Commit graph

900 commits

Author SHA1 Message Date
Albert Koch
9a0716f127 Support special characters in database role name
This will allow characters such as '-' in database role
names. Additionally, escaping of '"' characters now applies to all '"'
characters, not just the first in a sql command.
2012-11-01 09:45:20 -04:00
Chris Price
c3c4d32267 Merge pull request #19 from jarib/fix-path-for-cat
Fix path for `/bin/cat`
2012-10-29 10:47:03 -07:00
Chris Price
7b71eb36f9 Merge pull request #22 from cprice-puppet/patch-1
Update README.md
2012-10-29 10:46:43 -07:00
Chris Price
10d916ef64 Merge pull request #20 from dharwood/dharwood/pg_hba_acls
Defining ACLs in pg_hba.conf
2012-10-29 10:46:30 -07:00
Chris Price
8529c1fa46 Add deprecation warning for postgres::psql
This commit adds a deprecation warning for the
Exec-based postgres::psql type, and a test
to verify that the deprecation warning is
being generated.
2012-10-27 18:41:47 -07:00
Chris Price
32b65b874a Fix tests so that they can be run multiple times
One of the spec tests was creating a table to test
some user privileges.  However, it wasn't dropping
the table afterwards, meaning that the same test
would fail on the next run because that table already
existed.  This commit adds a command to drop the
table so that the tests can be run several times
in sequence.
2012-10-27 18:04:15 -07:00
Chris Price
8c082a0f65 Update README.md
Correct references to 'user' and 'grant' types, which were renamed to 'database_*'.
2012-10-27 17:04:52 -07:00
Ryan Coleman
183d401a3f Merge pull request #21 from rcoleman/puppetlabs_ownership
Adjust ownership to Puppet Labs
2012-10-24 10:29:45 -07:00
Ryan Coleman
2c82464f24 Adjust ownership to Puppet Labs
Prior to this commit, Inkling Systems was responsible for improving
and maintaining this module. The maintainer has moved on and Inkling
wished for Puppet Labs to continue with this modules maintenance.

This commit adjusts the README and Modulefile for this change in
ownership.
2012-10-24 10:20:20 -07:00
dharwood
555f3e9838 typos in readme and test/server.pp 2012-10-22 12:41:05 -07:00
dharwood
b8389d19ad ACLs functioning, added examples in README and test, comments in config manifests 2012-10-22 12:34:24 -07:00
stormcrow
399709a483 first commit of acls 2012-10-21 23:46:54 -07:00
Jari Bakken
1fe7a87923 Fix path for /bin/cat 2012-10-21 18:52:02 +02:00
Kenn Knowles
847a5919dd Merge pull request #16 from bjoernalbers/server_example
Add sample usage for postgresql::server class.
2012-10-18 04:21:04 -07:00
Kenn Knowles
22e71423d4 Merge pull request #17 from puppetlabs-operations/master
Add postgresql::devel for development dependencies
2012-10-18 04:19:37 -07:00
Kenn Knowles
389833f87d Merge pull request #11 from cprice-puppet/bug/master/better-title-for-persist-firewall-resource
Give the persist-firewall Exec a more explicit name
2012-10-18 04:19:15 -07:00
Adrien Thebo
5e713569ac Add postgresql::devel for development dependencies 2012-10-16 21:22:30 -07:00
rbscott
d2131e3174 Merge pull request #13 from haf/warnings-etc
Warnings etc
2012-10-16 21:08:46 -07:00
Björn Albers
f40b79382a Add sample usage for postgresql::server class.
I had some issues trying to connect to the server, managed with
defaults:

  vagrant@precise32:~$ psql
  psql: FATAL:  role "vagrant" does not exist
  vagrant@precise32:~$ psql -U postgres
  psql: FATAL:  Peer authentication failed for user "postgres"
  vagrant@precise32:~$ psql -U postgres -h 127.0.0.1
  psql: FATAL:  pg_hba.conf rejects connection for host "127.0.0.1", user
  "postgres", database "postgres", SSL on
  FATAL:  pg_hba.conf rejects connection for host "127.0.0.1", user
  "postgres", database "postgres", SSL off
  vagrant@precise32:~$ psql -U postgres -h /var/run/postgresql
  psql: FATAL:  Peer authentication failed for user "postgres"

After some trial and error I found out that the reasons for this was
restrictive permissions on the unix socket (which isn't bad at all):

  vagrant@precise32:~$ ls -l /var/run/postgresql/
  total 4
  -rw------- 1 postgres postgres 5 Oct 16 20:16 9.1-main.pid

So I though I send some usage examples to help noops like myself to a
quicker start with your module :-)
2012-10-16 23:39:48 +02:00
Henrik
1026da2914 mis-spelt param names 2012-10-04 12:16:40 +02:00
Henrik
9af4019354 $quoted_unless had extra $ 2012-10-04 12:14:46 +02:00
Henrik
69e38d5ceb missing 'default' selector case 2012-10-04 12:13:00 +02:00
Henrik
e0c1836b2e end of line comma not valid in versions < 2.8.7 2012-10-04 12:12:12 +02:00
Kenn Knowles
4e74e33b5c Merge pull request #12 from haus/update_status_param_for_deb_ubuntu
Update status for postgres service on Debian
2012-10-01 23:25:07 -07:00
Matthaus Owens
82c5863431 Update status for postgres service on Debian
The postgresql init script on debian/ubuntu returns 0 no matter whether postgresql is started or stopped, so puppet has no way of knowing whether to start postgresql when the service is set to 'ensure => running'. This commit adds a param to the params class called $service_status which is set to the status piped to an egrep on debian/ubuntu, which reliably returns 0 if there are clusters running and 1 if there are none. The output before and after this patch can be seen below. If the init script is fixed at some point, the logic would need to be revisited.

Before patch postgresql remains stopped after puppet run.

$ # service postgresql stop
$ #   * Stopping PostgreSQL 9.1 database server
$ # puppet apply -e "class {'postgresql::server':}"
$ #   notice: Finished catalog run in 0.15 seconds
$ # service postgresql status
$ #   Running clusters:

After patch postgresql is started after puppet run.

$ # service postgresql stop
$ #   * Stopping PostgreSQL 9.1 database server
$ # puppet apply -e "class {'postgresql::server':}"
$ #   notice: /Stage[main]/Postgresql::Server/Service[postgresqld]/ensure: ensure changed 'stopped' to 'running'
$ #   notice: Finished catalog run in 2.26 seconds
$ # service postgresql status
$ #   Running clusters: 9.1/main
2012-09-28 15:53:33 -07:00
Chris Price
f221c8a6a4 Give the persist-firewall Exec a more explicit name
The title I'd used for the persist-firewall resource
was too generic, and fairly likely to collide with
resources in other modules.  This commit simply
renames it to be a bit more explicit about belonging
to this module, to reduce the likelihood of a title
collision.
2012-09-21 09:02:59 -07:00
Kenneth Knowles
12eef2eaa8 Advance version to 0.3.0 2012-09-17 10:42:05 -07:00
Kenn Knowles
7181817e6a Merge pull request #9 from cprice-puppet/feature/master/connection-validator
Feature/master/connection validator
2012-09-16 18:34:58 -07:00
Kenn Knowles
fc48ad04a1 Merge pull request #8 from haus/patch-1
Remove $service_provider setting for ubuntu
2012-09-16 18:34:32 -07:00
Chris Price
fcc0d70e1b Add changelog 2012-09-14 13:26:28 -07:00
Chris Price
fd1b15b950 Add a type for validating a postgres connection
This commit adds a new resource type that can be used to validate
that a successful postgres connection can be established from a
puppet node to a (potentially remote) postgres database instance.
2012-09-14 13:26:28 -07:00
Matthaus Litteken
61f077bb20 Remove $service_provider setting for ubuntu
Ubuntu's precise ships with init scripts, not with upstart service definitions. Declaring the provider to be upstart will cause service management on postgres to fail. Leaving it undefined will allow puppet to select the correct (init) provider.
2012-09-12 22:11:10 -07:00
Kenn Knowles
e7bb6598e4 Merge pull request #3 from jarib/fix-trailing-commas
Remove trailing commas for Puppet 2.7.1 compatibility
2012-08-29 11:16:12 -07:00
Jari Bakken
f9dbf4a9c9 Remove trailing commas.
This makes the module work on Puppet 2.7.1 (from Ubuntu 11.10).
2012-08-25 03:20:27 +02:00
Kenn Knowles
b6245fde65 Merge pull request #2 from cprice-puppet/maint/master/update-modulefile-to-new-stdlib
Update Modulefile to reflect latest dependencies
2012-08-16 09:14:39 -07:00
Chris Price
26727a8916 Update Modulefile to reflect latest dependencies 2012-08-16 09:02:51 -07:00
Kenn Knowles
4e0127ff10 Merge pull request #1 from cprice-puppet/feature/master/align-with-puppetlabs-mysql
Feature/master/align with puppetlabs mysql
2012-08-02 08:08:58 -07:00
Chris Price
9eab95eee0 Update Vagrant tests to be compatible with new structure 2012-07-29 13:35:39 -07:00
Chris Price
2703830d58 Try to make the pg_hba.conf work on postgres 8.1 2012-07-19 18:02:12 -07:00
Chris Price
cc5cad39a7 Fix for debian 6 service name
It turns out that Ubuntu and Debian have different names
for the postgres service; this fix makes the module
compatible with debian 6.
2012-06-14 15:12:51 -07:00
Chris Price
1175ea20d6 Add postgresql::db convenience type, improve security
This commit adds a postgresql::db type for convenience;
it mirrors the 'db' type from the mysql module, which
allows you to create a database instance and user plus
grant privileges to that user all in one succint
resource.

This commit also improves security in the following ways:

* Revoke "CONNECT" privilege from the 'public' role for
  newly created databases; without this, any database
  created via this module will allow connections from
  any database user, and will allow them to do things
  like create tables.

* Change to a 'reject'-based policy for dealing with
  remote connections by the postgres user in pg_hba.conf.
  Prior to this commit, if you tried to restrict access
  to the postgres user by IP, the rule would simply not
  match for disallowed IPs; then it would fall through
  to the rule for "all" users, which could still match
  and thus allow the postgres user to connect remotely.
2012-06-09 09:23:11 -07:00
Chris Price
45055d324c Bring database, database_user, and database_grant into alignment with mysql module
Renamed a few files and made some tweaks to try to get
database_grant, database_user, and database types into
a state where they work very similarly to the ones in
the mysql module.  Also introduced a "postgresql_password"
function that can be used to generate an md5 password
hash for a postgres user.
2012-06-08 22:30:27 -07:00
Chris Price
ba802475ff Improve configuration for initial postgres install
This commit adds some configuration management for
postgres, to allow users to get a more complete
setup from their initial install.  Prior to this
commit, we were basically only ensuring that the
package was installed and the service was running.

Now, we support limited configuration for the
pg_hba.conf file to enable md5 authentication for
remote hosts, and for the postgresql.conf file
to specify the listener addresses where TCP
connections should be accepted.  Without these
two changes the initial postgres configuration
doesn't allow *any* connections from outside of the
local host.

This commit also adds an option for opening up the
postgres port in the firewall on redhat-based systems,
and an option to allow setting the password for the
'postgres' database user.

As of this commit, this module now has dependencies
on puppetlabs-stdlib (version > 2.3.4, which includes
the new 'match' parameter for the 'file_line' resource
type), and on puppetlabs-firewall.
2012-06-08 14:00:24 -07:00
Chris Price
6034e122de Working version of postgresql::server
This is a first working version of postgresql::server.
It includes a very simple test manifest, which has
been tried out on CentOS6 and Ubuntu 10.04; initial
tests were successful both from a clean state and
for subsequent runs.

Includes a new fact called 'postgres_default_version',
which detects what the default version of postgres is
for a given OS.  This is needed because some of the
commands and directory names include this version string.

Current implementation *only* supports managing the
system default version; in the future it would be nice
to allow the user to explicitly specify a postgres version,
but that isn't yet supported.

The "postgresql::server" class includes a call to postgres's
initdb command on redhat systems, because they don't do
this automatically when the package is installed.
2012-06-08 13:37:21 -07:00
Chris Price
21467c8359 Moved files up to root directory
Working on restructuring things to more closely match up with
the layout of puppetlabs-mysql.
2012-06-08 13:37:13 -07:00
Kenneth Knowles
882d2a3300 Improved Modulefile 2012-05-02 10:24:27 -07:00
Kenneth Knowles
b0a863c756 Ignore output of puppet-module 2012-05-02 08:36:36 -07:00
Kenneth Knowles
3f01c750e5 Ignore .vagrant 2012-05-02 08:35:42 -07:00
Kenneth Knowles
e97c044d3f Add Modulefile 2012-05-02 08:35:16 -07:00
Kenneth Knowles
01c9cbeb7c Initial commit 2012-04-19 15:37:18 -07:00