From 3d7e41d2964c2c25a5bd99e215312e6dc77afa83 Mon Sep 17 00:00:00 2001 From: Markus Burger Date: Sun, 1 Jun 2014 22:15:13 +0200 Subject: [PATCH 1/8] added the ability to manage the sysconfig / default file --- manifests/init.pp | 159 ++++++++++++++++++++++++++++---------------- manifests/params.pp | 7 +- 2 files changed, 105 insertions(+), 61 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 1ea2627..70012de 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -207,6 +207,12 @@ # [*config_file_init*] # Path of configuration file sourced by init script # +# [*config_file_init_source*] +# Source for the configuration file sourced by the init script +# +# [*config_file_init_template*] +# Template for the configuration file sourced by the init script +# # [*pid_file*] # Path of pid file. Used by monitor # @@ -244,56 +250,58 @@ # Alessandro Franceschi # class postgresql ( - $use_postgresql_repo = params_lookup( 'use_postgresql_repo' ), - $install_prerequisites = params_lookup( 'install_prerequisites' ), - $initdbcommand = params_lookup( 'initdbcommand' ), - $config_file_hba = params_lookup( 'config_file_hba' ), - $source_hba = params_lookup( 'source_hba' ), - $template_hba = params_lookup( 'template_hba' ), - $template_hba_header = params_lookup( 'template_hba_header' ), - $template_hba_footer = params_lookup( 'template_hba_footer' ), - $template_ident = params_lookup( 'template_ident' ), - $template_ident_header = params_lookup( 'template_ident_header' ), - $my_class = params_lookup( 'my_class' ), - $source = params_lookup( 'source' ), - $source_dir = params_lookup( 'source_dir' ), - $source_dir_purge = params_lookup( 'source_dir_purge' ), - $template = params_lookup( 'template' ), - $service_autorestart = params_lookup( 'service_autorestart' , 'global' ), - $options = params_lookup( 'options' ), - $version = params_lookup( 'version' ), - $absent = params_lookup( 'absent' ), - $disable = params_lookup( 'disable' ), - $disableboot = params_lookup( 'disableboot' ), - $monitor = params_lookup( 'monitor' , 'global' ), - $monitor_tool = params_lookup( 'monitor_tool' , 'global' ), - $monitor_target = params_lookup( 'monitor_target' , 'global' ), - $puppi = params_lookup( 'puppi' , 'global' ), - $puppi_helper = params_lookup( 'puppi_helper' , 'global' ), - $firewall = params_lookup( 'firewall' , 'global' ), - $firewall_tool = params_lookup( 'firewall_tool' , 'global' ), - $firewall_src = params_lookup( 'firewall_src' , 'global' ), - $firewall_dst = params_lookup( 'firewall_dst' , 'global' ), - $debug = params_lookup( 'debug' , 'global' ), - $audit_only = params_lookup( 'audit_only' , 'global' ), - $package = params_lookup( 'package' ), - $service = params_lookup( 'service' ), - $service_status = params_lookup( 'service_status' ), - $process = params_lookup( 'process' ), - $process_args = params_lookup( 'process_args' ), - $process_user = params_lookup( 'process_user' ), - $config_dir = params_lookup( 'config_dir' ), - $config_file = params_lookup( 'config_file' ), - $config_file_mode = params_lookup( 'config_file_mode' ), - $config_file_owner = params_lookup( 'config_file_owner' ), - $config_file_group = params_lookup( 'config_file_group' ), - $config_file_init = params_lookup( 'config_file_init' ), - $pid_file = params_lookup( 'pid_file' ), - $data_dir = params_lookup( 'data_dir' ), - $log_dir = params_lookup( 'log_dir' ), - $log_file = params_lookup( 'log_file' ), - $port = params_lookup( 'port' ), - $protocol = params_lookup( 'protocol' ) + $use_postgresql_repo = params_lookup( 'use_postgresql_repo' ), + $install_prerequisites = params_lookup( 'install_prerequisites' ), + $initdbcommand = params_lookup( 'initdbcommand' ), + $config_file_hba = params_lookup( 'config_file_hba' ), + $source_hba = params_lookup( 'source_hba' ), + $template_hba = params_lookup( 'template_hba' ), + $template_hba_header = params_lookup( 'template_hba_header' ), + $template_hba_footer = params_lookup( 'template_hba_footer' ), + $template_ident = params_lookup( 'template_ident' ), + $template_ident_header = params_lookup( 'template_ident_header' ), + $my_class = params_lookup( 'my_class' ), + $source = params_lookup( 'source' ), + $source_dir = params_lookup( 'source_dir' ), + $source_dir_purge = params_lookup( 'source_dir_purge' ), + $template = params_lookup( 'template' ), + $service_autorestart = params_lookup( 'service_autorestart' , 'global' ), + $options = params_lookup( 'options' ), + $version = params_lookup( 'version' ), + $absent = params_lookup( 'absent' ), + $disable = params_lookup( 'disable' ), + $disableboot = params_lookup( 'disableboot' ), + $monitor = params_lookup( 'monitor' , 'global' ), + $monitor_tool = params_lookup( 'monitor_tool' , 'global' ), + $monitor_target = params_lookup( 'monitor_target' , 'global' ), + $puppi = params_lookup( 'puppi' , 'global' ), + $puppi_helper = params_lookup( 'puppi_helper' , 'global' ), + $firewall = params_lookup( 'firewall' , 'global' ), + $firewall_tool = params_lookup( 'firewall_tool' , 'global' ), + $firewall_src = params_lookup( 'firewall_src' , 'global' ), + $firewall_dst = params_lookup( 'firewall_dst' , 'global' ), + $debug = params_lookup( 'debug' , 'global' ), + $audit_only = params_lookup( 'audit_only' , 'global' ), + $package = params_lookup( 'package' ), + $service = params_lookup( 'service' ), + $service_status = params_lookup( 'service_status' ), + $process = params_lookup( 'process' ), + $process_args = params_lookup( 'process_args' ), + $process_user = params_lookup( 'process_user' ), + $config_dir = params_lookup( 'config_dir' ), + $config_file = params_lookup( 'config_file' ), + $config_file_mode = params_lookup( 'config_file_mode' ), + $config_file_owner = params_lookup( 'config_file_owner' ), + $config_file_group = params_lookup( 'config_file_group' ), + $config_file_init = params_lookup( 'config_file_init' ), + $config_file_init_source = params_lookup( 'config_file_init_source' ), + $config_file_init_template = params_lookup( 'config_file_init_template' ), + $pid_file = params_lookup( 'pid_file' ), + $data_dir = params_lookup( 'data_dir' ), + $log_dir = params_lookup( 'log_dir' ), + $log_file = params_lookup( 'log_file' ), + $port = params_lookup( 'port' ), + $protocol = params_lookup( 'protocol' ) ) inherits postgresql::params { $bool_use_postgresql_repo=any2bool($use_postgresql_repo) @@ -374,19 +382,14 @@ default => $postgresql::source, } - $manage_file_content = $postgresql::template ? { - '' => undef, - default => template($postgresql::template), - } - $manage_file_source_hba = $postgresql::source_hba ? { '' => undef, default => $postgresql::source_hba, } - $manage_file_content_hba = $postgresql::template_hba ? { + $manage_config_file_init_source = $postgresql::config_file_init_source ? { '' => undef, - default => template($postgresql::template_hba), + default => $postgresql::config_file_init_source, } ### Calculation of internal variables according to user input @@ -491,6 +494,31 @@ default => $postgresql::log_file, } + $real_config_file_init = $postgresql::config_file_init ? { + '' => $::operatingsystem ? { + /(?i:Debian|Ubuntu|Mint)/ => '/etc/default/postgresql', + default => "/etc/sysconfig/pgsql/postgresql-${real_version}", + }, + default => $postgresql::config_file_init, + } + + # since we might depend on calculated vars, place the templates here + $manage_config_file_init_template = $postgresql::config_file_init_template ? { + '' => undef, + default => template($postgresql::config_file_init_template), + } + + $manage_file_content = $postgresql::template ? { + '' => undef, + default => template($postgresql::template), + } + + $manage_file_content_hba = $postgresql::template_hba ? { + '' => undef, + default => template($postgresql::template_hba), + } + + ### Managed resources if $postgresql::bool_install_prerequisites { @@ -541,6 +569,23 @@ } } + if ($postgresql::config_file_init_source or $postgresql::config_file_init_template) { + file { 'postgresql.init.conf': + ensure => $postgresql::manage_file, + path => $postgresql::real_config_file_init, + mode => $postgresql::config_file_mode, + owner => $postgresql::config_file_owner, + group => $postgresql::config_file_group, + require => Package['postgresql'], + notify => $postgresql::manage_service_autorestart, + source => $postgresql::manage_config_file_init_source, + content => $postgresql::manage_config_file_init_template, + replace => $postgresql::manage_file_replace, + audit => $postgresql::manage_audit, + noop => $postgresql::noops, + } + } + # The whole postgresql configuration directory can be recursively overriden if $postgresql::source_dir { diff --git a/manifests/params.pp b/manifests/params.pp index 27586cf..193b729 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -73,10 +73,7 @@ default => 'postgres', } - $config_file_init = $::operatingsystem ? { - /(?i:Debian|Ubuntu|Mint)/ => '/etc/default/postgresql', - default => '/etc/sysconfig/pgsql', - } + $config_file_init = '' $pid_file = '' @@ -101,6 +98,8 @@ $absent = false $disable = false $disableboot = false + $config_file_init_source = '' + $config_file_init_template = '' ### General module variables that can have a site or per module default $monitor = false From ce72b2dfae81d154f3f728309e9a260a5477aedd Mon Sep 17 00:00:00 2001 From: Markus Burger Date: Sun, 1 Jun 2014 22:15:41 +0200 Subject: [PATCH 2/8] added the ability to create a replication user --- manifests/role.pp | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/manifests/role.pp b/manifests/role.pp index e0bce14..874240b 100644 --- a/manifests/role.pp +++ b/manifests/role.pp @@ -51,13 +51,14 @@ # } # define postgresql::role( - $rolename = $name, - $superuser = false, - $createrole = false, - $createdb = false, - $login = true, - $password = '', - $absent = false + $rolename = $name, + $superuser = false, + $createrole = false, + $createdb = false, + $replication = false, + $login = true, + $password = '', + $absent = false ) { include 'postgresql' @@ -66,6 +67,7 @@ $bool_superuser = any2bool($superuser) $bool_createrole = any2bool($createrole) $bool_createbd = any2bool($createdb) + $bool_replication = any2bool($replication) $bool_login = any2bool($login) $initial_query = "CREATE ROLE \\\"$rolename\\\"" @@ -82,6 +84,10 @@ true => 'CREATEDB', false => 'NOCREATEDB', } + $o_replication = $bool_replication ? { + true => 'REPLICATION', + false => 'NOREPLICATION', + } $o_login = $bool_login ? { true => 'LOGIN', false => 'NOLOGIN', @@ -90,7 +96,7 @@ '' => '', default => "ENCRYPTED PASSWORD '${password}'", } - $opts = "$o_superuser $o_createrole $o_createdb $o_login $o_password" + $opts = "$o_superuser $o_createrole $o_createdb $o_replication $o_login $o_password" $create_query = "$initial_query $opts;" $drop_query = "DROP ROLE \\\"${rolename}\\\"" From 55438ba10b3daa308e294f283ecba04af3b3267f Mon Sep 17 00:00:00 2001 From: Markus Burger Date: Tue, 10 Jun 2014 12:09:09 +0200 Subject: [PATCH 3/8] OPS-5255 - fixed postgresql::dbcreate --- manifests/dbcreate.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/dbcreate.pp b/manifests/dbcreate.pp index afec8be..25df376 100644 --- a/manifests/dbcreate.pp +++ b/manifests/dbcreate.pp @@ -25,7 +25,7 @@ user => $postgresql::process_user, path => '/usr/bin:/bin:/usr/sbin:/sbin', unless => "echo \\\\dg | psql | grep ${role} 2>/dev/null", - command => "echo \"create role \\\"${role}\\\" nosuperuser nocreatedb nocreaterole noinherit nologin ; alter role \\\"${role}\\\" nosuperuser nocreatedb nocreaterole noinherit login encrypted password '${password}'; grant ${name} to \\\"${role}\\\";\" | /usr/bin/psql", + command => "echo \"create role \\\"${role}\\\" nosuperuser nocreatedb nocreaterole noinherit nologin ; alter role \\\"${role}\\\" nosuperuser nocreatedb nocreaterole noinherit login encrypted password '${password}'; grant \\\"${name}\\\" to \\\"${role}\\\";\" | /usr/bin/psql", require => [Service['postgresql']], } -> exec { "db_${name}": user => $postgresql::process_user, From 0c1eb491c0b4e561294aaebe2c4bf47e46fada59 Mon Sep 17 00:00:00 2001 From: Markus Burger Date: Thu, 7 Aug 2014 10:21:24 +0200 Subject: [PATCH 4/8] depend on service not package in postgresql::role --- manifests/role.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/role.pp b/manifests/role.pp index 874240b..cd64e6c 100644 --- a/manifests/role.pp +++ b/manifests/role.pp @@ -113,7 +113,7 @@ true => $cmd, false => undef, } - $db_require = Package['postgresql'] + $db_require = Service['postgresql'] exec { "postgres-manage-role-${name}": user => $postgresql::process_user, From fee2411190de3298a1101a7038b7967bbe8a93ea Mon Sep 17 00:00:00 2001 From: Markus Nussdorfer Date: Thu, 21 Aug 2014 00:43:03 +0200 Subject: [PATCH 5/8] OPS-6111 - added cwd to exec resource --- manifests/dbcreate.pp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/manifests/dbcreate.pp b/manifests/dbcreate.pp index 25df376..0a84b16 100644 --- a/manifests/dbcreate.pp +++ b/manifests/dbcreate.pp @@ -23,12 +23,15 @@ exec { "role_${name}": user => $postgresql::process_user, + cwd => '/tmp', path => '/usr/bin:/bin:/usr/sbin:/sbin', unless => "echo \\\\dg | psql | grep ${role} 2>/dev/null", command => "echo \"create role \\\"${role}\\\" nosuperuser nocreatedb nocreaterole noinherit nologin ; alter role \\\"${role}\\\" nosuperuser nocreatedb nocreaterole noinherit login encrypted password '${password}'; grant \\\"${name}\\\" to \\\"${role}\\\";\" | /usr/bin/psql", require => [Service['postgresql']], - } -> exec { "db_${name}": + } -> + exec { "db_${name}": user => $postgresql::process_user, + cwd => '/tmp', path => '/usr/bin:/bin:/usr/sbin:/sbin', unless => "psql --list -t -A | grep -q \"^${name}|\"", command => "echo \"create database \\\"${name}\\\" with OWNER=\\\"${role}\\\" TEMPLATE=${real_template} ENCODING='${encoding}' LC_COLLATE='${locale}' LC_CTYPE='${locale}';\" | /usr/bin/psql", From e43278e889de5c1cba7320f5d308779eaed28b94 Mon Sep 17 00:00:00 2001 From: Markus Burger Date: Thu, 21 Aug 2014 15:32:06 +0200 Subject: [PATCH 6/8] lint fixes --- manifests/dbcreate.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/dbcreate.pp b/manifests/dbcreate.pp index 0a84b16..4de8883 100644 --- a/manifests/dbcreate.pp +++ b/manifests/dbcreate.pp @@ -28,7 +28,7 @@ unless => "echo \\\\dg | psql | grep ${role} 2>/dev/null", command => "echo \"create role \\\"${role}\\\" nosuperuser nocreatedb nocreaterole noinherit nologin ; alter role \\\"${role}\\\" nosuperuser nocreatedb nocreaterole noinherit login encrypted password '${password}'; grant \\\"${name}\\\" to \\\"${role}\\\";\" | /usr/bin/psql", require => [Service['postgresql']], - } -> + } -> exec { "db_${name}": user => $postgresql::process_user, cwd => '/tmp', From ceedc89113aeee42fb472c57bfadab49574d3d31 Mon Sep 17 00:00:00 2001 From: Markus Burger Date: Mon, 25 Aug 2014 08:39:23 +0200 Subject: [PATCH 7/8] Revert "OPS-6111 - added cwd to exec resource" This reverts commit fee2411190de3298a1101a7038b7967bbe8a93ea. Conflicts: manifests/dbcreate.pp --- manifests/dbcreate.pp | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/manifests/dbcreate.pp b/manifests/dbcreate.pp index 4de8883..25df376 100644 --- a/manifests/dbcreate.pp +++ b/manifests/dbcreate.pp @@ -23,15 +23,12 @@ exec { "role_${name}": user => $postgresql::process_user, - cwd => '/tmp', path => '/usr/bin:/bin:/usr/sbin:/sbin', unless => "echo \\\\dg | psql | grep ${role} 2>/dev/null", command => "echo \"create role \\\"${role}\\\" nosuperuser nocreatedb nocreaterole noinherit nologin ; alter role \\\"${role}\\\" nosuperuser nocreatedb nocreaterole noinherit login encrypted password '${password}'; grant \\\"${name}\\\" to \\\"${role}\\\";\" | /usr/bin/psql", require => [Service['postgresql']], - } -> - exec { "db_${name}": + } -> exec { "db_${name}": user => $postgresql::process_user, - cwd => '/tmp', path => '/usr/bin:/bin:/usr/sbin:/sbin', unless => "psql --list -t -A | grep -q \"^${name}|\"", command => "echo \"create database \\\"${name}\\\" with OWNER=\\\"${role}\\\" TEMPLATE=${real_template} ENCODING='${encoding}' LC_COLLATE='${locale}' LC_CTYPE='${locale}';\" | /usr/bin/psql", From 0d966400c17c850ddc5f12ffb26c9e097f1818d6 Mon Sep 17 00:00:00 2001 From: Markus Burger Date: Mon, 15 Dec 2014 16:13:31 +0100 Subject: [PATCH 8/8] added the ability to create superuser accounts with dbcreate --- manifests/dbcreate.pp | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/manifests/dbcreate.pp b/manifests/dbcreate.pp index 25df376..45c0f7c 100644 --- a/manifests/dbcreate.pp +++ b/manifests/dbcreate.pp @@ -10,9 +10,12 @@ $conntype = 'host', $address = '127.0.0.1/32', $auth_method = 'md5', - $auth_options = '') { + $auth_options = '', + $superuser = false) { include postgresql + $bool_superuser = any2bool($superuser) + $real_template = $template ? { '' => $postgresql::version ? { '9.3' => 'template0', @@ -21,11 +24,16 @@ default => $template, } + $o_superuser = $bool_superuser ? { + true => 'SUPERUSER', + false => 'NOSUPERUSER', + } + exec { "role_${name}": user => $postgresql::process_user, path => '/usr/bin:/bin:/usr/sbin:/sbin', unless => "echo \\\\dg | psql | grep ${role} 2>/dev/null", - command => "echo \"create role \\\"${role}\\\" nosuperuser nocreatedb nocreaterole noinherit nologin ; alter role \\\"${role}\\\" nosuperuser nocreatedb nocreaterole noinherit login encrypted password '${password}'; grant \\\"${name}\\\" to \\\"${role}\\\";\" | /usr/bin/psql", + command => "echo \"create role \\\"${role}\\\" ${o_superuser} nocreatedb nocreaterole noinherit nologin ; alter role \\\"${role}\\\" ${o_superuser} nocreatedb nocreaterole noinherit login encrypted password '${password}'; grant \\\"${name}\\\" to \\\"${role}\\\";\" | /usr/bin/psql", require => [Service['postgresql']], } -> exec { "db_${name}": user => $postgresql::process_user,