opuppet/module-postgresql
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
1114 commits 2 branches 0 tags 1.4 MiB
Commit graph

157 commits

Author SHA1 Message Date
Andreas Ntaflos
dbbb7aa2b3 Make granting on ALL TABLES IN SCHEMA idempotent 
Define a proper SELECT statement to feed into Postgresql_psql's
`unless` parameter that checks if there are any tables in the specified
schema for which the specified role *does not* have the specified
privilege. Only then allow the GRANT statement to be executed. For
details see comments.

Note that this, too, suffers from the problem that there is no feasible
way to check if a role has ALL PRIVILEGES on a table in plain SQL. By
terrible convention the INSERT privilege represents ALL PRIVILEGES here.
 2015-03-05 17:18:42 +01:00
Andreas Ntaflos
aee6dba6f8 Use correct TCP port when checking password 
The PostgreSQL server's port is specified in `postgresql::server::port`, so use it in the `unless` clause of `Exec['set_postgres_postgrespw']`. Failing to do so results in repeated invocations of the exec resource during Puppet runs when the server's port is not set to the default of 5432.
 2015-02-27 04:48:15 +01:00
Sebastian Gerhards
a246e586be create role before database 
Creating the role before creating the database is mandatory because otherwise
granting the access right to the database fails.
 2015-02-23 11:57:05 +01:00
Mickaël Canévet
e1034d9bee Fix template1 encoding on debian 2015-02-19 08:37:31 +01:00
Hunter Haugen
f889a4612d Fix comment detection 
On psql 8.1, `pg_catalog.shobj_description` does not exist. Also, if the
database to comment is not the current db then this warning will be
raised and the comment will not be applied: `WARNING:  database comments
may only be applied to the current database`

This fix uses the pg_* databases to find the comment based on the
database oid rather than the shared object description function.
 2015-02-05 14:39:58 -08:00
Colleen Murphy
6d2b66cc3d Merge pull request #558 from hunner/fix_dbcomment 
Fix comment detection
 2015-02-04 22:48:28 -08:00
Hunter Haugen
bd80c54664 Fix comment detection 
On psql 8.1, `pg_catalog.shobj_description` does not exist. Also, if the
database to comment is not the current db then this warning will be
raised and the comment will not be applied: `WARNING:  database comments
may only be applied to the current database`

This fix uses the pg_* databases to find the comment based on the
database oid rather than the shared object description function.
 2015-02-04 13:41:11 -08:00
Hunter Haugen
50ae9efbad Require server package before user permissions 
The postgresql user is created by the server package, but this file
resource may be evaluated before the package is installed resulting in
permission failures.
 2015-02-04 13:39:33 -08:00
Colleen Murphy
d42b821969 Merge pull request #521 from raphink/dev/server_extension 
Add postgresql::server::extension definition
 2015-02-04 14:26:53 +01:00
juniorsysadmin
435d63297a (MODULES-1153) Add database comment parameter 2015-02-04 22:45:28 +11:00
juniorsysadmin
32ebbb5e34 Fix lint warnings 2015-01-21 10:46:29 +11:00
Tom De Vylder
0625b91d71 Fix invalid byte sequence in US-ASCII error 2015-01-09 13:33:30 +01:00
Morgan Haskel
7c520bd220 Merge pull request #538 from mattbostock/groupeseb-master 
Allow per-schema grants and support for 'ALL TABLES IN SCHEMA'
 2014-12-22 10:10:48 -08:00
Raphaël Pinson
807fefe5fa Add postgresql::server::extension definition 2014-12-08 16:27:33 +01:00
juniorsysadmin
789543fc45 Add service_manage parameter 
Loosely addresses MODULES-1522
 2014-12-05 10:10:17 +11:00
Benoît Marcelin
d655024066 Add schema creator 2014-12-02 20:54:22 +00:00
Benoît Marcelin
aef405c39c Add support for GRANT SCHEMA and ALL TABLES IN SCHEMA 2014-12-01 16:07:38 +00:00
Benoît Marcelin
9278954cfe Make module compatible with puppetDB 2014-12-01 16:07:38 +00:00
Morgan Haskel
4f4cfb02d4 Merge pull request #517 from cmurphy/fix_datadir 
Fix data directory handling
 2014-10-31 16:36:07 -07:00
Colleen Murphy
6ba3179916 Fix data directory handling 
The change introduced in b781849882 added
a complex operation that was not handled correctly for all operating
systems. This fix includes the following corrections:

- Change the systemd config and reload systemd for datadir changes in
  RHEL 7, and move configuration for this into
  postgresql::server::config since it is managing both the PGDATA and
  PGPORT variables
- Make sure Debian systems stop the service before changing the datadir
- Recreate cert links after running initdb in Debian and early ubuntu
- Change the port in the port spec to avoid selinux issues
- Turn off selinux in pgdata spec to avoid selinux issues
- Correct syntax for describing presence of a directory in pgdata spec
- Move the pgdata spec to the end of the tests so that puppet doesn't
  have to manager purging and recreating the original datadir
- Update README to describe all caveats of using this parameter
 2014-10-31 16:03:15 -07:00
Morgan Haskel
e688274cb0 Merge pull request #515 from lofic/master 
Link to the sysconfig file for the init script of the PGDG postgresql se...
 2014-10-31 15:12:59 -07:00
Milan Karalic
b781849882 Adds support for PGDATA changing in config_entry.pp 
Ensure that data_directory is set in the config. per GitHub user tbd - PR#510 / PR#494 that was filed against wrong module branch"
Adds acceptance test for non default PGDATA, based on alternative_port_spec.rb
Fixes unit test for data directory
 2014-10-23 23:37:03 +02:00
lofic
bcac7782a7 Link to the sysconfig file for the init script of the PGDG postgresql server package 2014-10-23 10:48:53 +02:00
Stephen Price
289de739c3 fix future parser error 2014-09-16 11:19:43 -07:00
Ashley Penney
4015dee539 Remove trailing whitespace. 2014-09-03 16:35:14 -04:00
Ashley Penney
29a597ab05 Improve port changing support. 
This makes Debian 6 work, and hopefully Ubuntu 10.04 too.
 2014-09-03 16:17:19 -04:00
Ashley Penney
bf10898759 Unfortunately this didn't work on > 9.3 in practice. 2014-08-29 16:39:34 -04:00
Ashley Penney
6497404eb5 Revert "Support changing PGDATA on RedHat" 2014-08-29 15:38:30 -04:00
Ashley Penney
f95c2375fb Merge pull request #464 from txaj/support_pg_ident 
Fixes the accidental erasing of pg_ident.conf
 2014-08-28 13:47:46 -04:00
Ashley Penney
48e1eb6002 Merge pull request #476 from hunner/remove_firewall 
Remove firewall management
 2014-08-28 13:17:53 -04:00
Ashley Penney
cab1645df5 Merge pull request #473 from mhjacks/pgdata_patch 
Support changing PGDATA on RedHat
 2014-08-28 13:10:10 -04:00
Hunter Haugen
532047919a Remove firewall management 
The firewall management really belongs outside of the module that
manages postgresql, like in a profile.
 2014-08-21 11:12:23 -07:00
Hunter Haugen
ed58c058a9 Merge pull request #448 from aswen/initdb_ordering_issue 
Initdb should create xlogdir if it has been set.
 2014-08-21 11:04:30 -07:00
Martin Jackson
a00eab6937 Support changing PGDATA on RedHat 2014-08-20 20:16:45 -05:00
Alexander Swen
03ff26d6d4 Merge puppetlabsmaster in initdb_ordering_issue 2014-08-19 09:38:05 +02:00
Oliver Bertuch
91fec92488 Fixed deprecation warning for class param in server.pp. Changed subclasses of server to use ::_version, which will be assigned the value from globals or (deprecated) class param. 2014-08-18 11:26:06 +02:00
txaj
87639c6810 Fixes the accidental erasing of pg_ident.conf 
Even with manage_pg_ident_conf to false, or undef (witch defaults to
false), a concat object would be created, erasing the pg_ident.conf file
 2014-08-01 16:27:16 -05:00
Ashley Penney
a18d56067e This seems to fix up selinux for tablespace. 2014-08-01 14:56:25 -04:00
Hunter Haugen
03a51599b1 Merge pull request #456 from igalic/schema 
defined type for creating database schemas
 2014-07-29 08:05:22 -07:00
txaj
e2b0bdd26f Create the pg_ident_rule defined type 
This allows us to declare user map as easilly as pg_hba entries.
 2014-07-26 17:14:51 -05:00
Igor Galić
324c291b3f defined type for creating database schemas 
This defined type helps create database schemas, and assign them to an
`owner`. It is closely modeled after Postgresql::Server::Tablespace.
It uses PostgreSQL's builtin IF NOT EXISTS to guarantee idempotency.
(>= 9.3, else it checks pg_namespace).

n.b.: This defined type *requires* that a `db` is passed. This is a
concious design decision, since we find it rather useless to create such
schemas in the default `postgres` database, and if *were* useful, one
can always "over-specify".

This addresses MODULES-1098.
 2014-07-25 17:10:40 +02:00
Ashley Penney
e2f5015207 Merge 3.4.x changes into master. 2014-07-25 09:31:00 -04:00
Dominic Cleal
0c4f2a9647 Fix Fedora support by configuring systemd, not /etc/sysconfig 2014-07-25 11:40:53 +01:00
Ashley Penney
58fe218e91 Remove the ensure => absent uninstall code. 
This is likely to be a controversial change so I wanted to put some
explanation of our reasoning into the commit message.  This gets
kind of complex so I'll start with the problem and then the reasoning.

Problem:

We rely heavily on the ability to uninstall and reinstall postgres
throughout our testing code, testing features like "can I move from the
distribution packages to the upstream packages through the module" and
over time we've learnt that the uninstall code simply doesn't work a lot
of the time.  It leaves traces of postgres behind or fails to remove
certain packages on Ubuntu, and generally causes bits to be left on your
system that you didn't expect.

When we then reinstall things fail because it's not a true clean slate,
and this causes us enormous problems during test.  We've spent weeks and
months working on these tests and they simply don't hold up well across
the full range of PE platforms.

Reasoning:

Due to all these problems we've decided to take a stance on uninstalling
in general.  We feel that in 2014 it's completely reasonable and normal
to have a good provisioning pipeline combined with your configuration
management and the "correct" way to uninstall a fully installed service
like postgresql is to simply reprovision the server without it in the
first place.  As a general rule this is how I personally like to work
and I think is a good practice.

WAIT A MINUTE:

We understand that there are environments and situations in which it's
not easy to do that.  What if you accidently deployed Postgres on
100,000 nodes?  When this work is finished I'm going to take a look at
building some example 'profiles' to be found under examples/ within this
module that can uninstall postgres on popular platforms.  These can be
modified and used in your specific case to uninstall postgresql.  They
will be much more brute force and reliant on deleting entire directories
and require you to do more work up front in specifying where things are
installed but we think it'll prove to be a much cleaner mechanism for
this kind of thing rather than trying to weave it into the main module
logic itself.
 2014-07-12 12:15:42 -04:00
Ashley Penney
e29f5ef8d8 Merge pull request #422 from dvorak/create_user_role_before_validate 
Ensure db user exists before validating db connection
 2014-06-05 13:36:24 -04:00
Ashley Penney
8db4a0cf67 Fix Ubuntu 14.04 tests for now. 
This doesn't fix the root cause of the issue, such as the fact that
dpkg can't do wildcard removals, and the uninstall fails when you're
passing in a version number like this, but THIS test doesn't care, it
just wants to make sure the deprecation warning appears in the first
place.

This does however make the tests pass on 14.04.
 2014-06-03 13:21:45 -04:00
Clayton O'Neill
6e55b9bbb3 Ensure db user exists before validating db connection 
The validate_db_connection class takes a user to connect as, but if we're
using the progresql::server::db defined type then the user might not be
created yet, and might not have any permissions granted yet.  This patch
users a collector to ensure that the that the user and grants are active
before validating.
 2014-05-23 17:05:17 -04:00
Ashley Penney
c00b47f220 Restructure the tests here to be cleaner. 2014-05-12 23:28:18 +02:00
Ashley Penney
a8705e2cb2 Fix RHEL5 service stopping. 
On RHEL5 a service stop returns a 1 instead of 0 if the thing is already
stopped, so we now check the status first before attempting to stop.
 2014-05-10 16:57:29 +02:00
Ashley Penney
4334dc7bd9 Stop postgresql before changing port. 2014-05-09 15:28:00 -04:00
Ashley Penney
6bf896fa34 Switch to 'running'/'stopped' to match the test below. 2014-05-08 19:50:11 -04:00
Ashley Penney
4e002d7fd9 Make sure we continue working post 7.0. 2014-05-08 16:52:04 -04:00
Ashley Penney
5488821ce6 Ensure we've always started postgresql at least once before a reload. 2014-05-08 16:47:37 -04:00
Ashley Penney
a575884908 Ensure repo is in place before postgis installation. 
We need to make sure we've actually setup the repo before installing
postgis.
 2014-05-08 16:47:10 -04:00
Ashley Penney
3e3fa8cab1 Handle ports for systemd. 
This is a terrible hack currently but it appropriately handles systemd.
 2014-05-08 16:46:39 -04:00
Ashley Penney
d010bc8c7f This doesn't exist on RHEL7. 2014-05-08 16:46:09 -04:00
Ashley Penney
5e33409342 Add service_ensure. 
This allows you to control the status of the Postgresql service directly
from postgresql::server.
 2014-05-08 16:43:22 -04:00
Brian Almeida
86f2950248 Add support for port parameter to postgresql::server, fix underlying assumptions that port=5432 2014-04-17 15:09:07 -04:00
Ashley Penney
3d73e7fe7f Merge pull request #372 from jhoblitt/feature/pg_hba.conf-ownership 
change pg_hba.conf to be owned by postgres user account
 2014-04-17 13:31:04 -04:00
Ashley Penney
0adbcfb64f Merge pull request #280 from 3dna/feature/postgis 
postgis support
 2014-04-02 09:31:03 -04:00
Ashley Penney
d8875983c9 Merge pull request #395 from thunderkeys/postgresql-server-role-inherit-support 
Postgresql server role inherit support
 2014-04-02 07:30:20 -04:00
Jeremy Kitchen
c4bca511e9 add support for postgis 
rhel support added by @mcanevet, but the branch has been squashed.
thanks!
 2014-03-31 21:40:01 +00:00
Pieter Lexis
dcdc7c8f5a Allow the ex- and import of postgresql::server::db 2014-03-27 16:49:48 +01:00
Brian Almeida
ad083d0e4d Add support to postgresql::server::role for INHERIT/NOINHERIT 2014-03-24 11:19:12 -04:00
Geoff Garside
688b0aa3fc Replace psql_db => $user with $default_database. 
On FreeBSD systems the $user variable is not 'postgres' so does not
match the default database correctly. These changes use the existing
default_database parameter to replace instances where $user is passed as
the database to be connected to.

These changes are in server::database, server::role and
server::grant.
 2014-03-10 09:26:28 +00:00
Joshua Hoblitt
d49939014c change pg_hba.conf to be owned by postgres user account 
At present, the ownership of pg_hba.conf is hardwired to be uid 0.  It should have the same ownership as all of the other postgressql configuration files in the same cluster so that they can be managed/edited by the postgres role user (system) account.
 2014-02-27 11:38:20 -07:00
Igor Galić
828c3b99d2 use fully-qualified path to psql to set password 
When setting the a user's password, use the fully qualified path to the
psql binary. This should fix #359
 2014-02-13 11:53:41 +01:00
Ashley Penney
4409dbc4b2 Merge pull request #324 from aadamovich/patch-1 
Wrong parameter name: manage_pg_conf -> manage_pg_hba_conf
 2014-01-21 14:35:35 -08:00
Ashley Penney
0bb214d1be Merge pull request #317 from hubspotdevops/validate_db_connection_float 
Prevent float of defined resource.
 2014-01-21 14:32:19 -08:00
Ashley Penney
301715b8a9 Merge pull request #256 from mnencia/patch-3 
Add support to custom xlogdir parameter
 2014-01-21 14:24:10 -08:00
Axel Bock
6f99380a8b fix for concat error 2014-01-09 17:39:57 +01:00
Brandon Wamboldt
694c3ffbf7 Fix NOREPLICATION option for Postgres 9.1 
Fixing a bug when using this module with Postgresql 9.1 that causes alter role statements to execute during every apply.
 2013-12-20 13:09:42 -04:00
Marco Nenciarini
2b81d5cb63 Add support to custom xlogdir parameter 
Having a custom xlogdir location is desiderable for performances in many production environments
 2013-12-14 23:55:24 +01:00
aadamovich
0e1fa6f8b2 Wrong parameter name: manage_pg_conf -> manage_pg_hba_conf 2013-12-04 21:09:56 +01:00
Ashley Penney
0796eb9fc6 Merge pull request #311 from kronn/patch-1 
Remove deprecated and unused parameters to concat::fragment
 2013-11-20 11:01:47 -08:00
Ashley Penney
68ac871e8b Merge pull request #309 from leehanel/master 
add lc_* config entry settings
 2013-11-20 08:57:02 -08:00
Ashley Penney
fdf5f04351 Merge pull request #313 from hubspotdevops/initdb_order 
Exec['postgresql_initdb'] needs to be done after $datadir exists
 2013-11-19 13:56:23 -08:00
Ken Barber
c114885a04 Merge pull request #310 from mcanevet/table_grant_fix 
Fix table_grant_spec to show a bug
 2013-11-15 08:40:16 -08:00
Mickaël Canévet
4cd64e80ac Add missing privileges 2013-11-15 15:20:15 +01:00
Mickaël Canévet
1ce75d5bc8 Fix granting all privileges on a table 2013-11-14 18:17:23 +01:00
Mickaël Canévet
f0924df7c8 Can pass template at database creation 2013-11-14 18:01:30 +01:00
Tom McLaughlin
bac4b87a8d Prevent float of defined resource. 2013-11-13 15:30:58 -05:00
Tom McLaughlin
05eaaa1670 Should have had cofee before doing this commit... 2013-11-13 10:17:25 -05:00
Tom McLaughlin
99a1e03154 Exec['postgresql_initdb'] needs to be done after $datadir exists 2013-11-13 08:59:39 -05:00
Matthias Viehweger
673838c3d8 Remove deprecated and unused parameters to concat::fragment 
The warnings are as follows:

Warning: Scope(Concat::Fragment[pg_hba_rule_deny access to postgresql user]): The $mode parameter to concat::fragment is deprecated and has no effect
Warning: Scope(Concat::Fragment[pg_hba_rule_deny access to postgresql user]): The $owner parameter to concat::fragment is deprecated and has no effect
 2013-11-12 16:36:53 +01:00
leehanel
b706edff9b add lc_* config entry settings 2013-11-08 09:09:03 -06:00
Reid Vandewiele
6afb4a0367 Allow specification of default database name 
E.g. pe-postgresql does NOT use postgres as the default database name.
It uses pe-postgres. So if there is no way to specify a default database
name, the postgesql::validate_db_connection resource in
postgresql::server::service will ALWAYS fail. This commit exposes the
parameter in order to avoid that situation.
 2013-10-26 16:33:36 -07:00
Ken Barber
2b697c10f9 Use main psql path and cleanup old packages properly 
Signed-off-by: Ken Barber <ken@bob.sh>
 2013-10-25 03:01:02 +02:00
Ken Barber
ef45251a31 Provide a greater timeout for slower systems 
Signed-off-by: Ken Barber <ken@bob.sh>
 2013-10-24 00:33:46 +01:00
Ken Barber
acabbbf530 Remove concat::setup for include 
Since the class is now throwing an error when you use the class directly,
I'm just removing it.

We left this in from the last rewrite as someone reported an issue a long
time ago, but alas we have been unable to prove its a problem.

Signed-off-by: Ken Barber <ken@bob.sh>
 2013-10-24 00:33:45 +01:00
Ken Barber
5df36cf1f7 (GH-198) Fix race condition on postgresql startup 
This patch is a fix for the race condition that keeps occuring during
postgresql setup. Its very rare on its own, but when you are using this
module in a CI environment it happens quite frequently.

Basically what happens is that sometimes the service will announce the
database has started, but really it is still working in the background.
Sometimes the unix socket may not be listening, and sometimes the
system is still loading and you get a weird client error.

The fix itself is a modification to postgresql::validate_db_connection
so that it is able to connect on the local unix socket, plus retry
until the database is available.

This new and improved validate_db_connection can then be put into the
build pipeline (in the service class in particular) to ensure the
database is started before continuing on with the remaining steps.

This in effect blocks the puppet module from continuing until the
postgresql database is fully started and able to receive connections
which is perfect.

Tests and documentation provided.

Signed-off-by: Ken Barber <ken@bob.sh>
 2013-10-24 00:33:45 +01:00
Ken Barber
f021ef3cdb Merge pull request #286 from jalli/master 
Add zero length string to join() function
 2013-10-23 04:59:11 -07:00
Jarl Stefansson
017d134188 Add zero length string to join() function 
The stdlib join() function takes an array and a string as parameters, it then joins all the elements of the array using the string as a separator.
On Centos 6.4 the join() function fails if given just an array but not a string.
 2013-10-19 12:04:04 -04:00
jonoterc
a93fcf850c enabling defined postgres user password without resetting on every puppet run (based on https://github.com/puppetlabs/puppetlabs-postgresql/issues/92) 2013-10-17 17:57:33 -04:00
Mickaël Canévet
6f614b0b37 Add a parameter to (un)manage pg_hba.conf 2013-10-16 14:58:08 +02:00
Marek Hulan
b784676c2e Expose owner in db definition 2013-10-10 17:34:26 +02:00
Neil Northrop
f9e6046132 fixed the rspec test to include 'sha1' in 2013-10-04 15:14:10 -07:00
Ashley Penney
5ac999b72c Merge pull request #251 from kamilszymanski/authentication_method_validation 
Validate authentication method against server version
 2013-09-23 12:19:28 -07:00
Kamil Szymanski
71e0236659 Validate authentication method against server version 2013-09-22 22:35:18 +02:00
Kamil Szymanski
480fc64f6b lint fixes 2013-09-21 19:45:35 +02:00