module-postgresql/examples/postgresql_db.pp

class { 'postgresql::server':
  config_hash => {
      'ip_mask_allow_all_users' => '0.0.0.0/0',
      'listen_addresses'        => '*',
      'manage_redhat_firewall'  => true,

      #'ip_mask_deny_postgres_user' => '0.0.0.0/32',
      #'postgres_password' => 'puppet',
  },
}

postgresql::db{ 'test1':
  user          => 'test1',
  password      => 'test1',
  grant         => 'all',
}

postgresql::db{ 'test2':
  user          => 'test2',
  password      => postgresql_password('test2', 'test2'),
  grant         => 'all',
}

postgresql::db{ 'test3':
  user          => 'test3',
  # The password here is a copy/paste of the output of the 'postgresql_password'
  #  function from this module, with a u/p of 'test3', 'test3'.
  password      => 'md5e12234d4575a12bfd61d61294f32b086',
  grant         => 'all',
}
Add postgresql::db convenience type, improve security This commit adds a postgresql::db type for convenience; it mirrors the 'db' type from the mysql module, which allows you to create a database instance and user plus grant privileges to that user all in one succint resource. This commit also improves security in the following ways: * Revoke "CONNECT" privilege from the 'public' role for newly created databases; without this, any database created via this module will allow connections from any database user, and will allow them to do things like create tables. * Change to a 'reject'-based policy for dealing with remote connections by the postgres user in pg_hba.conf. Prior to this commit, if you tried to restrict access to the postgres user by IP, the rule would simply not match for disallowed IPs; then it would fall through to the rule for "all" users, which could still match and thus allow the postgres user to connect remotely. 2012-06-09 18:23:11 +02:00			`class { 'postgresql::server':`
			`config_hash => {`
			`'ip_mask_allow_all_users' => '0.0.0.0/0',`
Puppet lint fixes - left longer than 80 char warnings - left inherits params class warnings 2012-11-03 03:37:20 +01:00			`'listen_addresses' => '*',`
			`'manage_redhat_firewall' => true,`
Add postgresql::db convenience type, improve security This commit adds a postgresql::db type for convenience; it mirrors the 'db' type from the mysql module, which allows you to create a database instance and user plus grant privileges to that user all in one succint resource. This commit also improves security in the following ways: * Revoke "CONNECT" privilege from the 'public' role for newly created databases; without this, any database created via this module will allow connections from any database user, and will allow them to do things like create tables. * Change to a 'reject'-based policy for dealing with remote connections by the postgres user in pg_hba.conf. Prior to this commit, if you tried to restrict access to the postgres user by IP, the rule would simply not match for disallowed IPs; then it would fall through to the rule for "all" users, which could still match and thus allow the postgres user to connect remotely. 2012-06-09 18:23:11 +02:00
			`#'ip_mask_deny_postgres_user' => '0.0.0.0/32',`
			`#'postgres_password' => 'puppet',`
			`},`
			`}`

			`postgresql::db{ 'test1':`
			`user => 'test1',`
			`password => 'test1',`
			`grant => 'all',`
			`}`

			`postgresql::db{ 'test2':`
			`user => 'test2',`
			`password => postgresql_password('test2', 'test2'),`
			`grant => 'all',`
			`}`

			`postgresql::db{ 'test3':`
			`user => 'test3',`
			`# The password here is a copy/paste of the output of the 'postgresql_password'`
			`# function from this module, with a u/p of 'test3', 'test3'.`
			`password => 'md5e12234d4575a12bfd61d61294f32b086',`
			`grant => 'all',`
			`}`