillar.get']('postgres:use_upstream_repo', defaults.postgres.use_upstream_repo) }} +version: {{ salt['pillar.get']('postgres:version', defaults.postgres.version) }} +fromrepo: {{ salt['pillar.get']('postgres:fromrepo', defaults.postgres.fromrepo) }} +cluster_name: {{ salt['pillar.get']('postgres:cluster:name', defaults.postgres.cluster.name) }} + +#Early lookup for system user on MacOS +{% if grains.os == 'MacOS' %} + {% set sysuser = salt['pillar.get']('postgres:user', salt['cmd.run']("stat -f '%Su' /dev/console")) %} + {% set sysgroup = salt['pillar.get']('postgres:group', salt['cmd.run']("stat -f '%Sg' /dev/console")) %} +user: {{ sysuser }} +group: {{ sysgroup }} +{% endif %} # vim: ft=sls diff --git a/postgres/server/image.sls b/postgres/server/image.sls index 95838e7c..67b24114 100644 --- a/postgres/server/image.sls +++ b/postgres/server/image.sls @@ -1,4 +1,4 @@ -{%- from "postgres/map.jinja" import postgres with context -%} +{%- from salt.file.dirname(tpldir) ~ "/map.jinja" import postgres with context -%} # This state is used to launch PostgreSQL with ``pg_ctl`` command and enable it # on "boot" during an image (Docker, Virtual Appliance, AMI) preparation @@ -12,10 +12,10 @@ include: postgresql-start: cmd.run: - - name: pg_ctl -D {{ postgres.conf_dir }} -l logfile start + - name: pg_ctl -D {{ postgres.data_dir }} -l logfile start - runas: {{ postgres.user }} - unless: - - ps -p $(head -n 1 {{ postgres.conf_dir }}/postmaster.pid) 2>/dev/null + - ps -p $(head -n 1 {{ postgres.data_dir }}/postmaster.pid) 2>/dev/null - require: - file: postgresql-pg_hba @@ -24,11 +24,11 @@ postgresql-start: postgresql-enable: cmd.run: {%- if salt['file.file_exists']('/bin/systemctl') %} - - name: systemctl enable {{ postgres.service }} + - name: systemctl enable {{ postgres.service.name }} {%- elif salt['cmd.which']('chkconfig') %} - - name: chkconfig {{ postgres.service }} on + - name: chkconfig {{ postgres.service.name }} on {%- elif salt['file.file_exists']('/usr/sbin/update-rc.d') %} - - name: update-rc.d {{ service }} defaults + - name: update-rc.d {{ postgres.service.name }} defaults {%- else %} # Nothing to do - name: 'true' diff --git a/postgres/server/init.sls b/postgres/server/init.sls index 91fe11db..ce1d5753 100644 --- a/postgres/server/init.sls +++ b/postgres/server/init.sls @@ -1,77 +1,130 @@ -{%- from "postgres/map.jinja" import postgres with context %} +{%- from salt.file.dirname(tpldir) ~ "/map.jinja" import postgres with context -%} {%- set includes = [] %} {%- if postgres.bake_image %} {%- do includes.append('postgres.server.image') %} {%- endif %} -{%- if postgres.use_upstream_repo -%} +{%- if postgres.use_upstream_repo == true -%} {%- do includes.append('postgres.upstream') %} {%- endif %} -{%- set pkgs = [postgres.pkg] + postgres.pkgs_extra %} - {%- if includes -%} - include: {{ includes|yaml(false)|indent(2) }} - {%- endif %} +{%- set pkgs = [postgres.pkg] + postgres.pkgs_extra %} # Install, configure and start PostgreSQL server - postgresql-server: pkg.installed: - - pkgs: {{ pkgs }} -{%- if postgres.use_upstream_repo %} + - pkgs: {{ pkgs | json }} +{%- if postgres.use_upstream_repo == true %} - refresh: True - require: - pkgrepo: postgresql-repo {%- endif %} + {%- if postgres.fromrepo %} + - fromrepo: {{ postgres.fromrepo }} + {%- endif %} + {%- if grains.os == 'MacOS' %} + #Register as Launchd LaunchAgent for system users + - require_in: + - file: postgresql-server + file.managed: + - name: /Library/LaunchAgents/{{ postgres.service.name }}.plist + - source: /usr/local/opt/postgres/{{ postgres.service.name }}.plist + - group: wheel + - require_in: + - service: postgresql-running -{%- if 'bin_dir' in postgres %} - -# Make server binaries available in $PATH - - {%- for bin in postgres.server_bins %} - {%- set path = salt['file.join'](postgres.bin_dir, bin) %} +# Alternatives system. Make server binaries available in $PATH + {%- elif 'bin_dir' in postgres and postgres.linux.altpriority %} + {%- for bin in postgres.server_bins %} + {%- set path = salt['file.join'](postgres.bin_dir, bin) %} -{{ bin }}: +postgresql-{{ bin }}-altinstall: alternatives.install: + - name: {{ bin }} - link: {{ salt['file.join']('/usr/bin', bin) }} - path: {{ path }} - - priority: 30 + - priority: {{ postgres.linux.altpriority }} - onlyif: test -f {{ path }} - require: - pkg: postgresql-server - require_in: - cmd: postgresql-cluster-prepared + {%- if grains['saltversioninfo'] < [2018, 11, 0, 0] %} + - retry: + attempts: 2 + until: True + {%- endif %} - {%- endfor %} - -{%- endif %} + {%- endfor %} + {%- endif %} postgresql-cluster-prepared: + file.directory: + - name: {{ postgres.data_dir }} + - user: {{ postgres.user }} + - group: {{ postgres.group }} + - makedirs: True + - recurse: + - user + - group +{%- if postgres.prepare_cluster.run %} cmd.run: + {%- if postgres.prepare_cluster.command is defined %} + {# support for depreciated 'prepare_cluster.command' pillar #} - name: {{ postgres.prepare_cluster.command }} + - unless: {{ postgres.prepare_cluster.test }} + {%- else %} + - name: {{ postgres.prepare_cluster_cmd }} + - unless: test -f {{ postgres.data_dir }}/{{ postgres.prepare_cluster.pgtestfile }} + {%- endif %} - cwd: / + - env: {{ postgres.prepare_cluster.env }} - runas: {{ postgres.prepare_cluster.user }} - - env: {{ postgres.prepare_cluster.env|default({}) }} - - unless: - - {{ postgres.prepare_cluster.test }} - require: - pkg: postgresql-server + - file: postgresql-cluster-prepared + - watch_in: + - service: postgresql-running +{%- endif %} postgresql-config-dir: file.directory: - - name: {{ postgres.conf_dir }} + - names: + - {{ postgres.data_dir }} + - {{ postgres.conf_dir }} - user: {{ postgres.user }} - group: {{ postgres.group }} + - dir_mode: {{ postgres.conf_dir_mode }} + - force: True + - recurse: + - mode + - ignore_files - makedirs: True - require: + {%- if postgres.prepare_cluster.run %} - cmd: postgresql-cluster-prepared + {%- else %} + - file: postgresql-cluster-prepared + {%- endif %} -{%- if postgres.postgresconf %} +{%- set db_port = salt['config.option']('postgres.port') %} +{%- if db_port %} + +postgresql-conf-comment-port: + file.comment: + - name: {{ postgres.conf_dir }}/postgresql.conf + - regex: ^port\s*=.+ + - require: + - file: postgresql-config-dir + +{%- endif %} + +{%- if postgres.postgresconf or db_port %} postgresql-conf: file.blockreplace: @@ -79,20 +132,31 @@ postgresql-conf: - marker_start: "# Managed by SaltStack: listen_addresses: please do not edit" - marker_end: "# Managed by SaltStack: end of salt managed zone --" - content: | + {%- if postgres.postgresconf %} {{ postgres.postgresconf|indent(8) }} + {%- endif %} + {%- if db_port %} + port = {{ db_port }} + {%- endif %} - show_changes: True - append_if_not_found: True - - backup: {{ postgres.postgresconf_backup }} + {#- Detect empty values (none, '') in the config_backup #} + - backup: {{ postgres.config_backup|default(false, true) }} - require: - file: postgresql-config-dir + {%- if db_port %} + - file: postgresql-conf-comment-port + {%- endif %} - watch_in: - - service: postgresql-running + - service: postgresql-running {%- endif %} +{%- set pg_hba_path = salt['file.join'](postgres.conf_dir, 'pg_hba.conf') %} + postgresql-pg_hba: file.managed: - - name: {{ postgres.conf_dir }}/pg_hba.conf + - name: {{ pg_hba_path }} - user: {{ postgres.user }} - group: {{ postgres.group }} - mode: 600 @@ -100,12 +164,60 @@ postgresql-pg_hba: - source: {{ postgres['pg_hba.conf'] }} - template: jinja - defaults: - acls: {{ postgres.acls }} + acls: {{ postgres.acls|yaml() }} + {%- if postgres.config_backup %} + # Create the empty file before managing to overcome the limitation of check_cmd + - onlyif: test -f {{ pg_hba_path }} || touch {{ pg_hba_path }} + # Make a local backup before the file modification + - check_cmd: >- + salt-call --local file.copy + {{ pg_hba_path }} {{ pg_hba_path ~ postgres.config_backup }} remove_existing=true + {%- endif %} {%- else %} - replace: False {%- endif %} - require: - file: postgresql-config-dir + - watch_in: + - service: postgresql-running + +{%- set pg_ident_path = salt['file.join'](postgres.conf_dir, 'pg_ident.conf') %} + +postgresql-pg_ident: + file.managed: + - name: {{ pg_ident_path }} + - user: {{ postgres.user }} + - group: {{ postgres.group }} + - mode: 600 +{%- if postgres.identity_map %} + - source: {{ postgres['pg_ident.conf'] }} + - template: jinja + - defaults: + mappings: {{ postgres.identity_map|yaml() }} + {%- if postgres.config_backup %} + # Create the empty file before managing to overcome the limitation of check_cmd + - onlyif: test -f {{ pg_ident_path }} || touch {{ pg_ident_path }} + # Make a local backup before the file modification + - check_cmd: >- + salt-call --local file.copy + {{ pg_ident_path }} {{ pg_ident_path ~ postgres.config_backup }} remove_existing=true + {%- endif %} +{%- else %} + - replace: False +{%- endif %} + - require: + - file: postgresql-config-dir + {%- if postgres.prepare_cluster.run %} + - cmd: postgresql-cluster-prepared + {%- else %} + - file: postgresql-cluster-prepared + {%- endif %} + - watch_in: + {%- if grains.os not in ('MacOS',) %} + - module: postgresql-service-reload + {%- else %} + - service: postgresql-running + {%- endif %} {%- for name, tblspace in postgres.tablespaces|dictsort() %} @@ -122,18 +234,61 @@ postgresql-tablespace-dir-{{ name }}: - require: - pkg: postgresql-server + {%- if "selinux" in grains and grains.selinux.enabled %} + + pkg.installed: + - names: + - policycoreutils-python + - selinux-policy-targeted + - refresh: True + selinux.fcontext_policy_present: + - name: '{{ tblspace.directory }}(/.*)?' + - sel_type: postgresql_db_t + - require: + - file: postgresql-tablespace-dir-{{ name }} + - pkg: postgresql-tablespace-dir-{{ name }} + +postgresql-tablespace-dir-{{ name }}-fcontext: + selinux.fcontext_policy_applied: + - name: {{ tblspace.directory }} + - recursive: True + - require: + - selinux: postgresql-tablespace-dir-{{ name }} + + {%- endif %} + {%- endfor %} {%- if not postgres.bake_image %} -# Start PostgreSQL server using OS init +# Workaround for FreeBSD minion undefinitely hanging on service start +# cf. https://github.com/saltstack/salt/issues/44848 +{% if postgres.service.sysrc %} +posgresql-rc-flags: + sysrc.managed: + - name: {{ postgres.service.name }}_flags + - value: "{{ postgres.service.flags }} > /dev/null 2>&1" + - watch_in: + - service: postgresql-running +{% endif %} +# Start PostgreSQL server using OS init +# Note: This is also the target for numerous `watch_in` requisites above, used +# for the necessary service restart after changing the relevant configuration files postgresql-running: service.running: - - name: {{ postgres.service }} + - name: {{ postgres.service.name }} - enable: True - - reload: True - - watch: - - file: postgresql-pg_hba + +# Reload the service for changes made to `pg_ident.conf`, except for `MacOS` +# which is handled by `postgresql-running` above. +{%- if grains.os not in ('MacOS',) %} +postgresql-service-reload: + module.wait: + - name: service.reload + - m_name: {{ postgres.service.name }} + - require: + - service: postgresql-running +{%- endif %} {%- endif %} diff --git a/postgres/server/remove.sls b/postgres/server/remove.sls new file mode 100644 index 00000000..cc283222 --- /dev/null +++ b/postgres/server/remove.sls @@ -0,0 +1,89 @@ +{%- from salt.file.dirname(tpldir) ~ "/map.jinja" import postgres with context -%} + +postgresql-dead: + service.dead: + - name: {{ postgres.service.name }} + - enable: False + +postgresql-repo-removed: + pkgrepo.absent: + - name: {{ postgres.pkg_repo.name }} + {%- if 'pkg_repo_keyid' in postgres %} + - keyid: {{ postgres.pkg_repo_keyid }} + {%- endif %} + +#remove release installed by formula +postgresql-server-removed: + pkg.removed: + - pkgs: + {% if postgres.pkg %} + - {{ postgres.pkg }} + {% endif %} + {% if postgres.pkgs_extra %} + {% for pkg in postgres.pkgs_extra %} + - {{ pkg }} + {% endfor %} + {% endif %} + +{%- if postgres.remove.multiple_releases %} + #search for and cleandown multiple releases + + {% for release in postgres.remove.releases %} +postgresql{{ release }}-server-pkgs-removed: + pkg.purged: + - pkgs: + - {{ postgres.pkg if postgres.pkg else "postgresql" }} + - postgresql-server + - postgresql-libs + - postgresql-contrib + - postgresql-server-{{ release }} + - postgresql-libs-{{ release }} + - postgresql-contrib-{{ release }} + - postgresql{{ release }}-contrib + - postgresql{{ release }}-server + - postgresql{{ release }}-libs + - postgresql{{ release }}-contrib + - postgresql{{ release|replace('.', '') }}-contrib + - postgresql{{ release|replace('.', '') }}-server + - postgresql{{ release|replace('.', '') }}-libs + - postgresql{{ release|replace('.', '') }}-contrib + + {% if 'bin_dir' in postgres %} + {% for bin in postgres.server_bins %} + {% set path = '/usr/pgsql-' + release|string + '/bin/' + bin %} + +postgresql{{ release }}-server-{{ bin }}-alternative-remove: + alternatives.remove: + - name: {{ bin }} + - path: {{ path }} + {% if grains.os in ('Fedora', 'CentOS',) %} + {# bypass bug #} + - onlyif: alternatives --display {{ bin }} + {% else %} + - onlyif: test -f {{ path }} + {% endif %} + + {% endfor %} + {% endif %} + + {%- if postgres.remove.data %} + #allow data loss? default is no +postgresql{{ release }}-dataconf-removed: + file.absent: + - names: + - {{ postgres.conf_dir }} + - {{ postgres.data_dir }} + - /var/lib/postgresql + - /var/lib/pgsql + + {% for name, tblspace in postgres.tablespaces|dictsort() %} +postgresql{{ release }}-tablespace-dir-{{ name }}-removed: + file.absent: + - name: {{ tblspace.directory }} + - require: + - file: postgresql{{ release }}-dataconf-removed + {% endfor %} + {% endif %} + + {% endfor %} +{%- endif %} diff --git a/postgres/templates/limit.maxfiles.plist b/postgres/templates/limit.maxfiles.plist new file mode 100644 index 00000000..1b16b1b8 --- /dev/null +++ b/postgres/templates/limit.maxfiles.plist @@ -0,0 +1,21 @@ + + + + + Label + limit.maxfiles + ProgramArguments + + /bin/launchctl + limit + maxfiles + {{ soft_limit }} + {{ hard_limit }} + + RunAtLoad + + ServiceIPC + + + diff --git a/postgres/templates/mac_shortcut.sh b/postgres/templates/mac_shortcut.sh new file mode 100755 index 00000000..4f560bf4 --- /dev/null +++ b/postgres/templates/mac_shortcut.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +shortcutName='${1}' +app="postgres.app" +Source="/Applications/$app" +Destination="{{ homes }}/{{ user }}/Desktop/${shortcutName}" +/usr/bin/osascript -e "tell application \"Finder\" to make alias file to POSIX file \"$Source\" at POSIX file \"$Destination\"" + diff --git a/postgres/templates/pg_hba.conf.j2 b/postgres/templates/pg_hba.conf.j2 index 11f4cad6..0dfcc4e4 100644 --- a/postgres/templates/pg_hba.conf.j2 +++ b/postgres/templates/pg_hba.conf.j2 @@ -20,7 +20,7 @@ local all postgres peer # TYPE DATABASE USER ADDRESS METHOD -{%- for acl in acls %} +{% for acl in acls %} {%- if acl|first() == 'local' %} {%- if acl|length() == 3 %} @@ -36,5 +36,5 @@ local all postgres peer {%- endif %} {%- endif %} -{{ '{0:<7} {1:<15} {2:<15} {3:<23} {4}'.format(*acl) -}} +{{ '{0:<7} {1:<15} {2:<15} {3:<23} {4}'.format(*acl) }} {% endfor %} diff --git a/postgres/templates/pg_ident.conf.j2 b/postgres/templates/pg_ident.conf.j2 new file mode 100644 index 00000000..cb6fd6fe --- /dev/null +++ b/postgres/templates/pg_ident.conf.j2 @@ -0,0 +1,51 @@ +###################################################################### +# ATTENTION! Managed by SaltStack. # +# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN! # +###################################################################### +# +# PostgreSQL User Name Maps +# ========================= +# +# Refer to the PostgreSQL documentation, chapter "Client +# Authentication" for a complete description. A short synopsis +# follows. +# +# This file controls PostgreSQL user name mapping. It maps external +# user names to their corresponding PostgreSQL user names. Records +# are of the form: +# +# MAPNAME SYSTEM-USERNAME PG-USERNAME +# +# (The uppercase quantities must be replaced by actual values.) +# +# MAPNAME is the (otherwise freely chosen) map name that was used in +# pg_hba.conf. SYSTEM-USERNAME is the detected user name of the +# client. PG-USERNAME is the requested PostgreSQL user name. The +# existence of a record specifies that SYSTEM-USERNAME may connect as +# PG-USERNAME. +# +# If SYSTEM-USERNAME starts with a slash (/), it will be treated as a +# regular expression. Optionally this can contain a capture (a +# parenthesized subexpression). The substring matching the capture +# will be substituted for \1 (backslash-one) if present in +# PG-USERNAME. +# +# Multiple maps may be specified in this file and used by pg_hba.conf. +# +# No map names are defined in the default configuration. If all +# system user names and PostgreSQL user names are the same, you don't +# need anything in this file. +# +# This file is read on server startup and when the postmaster receives +# a SIGHUP signal. If you edit the file on a running system, you have +# to SIGHUP the postmaster for the changes to take effect. You can +# use "pg_ctl reload" to do that. + +# Put your actual configuration here +# ---------------------------------- + +# MAPNAME SYSTEM-USERNAME PG-USERNAME + +{%- for mapping in mappings %} +{{ '{0:<15} {1:<22} {2}'.format(*mapping) -}} +{% endfor %} diff --git a/postgres/templates/postgres.sh.j2 b/postgres/templates/postgres.sh.j2 new file mode 100644 index 00000000..fe69af71 --- /dev/null +++ b/postgres/templates/postgres.sh.j2 @@ -0,0 +1,8 @@ +###################################################################### +# ATTENTION! Managed by SaltStack. # +# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN! # +###################################################################### + +if ! echo $PATH | grep -q {{ bin_dir }} ; then + export PATH=$PATH:{{ bin_dir }} +fi diff --git a/postgres/upstream.sls b/postgres/upstream.sls index 6c3956f2..c2d2ac74 100644 --- a/postgres/upstream.sls +++ b/postgres/upstream.sls @@ -1,10 +1,22 @@ -{%- from "postgres/map.jinja" import postgres with context -%} -{%- from "postgres/macros.jinja" import format_kwargs with context -%} +{%- from tpldir + "/map.jinja" import postgres with context -%} +{%- from tpldir + "/macros.jinja" import format_kwargs with context -%} {%- if 'pkg_repo' in postgres -%} - {%- if postgres.use_upstream_repo -%} - + {%- if postgres.use_upstream_repo == true -%} + + {%- if postgres.add_profile -%} +postgresql-profile: + file.managed: + - name: /etc/profile.d/postgres.sh + - user: root + - group: root + - mode: 644 + - template: jinja + - source: salt://postgres/templates/postgres.sh.j2 + - defaults: + bin_dir: {{ postgres.bin_dir }} + {%- endif %} # Add upstream repository for your distro postgresql-repo: pkgrepo.managed: @@ -22,9 +34,8 @@ postgresql-repo: {%- endif -%} -{%- else -%} +{%- elif grains.os not in ('Windows', 'MacOS',) %} -# Notify that we don't manage this distro postgresql-repo: test.show_notification: - text: | diff --git a/pre-commit_semantic-release.sh b/pre-commit_semantic-release.sh new file mode 100755 index 00000000..9d34d74c --- /dev/null +++ b/pre-commit_semantic-release.sh @@ -0,0 +1,30 @@ +#!/bin/sh + +############################################################################### +# (A) Update `FORMULA` with `${nextRelease.version}` +############################################################################### +sed -i -e "s_^\(version:\).*_\1 ${1}_" FORMULA + + +############################################################################### +# (B) Use `m2r` to convert automatically produced `.md` docs to `.rst` +############################################################################### + +# Install `m2r` +sudo -H pip install m2r + +# Copy and then convert the `.md` docs +cp *.md docs/ +cd docs/ +m2r --overwrite *.md + +# Change excess `H1` headings to `H2` in converted `CHANGELOG.rst` +sed -i -e '/^=.*$/s/=/-/g' CHANGELOG.rst +sed -i -e '1,4s/-/=/g' CHANGELOG.rst + +# Use for debugging output, when required +# cat AUTHORS.rst +# cat CHANGELOG.rst + +# Return back to the main directory +cd .. diff --git a/release-rules.js b/release-rules.js new file mode 100644 index 00000000..c63c850d --- /dev/null +++ b/release-rules.js @@ -0,0 +1,18 @@ +// No release is triggered for the types commented out below. +// Commits using these types will be incorporated into the next release. +// +// NOTE: Any changes here must be reflected in `CONTRIBUTING.md`. +module.exports = [ + {breaking: true, release: 'major'}, + // {type: 'build', release: 'patch'}, + // {type: 'chore', release: 'patch'}, + // {type: 'ci', release: 'patch'}, + {type: 'docs', release: 'patch'}, + {type: 'feat', release: 'minor'}, + {type: 'fix', release: 'patch'}, + {type: 'perf', release: 'patch'}, + {type: 'refactor', release: 'patch'}, + {type: 'revert', release: 'patch'}, + {type: 'style', release: 'patch'}, + {type: 'test', release: 'patch'}, +]; diff --git a/release.config.js b/release.config.js new file mode 100644 index 00000000..afa0cb11 --- /dev/null +++ b/release.config.js @@ -0,0 +1,106 @@ +module.exports = { + branch: 'master', + plugins: [ + ['@semantic-release/commit-analyzer', { + preset: 'angular', + releaseRules: './release-rules.js', + }], + '@semantic-release/release-notes-generator', + ['@semantic-release/changelog', { + changelogFile: 'CHANGELOG.md', + changelogTitle: '# Changelog', + }], + ['@semantic-release/exec', { + prepareCmd: 'sh ./pre-commit_semantic-release.sh ${nextRelease.version}', + }], + ['@semantic-release/git', { + assets: ['*.md', 'docs/*.rst', 'FORMULA'], + }], + '@semantic-release/github', + ], + generateNotes: { + preset: 'angular', + writerOpts: { + // Required due to upstream bug preventing all types being displayed. + // Bug: https://github.com/conventional-changelog/conventional-changelog/issues/317 + // Fix: https://github.com/conventional-changelog/conventional-changelog/pull/410 + transform: (commit, context) => { + const issues = [] + + commit.notes.forEach(note => { + note.title = `BREAKING CHANGES` + }) + + // NOTE: Any changes here must be reflected in `CONTRIBUTING.md`. + if (commit.type === `feat`) { + commit.type = `Features` + } else if (commit.type === `fix`) { + commit.type = `Bug Fixes` + } else if (commit.type === `perf`) { + commit.type = `Performance Improvements` + } else if (commit.type === `revert`) { + commit.type = `Reverts` + } else if (commit.type === `docs`) { + commit.type = `Documentation` + } else if (commit.type === `style`) { + commit.type = `Styles` + } else if (commit.type === `refactor`) { + commit.type = `Code Refactoring` + } else if (commit.type === `test`) { + commit.type = `Tests` + } else if (commit.type === `build`) { + commit.type = `Build System` + // } else if (commit.type === `chore`) { + // commit.type = `Maintenance` + } else if (commit.type === `ci`) { + commit.type = `Continuous Integration` + } else { + return + } + + if (commit.scope === `*`) { + commit.scope = `` + } + + if (typeof commit.hash === `string`) { + commit.hash = commit.hash.substring(0, 7) + } + + if (typeof commit.subject === `string`) { + let url = context.repository + ? `${context.host}/${context.owner}/${context.repository}` + : context.repoUrl + if (url) { + url = `${url}/issues/` + // Issue URLs. + commit.subject = commit.subject.replace(/#([0-9]+)/g, (_, issue) => { + issues.push(issue) + return `[#${issue}](${url}${issue})` + }) + } + if (context.host) { + // User URLs. + commit.subject = commit.subject.replace(/\B@([a-z0-9](?:-?[a-z0-9/]){0,38})/g, (_, username) => { + if (username.includes('/')) { + return `@${username}` + } + + return `[@${username}](${context.host}/${username})` + }) + } + } + + // remove references that already appear in the subject + commit.references = commit.references.filter(reference => { + if (issues.indexOf(reference.issue) === -1) { + return true + } + + return false + }) + + return commit + }, + }, + }, +}; diff --git a/test/integration/default/controls/command_spec.rb b/test/integration/default/controls/command_spec.rb new file mode 100644 index 00000000..26d7917e --- /dev/null +++ b/test/integration/default/controls/command_spec.rb @@ -0,0 +1,14 @@ +# Overide by OS +pg_port = '5432' +if os[:family] == 'debian' or os[:name] == 'suse' + pg_port = '5433' +end + +control 'Postgres command' do + title 'should match desired lines' + + # Can't use `%Q` here due to the `\` + describe command(%q{su - postgres -c 'psql -p} + pg_port + %q{ -qtc "\l+ db2"'}) do + its(:stdout) { should match(%r{db2.*remoteUser.*UTF8.*en_US.UTF-8.*en_US.UTF-8.*my_space}) } + end +end diff --git a/test/integration/default/controls/config_spec.rb b/test/integration/default/controls/config_spec.rb new file mode 100644 index 00000000..dc619247 --- /dev/null +++ b/test/integration/default/controls/config_spec.rb @@ -0,0 +1,10 @@ +control 'Postgres configuration' do + title 'should include the directory' + + describe file('/srv/my_tablespace') do + it { should be_directory } + it { should be_owned_by 'postgres' } + it { should be_grouped_into 'postgres' } + its('mode') { should cmp '0700' } + end +end diff --git a/test/integration/default/controls/services_spec.rb b/test/integration/default/controls/services_spec.rb new file mode 100644 index 00000000..96e5f938 --- /dev/null +++ b/test/integration/default/controls/services_spec.rb @@ -0,0 +1,22 @@ +# Overide by OS +service_name = 'postgresql' +pg_port = 5432 +if os[:name] == 'centos' and os[:release].start_with?('6') + service_name = 'postgresql-9.6' +elsif os[:family] == 'debian' or os[:name] == 'suse' + pg_port = 5433 +end + +control 'Postgres service' do + impact 0.5 + title 'should be running and enabled' + + describe service(service_name) do + it { should be_enabled } + it { should be_running } + end + + describe port(pg_port) do + it { should be_listening } + end +end diff --git a/test/integration/default/inspec.yml b/test/integration/default/inspec.yml new file mode 100644 index 00000000..6fec42b0 --- /dev/null +++ b/test/integration/default/inspec.yml @@ -0,0 +1,12 @@ +name: postgres +title: Postgres Formula +maintainer: Your Name +license: Apache-2.0 +summary: Verify that the postgres formula is setup and configured correctly +supports: + - os-name: debian + - os-name: ubuntu + - os-name: centos + - os-name: fedora + - os-name: opensuse + - os-name: suse diff --git a/test/integration/default/serverspec/postgres_spec.rb b/test/integration/default/serverspec/postgres_spec.rb deleted file mode 100644 index 768e62fe..00000000 --- a/test/integration/default/serverspec/postgres_spec.rb +++ /dev/null @@ -1,23 +0,0 @@ -require 'serverspec' - -set :backend, :exec - -describe service('postgresql') do - it { should be_enabled } - it { should be_running } -end - -describe port('5432') do - it { should be_listening } -end - -describe file('/srv/my_tablespace') do - it { should be_directory } - it { should be_mode 700 } - it { should be_owned_by 'postgres' } - it { should be_grouped_into 'postgres' } -end - -describe command(%q{su - postgres -c 'psql -qtc "\l+ db2"'}) do - its(:stdout) { should match(/db2.*remoteUser.*UTF8.*en_US\.UTF-8.*en_US\.UTF-8.*my_space/) } -end diff --git a/test/salt/pillar/postgres.sls b/test/salt/pillar/postgres.sls new file mode 100644 index 00000000..7e234f88 --- /dev/null +++ b/test/salt/pillar/postgres.sls @@ -0,0 +1,210 @@ +# Port to use for the cluster -- can be used to provide a non-standard port +# NOTE: If already set in the minion config, that value takes priority + +{%- if not (grains.os_family == 'Debian' or grains.osfinger == 'Leap-15') %} +postgres.port: '5432' +{%- else %} +postgres.port: '5433' +{%- endif %} + +postgres: + # UPSTREAM REPO + # Set True to configure upstream postgresql.org repository for YUM/APT/ZYPP + {%- if not (grains.os_family == 'Debian' or grains.osfinger == 'CentOS-6') %} + use_upstream_repo: False + {%- else %} + use_upstream_repo: True + # Version to install from upstream repository (if upstream_repo: True) + {%- if not (grains.os_family == 'Debian') %} + version: '9.6' + {%- else %} + version: '10' + {%- endif %} + # # Set True to add a file in /etc/profile.d adding the bin dir in $PATH + # # as packages from upstream put them somewhere like /usr/pgsql-10/bin + # add_profile: False + # # If automatic package installation fails, use `fromrepo` to specify the + # # upstream repo to install packages from [#133, #185] (if upstream_repo: True) + # fromrepo: 'jessie-pgdg' + {%- endif %} + + # ### MACOS + # # Set to 'postgresapp' OR 'homebrew' for MacOS + # # use_upstream_repo: 'postgresapp' + # # use_upstream_repo: 'homebrew' + + # # PACKAGE + # # These pillars are typically never required. + # # pkg: 'postgresql' + # # pkg_client: 'postgresql-client' + # # service: postgresql + # pkgs_extra: + # - postgresql-contrib + # - postgresql-plpython + + # CLUSTER + # The default `encoding` is derived from the `locale` so not recommended + # to provide a value for it unless necessary + cluster: + locale: en_US.UTF-8 + # encoding: UTF8 + + # #'Alternatives system' priority incremental. 0 disables feature. + # linux: + # altpriority: 30 + # + # # macos limits + # limits: + # soft: 64000 + # hard: 128000 + + # POSTGRES + # Append the lines under this item to your postgresql.conf file. + # Pay attention to indent exactly with 4 spaces for all lines. + postgresconf: |- + listen_addresses = '*' # listen on all interfaces + + # Path to the `pg_hba.conf` file Jinja template on Salt Fileserver + pg_hba.conf: salt://postgres/templates/pg_hba.conf.j2 + + # This section covers ACL management in the ``pg_hba.conf`` file. + # acls list controls: which hosts are allowed to connect, how clients + # are authenticated, which PostgreSQL user names they can use, which + # databases they can access. Records take one of these forms: + # + # acls: + # - ['local', 'DATABASE', 'USER', 'METHOD'] + # - ['host', 'DATABASE', 'USER', 'ADDRESS', 'METHOD'] + # - ['hostssl', 'DATABASE', 'USER', 'ADDRESS', 'METHOD'] + # - ['hostnossl', 'DATABASE', 'USER', 'ADDRESS', 'METHOD'] + # + # The uppercase items must be replaced by actual values. + # METHOD could be omitted, 'md5' will be appended by default. + # + # If ``acls`` item value is empty ('', [], null), then the contents of + # ``pg_hba.conf`` file will not be touched at all. + acls: + - ['local', 'db0', 'connuser', 'peer map=users_as_appuser'] + - ['local', 'db1', 'localUser'] + - ['host', 'db2', 'remoteUser', '192.168.33.0/24'] + + identity_map: + - ['users_as_appuser', 'jdoe', 'connuser'] + - ['users_as_appuser', 'jsmith', 'connuser'] + + # Backup extension for configuration files, defaults to ``.bak``. + # Set ``False`` to stop creation of backups when config files change. + {%- if salt['status.time']|default(none) is callable %} + config_backup: ".backup@{{ salt['status.time']('%y-%m-%d_%H:%M:%S') }}" + {%- endif %} + + {# {%- if grains['init'] == 'unknown' %} #} + {# #} + {# # If Salt is unable to detect init system running in the scope of state run, #} + {# # probably we are trying to bake a container/VM image with PostgreSQL. #} + {# # Use ``bake_image`` setting to control how PostgreSQL will be started: if set #} + {# # to ``True`` the raw ``pg_ctl`` will be utilized instead of packaged init #} + {# # script, job or unit run with Salt ``service`` state. #} + {# bake_image: True #} + {# #} + {# {%- endif %} #} + + # Create/remove users, tablespaces, databases, schema and extensions. + # Each of these dictionaries contains PostgreSQL entities which + # mapped to the ``postgres_*`` Salt states with arguments. See the Salt + # documentation to get all supported argument for a particular state. + # + # Format is the following: + # + #: + # NAME: + # ensure: # 'present' is the default + # ARGUMENT: VALUE + # ... + # + # where 'NAME' is the state name, 'ARGUMENT' is the kwarg name, and + # 'VALUE' is kwarg value. + # + # For example, the Pillar: + # + # users: + # testUser: + # password: test + # + # will render such state: + # + # postgres_user-testUser: + # postgres_user.present: + # - name: testUser + # - password: test + users: + localUser: + ensure: present + password: '98ruj923h4rf' + createdb: False + createroles: False + inherit: True + replication: False + + remoteUser: + ensure: present + password: '98ruj923h4rf' + createdb: False + createroles: False + inherit: True + replication: False + + absentUser: + ensure: absent + + # tablespaces to be created + tablespaces: + my_space: + directory: /srv/my_tablespace + owner: localUser + + # databases to be created + databases: + db1: + owner: localUser + template: template0 + lc_ctype: en_US.UTF-8 + lc_collate: en_US.UTF-8 + db2: + owner: remoteUser + template: template0 + lc_ctype: en_US.UTF-8 + lc_collate: en_US.UTF-8 + tablespace: my_space + # set custom schema + schemas: + public: + owner: localUser + # enable per-db extension + {%- if grains.os_family == 'Debian' and grains.osfinger != 'Debian-8' %} + extensions: + uuid-ossp: + schema: 'public' + {%- endif %} + + # optional schemas to enable on database + schemas: + uuid-ossp: + dbname: db1 + owner: localUser + + # optional extensions to install in schema + {%- if grains.os_family == 'Debian' and grains.osfinger != 'Debian-8' %} + extensions: + uuid-ossp: + schema: uuid-ossp + maintenance_db: db1 + # postgis: {} + {%- endif %} + + # remove: + # data: True + # multiple_releases: True + # releases: ['9.6', '10',] + +# vim: ft=yaml ts=2 sts=2 sw=2 et