kosmos/chef
kosmos
/
chef
8
3
Fork 0
Code Issues 34 Pull Requests 2 Projects 1 Activity

Update the postgresql cookbook

This commit is contained in:
Greg 2019-02-27 12:40:15 +01:00
parent 98a13b08a1
commit 2325c9a3b1
43 changed files with 1272 additions and 2638 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Berksfile
View File

@ -34,7 +34,7 @@ cookbook 'firewall', '~> 2.6.3'
cookbook 'chef_nginx', '= 6.1.1'
cookbook 'build-essential', '~> 8.1.1'
cookbook 'mysql', '= 6.1.3'
cookbook 'postgresql', '= 6.1.1'
cookbook 'postgresql', '= 7.1.3'
cookbook 'apt', '~> 7.0.0'
cookbook 'git', '= 6.0.0'
cookbook 'hostsfile', '= 2.4.5'

7
Berksfile.lock
View File

@ -47,7 +47,7 @@ DEPENDENCIES
poise-ruby-build (= 1.1.0)
poise-service (~> 1.5.2)
postfix (= 5.0.2)
postgresql (= 6.1.1)
postgresql (= 7.1.3)
redis
git: https://github.com/phlipper/chef-redis.git
revision: 7476279fc9c8727f082b8d77b5e1922dc2ef437b
@ -183,10 +183,7 @@ GRAPH
poise-service (1.5.2)
poise (~> 2.0)
postfix (5.0.2)
postgresql (6.1.1)
build-essential (>= 2.0.0)
compat_resource (>= 12.16.3)
openssl (>= 4.0)
postgresql (7.1.3)
rbac (1.0.3)
redis (0.5.6)
apt (>= 0.0.0)

2
cookbooks/postgresql/.foodcritic
View File

@ -1,2 +0,0 @@
~FC037
~FC016

366
cookbooks/postgresql/CHANGELOG.md
View File

@ -1,6 +1,61 @@
# postgresql Cookbook CHANGELOG
This file is used to list changes made in each version of the postgresql cookbook.
This file is used to list changes made in the last 3 major versions of the postgresql cookbook.
## Unreleased
## v7.1.3 (15-01-2019)
- Added support for dash in database role name.
## v7.1.2 (06-01-2019)
- Cleanup and update the user resource documentation and code. Removed extraneous 'sensitive' property which is a common property in all Chef resources.
- Change default permissions on the postgres.conf to be world readable so that psql can work.
## v7.1.1 (26-09-2018)
- Rename slave to follower
- Use CircleCI for testing
- Simplyfy extension resource
## v7.1.0 (22-06-2018)
- Update the `initdb` script to use initdb rather than a service. #542
- Refactor database commands to use the common connect method. #535
- Increase the unit test coverage.
## v7.0.0 (25-05-2018)
_Breaking Change_ Please see UPGRADING.md and the README.md for information how to use.
- Add custom resources for:
- `postgresql_client_install`
- `postgresql_server_install`
- `postgresql_repository`
- `postgresql_pg_gem`
- Deprecate recipes:
- `apt_pgdg_postgresql`
- `config_initdb`
- `config_pgtune`
- `contrib`
- `ruby`
- `yum_pgdg_postgresql`
- Remove deprecated tests
## v6.1.3 (2018-04-18)
- Fix recipes referencing the old helpers
## v6.1.2 (2018-04-16)
**this will be the last release of the 6.0 series before all recipes are removed from the cookbook**
- Deprecate all recipes
## v6.1.1 (2017-03-08)
@ -92,312 +147,3 @@ This file is used to list changes made in each version of the postgresql cookboo
- Remove logic in the apt_pgdg_postgresql recipe that made Chef fail when new distro releases came out
- Avoid node.set deprecation warnings
- Avoid managed_home deprecation warnings in server_redhat recipe
## v4.0.6
- Add 16.04 Xenial to the allowed list
## v4.0.4
- Add leading pound symbol on pg_hba.conf template comment line
- Update gem install for compile_time to correct deprication warning
- Add support Ubuntu Wily Werewolf pgdg apt repository
- test-kitchen platforms for Centos 7.2 and Ubuntu 15.04
- Fixes PostgreSQL version & package name defaults for EL7 distros
- Add appropriate systemd unit file overrides for EL7 distros
## v4.0.2
- Add Code of Conduct
- Add Rubocop
- Clean up of syntax in many places as result of adding and evaluating Rubocop
- Updates to test-kitchen.yml
- added additional attribute for people who are importing pgdg packages for internal repositories
- `default['postgresql']['use_pgdg_packages'] = false`
## v4.0.0
**WARNING: Please read carefully through the stated changes, as they probably will break your current setup and can result in duplicate postgresql versions being installed, configuration corruption and data loss! This list might not be complete, so be careful when using the 4.x version and make sure to test it extensively before production use!**
When in doubt, put the following in your `Berksfile` until you are ready to upgrade:
```ruby
cookbook 'postgresql', '~> 3.4.0'
```
- Potential breaking change: Restructured default attributes to avoid compile time deriving other attribute values from value of the `node[postgresql][version]` (#313, #302, #295, #288, #280, #261, #260, #254, #248, #217, #214, #167, #143). If you specify a custom postgresql version, make sure to adapt the following attributes as well:
```ruby
default['postgresql']['dir'] = "/etc/postgresql/#{node['postgresql']['version']}/main"
default['postgresql']['client']['packages'] = [ "postgresql-client-#{node['postgresql']['version']}", 'libpq-dev' ]
default['postgresql']['server']['packages'] = [ "postgresql-#{node['postgresql']['version']}" ]
default['postgresql']['contrib']['packages'] = [ "postgresql-contrib-#{node['postgresql']['version']}" ]
```
- Potential breaking change: SSL configuration parameters. Due to the new structuring, make sure you set all SSL attributes to `override` when specifying them in a cookbook:
```ruby
override['postgresql']['config']['ssl'] = true
override['postgresql']['config']['ssl_cert_file'] = "/path/to/cert.crt"
override['postgresql']['config']['ssl_key_file'] = "/path/to/cert.key"
override['postgresql']['config']['ssl_ciphers'] = "<my cipher suite>"
```
- Potential breaking change: Some node attributes are now persistet in your node configuration. This affects the following attributes:
```json
"config": {
"data_directory": "/var/lib/postgresql/9.4/main",
"hba_file": "/etc/postgresql/9.4/main/pg_hba.conf",
"ident_file": "/etc/postgresql/9.4/main/pg_ident.conf",
"external_pid_file": "/var/run/postgresql/9.4-main.pid",
"unix_socket_directories": "/var/run/postgresql",
"ssl_cert_file": "/etc/ssl/certs/ssl-cert-snakeoil.pem",
"ssl_key_file": "/etc/ssl/private/ssl-cert-snakeoil.key"
}
```
- Potential breaking change: Parsing of attributes from node/ environment configuration. It has been reported that setting the `node['postgresql']['client']['packages']` attribute in a cookbook might result in the default version of the postgresql client package being installed alongside the required version. This might affect the server packages as well.
- Correct issues which caused the inability to override installation version defaults
- Correct issues which caused configuration file entries with miss matching version numbers and incorrect file system paths being defined
- Remove method pgdgrepo_rpm_info compile time use of derived attributes case many issues
- Use correct directory path and check for the correct not_if condition to determine if the database has been initialized
- Ensure that correct packages are installed in all scenarios where pg gem is compiled
- Fix errors in configuration files for unix_socket_directory and unix_socket_directories
- Updates to test-kitchen suite configuration
- Added more grey hair to my beard
## v3.4.24
- Corrections to address repositories signed with newer certificates that some distributions have in their default ca-certificates package
- Updates to more accurately determine distributions service init systems adds better support for systemd systems
- Correct how version attribute is evaluated in certain places
- test-kitchen suite configuration corrections
- Opensuse support
## v3.4.23
- Skipping 3.4.22 with Develop branch 3.4.23 to return to releasing cookbook from master on even numbers and develop on odd numbers.
## v3.4.21
- Use more optimistic openssl version constraint
- Add Postgresql 9.4 package sources for RHEL platforms
- Update testing infrastructure to address bit rot
## v3.4.20
- Revert [#251](https://github.com/sous-chefs/postgresql/pull/251), a change which caused the postgresql service to restart every Chef run.
## v3.4.19
- node.save could better not be run on every chef run since it causes node.default attributes stored to the node objects to differ during a chef run and when
- Missing attribute in docs for yum_pgdg_postgresql
- restart postgres service immediately on config change
- Run restart command right away on the postgresql service.
- Add kitchen test for shared_preload_libraries & extension setup.
- Fix install order of contrib packages to fix pg_stat_statements issues.
- Add Debian Jessie to whitelist for apt.postgresql.org repo
- Install version 9.4 on Debian Jessie
- add amazon 2015
- add rhel7 support
## v3.4.18
- Revert changes from #201 with the intention of revisiting these changes as part of the next major version release.
- Specify version constraint on openssl cookbook due to an upstream release mishap
## v3.4.16
- Changed hard coded value to attribute #219
- Correction for directory creation under debian, etc. #222
- Fedora 20 yum support #223
- Define version-sensitive attributes in a recipe #201
## v3.4.14
- Support apt repository for Ubuntu Utopic 14.10
- Do not try and set password on standby hosts
## v3.4.12
- Create configuration templates at the appropriate time
- If template is updated restart service changed to default of :delayed
- Fix SSL for PostgreSQL versions < 9.2
## v3.4.10
- correct conditional error created in 3.4.8.
## v3.4.8
- Correct scenario where work_mem could be set to 0 if con is greater than mem Issue #185
- Add Centos7 suites to kitchen configuration
## v3.4.6
- Don't include the pgdg recipes on the wrong machine types
- Add missing dir /etc/sysconfig/pgsl for centos7
- CentOS 7 package support
## v3.4.4
- fix packages on SLES11SP2 and higher
- [COOK-4737] Add flag to control database user password behavior
- add amazon platform rpm info
- Fix issues with the server_redhat recipe on Fedora 16 and later
- attribute typo correction
- correctly check and set max_connections to an integer
## v3.4.2
- Changed the Gem::Installer::ExtensionBuildError to a Mixlib::ShellOut::ShellCommandFailed
## v3.4.1
- Added support for Ubuntu 14.04 and Postgresql 9.3
- Fix [COOK-3490] <https://tickets.opscode.com/browse/COOK-3490>
## v3.4.0
Updated CONTRIBUTING document. Refreshed test kitchen configuration. Merged Pull Requests: 122, 116, 104, 102, 99, 96, 93, 90.
## v3.3.4
Testing
## v3.3.2
- Testing maintainer transfer to Heavywater with Opscode as collaborator
## v3.3.0
### Bug
- **[COOK-3851](https://tickets.opscode.com/browse/COOK-3851)** - Postgresql: reload after config change does not pick up certain configuration changes
- **[COOK-3611](https://tickets.opscode.com/browse/COOK-3611)** - unix_socket_directory does not exists in 9.3
- **[COOK-2954](https://tickets.opscode.com/browse/COOK-2954)** - PostgreSQL installation ignores version attribute on CentOS >= 6
## v3.2.0
- [COOK-3717] Pgdg repositories improvements
- [COOK-3756] Change postgresql.conf mode from 0600 to 0644
## v3.1.0
### Improvement
- **[COOK-3685](https://tickets.opscode.com/browse/COOK-3685)** - Upgrade Repo Attributes for Postgresql 9.3
- **[COOK-3597](https://tickets.opscode.com/browse/COOK-3597)** - Fix implementation of `initdb_locale` attribute for RHEL
- **[COOK-3566](https://tickets.opscode.com/browse/COOK-3566)** - Give the user's rules more priority than the default ones in pg_hba
- **[COOK-3553](https://tickets.opscode.com/browse/COOK-3553)** - Remove automatic `apt-get update`
### Bug
- **[COOK-3611](https://tickets.opscode.com/browse/COOK-3611)** - Remove `unix_socket_directory` (it does not exists in 9.3)
- **[COOK-3599](https://tickets.opscode.com/browse/COOK-3599)** - Automatically add PGDG apt repo dependency on PostgreSQL version
- **[COOK-3555](https://tickets.opscode.com/browse/COOK-3555)** - Documentation Fix
- **[COOK-2383](https://tickets.opscode.com/browse/COOK-2383)** - Update Postgres version in attributes
## v3.0.4
### Bug
- **[COOK-3173](https://tickets.opscode.com/browse/COOK-3173)** - Use :reload instead of :restart on conf changes
- **[COOK-2939](https://tickets.opscode.com/browse/COOK-2939)** - Fix RedHat support
## v3.0.2
### Bug
- [COOK-3076]: postgresql::ruby recipe error when using pgdg repositories
## v3.0.0
This is a backwards-incompatible release because the Pitti PPA is deprecated and the recipe removed, replaced with the PGDG apt repository.
### Bug
- [COOK-2571]: Create helper library for pg extension detection
- [COOK-2797]: Contrib extension contianing '-' fails to load.
### Improvement
- [COOK-2387]: Pitti Postgresql PPA is deprecated
### Task
- [COOK-3022]: update baseboxes in .kitchen.yml
## v2.4.0
- [COOK-2163] - Dangerous "assign-postgres-password" in "recipes/server.rb" -- Can lock out dbadmin access
- [COOK-2390] - Recipes to auto-generate many postgresql.conf settings, following "initdb" and "pgtune"
- [COOK-2435] - Foodcritic fixes for postgresql cookbook
- [COOK-2476] - Installation into database of any contrib module extensions listed in a node attribute
## v2.2.2
- [COOK-2232] -Provide PGDG yum repo to install postgresql 9.x on redhat-derived distributions
## v2.2.0
- [COOK-2230] - Careful about Debian minor version numbers
- [COOK-2231] - Fix support for postgresql 9.x in server_redhat recipe
- [COOK-2238] - Postgresql recipe error in password check
- [COOK-2176] - PostgreSQL cookbook in Solo mode can cause "NoMethodError: undefined method `[]' for nil:NilClass"
- [COOK-2233] - Provide postgresql::contrib recipe to install useful server administration tools
## v2.1.0
- [COOK-1872] - Allow latest PostgreSQL deb packages to be installed
- [COOK-1961] - Postgresql config file changes with every Chef run
- [COOK-2041] - Postgres cookbook no longer installs on OpenSuSE 11.4
## v2.0.2
- [COOK-1406] - pg gem compile is unable to find libpq under Chef full stack (omnibus) installation
## v2.0.0
This version is backwards incompatible with previous versions of the cookbook due to use of `platform_family`, and the refactored configuration files using node attributes. See README.md for details on how to modify configuration of PostgreSQL.
- [COOK-1508] - fix mixlib shellout error on SUSE
- [COOK-1744] - Add service enable & start
- [COOK-1779] - Don't run apt-get update and others in ruby recipe if pg is installed
- [COOK-1871] - Attribute driven configuration files for PostgreSQL
- [COOK-1900] - don't assume ssl on all postgresql 8.4+ installs
- [COOK-1901] - fail a chef-solo run when the postgres password attribute is not set
## v1.0.0
**Important note for this release**
This version no longer installs Ruby bindings in the client recipe by default. Use the ruby recipe if you'd like the RubyGem. If you'd like packages for your distribution, use them in your application's specific cookbook/recipe, or modify the client packages attribute.
This resolves the following tickets.
- COOK-1011
- COOK-1534
The following issues are also resolved with this release.
- [COOK-1011] - Don't install postgresql packages during compile phase and remove pg gem installation
- [COOK-1224] - fix undefined variable on Debian
- [COOK-1462] - Add attribute for specifying listen address
## v0.99.4
- [COOK-421] - config template is malformed
- [COOK-956] - add make package on ubuntu/debian
## v0.99.2
- [COOK-916] - use < (with float) for version comparison.
## v0.99.0
- Better support for Red Hat-family platforms
- Integration with database cookbook
- Make sure the postgres role is updated with a (secure) password

3
cookbooks/postgresql/CONTRIBUTING.md
View File

@ -4,13 +4,12 @@
### `master` branch
The master branch is the current comitted changes. These changes may not yet be released although we try to release often.
The master branch is the current committed changes. These changes may not yet be released although we try to release often.
## Tags
All releases are tagged in git. To see the releases available to you see the changelog or the tags directly.
## Pull requests
- <https://github.com/sous-chefs/postgresql/pulls>

503
cookbooks/postgresql/README.md
View File

@ -1,273 +1,420 @@
# postgresql cookbook
# PostgreSQL cookbook
[![Build Status](https://travis-ci.org/sous-chefs/postgresql.svg?branch=master)](https://travis-ci.org/sous-chefs/postgresql) [![Cookbook Version](https://img.shields.io/cookbook/v/postgresql.svg)](https://supermarket.chef.io/cookbooks/postgresql)
[![CircleCI](https://circleci.com/gh/sous-chefs/postgresql/tree/master.svg?style=svg)](https://circleci.com/gh/sous-chefs/postgresql/tree/master) [![Cookbook Version](https://img.shields.io/cookbook/v/postgresql.svg)](https://supermarket.chef.io/cookbooks/postgresql) [![pullreminders](https://pullreminders.com/badge.svg)](https://pullreminders.com?ref=badge)
Installs and configures PostgreSQL as a client or a server.
## Upgrading
If you are wondering where all the recipes went in v7.0+, or how on earth I use this new cookbook please see upgrading.md for a full description.
## Requirements
### Platforms
- Amazon Linux
- Debian 7+
- Ubuntu 12.04+
- Red Hat/CentOS/Scientific (6.0+ required) - "EL6-family"
- Ubuntu 14.04+
- Red Hat/CentOS/Scientific 6+
- Fedora
- SLES 12+
- openSUSE 13+ / openSUSE Leap
### PostgreSQL version
We follow the currently supported versions listed on <https://www.postgresql.org/support/versioning/>
### Chef
- Chef 12.1+
- Chef 13.8+
### Cookbooks
### Cookbook Dependencies
- `compat_resource`
- `openssl`
- `build-essential`
None.
## Attributes
## Resources
The following attributes are set based on the platform, see the `attributes/default.rb` file for default values.
### postgresql_client_install
- `node['postgresql']['version']` - version of postgresql to manage
- `node['postgresql']['dir']` - home directory of where postgresql data and configuration lives.
- `node['postgresql']['client']['packages']` - An array of package names that should be installed on "client" systems.
- `node['postgresql']['server']['packages']` - An array of package names that should be installed on "server" systems.
- `node['postgresql']['server']['config_change_notify']` - Type of notification triggered when a config file changes.
- `node['postgresql']['contrib']['packages']` - An array of package names that could be installed on "server" systems for useful sysadmin tools.
- `node['postgresql']['enable_pgdg_apt']` - Whether to enable the apt repo by the PostgreSQL Global Development Group, which contains newer versions of PostgreSQL.
- `node['postgresql']['enable_pgdg_yum']` - Whether to enable the yum repo by the PostgreSQL Global Development Group, which contains newer versions of PostgreSQL.
- `node['postgresql']['initdb_locale']` - Sets the default locale for the database cluster. If this attribute is not specified, the locale is inherited from the environment that initdb runs in. Sometimes you must have a system locale that is not what you want for your database cluster, and this attribute addresses that scenario. Valid only for EL-family distros (RedHat/Centos/etc.).
This resource installs PostgreSQL client packages.
The following attributes are generated in `recipe[postgresql::server]`.
#### Actions
## Configuration
- `install` - (default) Install client packages
The `postgresql.conf` and `pg_hba.conf` files are dynamically generated from attributes. Each key in `node['postgresql']['config']` is a postgresql configuration directive, and will be rendered in the config file. For example, the attribute:
#### Properties
Name | Types | Description | Default | Required?
------------------- | ----------------- | ------------------------------------------------------------- | ----------------------------------------- | ---------
`version` | String | Version of PostgreSQL to install | '9.6' | no
`setup_repo` | Boolean | Define if you want to add the PostgreSQL repo | true | no
`hba_file` | String | | `#{conf_dir}/main/pg_hba.conf` | no
`ident_file` | String | | `#{conf_dir}/main/pg_ident.conf` | no
`external_pid_file` | String | | `/var/run/postgresql/#{version}-main.pid` | no
`password` | String, nil | Pass in a password, or have the cookbook generate one for you | <random string> | no
#### Examples
To install version 9.5:
```ruby
node['postgresql']['config']['listen_addresses'] = 'localhost'
postgresql_client_install 'My PostgreSQL Client install' do
version '9.5'
end
```
Will result in the following line in the `postgresql.conf` file:
### postgresql_server_install
This resource installs PostgreSQL client and server packages.
#### Actions
- `install` - (default) Install client and server packages
- `create` - Initialize the database
#### Properties
Name | Types | Description | Default | Required?
------------------- | --------------- | --------------------------------------------- | -------------------------------------------------- | ---------
`version` | String | Version of PostgreSQL to install | '9.6' | no
`setup_repo` | Boolean | Define if you want to add the PostgreSQL repo | true | no
`hba_file` | String | Path of pg_hba.conf file | `<default_os_path>/pg_hba.conf'` | no
`ident_file` | String | Path of pg_ident.conf file | `<default_os_path>/pg_ident.conf` | no
`external_pid_file` | String | Path of PID file | `/var/run/postgresql/<version>-main.pid</version>` | no
`password` | String, nil | Set PostgreSQL user password | 'generate' | no
`port` | Integer | Set listen port of PostgreSQL service | 5432 | no
`initdb_locale` | String | Locale to initialise the database with | 'C' | no
#### Examples
To install PostgreSQL server, set your own postgres password using non-default service port.
```ruby
listen_addresses = 'localhost'
postgresql_server_install 'My PostgreSQL Server install' do
action :install
end
postgresql_server_install 'Setup my PostgreSQL 9.6 server' do
password 'MyP4ssw0rd'
port 5433
action :create
end
```
The attributes file contains default values for Debian and RHEL platform families (per the `node['platform_family']`). These defaults have disparity between the platforms because they were originally extracted from the postgresql.conf files in the previous version of this cookbook, which differed in their default config. The resulting configuration files will be the same as before, but the content will be dynamically rendered from the attributes. The helpful commentary will no longer be present. You should consult the PostgreSQL documentation for specific configuration details.
#### Known issues
See **Recipes** `config_initdb` and `config_pgtune` below to auto-generate many postgresql.conf settings.
On some platforms (e.g. Ubuntu 18.04), your `initdb_locale` should be set to the
same as the template database [GH-555](https://github.com/sous-chefs/postgresql/issues/555).
For values that are "on" or "off", they should be specified as literal `true` or `false`. String values will be used with single quotes. Any configuration option set to the literal `nil` will be skipped entirely. All other values (e.g., numeric literals) will be used as is. So for example:
### postgresql_server_conf
This resource manages postgresql.conf configuration file.
#### Actions
- `modify` - (default) Manager PostgreSQL configuration file (postgresql.conf)
#### Properties
Name | Types | Description | Default | Required?
---------------------- | ------- | --------------------------------------- | --------------------------------------------------- | ---------
`version` | String | Version of PostgreSQL to install | '9.6' | no
`data_directory` | String | Path of PostgreSQL data directory | `<default_os_data_path>` | no
`hba_file` | String | Path of pg_hba.conf file | `<default_os_conf_path>/pg_hba.conf` | no
`ident_file` | String | Path of pg_ident.conf file | `<default_os_conf_path>/pg_ident.conf` | no
`external_pid_file` | String | Path of PID file | `/var/run/postgresql/<postgresql_version>-main.pid` | no
`stats_temp_directory` | String | Path of stats file | `/var/run/postgresql/version>-main.pg_stat_tmp` | no
`port` | Integer | Set listen port of PostgreSQL service | 5432 | no
`additional_config` | Hash | Extra configuration for the config file | {} | no
#### Examples
To setup your PostgreSQL configuration with a specific data directory. If you have installed a specific version of PostgreSQL (different from 9.6), you must specify version in this resource too.
```ruby
node.default['postgresql']['config']['logging_collector'] = true
node.default['postgresql']['config']['datestyle'] = 'iso, mdy'
node.default['postgresql']['config']['ident_file'] = nil
node.default['postgresql']['config']['port'] = 5432
postgresql_server_conf 'My PostgreSQL Config' do
version '9.5'
data_directory '/data/postgresql/9.5/main'
notifies :reload, 'service[postgresql]'
end
```
Will result in the following config lines:
### postgresql_extension
This resource manages PostgreSQL extensions for a given database.
#### Actions
- `create` - (default) Creates an extension in a given database
- `drop` - Drops an extension from the database
#### Properties
Name | Types | Description | Default | Required?
------------- | ------ | -------------------------------------------------------------------------------- | ---------------- | ---------
`database` | String | Name of the database to install the extension into | | yes
`extension` | String | Name of the extension to install the database | Name of resource | yes
`version` | String | Version of the extension to install | | no
`old_version` | String | Older module name for new extension replacement. Appends FROM to extension query | | no
#### Examples
To install the `adminpack` extension:
```ruby
logging_collector = 'on'
datestyle = 'iso,mdy'
port = 5432
# Add the contrib package in Ubuntu/Debian
package 'postgresql-contrib-9.6'
# Install adminpack extension
postgresql_extension 'postgres adminpack' do
database 'postgres'
extension 'adminpack'
end
```
(no line printed for `ident_file` as it is `nil`)
### postgresql_access
Note that the `unix_socket_directory` configuration was renamed to `unix_socket_directories` in Postgres 9.3 so make sure to use the `node['postgresql']['unix_socket_directories']` attribute instead of `node['postgresql']['unix_socket_directory']`.
This resource uses the accumulator pattern to build up the `pg_hba.conf` file via chef resources instead of piling on a mountain of chef attributes to make this cookbook more reusable. It directly mirrors the configuration options of the postgres hba file in the resource and by default notifies the server with a reload to avoid a full restart, causing a potential outage of service. To revoke access, simply remove the resource and the access change won't be computed into the final `pg_hba.conf`
The `pg_hba.conf` file is dynamically generated from the `node['postgresql']['pg_hba']` attribute. This attribute must be an array of hashes, each hash containing the authorization data. As it is an array, you can append to it in your own recipes. The hash keys in the array must be symbols. Each hash will be written as a line in `pg_hba.conf`. For example, this entry from `node['postgresql']['pg_hba']`:
#### Actions
```
[{:comment => '# Optional comment',
:type => 'local', :db => 'all', :user => 'postgres', :addr => nil, :method => 'md5'}]
- `grant` - (default) Creates an access line inside of `pg_hba.conf`
#### Properties
Name | Types | Description | Default | Required?
--------------- | ------ | ----------------------------------------------------------------------------------------- | ----------------- | ---------
`name` | String | Name of the access resource, this is left as a comment inside the `pg_hba` config | Resource name | yes
`source` | String | The cookbook template filename if you want to use your own custom template | 'pg_hba.conf.erb' | yes
`cookbook` | String | The cookbook to look in for the template source | 'postgresql' | yes
`comment` | String | A comment to leave above the entry in `pg_hba` | nil | no
`access_type` | String | The type of access, e.g. local or host | 'local' | yes
`access_db` | String | The database to access. Can use 'all' for all databases | 'all' | yes
`access_user` | String | The user accessing the database. Can use 'all' for any user | 'all' | yes
`access_addr` | String | The address(es) allowed access. Can be nil if method ident is used since it is local then | nil | no
`access_method` | String | Authentication method to use | 'ident' | yes
#### Examples
To grant access to the PostgreSQL user with ident authentication:
```ruby
postgresql_access 'local_postgres_superuser' do
comment 'Local postgres superuser access'
access_type 'local'
access_db 'all'
access_user 'postgres'
access_addr nil
access_method 'ident'
end
```
Will result in the following line in `pg_hba.conf`:
This generates the following line in the `pg_hba.conf`:
```
# Optional comment
local all postgres md5
# Local postgres superuser access
local all postgres ident
```
Use `nil` if the CIDR-ADDRESS should be empty (as above). Don't provide a comment if none is desired in the `pg_hba.conf` file.
Note that the following authorization rule is supplied automatically by the cookbook template. The cookbook needs this to execute SQL in the PostgreSQL server without supplying the clear-text password (which isn't known by the cookbook). Therefore, your `node['postgresql']['pg_hba']` attributes don't need to specify this authorization rule:
**Note**: The template by default generates a local access for Unix domain sockets only to support running the SQL execute resources. In Postgres version 9.1 and higher, the method is 'peer' instead of 'ident' which is identical. It looks like this:
```
# "local" is for Unix domain socket connections only
local all all ident
local all all peer
```
(By the way, the template uses `peer` instead of `ident` for PostgreSQL-9.1 and above, which has the same effect.)
### postgresql_ident
## Recipes
This resource generate `pg_ident.conf` configuration file to manage user mapping between system and PostgreSQL users.
### default
#### Actions
Includes the client recipe.
- `create` - (default) Creates an mapping line inside of `pg_ident.conf`
### client
#### Properties
Installs the packages defined in the `node['postgresql']['client']['packages']` attribute.
Name | Types | Description | Default | Required?
-------------- | ----------- | -------------------------------------------------------------------------- | ------------------- | ---------
`mapname` | String | Name of the user mapping | Resource name | yes
`source` | String | The cookbook template filename if you want to use your own custom template | 'pg_ident.conf.erb' | no
`cookbook` | String | The cookbook to look in for the template source | 'postgresql' | no
`comment` | String, nil | A comment to leave above the entry in `pg_ident` | nil | no
`system_user` | String | System user or regexp used for the mapping | None | yes
`pg_user` | String | Pg user or regexp used for the mapping | None | yes
### ruby
#### Examples
Install the `pg` gem under Chef's Ruby environment so it can be used in other recipes. The build-essential packages and postgresql client packages will be installed during the compile phase, so that the native extensions of `pg` can be compiled.
### server
Includes the `server_debian` or `server_redhat` recipe to get the appropriate server packages installed and service managed. Also manages the configuration for the server:
- generates a strong default password (via `openssl`) for `postgres`
- sets the password for postgres
- manages the `postgresql.conf` file.
- manages the `pg_hba.conf` file.
### config_initdb
Takes locale and timezone settings from the system configuration. This recipe creates `node.default['postgresql']['config']` attributes that conform to the system's locale and timezone. In addition, this recipe creates the same error reporting and logging settings that `initdb` provided: a rotation of 7 days of log files named postgresql-Mon.log, etc.
The default attributes created by this recipe are easy to override with normal attributes because of Chef attribute precedence. For example, suppose a DBA wanted to keep log files indefinitely, rolling over daily or when growing to 10MB. The Chef installation could include the `postgresql::config_initdb` recipe for the locale and timezone settings, but customize the logging settings with these node JSON attributes:
```javascript
"postgresql": {
"config": {
"log_rotation_age": "1d",
"log_rotation_size": "10MB",
"log_filename": "postgresql-%Y-%m-%d_%H%M%S.log"
}
}
```
Credits: This `postgresql::config_initdb` recipe is based on algorithms in the [source code](http://doxygen.postgresql.org/initdb_8c_source.html) for the PostgreSQL `initdb` utility.
### config_pgtune
Performance tuning. Takes the wimpy default postgresql.conf and expands the database server to be as powerful as the hardware it's being deployed on. This recipe creates a baseline configuration of `node.default['postgresql']['config']` attributes in the right general range for a dedicated Postgresql system. Most installations won't need additional performance tuning.
The only decision you need to make is to choose a `db_type` from the following database workloads. (See the recipe code comments for more detailed descriptions.)
- "dw" -- Data Warehouse
- "oltp" -- Online Transaction Processing
- "web" -- Web Application
- "mixed" -- Mixed DW and OLTP characteristics
- "desktop" -- Not a dedicated database
This recipe uses a performance model with three input parameters. These node attributes are completely optional, but it is obviously important to choose the `db_type` correctly:
- `node['postgresql']['config_pgtune']['db_type']` -- Specifies database type from the list of five choices above. If not specified, the default is "mixed".
- `node['postgresql']['config_pgtune']['max_connections']` -- Specifies maximum number of connections expected. If not specified, it depends on database type: "web":200, "oltp":300, "dw":20, "mixed":80, "desktop":5
- `node['postgresql']['config_pgtune']['total_memory']` -- Specifies total system memory in kB. (E.g., "49416564kB".) If not specified, it will be taken from Ohai automatic attributes. This could be used to tune a system that isn't a dedicated database.
The default attributes created by this recipe are easy to override with normal attributes because of Chef attribute precedence. For example, if you are running application benchmarks to try different buffer cache sizes, you would experiment with this node JSON attribute:
```javascript
"postgresql": {
"config": {
"shared_buffers": "3GB"
}
}
```
Note that the recipe uses `max_connections` in its computations. If you want to override that setting, you should specify `node['postgresql']['config_pgtune']['max_connections']` instead of `node['postgresql']['config']['max_connections']`.
Credits: This `postgresql::config_pgtune` recipe is based on the [pgtune python script](https://github.com/gregs1104/pgtune) developed by [Greg Smith](http://notemagnet.blogspot.com/2008/11/automating-initial-postgresqlconf.html) and [other pgsql-hackers](http://www.postgresql.org/message-id/491C6CDC.8090506@agliodbs.com).
### contrib
Installs the packages defined in the `node['postgresql']['contrib']['packages']` attribute. The contrib directory of the PostgreSQL distribution includes porting tools, analysis utilities, and plug-in features that database engineers often require. Some (like `pgbench`) are executable. Others (like `pg_buffercache`) would need to be installed into the database.
Also installs any contrib module extensions defined in the `node['postgresql']['contrib']['extensions']` attribute. These will be available in any subsequently created databases in the cluster, because they will be installed into the `template1` database using the `CREATE EXTENSION` command. For example, it is often necessary/helpful for problem troubleshooting and maintenance planning to install the views and functions in these [standard instrumentation extensions] ([http://www.postgresql.org/message-id/flat/4DC32600.6080900@pgexperts.com#4DD3D6C6.5060006@2ndquadrant.com](mailto:http://www.postgresql.org/message-id/flat/4DC32600.6080900@pgexperts.com#4DD3D6C6.5060006@2ndquadrant.com)):
Creates a `mymapping` mapping that map `john` system user to `user1` PostgreSQL user:
```ruby
node['postgresql']['contrib']['extensions'] = [
"pageinspect",
"pg_buffercache",
"pg_freespacemap",
"pgrowlocks",
"pg_stat_statements",
"pgstattuple"
]
postgresql_ident 'Map john to user1' do
comment 'John Mapping'
mapname 'mymapping'
system_user 'john'
pg_user 'user1'
end
```
Note that the `pg_stat_statements` view only works if `postgresql.conf` loads its shared library, which can be done with this node attribute:
This generates the following line in the `pg_ident.conf`:
```
# MAPNAME SYSTEM-USERNAME PG-USERNAME
# John Mapping
mymapping john user1
```
To grant access to the foo user with password authentication:
```ruby
node['postgresql']['config']['shared_preload_libraries'] = 'pg_stat_statements'
postgresql_access 'local_foo_user' do
comment 'Foo user access'
access_type 'host'
access_db 'all'
access_user 'foo'
access_addr '127.0.0.1/32'
access_method 'md5'
end
```
If using `shared_preload_libraries` in combination with the `contrib` recipe, make sure that the `contrib` recipe is called before the `server` recipe (to ensure the dependencies are installed and setup in order).
This generates the following line in the `pg_hba.conf`:
### apt_pgdg_postgresql
```
# Local postgres superuser access
host all foo 127.0.0.1/32 ident
```
Enables the PostgreSQL Global Development Group yum repository maintained by Devrim Gündüz for updated PostgreSQL packages. (The PGDG is the groups that develops PostgreSQL.) Automatically included if the `node['postgresql']['enable_pgdg_apt']` attribute is true. Also set the `node['postgresql']['client']['packages']` and `node['postgresql']['server]['packages']` to the list of packages to use from this repository, and set the `node['postgresql']['version']` attribute to the version to use (e.g., "9.2").
### postgresql_database
### yum_pgdg_postgresql
This resource manages PostgreSQL databases.
Enables the PostgreSQL Global Development Group yum repository maintained by Devrim Gündüz for updated PostgreSQL packages. (The PGDG is the groups that develops PostgreSQL.) Automatically included if the `node['postgresql']['enable_pgdg_yum']` attribute is true. Also use `override_attributes` to set a number of values that will need to have embedded version numbers. For example:
#### Actions
- `create` - (default) Creates the given database.
- `drop` - Drops the given database.
#### Properties
Name | Types | Description | Default | Required?
---------- | ------- | ------------------------------------------------------------------- | ------------------- | ---------
`database` | String | Name of the database to create | Resource name | yes
`user` | String | User which run psql command | 'postgres' | no
`template` | String | Template used to create the new database | 'template1' | no
`host` | String | Define the host server where the database creation will be executed | Not set (localhost) | no
`port` | Integer | Define the port of PostgreSQL server | 5432 | no
`encoding` | String | Define database encoding | 'UTF-8' | no
`locale` | String | Define database locale | 'en_US.UTF-8' | no
`owner` | String | Define the owner of the database | Not set | no
#### Examples
To create database named 'my_app' with owner 'user1':
```ruby
node['postgresql']['enable_pgdg_yum'] = true
node['postgresql']['version'] = "9.4"
node['postgresql']['dir'] = "/var/lib/pgsql/9.4/data"
node['postgresql']['config']['data_directory'] = node['postgresql']['dir']
node['postgresql']['client']['packages'] = ["postgresql94", "postgresql94-devel"]
node['postgresql']['server']['packages'] = ["postgresql94-server"]
node['postgresql']['server']['service_name'] = "postgresql-9.4"
node['postgresql']['contrib']['packages'] = ["postgresql94-contrib"]
node['postgresql']['setup_script'] = "postgresql94-setup"
postgresql_database 'my_app' do
owner 'user1'
end
```
You may set `node['postgresql']['pgdg']['repo_rpm_url']` attributes to pick up recent [PGDG repo packages](http://yum.postgresql.org/repopackages.php).
#### Known issues
On some platforms (e.g. Ubuntu 18.04), your `initdb_locale` should be set to the
same as the template database [GH-555](https://github.com/sous-chefs/postgresql/issues/555).
### postgresql_user
This resource manage PostgreSQL users.
#### Actions
- `create` - (default) Creates the given user with default or given privileges.
- `update` - Update user privilieges.
- `drop` - Deletes the given user.
#### Properties
Name | Types | Description | Default | Required?
-------------------- | ------- | ----------------------------------------------- | -------- | ---------
`create_user` | String | User to create (defaults to the resource name) | | Yes
`superuser` | Boolean | Define if user needs superuser role | false | no
`createdb` | Boolean | Define if user needs createdb role | false | no
`createrole` | Boolean | Define if user needs createrole role | false | no
`inherit` | Boolean | Define if user inherits the privileges of roles | true | no
`replication` | Boolean | Define if user needs replication role | false | no
`login` | Boolean | Define if user can login | true | no
`password` | String | Set user's password | | no
`encrypted_password` | String | Set user's password with an hashed password | | no
`valid_until` | String | Define an account expiration date | | no
`attributes` | Hash | Additional attributes for :update action | {} | no
`user` | String | User for command | postgres | no
`database` | String | Database for command | | no
`host` | String | Hostname for command | | no
`port` | Integer | Port number to connect to postgres | 5432 | no
#### Examples
Create a user `user1` with a password, with `createdb` role and set an expiration date to 2018, Dec 21.
```ruby
postgresql_user 'user1' do
password 'UserP4ssword'
createdb true
valid_until '2018-12-31'
end
```
Create a user `user1` with a password, with `createdb` role and set an expiration date to 2018, Dec 21.
```ruby
postgresql_user 'user1' do
password 'UserP4ssword'
createdb true
valid_until '2018-12-31'
end
```
## Usage
On systems that need to connect to a PostgreSQL database, add to a run list `recipe[postgresql]` or `recipe[postgresql::client]`.
To install and configure your PostgreSQL instance you need to create your own cookbook and call needed resources with your own parameters.
On systems that should be PostgreSQL servers, use `recipe[postgresql::server]` on a run list. This recipe does set a password for the `postgres` user. If you're using `chef server`, if the attribute `node['postgresql']['password']['postgres']` is not found, the recipe generates a random password and performs a node.save. (TODO: This is broken, as it disables the password.) If you're using `chef-solo`, you'll need to set the attribute `node['postgresql']['password']['postgres']` in your node's `json_attribs` file or in a role.
More examples can be found in `test/cookbooks/test/recipes`
On Debian family systems, SSL will be enabled, as the packages on Debian/Ubuntu also generate the SSL certificates. If you use another platform and wish to use SSL in postgresql, then generate your SSL certificates and distribute them in your own cookbook, and set the `node['postgresql']['config']['ssl']` attribute to true in your role/cookboook/node.
On server systems, the postgres server is restarted when a configuration file changes. This can be changed to reload only by setting the following attribute:
## Example Usage
```ruby
node['postgresql']['server']['config_change_notify'] = :reload
# cookbooks/my_postgresql/recipes/default.rb
postgresql_client_install 'PostgreSQL Client' do
setup_repo false
version '10.6'
end
postgresql_server_install 'PostgreSQL Server' do
version '10.6'
setup_repo false
password 'P0stgresP4ssword'
end
postgresql_server_conf 'PostgreSQL Config' do
notifies :reload, 'service[postgresql]'
end
```
## Chef Solo Note
## Contributing
The following node attribute is stored on the Chef Server when using `chef-client`. Because `chef-solo` does not connect to a server or save the node object at all, to have the password persist across `chef-solo` runs, you must specify them in the `json_attribs` file used. For Example:
Please refer to each project's style guidelines and guidelines for submitting patches and additions. In general, we follow the "fork-and-pull" Git workflow.
```
{
"postgresql": {
"password": {
"postgres": "iloverandompasswordsbutthiswilldo"
}
},
"run_list": ["recipe[postgresql::server]"]
}
```
1. **Fork** the repo on GitHub
2. **Clone** the project to your own machine
3. **Commit** changes to your own branch
4. **Push** your work back up to your fork
5. Submit a **Pull request** so that we can review your changes
That should actually be the "encrypted password" instead of cleartext, so you should generate it as an md5 hash using the PostgreSQL algorithm.
NOTE: Be sure to merge the latest from "upstream" before making a pull request!
- You could copy the md5-hashed password from an existing postgres database if you have `postgres` access and want to use the same password:<br>
`select * from pg_shadow where usename='postgres';`
- You can run this from any postgres database session to use a new password:<br>
`select 'md5'||md5('iloverandompasswordsbutthiswilldo'||'postgres');`
- You can run this from a linux commandline:<br>
`echo -n 'iloverandompasswordsbutthiswilldo''postgres' | openssl md5 | sed -e 's/.* /md5/'`
[Contribution informations for this project](CONTRIBUTING.md)
## License
Copyright 2010-2016, Chef Software, Inc.
Copyright 2010-2017, Chef Software, Inc.
```text
Licensed under the Apache License, Version 2.0 (the "License");

244
cookbooks/postgresql/attributes/default.rb
View File

@ -1,244 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Attributes:: postgresql
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['postgresql']['enable_pgdg_apt'] = false
default['postgresql']['enable_pgdg_yum'] = false
default['postgresql']['use_pgdg_packages'] = false
default['postgresql']['server']['config_change_notify'] = :restart
default['postgresql']['assign_postgres_password'] = true
# Establish default database name
default['postgresql']['database_name'] = 'template1'
# Sets OS init system (upstart, systemd, ...), instead of relying on Ohai
default['postgresql']['server']['init_package'] =
case node['platform']
when 'debian'
if node['platform_version'].to_f < 7.0
'sysv'
else
'systemd'
end
when 'ubuntu'
if node['platform_version'].to_f < 15.04
'upstart'
else
'systemd'
end
when 'amazon'
'upstart'
when 'redhat', 'centos', 'scientific', 'oracle'
if node['platform_version'].to_i < 7
'sysv'
else
'systemd'
end
when 'fedora'
'systemd'
when 'opensuse', 'opensuseleap'
'systemd'
else
'upstart'
end
case node['platform']
when 'debian'
if node['platform_version'].to_i == 7
default['postgresql']['version'] = '9.1'
default['postgresql']['dir'] = '/etc/postgresql/9.1/main'
default['postgresql']['client']['packages'] = ['postgresql-client-9.1', 'libpq-dev']
default['postgresql']['server']['packages'] = ['postgresql-9.1']
default['postgresql']['contrib']['packages'] = ['postgresql-contrib-9.1']
else # 8+
default['postgresql']['version'] = '9.4'
default['postgresql']['dir'] = '/etc/postgresql/9.4/main'
default['postgresql']['client']['packages'] = ['postgresql-client-9.4', 'libpq-dev']
default['postgresql']['server']['packages'] = ['postgresql-9.4']
default['postgresql']['contrib']['packages'] = ['postgresql-contrib-9.4']
end
default['postgresql']['server']['service_name'] = 'postgresql'
when 'ubuntu'
if node['platform_version'].to_f <= 13.10
default['postgresql']['version'] = '9.1'
default['postgresql']['dir'] = '/etc/postgresql/9.1/main'
default['postgresql']['server']['service_name'] = 'postgresql'
default['postgresql']['client']['packages'] = ['postgresql-client-9.1', 'libpq-dev']
default['postgresql']['server']['packages'] = ['postgresql-9.1']
default['postgresql']['contrib']['packages'] = ['postgresql-contrib-9.1']
elsif node['platform_version'].to_f <= 14.04
default['postgresql']['version'] = '9.3'
default['postgresql']['dir'] = '/etc/postgresql/9.3/main'
default['postgresql']['server']['service_name'] = 'postgresql'
default['postgresql']['client']['packages'] = ['postgresql-client-9.3', 'libpq-dev']
default['postgresql']['server']['packages'] = ['postgresql-9.3']
default['postgresql']['contrib']['packages'] = ['postgresql-contrib-9.3']
elsif node['platform_version'].to_f <= 15.10
default['postgresql']['version'] = '9.4'
default['postgresql']['dir'] = '/etc/postgresql/9.4/main'
default['postgresql']['server']['service_name'] = 'postgresql'
default['postgresql']['client']['packages'] = ['postgresql-client-9.4', 'libpq-dev']
default['postgresql']['server']['packages'] = ['postgresql-9.4']
default['postgresql']['contrib']['packages'] = ['postgresql-contrib-9.4']
else
default['postgresql']['version'] = '9.5'
default['postgresql']['dir'] = '/etc/postgresql/9.5/main'
default['postgresql']['server']['service_name'] = 'postgresql'
default['postgresql']['client']['packages'] = ['postgresql-client-9.5', 'libpq-dev']
default['postgresql']['server']['packages'] = ['postgresql-9.5']
default['postgresql']['contrib']['packages'] = ['postgresql-contrib-9.5']
end
when 'fedora'
default['postgresql']['version'] = '9.5'
default['postgresql']['setup_script'] = 'postgresql-setup'
default['postgresql']['dir'] = '/var/lib/pgsql/data'
default['postgresql']['client']['packages'] = %w(postgresql-devel postgresql-contrib)
default['postgresql']['server']['packages'] = %w(postgresql-server)
default['postgresql']['contrib']['packages'] = %w(postgresql-contrib)
default['postgresql']['server']['service_name'] = 'postgresql'
default['postgresql']['uid'] = '26'
default['postgresql']['gid'] = '26'
when 'amazon'
if node['platform_version'].to_f >= 2015.03
default['postgresql']['version'] = '9.2'
default['postgresql']['dir'] = '/var/lib/pgsql9/data'
end
default['postgresql']['client']['packages'] = %w(postgresql-devel)
default['postgresql']['server']['packages'] = %w(postgresql-server)
default['postgresql']['contrib']['packages'] = %w(postgresql-contrib)
default['postgresql']['server']['service_name'] = 'postgresql'
default['postgresql']['uid'] = '26'
default['postgresql']['gid'] = '26'
when 'redhat', 'centos', 'scientific', 'oracle'
default['postgresql']['version'] = '8.4'
default['postgresql']['client']['packages'] = 'postgresql84-devel'
default['postgresql']['server']['packages'] = ['postgresql84-server']
default['postgresql']['contrib']['packages'] = ['postgresql84-contrib']
default['postgresql']['setup_script'] = 'postgresql-setup'
default['postgresql']['server']['service_name'] = 'postgresql'
default['postgresql']['uid'] = '26'
default['postgresql']['gid'] = '26'
if node['platform_version'].to_f >= 6.0 && node['postgresql']['version'].to_f == 8.4
default['postgresql']['client']['packages'] = 'postgresql-devel'
default['postgresql']['server']['packages'] = ['postgresql-server']
default['postgresql']['contrib']['packages'] = ['postgresql-contrib']
end
if node['platform_version'].to_f >= 7.0
default['postgresql']['version'] = '9.2'
default['postgresql']['client']['packages'] = 'postgresql-devel'
default['postgresql']['server']['packages'] = ['postgresql-server']
default['postgresql']['contrib']['packages'] = ['postgresql-contrib']
end
when 'opensuse', 'opensuseleap'
default['postgresql']['dir'] = '/var/lib/pgsql/data'
default['postgresql']['uid'] = '26'
default['postgresql']['gid'] = '26'
case node['platform_version'].to_f
when 13.1
default['postgresql']['version'] = '9.2'
default['postgresql']['client']['packages'] = ['postgresql92', 'postgresql92-devel']
default['postgresql']['server']['packages'] = ['postgresql92-server']
default['postgresql']['contrib']['packages'] = ['postgresql92-contrib']
when 13.2
default['postgresql']['version'] = '9.3'
default['postgresql']['client']['packages'] = ['postgresql93', 'postgresql93-devel']
default['postgresql']['server']['packages'] = ['postgresql93-server']
default['postgresql']['contrib']['packages'] = ['postgresql93-contrib']
else # opensuseleap
default['postgresql']['version'] = '9.4'
default['postgresql']['client']['packages'] = ['postgresql94', 'postgresql94-devel']
default['postgresql']['server']['packages'] = ['postgresql94-server']
default['postgresql']['contrib']['packages'] = ['postgresql94-contrib']
end
default['postgresql']['server']['service_name'] = 'postgresql'
when 'suse' # sles 12+
default['postgresql']['version'] = '9.1'
default['postgresql']['client']['packages'] = ['postgresql91', 'rubygem-pg']
default['postgresql']['server']['packages'] = ['postgresql91-server']
default['postgresql']['contrib']['packages'] = ['postgresql91-contrib']
default['postgresql']['dir'] = '/var/lib/pgsql/data'
default['postgresql']['server']['service_name'] = 'postgresql'
end
case node['platform_family']
when 'debian'
default['postgresql']['config']['listen_addresses'] = 'localhost'
default['postgresql']['config']['port'] = 5432
default['postgresql']['config']['max_connections'] = 100
default['postgresql']['config']['shared_buffers'] = '24MB'
default['postgresql']['config']['log_line_prefix'] = '%t '
default['postgresql']['config']['datestyle'] = 'iso, mdy'
default['postgresql']['config']['default_text_search_config'] = 'pg_catalog.english'
default['postgresql']['config']['ssl'] = true
when 'rhel', 'fedora', 'suse'
default['postgresql']['config']['listen_addresses'] = 'localhost'
default['postgresql']['config']['port'] = 5432
default['postgresql']['config']['max_connections'] = 100
default['postgresql']['config']['shared_buffers'] = '32MB'
default['postgresql']['config']['logging_collector'] = true
default['postgresql']['config']['log_directory'] = 'pg_log'
default['postgresql']['config']['log_filename'] = 'postgresql-%a.log'
default['postgresql']['config']['log_truncate_on_rotation'] = true
default['postgresql']['config']['log_rotation_age'] = '1d'
default['postgresql']['config']['log_rotation_size'] = 0
default['postgresql']['config']['datestyle'] = 'iso, mdy'
default['postgresql']['config']['lc_messages'] = 'en_US.UTF-8'
default['postgresql']['config']['lc_monetary'] = 'en_US.UTF-8'
default['postgresql']['config']['lc_numeric'] = 'en_US.UTF-8'
default['postgresql']['config']['lc_time'] = 'en_US.UTF-8'
default['postgresql']['config']['default_text_search_config'] = 'pg_catalog.english'
end
default['postgresql']['pg_hba'] = [
{ type: 'local', db: 'all', user: 'postgres', addr: nil, method: 'ident' },
{ type: 'local', db: 'all', user: 'all', addr: nil, method: 'ident' },
{ type: 'host', db: 'all', user: 'all', addr: '127.0.0.1/32', method: 'md5' },
{ type: 'host', db: 'all', user: 'all', addr: '::1/128', method: 'md5' },
]
default['postgresql']['password'] = {}
# set to install a specific version of the ruby gem pg
# if attribute is not defined, install will pick the latest available pg gem
default['postgresql']['pg_gem']['version'] = nil
case node['platform_family']
when 'debian'
default['postgresql']['pgdg']['release_apt_codename'] = node['lsb']['codename']
end
default['postgresql']['initdb_locale'] = 'UTF-8'

507
cookbooks/postgresql/attributes/yum_pgdg_packages.rb
View File

@ -1,507 +0,0 @@
# frozen_string_literal: true
# The PostgreSQL RPM Building Project built repository RPMs for easy
# access to the PGDG yum repositories. Links to RPMs for installation
# on the supported version/platform combinations are listed at
# http://yum.postgresql.org/repopackages.php, and the links for
# PostgreSQL 9.2, 9.3, 9.4, 9.5 and 9.6 are captured below.
#
default['postgresql']['pgdg']['repo_rpm_url'] = {
'9.6' => {
'amazon' => {
'2015' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-i386/',
'package' => 'pgdg-ami201503-96-9.6-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-x86_64/',
'package' => 'pgdg-ami201503-96-9.6-3.noarch.rpm',
},
},
},
'centos' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-7-x86_64/',
'package' => 'pgdg-centos96-9.6-3.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-i386/',
'package' => 'pgdg-centos96-9.6-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-x86_64/',
'package' => 'pgdg-centos96-9.6-3.noarch.rpm',
},
},
},
'redhat' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-7-x86_64/',
'package' => 'pgdg-redhat96-9.6-3.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-i386/',
'package' => 'pgdg-redhat96-9.6-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-x86_64/',
'package' => 'pgdg-redhat96-9.6-3.noarch.rpm',
},
},
},
'oracle' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-7-x86_64/',
'package' => 'pgdg-oraclelinux96-9.6-3.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-i386/',
'package' => 'pgdg-oraclelinux96-9.6-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-x86_64/',
'package' => 'pgdg-oraclelinux96-9.6-3.noarch.rpm',
},
},
},
'scientific' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-7-x86_64/',
'package' => 'pgdg-sl96-9.6-3.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-i386/',
'package' => 'pgdg-sl96-9.6-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-x86_64/',
'package' => 'pgdg-sl96-9.6-3.noarch.rpm',
},
},
},
'fedora' => {
'22' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/fedora/fedora-22-x86_64/',
'package' => 'pgdg-fedora96-9.6-3.noarch.rpm',
},
},
'23' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/fedora/fedora-23-x86_64/',
'package' => 'pgdg-fedora96-9.6-3.noarch.rpm',
},
},
'24' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/fedora/fedora-24-x86_64/',
'package' => 'pgdg-fedora96-9.6-3.noarch.rpm',
},
},
'25' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/fedora/fedora-25-x86_64/',
'package' => 'pgdg-fedora96-9.6-3.noarch.rpm',
},
},
},
},
'9.5' => {
'amazon' => {
'2015' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-i386/',
'package' => 'pgdg-ami201503-95-9.5-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-x86_64/',
'package' => 'pgdg-ami201503-95-9.5-3.noarch.rpm',
},
},
},
'centos' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-7-x86_64/',
'package' => 'pgdg-centos95-9.5-3.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-i386/',
'package' => 'pgdg-centos95-9.5-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-x86_64/',
'package' => 'pgdg-centos95-9.5-3.noarch.rpm',
},
},
},
'redhat' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-7-x86_64/',
'package' => 'pgdg-redhat95-9.5-3.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-i386/',
'package' => 'pgdg-redhat95-9.5-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-x86_64/',
'package' => 'pgdg-redhat95-9.5-3.noarch.rpm',
},
},
},
'oracle' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-7-x86_64/',
'package' => 'pgdg-oraclelinux95-9.5-3.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-i386/',
'package' => 'pgdg-oraclelinux95-9.5-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-x86_64/',
'package' => 'pgdg-oraclelinux95-9.5-3.noarch.rpm',
},
},
},
'scientific' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-7-x86_64/',
'package' => 'pgdg-sl95-9.5-3.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-i386/',
'package' => 'pgdg-sl95-9.5-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-x86_64/',
'package' => 'pgdg-sl95-9.5-3.noarch.rpm',
},
},
},
'fedora' => {
'22' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/fedora/fedora-22-x86_64/',
'package' => 'pgdg-fedora95-9.5-3.noarch.rpm',
},
},
'23' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/fedora/fedora-23-x86_64/',
'package' => 'pgdg-fedora95-9.5-4.noarch.rpm',
},
},
'24' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/fedora/fedora-24-x86_64/',
'package' => 'pgdg-fedora95-9.5-4.noarch.rpm',
},
},
'25' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/fedora/fedora-25-x86_64/',
'package' => 'pgdg-fedora95-9.5-4.noarch.rpm',
},
},
},
},
'9.4' => {
'redhat' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/',
'package' => 'pgdg-redhat94-9.4-2.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-i386/',
'package' => 'pgdg-redhat94-9.4-2.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/',
'package' => 'pgdg-redhat94-9.4-2.noarch.rpm',
},
},
},
'centos' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/',
'package' => 'pgdg-centos94-9.4-2.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-i386/',
'package' => 'pgdg-centos94-9.4-2.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/',
'package' => 'pgdg-centos94-9.4-2.noarch.rpm',
},
},
'5' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-5-i386/',
'package' => 'pgdg-centos94-9.4-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-5-x86_64/',
'package' => 'pgdg-centos94-9.4-3.noarch.rpm',
},
},
},
'fedora' => {
'22' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/fedora/fedora-22-x86_64/',
'package' => 'pgdg-fedora94-9.4-4.noarch.rpm',
},
},
'23' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/fedora/fedora-23-x86_64/',
'package' => 'pgdg-fedora94-9.4-5.noarch.rpm',
},
},
'24' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/fedora/fedora-24-x86_64/',
'package' => 'pgdg-fedora94-9.4-5.noarch.rpm',
},
},
'25' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/fedora/fedora-25-x86_64/',
'package' => 'pgdg-fedora94-9.4-5.noarch.rpm',
},
},
},
'amazon' => {
'2015' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-i386/',
'package' => 'pgdg-ami201503-94-9.4-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/',
'package' => 'pgdg-ami201503-94-9.4-3.noarch.rpm',
},
},
},
'scientific' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/',
'package' => 'pgdg-sl94-9.4-3.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-i386/',
'package' => 'pgdg-sl94-9.4-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/',
'package' => 'pgdg-sl94-9.4-3.noarch.rpm',
},
},
},
'oracle' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/',
'package' => 'pgdg-oraclelinux94-9.4-3.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-i386/',
'package' => 'pgdg-oraclelinux94-9.4-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/',
'package' => 'pgdg-oraclelinux94-9.4-3.noarch.rpm',
},
},
},
},
'9.3' => {
'amazon' => {
'2015' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-i386/',
'package' => 'pgdg-redhat93-9.3-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-x86_64/',
'package' => 'pgdg-redhat93-9.3-3.noarch.rpm',
},
},
'2014' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-i386/',
'package' => 'pgdg-redhat93-9.3-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-x86_64/',
'package' => 'pgdg-redhat93-9.3-3.noarch.rpm',
},
},
},
'centos' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-7-x86_64/',
'package' => 'pgdg-centos93-9.3-3.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-i386/',
'package' => 'pgdg-centos93-9.3-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-x86_64/',
'package' => 'pgdg-centos93-9.3-3.noarch.rpm',
},
},
},
'fedora' => {
'23' => {
'x86_64' => {
'url' => 'https://yum.postgresql.org/9.3/fedora/fedora-23-x86_64/',
'package' => 'pgdg-fedora93-9.3-4.noarch.rpm',
},
},
},
'redhat' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-7-x86_64/',
'package' => 'pgdg-redhat93-9.3-2.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-i386/',
'package' => 'pgdg-redhat93-9.3-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-x86_64/',
'package' => 'pgdg-redhat93-9.3-3.noarch.rpm',
},
},
},
'oracle' => {
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-i386/',
'package' => 'pgdg-redhat93-9.3-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-x86_64/',
'package' => 'pgdg-redhat93-9.3-3.noarch.rpm',
},
},
},
'scientific' => {
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-i386/',
'package' => 'pgdg-sl93-9.3-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-x86_64/',
'package' => 'pgdg-sl93-9.3-3.noarch.rpm',
},
},
'5' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-5-i386/',
'package' => 'pgdg-sl93-9.3-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-5-x86_64/',
'package' => 'pgdg-sl93-9.3-3.noarch.rpm',
},
},
},
},
'9.2' => {
'centos' => {
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.2/redhat/rhel-6-i386/',
'package' => 'pgdg-centos92-9.2-8.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.2/redhat/rhel-6-x86_64/',
'package' => 'pgdg-centos92-9.2-8.noarch.rpm',
},
},
},
'redhat' => {
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.2/redhat/rhel-6-i386/',
'package' => 'pgdg-redhat92-9.2-9.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.2/redhat/rhel-6-x86_64/',
'package' => 'pgdg-redhat92-9.2-9.noarch.rpm',
},
},
},
'oracle' => {
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.2/redhat/rhel-6-i386/',
'package' => 'pgdg-redhat92-9.2-9.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.2/redhat/rhel-6-x86_64/',
'package' => 'pgdg-redhat92-9.2-9.noarch.rpm',
},
},
},
'scientific' => {
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.2/redhat/rhel-6-i386/',
'package' => 'pgdg-sl92-9.2-10.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.2/redhat/rhel-6-x86_64/',
'package' => 'pgdg-sl92-9.2-10.noarch.rpm',
},
},
},
},
}

307
cookbooks/postgresql/libraries/default.rb
View File

@ -1,307 +0,0 @@
# frozen_string_literal: false
#
# Cookbook:: postgresql
# Library:: default
# Author:: David Crane (<davidc@donorschoose.org>)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include Chef::Mixin::ShellOut
module Opscode
module PostgresqlHelpers
#######
# Function to truncate value to 4 significant bits, render human readable.
# Used in recipes/config_initdb.rb to set this attribute:
#
# The memory settings (shared_buffers, effective_cache_size, work_mem,
# maintenance_work_mem and wal_buffers) will be rounded down to keep
# the 4 most significant bits, so that SHOW will be likely to use a
# larger divisor. The output is actually a human readable string that
# ends with "GB", "MB" or "kB" if over 1023, exactly what Postgresql
# will expect in a postgresql.conf setting. The output may be up to
# 6.25% less than the original value because of the rounding.
def binaryround(value)
# Keep a multiplier which grows through powers of 1
multiplier = 1
# Truncate value to 4 most significant bits
while value >= 16
value = (value / 2).floor
multiplier *= 2
end
# Factor any remaining powers of 2 into the multiplier
while value == 2 * (value / 2).floor
value = (value / 2).floor
multiplier *= 2
end
# Factor enough powers of 2 back into the value to
# leave the multiplier as a power of 1024 that can
# be represented as units of "GB", "MB" or "kB".
if multiplier >= 1024 * 1024 * 1024
while multiplier > 1024 * 1024 * 1024
value = 2 * value
multiplier = (multiplier / 2).floor
end
multiplier = 1
units = 'GB'
elsif multiplier >= 1024 * 1024
while multiplier > 1024 * 1024
value = 2 * value
multiplier = (multiplier / 2).floor
end
multiplier = 1
units = 'MB'
elsif multiplier >= 1024
while multiplier > 1024
value = 2 * value
multiplier = (multiplier / 2).floor
end
multiplier = 1
units = 'kB'
else
units = ''
end
# Now we can return a nice human readable string.
"#{multiplier * value}#{units}"
end
#######
# Locale Configuration
# Function to test the date order.
# Used in recipes/config_initdb.rb to set this attribute:
# node.default['postgresql']['config']['datestyle']
def locale_date_order
# Test locale conversion of mon=11, day=22, year=33
testtime = DateTime.new(2033, 11, 22, 0, 0, 0, '-00:00')
#=> #<DateTime: 2033-11-22T00:00:00-0000 ...>
# %x - Preferred representation for the date alone, no time
res = testtime.strftime('%x')
return 'mdy' if res.nil?
posM = res.index('11')
posD = res.index('22')
posY = res.index('33')
if posM.nil? || posD.nil? || posY.nil?
return 'mdy'
elseif (posY < posM && posM < posD)
return 'ymd'
elseif (posD < posM)
return 'dmy'
end
'mdy'
end
#######
# Timezone Configuration
require 'find'
# Function to determine where the system stored shared timezone data.
# Used in recipes/config_initdb.rb to detemine where it should have
# select_default_timezone(tzdir) search.
def pg_TZDIR
# System time zone conversions are controlled by a timezone data file
# identified through environment variables (TZ and TZDIR) and/or file
# and directory naming conventions specific to the Linux distribution.
# Each of these timezone names will have been loaded into the PostgreSQL
# pg_timezone_names view by the package maintainer.
#
# Instead of using the timezone name configured as the system default,
# the PostgreSQL server uses ones named in postgresql.conf settings
# (timezone and log_timezone). The initdb utility does initialize those
# settings to the timezone name that corresponds to the system default.
#
# The system's timezone name is actually a filename relative to the
# shared zoneinfo directory. That is usually /usr/share/zoneinfo, but
# it was /usr/lib/zoneinfo in older distributions and can be anywhere
# if specified by the environment variable TZDIR. The tzset(3) manpage
# seems to indicate the following precedence:
tzdir = nil
if ::File.directory?('/usr/lib/zoneinfo')
tzdir = '/usr/lib/zoneinfo'
else
share_path = [ENV['TZDIR'], '/usr/share/zoneinfo'].compact.first
tzdir = share_path if ::File.directory?(share_path)
end
tzdir
end
#######
# Function to support select_default_timezone(tzdir), which is
# used in recipes/config_initdb.rb.
def validate_zone(tzname)
# PostgreSQL does not support leap seconds, so this function tests
# the usual Linux tzname convention to avoid a misconfiguration.
# Assume that the tzdata package maintainer has kept all timezone
# data files with support for leap seconds is kept under the
# so-named "right/" subdir of the shared zoneinfo directory.
#
# The original PostgreSQL initdb is not Unix-specific, so it did a
# very complicated, thorough test in its pg_tz_acceptable() function
# that I could not begin to understand how to do in ruby :).
#
# Testing the tzname is good enough, since a misconfiguration
# will result in an immediate fatal error when the PostgreSQL
# service is started, with pgstartup.log messages such as:
# LOG: time zone "right/US/Eastern" appears to use leap seconds
# DETAIL: PostgreSQL does not support leap seconds.
if tzname.index('right/') == 0
false
else
true
end
end
# Function to support select_default_timezone(tzdir), which is
# used in recipes/config_initdb.rb.
def scan_available_timezones(tzdir)
# There should be an /etc/localtime zoneinfo file that is a link to
# (or a copy of) a timezone data file under tzdir, which should have
# been installed under the "share" directory by the tzdata package.
#
# The initdb utility determines which shared timezone file is being
# used as the system's default /etc/localtime. The timezone name is
# the timezone file path relative to the tzdir.
bestzonename = nil
if tzdir.nil?
Chef::Log.error('The zoneinfo directory not found (looked for /usr/share/zoneinfo and /usr/lib/zoneinfo)')
elsif !::File.exist?('/etc/localtime')
Chef::Log.error('The system zoneinfo file not found (looked for /etc/localtime)')
elsif ::File.directory?('/etc/localtime')
Chef::Log.error('The system zoneinfo file not found (/etc/localtime is a directory instead)')
elsif ::File.symlink?('/etc/localtime')
# PostgreSQL initdb doesn't use the symlink target, but this
# certainly will make sense to any system administrator. A full
# scan of the tzdir to find the shortest filename could result
# "US/Eastern" instead of "America/New_York" as bestzonename,
# in spite of what the sysadmin had specified in the symlink.
# (There are many duplicates under tzdir, with the same timezone
# content appearing as an average of 2-3 different file names.)
path = ::File.realdirpath('/etc/localtime')
bestzonename = path.gsub("#{tzdir}/", '')
else # /etc/localtime is a file, so scan for it under tzdir
localtime_content = File.read('/etc/localtime')
Find.find(tzdir) do |path|
# Only consider files (skip directories or symlinks)
next unless !::File.directory?(path) && !::File.symlink?(path)
# Ignore any file named "posixrules" or "localtime"
next unless ::File.basename(path) != 'posixrules' && ::File.basename(path) != 'localtime'
# Do consider if content exactly matches /etc/localtime.
next unless localtime_content == File.read(path)
tzname = path.gsub("#{tzdir}/", '')
next unless validate_zone(tzname)
if bestzonename.nil? ||
tzname.length < bestzonename.length ||
(tzname.length == bestzonename.length &&
(tzname <=> bestzonename) < 0)
bestzonename = tzname
end
end
end
bestzonename
end
# Function to support select_default_timezone(tzdir), which is
# used in recipes/config_initdb.rb.
def identify_system_timezone(tzdir)
resultbuf = scan_available_timezones(tzdir)
if !resultbuf.nil?
# Ignore Olson's rather silly "Factory" zone; use GMT instead
resultbuf = nil if (resultbuf <=> 'Factory') == 0
else
# Did not find the timezone. Fallback to use a GMT zone. Note that the
# Olson timezone database names the GMT-offset zones in POSIX style: plus
# is west of Greenwich.
testtime = DateTime.now
std_ofs = testtime.strftime('%:z').split(':')[0].to_i
resultbuf = [
'Etc/GMT',
-std_ofs > 0 ? '+' : '',
(-std_ofs).to_s,
].join('')
end
resultbuf
end
#######
# Function to determine the name of the system's default timezone.
# Used in recipes/config_initdb.rb to set these attributes:
# node.default['postgresql']['config']['log_timezone']
# node.default['postgresql']['config']['timezone']
def select_default_timezone(tzdir)
system_timezone = nil
# Check TZ environment variable
tzname = ENV['TZ']
if !tzname.nil? && !tzname.empty? && validate_zone(tzname)
system_timezone = tzname
else
# Nope, so try to identify system timezone from /etc/localtime
tzname = identify_system_timezone(tzdir)
system_timezone = tzname if validate_zone(tzname)
end
system_timezone
end
#######
# Function to execute an SQL statement in the default database.
# Input: Query could be a single String or an Array of String.
# Output: A String with |-separated columns and \n-separated rows.
# Note an empty output could mean psql couldn't connect.
# This is easiest for 1-field (1-row, 1-col) results, otherwise
# it will be complex to parse the results.
def execute_sql(query, db_name = node['postgresql']['database_name'])
# query could be a String or an Array of String
statement = query.is_a?(String) ? query : query.join("\n")
cmd = shell_out("psql -q --tuples-only --no-align -d #{db_name} -f -",
user: 'postgres',
input: statement)
# If psql fails, generally the postgresql service is down.
# Instead of aborting chef with a fatal error, let's just
# pass these non-zero exitstatus back as empty cmd.stdout.
if cmd.exitstatus == 0 && !cmd.stderr.empty?
# An SQL failure is still a zero exitstatus, but then the
# stderr explains the error, so let's rais that as fatal.
Chef::Log.fatal("psql failed executing this SQL statement:\n#{statement}")
Chef::Log.fatal(cmd.stderr)
raise 'SQL ERROR'
end
cmd.stdout.chomp
end
# End the Opscode::PostgresqlHelpers module
end
end

247
cookbooks/postgresql/libraries/helpers.rb Normal file
View File

@ -0,0 +1,247 @@
#
# Cookbook:: postgresql
# Library:: helpers
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module PostgresqlCookbook
module Helpers
include Chef::Mixin::ShellOut
require 'securerandom'
def psql_command_string(new_resource, query, grep_for: nil, value_only: false)
cmd = "/usr/bin/psql -c \"#{query}\""
cmd << " -d #{new_resource.database}" if new_resource.database
cmd << " -U #{new_resource.user}" if new_resource.user
cmd << " --host #{new_resource.host}" if new_resource.host
cmd << " --port #{new_resource.port}" if new_resource.port
cmd << ' --tuples-only' if value_only
cmd << " | grep #{grep_for}" if grep_for
cmd
end
def execute_sql(new_resource, query)
# If we don't pass in a user to the resource
# default to the postgres user
user = new_resource.user ? new_resource.user : 'postgres'
# Query could be a String or an Array of Strings
statement = query.is_a?(String) ? query : query.join("\n")
cmd = shell_out(statement, user: user)
# Pass back cmd so we can decide what to do with it in the calling method.
cmd
end
def database_exists?(new_resource)
sql = %(SELECT datname from pg_database WHERE datname='#{new_resource.database}')
exists = psql_command_string(new_resource, sql, grep_for: new_resource.database)
cmd = execute_sql(new_resource, exists)
cmd.exitstatus == 0
end
def user_exists?(new_resource)
sql = %(SELECT rolname FROM pg_roles WHERE rolname='#{new_resource.create_user}';)
exists = psql_command_string(new_resource, sql, grep_for: new_resource.create_user)
cmd = execute_sql(new_resource, exists)
cmd.exitstatus == 0
end
def extension_installed?(new_resource)
query = %(SELECT extversion FROM pg_extension WHERE extname='#{new_resource.extension}';)
check_extension_version = psql_command_string(new_resource, query, value_only: true)
version_result = execute_sql(new_resource, check_extension_version)
if new_resource.version
version_result.stdout == new_resource.version
else
!version_result.stdout.nil?
end
end
def alter_role_sql(new_resource)
sql = %(ALTER ROLE postgres ENCRYPTED PASSWORD '#{postgres_password(new_resource)}';)
psql_command_string(new_resource, sql)
end
def create_extension_sql(new_resource)
sql = "CREATE EXTENSION IF NOT EXISTS #{new_resource.extension}"
sql << " FROM \"#{new_resource.old_version}\"" if new_resource.old_version
psql_command_string(new_resource, sql)
end
def user_has_password?(new_resource)
sql = %(SELECT rolpassword from pg_authid WHERE rolname='postgres' AND rolpassword IS NOT NULL;)
cmd = psql_command_string(new_resource, sql)
res = execute_sql(new_resource, cmd)
res.stdout =~ /1 row/ ? true : false
end
def role_sql(new_resource)
sql = %(\\"#{new_resource.create_user}\\" WITH )
%w(superuser createdb createrole inherit replication login).each do |perm|
sql << "#{'NO' unless new_resource.send(perm)}#{perm.upcase} "
end
sql << if new_resource.encrypted_password
"ENCRYPTED PASSWORD '#{new_resource.encrypted_password}'"
elsif new_resource.password
"PASSWORD '#{new_resource.password}'"
else
''
end
sql << if new_resource.valid_until
" VALID UNTIL '#{new_resource.valid_until}'"
else
''
end
end
def create_user_sql(new_resource)
sql = %(CREATE ROLE #{role_sql(new_resource)})
psql_command_string(new_resource, sql)
end
def update_user_sql(new_resource)
sql = %(ALTER ROLE #{role_sql(new_resource)})
psql_command_string(new_resource, sql)
end
def update_user_with_attributes_sql(new_resource, value)
sql = %(ALTER ROLE '#{new_resource.create_user}' SET #{attr} = #{value})
psql_command_string(new_resource, sql)
end
def drop_user_sql(new_resource)
sql = %(DROP ROLE IF EXISTS '#{new_resource.create_user}')
psql_command_string(new_resource, sql)
end
def data_dir(version = node.run_state['postgresql']['version'])
case node['platform_family']
when 'rhel', 'fedora'
"/var/lib/pgsql/#{version}/data"
when 'amazon'
if node['virtualization']['system'] == 'docker'
"/var/lib/pgsql#{version.delete('.')}/data"
else
"/var/lib/pgsql/#{version}/data"
end
when 'debian'
"/var/lib/postgresql/#{version}/main"
end
end
def conf_dir(version = node.run_state['postgresql']['version'])
case node['platform_family']
when 'rhel', 'fedora'
"/var/lib/pgsql/#{version}/data"
when 'amazon'
if node['virtualization']['system'] == 'docker'
"/var/lib/pgsql#{version.delete('.')}/data"
else
"/var/lib/pgsql/#{version}/data"
end
when 'debian'
"/etc/postgresql/#{version}/main"
end
end
# determine the platform specific service name
def platform_service_name(version = node.run_state['postgresql']['version'])
case node['platform_family']
when 'rhel', 'fedora'
"postgresql-#{version}"
when 'amazon'
if node['virtualization']['system'] == 'docker'
"postgresql#{version.delete('.')}"
else
"postgresql-#{version}"
end
else
'postgresql'
end
end
def follower?
::File.exist? "#{data_dir}/recovery.conf"
end
def initialized?
return true if ::File.exist?("#{conf_dir}/PG_VERSION")
false
end
def secure_random
r = SecureRandom.hex
Chef::Log.debug "Generated password: #{r}"
r
end
# determine the platform specific server package name
def server_pkg_name
platform_family?('debian') ? "postgresql-#{new_resource.version}" : "postgresql#{new_resource.version.delete('.')}-server"
end
# determine the appropriate DB init command to run based on RHEL/Fedora/Amazon release
# initdb defaults to the execution environment.
# https://www.postgresql.org/docs/9.5/static/locale.html
def rhel_init_db_command(new_resource)
cmd = if platform_family?('amazon')
'/usr/bin/initdb'
else
"/usr/pgsql-#{new_resource.version}/bin/initdb"
end
cmd << " --locale '#{new_resource.initdb_locale}'" if new_resource.initdb_locale
cmd << " -D '#{data_dir(new_resource.version)}'"
end
# Given the base URL build the complete URL string for a yum repo
def yum_repo_url(base_url)
"#{base_url}/#{new_resource.version}/#{yum_repo_platform_family_string}/#{yum_repo_platform_string}"
end
# The postgresql yum repos URLs are organized into redhat and fedora directories.s
# route things to the right place based on platform_family
def yum_repo_platform_family_string
platform_family?('fedora') ? 'fedora' : 'redhat'
end
# Build the platform string that makes up the final component of the yum repo URL
def yum_repo_platform_string
platform = platform?('fedora') ? 'fedora' : 'rhel'
release = platform?('amazon') ? '6' : '$releasever'
"#{platform}-#{release}-$basearch"
end
# On Amazon use the RHEL 6 packages. Otherwise use the releasever yum variable
def yum_releasever
platform?('amazon') ? '6' : '$releasever'
end
# Generate a password if the value is set to generate.
def postgres_password(new_resource)
new_resource.password == 'generate' ? secure_random : new_resource.password
end
end
end

2
cookbooks/postgresql/metadata.json
View File

File diff suppressed because one or more lines are too long

15
cookbooks/postgresql/metadata.rb Normal file
View File

@ -0,0 +1,15 @@
# frozen_string_literal: true
name 'postgresql'
maintainer 'Sous Chefs'
maintainer_email 'help@sous-chefs.org'
license 'Apache-2.0'
description 'Installs and configures postgresql for clients or servers'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '7.1.3'
source_url 'https://github.com/sous-chefs/postgresql'
issues_url 'https://github.com/sous-chefs/postgresql/issues'
chef_version '>= 13.8'
%w(ubuntu debian fedora amazon redhat centos scientific oracle).each do |os|
supports os
end

8
cookbooks/postgresql/recipes/apt_pgdg_postgresql.rb
View File

@ -1,8 +0,0 @@
# frozen_string_literal: true
apt_repository 'apt.postgresql.org' do
uri 'http://apt.postgresql.org/pub/repos/apt'
distribution "#{node['postgresql']['pgdg']['release_apt_codename']}-pgdg"
components ['main', node['postgresql']['version']]
key 'https://www.postgresql.org/media/keys/ACCC4CF8.asc'
action :add
end

2
cookbooks/postgresql/recipes/ca_certificates.rb
View File

@ -1,2 +0,0 @@
# frozen_string_literal: true
Chef::Log.warn('The postgresql::ca-certificates recipe has been deprecated and will be removed in the next major release of the cookbook')

147
cookbooks/postgresql/recipes/config_initdb.rb
View File

@ -1,147 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Recipe:: config_initdb
# Author:: David Crane (<davidc@donorschoose.org>)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#######
# Load the locale_date_order() and select_default_timezone(tzdir)
# methods from libraries/default.rb
::Chef::Recipe.send(:include, Opscode::PostgresqlHelpers)
#######
# This recipe is derived from the setup_config() source code in the
# PostgreSQL initdb utility. It determines postgresql.conf settings that
# conform to the system's locale and timezone configuration, and also
# sets the error reporting and logging settings.
#
# See http://doxygen.postgresql.org/initdb_8c_source.html for the
# original initdb source code.
#
# By examining the system configuration, this recipe will set the
# following node.default['postgresql']['config'] attributes:
#
# - Locale and Formatting -
# * datestyle
# * lc_messages
# * lc_monetary
# * lc_numeric
# * lc_time
# * default_text_search_config
#
# - Timezone Conversion -
# * log_timezone
# * timezone
#
# In addition, this recipe will recommend the same error reporting and
# logging settings that initdb provided. These settings do differ from
# the PostgreSQL default settings, which would log to stderr only. The
# initdb settings rotate 7 days of log files named postgresql-Mon.log,
# etc. through these node.default['postgresql']['config'] attributes:
#
# - Where to Log -
# * log_destination = 'stderr'
# * log_directory = 'pg_log'
# * log_filename = 'postgresql-%a.log'
# (Default was: postgresql-%Y-%m-%d_%H%M%S.log)
# * logging_collector = true # on
# (Turned on to capture stderr logging and redirect into log files)
# (Default was: false # off)
# * log_rotation_age = 1d
# * log_rotation_size = 0
# (Default was: 10MB)
# * log_truncate_on_rotation = true # on
# (Default was: false # off)
#######
# Locale Configuration
# See libraries/default.rb for the locale_date_order() method.
node.default['postgresql']['config']['datestyle'] = "iso, #{locale_date_order}"
# According to the locale(1) manpage, the locale settings are determined
# by environment variables according to the following precedence:
# LC_ALL > (LC_MESSAGES, LC_MONETARY, LC_NUMERIC, LC_TIME) > LANG.
node.default['postgresql']['config']['lc_messages'] =
[ENV['LC_ALL'], ENV['LC_MESSAGES'], ENV['LANG']].compact.first
node.default['postgresql']['config']['lc_monetary'] =
[ENV['LC_ALL'], ENV['LC_MONETARY'], ENV['LANG']].compact.first
node.default['postgresql']['config']['lc_numeric'] =
[ENV['LC_ALL'], ENV['LC_NUMERIC'], ENV['LANG']].compact.first
node.default['postgresql']['config']['lc_time'] =
[ENV['LC_ALL'], ENV['LC_TIME'], ENV['LANG']].compact.first
node.default['postgresql']['config']['default_text_search_config'] =
case ENV['LANG']
when /da_.*/
'pg_catalog.danish'
when /nl_.*/
'pg_catalog.dutch'
when /en_.*/
'pg_catalog.english'
when /fi_.*/
'pg_catalog.finnish'
when /fr_.*/
'pg_catalog.french'
when /de_.*/
'pg_catalog.german'
when /hu_.*/
'pg_catalog.hungarian'
when /it_.*/
'pg_catalog.italian'
when /no_.*/
'pg_catalog.norwegian'
when /pt_.*/
'pg_catalog.portuguese'
when /ro_.*/
'pg_catalog.romanian'
when /ru_.*/
'pg_catalog.russian'
when /es_.*/
'pg_catalog.spanish'
when /sv_.*/
'pg_catalog.swedish'
when /tr_.*/
'pg_catalog.turkish'
end
#######
# Timezone Configuration
# Determine the name of the system's default timezone and specify node
# defaults for the postgresql.cof settings. If the timezone cannot be
# identified, do as initdb would do: leave it unspecified so PostgreSQL
# uses it's internal default of GMT.
tzdirpath = pg_TZDIR # See libraries/default.rb
default_timezone = select_default_timezone(tzdirpath) # See libraries/default.rb
unless default_timezone.nil?
node.default['postgresql']['config']['log_timezone'] = default_timezone
node.default['postgresql']['config']['timezone'] = default_timezone
end
#######
# - Where to Log -
node.default['postgresql']['config']['log_destination'] = 'stderr'
node.default['postgresql']['config']['log_directory'] = 'pg_log'
node.default['postgresql']['config']['log_filename'] = 'postgresql-%a.log'
node.default['postgresql']['config']['logging_collector'] = true # on
node.default['postgresql']['config']['log_rotation_age'] = '1d'
node.default['postgresql']['config']['log_rotation_size'] = 0
node.default['postgresql']['config']['log_truncate_on_rotation'] = true # on

283
cookbooks/postgresql/recipes/config_pgtune.rb
View File

@ -1,283 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Recipe:: config_pgtune
# Author:: David Crane (<davidc@donorschoose.org>)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#######
# Load the binaryround(value) method from libraries/default.rb
::Chef::Recipe.send(:include, Opscode::PostgresqlHelpers)
#######
# This recipe is based on Greg Smith's pgtune script (the Feb 1, 2012
# version at https://github.com/gregs1104/pgtune). Introduction: pgtune
# takes the wimpy default postgresql.conf and expands the database
# server to be as powerful as the hardware it's being deployed on.
#
# The default postgresql.conf aims at a system with approximately 128MB
# of RAM. This recipe recommends a baseline configuration in the right
# general range for a dedicated Postgresql system.
#
# This recipe takes three optional parameters that may be passed in as
# node['postgresql']['config_pgtune'] attributes:
# * db_type -- Specifies database type as one of: dw, oltp,
# web, mixed, desktop. If not specified, the default is mixed.
# * max_connections -- Specifies number of maximum connections
# expected. If not specified, it depends on database type.
# * total_memory -- Specifies total system memory. If not specified,
# it will be detected from the Ohai automatic attributes.
#
# Using those inputs, this recipe will compute and set the following
# node.default['postgresql']['config'] attributes:
# * max_connections
# * shared_buffers
# * effective_cache_size
# * work_mem
# * maintenance_work_mem
# * checkpoint_segments
# * checkpoint_completion_target
# * wal_buffers
# * default_statistics_target
#
# This recipe deviates from the original pgtune script for 2 settings:
# shared_buffers is capped for large memory systems (which Greg
# mentioned in a TODO.rst) and wal_buffers will auto-tune starting with
# 9.1 (which is a feature that Greg built into Postgresql).
#######
# These are the workload characteristics of the five database types
# that can be specified as node['postgresql']['config_pgtune']['db_type']:
#
# dw -- Data Warehouse
# * Typically I/O- or RAM-bound
# * Large bulk loads of data
# * Large complex reporting queries
# * Also called "Decision Support" or "Business Intelligence"
#
# oltp -- Online Transaction Processing
# * Typically CPU- or I/O-bound
# * DB slightly larger than RAM to 1TB
# * 20-40% small data write queries
# * Some long transactions and complex read queries
#
# web -- Web Application
# * Typically CPU-bound
# * DB much smaller than RAM
# * 90% or more simple queries
#
# mixed -- Mixed DW and OLTP characteristics
# * A wide mixture of queries
#
# desktop -- Not a dedicated database
# * A general workstation, perhaps for a developer
# Parse out db_type option, or use default.
db_type = 'mixed'
if node['postgresql'].attribute?('config_pgtune') && node['postgresql']['config_pgtune'].attribute?('db_type')
db_type = node['postgresql']['config_pgtune']['db_type']
unless %w(dw oltp web mixed desktop).include?(db_type)
Chef::Log.fatal([
"Bad value (#{db_type})",
"for node['postgresql']['config_pgtune']['db_type'] attribute.",
'Valid values are one of dw, oltp, web, mixed, desktop.',
].join(' '))
raise
end
end
# Parse out max_connections option, or use a value based on db_type.
con =
{ 'web' => 200,
'oltp' => 300,
'dw' => 20,
'mixed' => 80,
'desktop' => 5,
}.fetch(db_type)
if node['postgresql'].attribute?('config_pgtune') && node['postgresql']['config_pgtune'].attribute?('max_connections')
max_connections = node['postgresql']['config_pgtune']['max_connections'].to_i
if max_connections <= 0
Chef::Log.fatal([
"Bad value (#{max_connections})",
"for node['postgresql']['config_pgtune']['max_connections'] attribute.",
'Valid values are non-zero integers only.',
].join(' '))
raise
end
con = max_connections
end
# Parse out total_memory option, or use value detected by Ohai.
total_memory = node['memory']['total']
# Override max_connections with a node attribute if DevOps desires.
# For example, on a system *not* dedicated to Postgresql.
if node['postgresql'].attribute?('config_pgtune') && node['postgresql']['config_pgtune'].attribute?('total_memory')
total_memory = node['postgresql']['config_pgtune']['total_memory']
if total_memory.match(/\A[1-9]\d*kB\Z/).nil?
Chef::Application.fatal!([
"Bad value (#{total_memory})",
"for node['postgresql']['config_pgtune']['total_memory'] attribute.",
'Valid values are non-zero integers followed by kB (e.g., 49416564kB).',
].join(' '))
end
end
# Ohai reports node[:memory][:total] in kB, as in "921756kB"
mem = total_memory.split('kB')[0].to_i / 1024 # in MB
#######
# RAM-related settings computed as in Greg Smith's pgtune script.
# Remember that con and mem were either chosen above based on the
# db_type or the actual total memory, or were passed in attributes.
# (1) max_connections
# Sets the maximum number of concurrent connections.
node.default['postgresql']['config']['max_connections'] = con
# The calculations for the next four settings would not be optimal
# for low memory systems. In that case, the calculation is skipped,
# leaving the built-in Postgresql settings, which are actually
# intended for those low memory systems.
if mem >= 256
# (2) shared_buffers
# Sets the number of shared memory buffers used by the server.
shared_buffers =
{ 'web' => mem / 4,
'oltp' => mem / 4,
'dw' => mem / 4,
'mixed' => mem / 4,
'desktop' => mem / 16,
}.fetch(db_type)
# Robert Haas has advised to cap the size of shared_buffers based on
# the memory architecture: 2GB on 32-bit and 8GB on 64-bit machines.
# http://rhaas.blogspot.com/2012/03/tuning-sharedbuffers-and-walbuffers.html
case node['kernel']['machine']
when 'i386' # 32-bit machines
shared_buffers = 2 * 1024 if shared_buffers > 2 * 1024
when 'x86_64' # 64-bit machines
shared_buffers = 8 * 1024 if shared_buffers > 8 * 1024
end
node.default['postgresql']['config']['shared_buffers'] = binaryround(shared_buffers * 1024 * 1024)
# (3) effective_cache_size
# Sets the planner's assumption about the size of the disk cache.
# That is, the portion of the kernel's disk cache that will be
# used for PostgreSQL data files.
effective_cache_size =
{ 'web' => mem * 3 / 4,
'oltp' => mem * 3 / 4,
'dw' => mem * 3 / 4,
'mixed' => mem * 3 / 4,
'desktop' => mem / 4,
}.fetch(db_type)
node.default['postgresql']['config']['effective_cache_size'] = binaryround(effective_cache_size * 1024 * 1024)
# (4) work_mem
# Sets the maximum memory to be used for query workspaces.
mem_con_v = (mem.to_f / con).ceil
work_mem =
{ 'web' => mem_con_v,
'oltp' => mem_con_v,
'dw' => mem_con_v / 2,
'mixed' => mem_con_v / 2,
'desktop' => mem_con_v / 6,
}.fetch(db_type)
node.default['postgresql']['config']['work_mem'] = binaryround(work_mem * 1024 * 1024)
# (5) maintenance_work_mem
# Sets the maximum memory to be used for maintenance operations.
# This includes operations such as VACUUM and CREATE INDEX.
maintenance_work_mem =
{ 'web' => mem / 16,
'oltp' => mem / 16,
'dw' => mem / 8,
'mixed' => mem / 16,
'desktop' => mem / 16,
}.fetch(db_type)
# Cap maintenence RAM at 1GB on servers with lots of memory
maintenance_work_mem = 1 * 1024 if maintenance_work_mem > 1 * 1024
node.default['postgresql']['config']['maintenance_work_mem'] = binaryround(maintenance_work_mem * 1024 * 1024)
end
#######
# Checkpoint-related parameters that affect transaction rate and
# maximum tolerable recovery playback time.
# (6) checkpoint_segments
# Sets the maximum distance in log segments between automatic WAL checkpoints.
checkpoint_segments =
{ 'web' => 8,
'oltp' => 16,
'dw' => 64,
'mixed' => 16,
'desktop' => 3,
}.fetch(db_type)
if node['postgresql']['version'].to_f >= 9.5
node.default['postgresql']['config']['max_wal_size'] = ((3 * checkpoint_segments) * 16).to_s + 'MB'
else
node.default['postgresql']['config']['checkpoint_segments'] = checkpoint_segments
end
# (7) checkpoint_completion_target
# Time spent flushing dirty buffers during checkpoint, as fraction
# of checkpoint interval.
checkpoint_completion_target =
{ 'web' => '0.7',
'oltp' => '0.9',
'dw' => '0.9',
'mixed' => '0.9',
'desktop' => '0.5',
}.fetch(db_type)
node.default['postgresql']['config']['checkpoint_completion_target'] = checkpoint_completion_target
# (8) wal_buffers
# Sets the number of disk-page buffers in shared memory for WAL.
# Starting with 9.1, wal_buffers will auto-tune if set to the -1 default.
# For 8.X and 9.0, it needed to be specified, which pgtune did as follows.
if node['postgresql']['version'].to_f < 9.1
wal_buffers = 512 * checkpoint_segments
# The pgtune seems to use 1kB units for wal_buffers
node.default['postgresql']['config']['wal_buffers'] = binaryround(wal_buffers * 1024)
else
node.default['postgresql']['config']['wal_buffers'] = '-1'
end
# (9) default_statistics_target
# Sets the default statistics target. This applies to table columns
# that have not had a column-specific target set via
# ALTER TABLE SET STATISTICS.
default_statistics_target =
{ 'web' => 100,
'oltp' => 100,
'dw' => 500,
'mixed' => 100,
'desktop' => 100,
}.fetch(db_type)
node.default['postgresql']['config']['default_statistics_target'] = default_statistics_target

33
cookbooks/postgresql/recipes/contrib.rb
View File

@ -1,33 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Recipe:: contrib
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
db_name = node['postgresql']['database_name']
# Install the PostgreSQL contrib package(s) from the distribution,
# as specified by the node attributes.
package node['postgresql']['contrib']['packages']
include_recipe 'postgresql::server'
# Install PostgreSQL contrib extentions into the database, as specified by the
# node attribute node['postgresql']['database_name'].
if node['postgresql']['contrib'].attribute?('extensions')
node['postgresql']['contrib']['extensions'].each do |pg_ext|
postgresql_extension "#{db_name}/#{pg_ext}"
end
end

19
cookbooks/postgresql/recipes/default.rb
View File

@ -1,19 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Recipe:: default
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe 'postgresql::client'

125
cookbooks/postgresql/recipes/ruby.rb
View File

@ -1,125 +0,0 @@
# frozen_string_literal: false
#
# Cookbook:: postgresql
# Recipe:: ruby
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Load the pgdgrepo_rpm_info method from libraries/default.rb
::Chef::Recipe.send(:include, Opscode::PostgresqlHelpers)
begin
require 'pg'
rescue LoadError
if platform_family?('debian')
e = apt_update 'update' do
action :nothing
end
e.run_action(:update)
end
node.override['build-essential']['compile_time'] = true
include_recipe 'build-essential'
if node['postgresql']['enable_pgdg_yum'] && platform_family?('rhel', 'fedora')
include_recipe 'postgresql::yum_pgdg_postgresql'
rpm_platform = node['platform']
rpm_platform_version = node['platform_version'].to_i.to_s
arch = node['kernel']['machine']
resources("remote_file[#{Chef::Config[:file_cache_path]}/#{node['postgresql']['pgdg']['repo_rpm_url'][node['postgresql']['version']][rpm_platform][rpm_platform_version][arch]['package']}]").run_action(:create)
resources("package[#{node['postgresql']['pgdg']['repo_rpm_url'][node['postgresql']['version']][rpm_platform][rpm_platform_version][arch]['package']}]").run_action(:install)
ENV['PATH'] = "/usr/pgsql-#{node['postgresql']['version']}/bin:#{ENV['PATH']}"
end
if node['postgresql']['enable_pgdg_apt'] && platform_family?('debian')
include_recipe 'postgresql::apt_pgdg_postgresql'
resources('apt_repository[apt.postgresql.org]').run_action(:add)
end
include_recipe 'postgresql::client'
package node['postgresql']['client']['packages'] do
action :nothing
end.run_action(:install)
begin
chef_gem 'pg' do
compile_time true
version node['postgresql']['pg_gem']['version'] if node['postgresql']['pg_gem']['version']
end
rescue Gem::Installer::ExtensionBuildError, Mixlib::ShellOut::ShellCommandFailed => e
# Are we an omnibus install?
raise if RbConfig.ruby.scan(/(chef|opscode)/).empty?
# Still here, must be omnibus. Lets make this thing install!
Chef::Log.warn 'Failed to properly build pg gem. Forcing properly linking and retrying (omnibus fix)'
gem_dir = e.message.scan(/will remain installed in ([^ ]+)/).flatten.first
raise unless gem_dir
gem_name = File.basename(gem_dir)
ext_dir = File.join(gem_dir, 'ext')
gem_exec = File.join(File.dirname(RbConfig.ruby), 'gem')
new_content = <<-EOS
require 'rbconfig'
%w(
configure_args
LIBRUBYARG_SHARED
LIBRUBYARG_STATIC
LIBRUBYARG
LDFLAGS
).each do |key|
RbConfig::CONFIG[key].gsub!(/-Wl[^ ]+( ?\\/[^ ]+)?/, '')
RbConfig::MAKEFILE_CONFIG[key].gsub!(/-Wl[^ ]+( ?\\/[^ ]+)?/, '')
end
RbConfig::CONFIG['RPATHFLAG'] = ''
RbConfig::MAKEFILE_CONFIG['RPATHFLAG'] = ''
EOS
new_content << File.read(extconf_path = File.join(ext_dir, 'extconf.rb'))
File.open(extconf_path, 'w') do |file|
file.write(new_content)
end
lib_builder = execute 'generate pg gem Makefile' do
# [COOK-3490] pg gem install requires full path on RHEL
command "PATH=$PATH:/usr/pgsql-#{node['postgresql']['version']}/bin #{RbConfig.ruby} extconf.rb"
cwd ext_dir
action :nothing
end
lib_builder.run_action(:run)
lib_maker = execute 'make pg gem lib' do
command 'make'
cwd ext_dir
action :nothing
end
lib_maker.run_action(:run)
lib_installer = execute 'install pg gem lib' do
command 'make install'
cwd ext_dir
action :nothing
end
lib_installer.run_action(:run)
spec_installer = execute 'install pg spec' do
command "#{gem_exec} spec ./cache/#{gem_name}.gem --ruby > ./specifications/#{gem_name}.gemspec"
cwd File.join(gem_dir, '..', '..')
action :nothing
end
spec_installer.run_action(:run)
Chef::Log.warn 'Installation of pg gem successful!'
end
end

95
cookbooks/postgresql/recipes/server.rb
View File

@ -1,95 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Recipe:: server
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
::Chef::Recipe.send(:include, OpenSSLCookbook::RandomPassword)
include_recipe 'postgresql::client'
# randomly generate postgres password, unless using solo - see README
if Chef::Config[:solo]
missing_attrs = %w(
postgres
).select do |attr|
node['postgresql']['password'][attr].nil?
end.map { |attr| "node['postgresql']['password']['#{attr}']" }
unless missing_attrs.empty?
Chef::Log.fatal([
"You must set #{missing_attrs.join(', ')} in chef-solo mode.",
'For more information, see https://github.com/opscode-cookbooks/postgresql#chef-solo-note',
].join(' '))
raise
end
else
# TODO: The "secure_password" is randomly generated plain text, so it
# should be converted to a PostgreSQL specific "encrypted password" if
# it should actually install a password (as opposed to disable password
# login for user 'postgres'). However, a random password wouldn't be
# useful if it weren't saved as clear text in Chef Server for later
# retrieval.
unless node.key?('postgresql') && node['postgresql'].key?('password') && node['postgresql']['password'].key?('postgres')
node.normal_unless['postgresql']['password']['postgres'] = random_password(length: 20, mode: :base64)
node.save
end
end
# Include the right "family" recipe for installing the server
# since they do things slightly differently.
case node['platform_family']
when 'rhel', 'fedora'
node.normal['postgresql']['dir'] = "/var/lib/pgsql/#{node['postgresql']['version']}/data"
node.normal['postgresql']['config']['data_directory'] = "/var/lib/pgsql/#{node['postgresql']['version']}/data"
include_recipe 'postgresql::server_redhat'
when 'debian'
node.normal['postgresql']['config']['data_directory'] = "/var/lib/postgresql/#{node['postgresql']['version']}/main"
include_recipe 'postgresql::server_debian'
when 'suse'
node.normal['postgresql']['config']['data_directory'] = node['postgresql']['dir']
include_recipe 'postgresql::server_redhat'
end
# Versions prior to 9.2 do not have a config file option to set the SSL
# key and cert path, and instead expect them to be in a specific location.
link ::File.join(node['postgresql']['config']['data_directory'], 'server.crt') do
to node['postgresql']['config']['ssl_cert_file']
only_if { node['postgresql']['version'].to_f < 9.2 && node['postgresql']['config'].attribute?('ssl_cert_file') }
end
link ::File.join(node['postgresql']['config']['data_directory'], 'server.key') do
to node['postgresql']['config']['ssl_key_file']
only_if { node['postgresql']['version'].to_f < 9.2 && node['postgresql']['config'].attribute?('ssl_key_file') }
end
# NOTE: Consider two facts before modifying "assign-postgres-password":
# (1) Passing the "ALTER ROLE ..." through the psql command only works
# if passwordless authorization was configured for local connections.
# For example, if pg_hba.conf has a "local all postgres ident" rule.
# (2) It is probably fruitless to optimize this with a not_if to avoid
# setting the same password. This chef recipe doesn't have access to
# the plain text password, and testing the encrypted (md5 digest)
# version is not straight-forward.
bash 'assign-postgres-password' do
user 'postgres'
code <<-EOH
echo "ALTER ROLE postgres ENCRYPTED PASSWORD \'#{node['postgresql']['password']['postgres']}\';" | psql -p #{node['postgresql']['config']['port']}
EOH
action :run
not_if "ls #{node['postgresql']['config']['data_directory']}/recovery.conf"
only_if { node['postgresql']['assign_postgres_password'] }
end

55
cookbooks/postgresql/recipes/server_conf.rb
View File

@ -1,55 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Recipe:: server
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
change_notify = node['postgresql']['server']['config_change_notify']
# There are some configuration items which depend on correctly evaluating the intended version being installed
if node['platform_family'] == 'debian'
node.normal['postgresql']['config']['hba_file'] = "/etc/postgresql/#{node['postgresql']['version']}/main/pg_hba.conf"
node.normal['postgresql']['config']['ident_file'] = "/etc/postgresql/#{node['postgresql']['version']}/main/pg_ident.conf"
node.normal['postgresql']['config']['external_pid_file'] = "/var/run/postgresql/#{node['postgresql']['version']}-main.pid"
if node['postgresql']['version'].to_f < 9.3
node.normal['postgresql']['config']['unix_socket_directory'] = '/var/run/postgresql'
else
node.normal['postgresql']['config']['unix_socket_directories'] = '/var/run/postgresql'
end
if node['postgresql']['config']['ssl']
node.normal['postgresql']['config']['ssl_cert_file'] = '/etc/ssl/certs/ssl-cert-snakeoil.pem' if node['postgresql']['version'].to_f >= 9.2
node.normal['postgresql']['config']['ssl_key_file'] = '/etc/ssl/private/ssl-cert-snakeoil.key' if node['postgresql']['version'].to_f >= 9.2
end
end
template "#{node['postgresql']['dir']}/postgresql.conf" do
source 'postgresql.conf.erb'
owner 'postgres'
group 'postgres'
mode '0600'
notifies change_notify, 'service[postgresql]', :immediately
end
template "#{node['postgresql']['dir']}/pg_hba.conf" do
source 'pg_hba.conf.erb'
owner 'postgres'
group 'postgres'
mode '0600'
notifies change_notify, 'service[postgresql]', :immediately
end

35
cookbooks/postgresql/recipes/server_debian.rb
View File

@ -1,35 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Recipe:: server
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe 'postgresql::client'
package node['postgresql']['server']['packages']
include_recipe 'postgresql::server_conf'
service 'postgresql' do
service_name node['postgresql']['server']['service_name']
supports restart: true, status: true, reload: true
action [:enable, :start]
end
execute 'Set locale and Create cluster' do
command 'export LC_ALL=C; /usr/bin/pg_createcluster --start ' + node['postgresql']['version'] + ' main'
action :run
not_if { ::File.directory?('/etc/postgresql/' + node['postgresql']['version'] + '/main') }
end

140
cookbooks/postgresql/recipes/server_redhat.rb
View File

@ -1,140 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Recipe:: server
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe 'postgresql::client'
svc_name = node['postgresql']['server']['service_name']
initdb_locale = node['postgresql']['initdb_locale']
shortver = node['postgresql']['version'].split('.').join
# Create a group and user like the package will.
# Otherwise the templates fail.
group 'postgres' do
gid node['postgresql']['gid']
end
user 'postgres' do
shell '/bin/bash'
comment 'PostgreSQL Server'
home '/var/lib/pgsql'
gid 'postgres'
system true
uid node['postgresql']['uid']
manage_home false
end
directory node['postgresql']['config']['data_directory'] do
owner 'postgres'
group 'postgres'
recursive true
action :create
mode '0700'
end
package node['postgresql']['server']['packages']
# If using PGDG, add symlinks so that downstream commands all work
if node['postgresql']['enable_pgdg_yum'] == true || node['postgresql']['use_pgdg_packages'] == true
[
"postgresql#{shortver}-setup",
"postgresql#{shortver}-check-db-dir",
].each do |cmd|
link "/usr/bin/#{cmd}" do
to "/usr/pgsql-#{node['postgresql']['version']}/bin/#{cmd}"
end
end
end
# The systemd unit file does not support 'initdb' or 'upgrade' actions.
# Use the postgresql-setup script instead.
unless node['postgresql']['server']['init_package'] == 'systemd'
directory '/etc/sysconfig/pgsql' do
mode '0644'
recursive true
action :create
end
template "/etc/sysconfig/pgsql/#{svc_name}" do
source 'pgsql.sysconfig.erb'
mode '0644'
notifies :restart, 'service[postgresql]', :delayed
end
end
if node['postgresql']['server']['init_package'] == 'systemd'
if node['platform_family'] == 'rhel'
template_path = if node['postgresql']['use_pgdg_packages']
"/etc/systemd/system/postgresql-#{node['postgresql']['version']}.service"
else
'/etc/systemd/system/postgresql.service'
end
template template_path do
source 'postgresql.service.erb'
owner 'root'
group 'root'
mode '0644'
notifies :run, 'execute[systemctl-reload]', :immediately
notifies :reload, 'service[postgresql]', :delayed
end
execute 'systemctl-reload' do
command 'systemctl daemon-reload'
action :nothing
end
end
case node['platform_family']
when 'suse'
execute "initdb -d #{node['postgresql']['dir']}" do
user 'postgres'
not_if { ::File.exist?("#{node['postgresql']['config']['data_directory']}/PG_VERSION") }
end
else
execute "#{node['postgresql']['setup_script']} initdb #{svc_name}" do
not_if { ::File.exist?("#{node['postgresql']['config']['data_directory']}/PG_VERSION") }
end
end
elsif !platform_family?('suse') && node['postgresql']['version'].to_f <= 9.3
execute "/sbin/service #{svc_name} initdb #{initdb_locale}" do
not_if { ::File.exist?("#{node['postgresql']['config']['data_directory']}/PG_VERSION") }
end
else
execute "/sbin/service #{svc_name} initdb" do
not_if { ::File.exist?("#{node['postgresql']['config']['data_directory']}/PG_VERSION") }
end
end
service 'postgresql' do
service_name svc_name
supports restart: true, status: true, reload: true
action [:enable, :start]
end
include_recipe 'postgresql::server_conf'

41
cookbooks/postgresql/recipes/yum_pgdg_postgresql.rb
View File

@ -1,41 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Recipe::yum_pgdg_postgresql
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
######################################
# Install the "PostgreSQL RPM Building Project - Yum Repository"
rpm_platform = node['platform']
rpm_platform_version = node['platform_version'].to_f.to_i.to_s
arch = node['kernel']['machine']
pg_version = node['postgresql']['version']
pgdg_setup = node['postgresql']['pgdg']['repo_rpm_url'][pg_version][rpm_platform][rpm_platform_version][arch]
pgdg_package = pgdg_setup['package']
pgdg_repository = pgdg_setup['url']
# Download the PGDG repository RPM as a local file
remote_file "#{Chef::Config[:file_cache_path]}/#{pgdg_package}" do
source "#{pgdg_repository}#{pgdg_package}"
mode '0644'
end
# Install the PGDG repository RPM from the local file
package pgdg_package.to_s do
provider Chef::Provider::Package::Rpm
source "#{Chef::Config[:file_cache_path]}/#{pgdg_package}"
action :install
end

59
cookbooks/postgresql/resources/access.rb Normal file
View File

@ -0,0 +1,59 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Resource:: access
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :access_type, String, required: true, default: 'local'
property :access_db, String, required: true, default: 'all'
property :access_user, String, required: true, default: 'postgres'
property :access_method, String, required: true, default: 'ident'
property :cookbook, String, default: 'postgresql'
property :source, String, default: 'pg_hba.conf.erb'
property :access_addr, String
property :comment, String
action :grant do
config_resource = new_resource
with_run_context :root do # ~FC037
edit_resource(:template, "#{conf_dir}/pg_hba.conf") do |new_resource|
source new_resource.source
cookbook new_resource.cookbook
owner 'postgres'
group 'postgres'
mode '0600'
variables[:pg_hba] ||= {}
variables[:pg_hba][new_resource.name] = {
comment: new_resource.comment,
type: new_resource.access_type,
db: new_resource.access_db,
user: new_resource.access_user,
addr: new_resource.access_addr,
method: new_resource.access_method,
}
action :nothing
delayed_action :create
notifies :trigger, config_resource, :immediately
end
end
end
action :trigger do
new_resource.updated_by_last_action(true) # ~FC085
end
action_class do
include PostgresqlCookbook::Helpers
end

27
cookbooks/postgresql/recipes/client.rb → cookbooks/postgresql/resources/client_install.rb
View File

@ -1,7 +1,7 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Recipe:: client
# Resource:: client_install
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -16,19 +16,20 @@
# limitations under the License.
#
case node['platform_family']
when 'debian'
if node['postgresql']['version'].to_f > 9.3
node.normal['postgresql']['enable_pgdg_apt'] = true
property :version, String, default: '9.6'
property :setup_repo, [true, false], default: true
action :install do
postgresql_repository 'Add downloads.postgresql.org repository' do
version new_resource.version
only_if { new_resource.setup_repo }
end
if node['postgresql']['enable_pgdg_apt']
include_recipe 'postgresql::apt_pgdg_postgresql'
end
when 'rhel', 'fedora'
if node['postgresql']['enable_pgdg_yum']
include_recipe 'postgresql::yum_pgdg_postgresql'
case node['platform_family']
when 'debian'
package "postgresql-client-#{new_resource.version}"
when 'rhel', 'fedora', 'amazon'
ver = new_resource.version.delete('.')
package "postgresql#{ver}"
end
end
package node['postgresql']['client']['packages']

67
cookbooks/postgresql/resources/database.rb Normal file
View File

@ -0,0 +1,67 @@
#
# Cookbook:: postgresql
# Resource:: database
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :template, String, default: 'template1'
property :encoding, String, default: 'UTF-8'
property :locale, String, default: 'en_US.UTF-8'
property :owner, String
# Connection prefernces
property :user, String, default: 'postgres'
property :database, String, name_property: true
property :host, [String, nil], default: nil
property :port, Integer, default: 5432
action :create do
createdb = 'createdb'
createdb << " -E #{new_resource.encoding}" if new_resource.encoding
createdb << " -l #{new_resource.locale}" if new_resource.locale
createdb << " -T #{new_resource.template}" unless new_resource.template.empty?
createdb << " -O #{new_resource.owner}" if new_resource.owner
createdb << " -U #{new_resource.user}" if new_resource.user
createdb << " -h #{new_resource.host}" if new_resource.host
createdb << " -p #{new_resource.port}" if new_resource.port
createdb << " #{new_resource.database}"
bash "Create Database #{new_resource.database}" do
code createdb
user new_resource.user
not_if { follower? }
not_if { database_exists?(new_resource) }
end
end
action :drop do
converge_by "Drop PostgreSQL Database #{new_resource.database}" do
dropdb = 'dropdb'
dropdb << " -U #{new_resource.user}" if new_resource.user
dropdb << " --host #{new_resource.host}" if new_resource.host
dropdb << " --port #{new_resource.port}" if new_resource.port
dropdb << " #{new_resource.database}"
bash "drop postgresql database #{new_resource.database})" do
user 'postgres'
code dropdb
not_if { follower? }
only_if { database_exists?(new_resource) }
end
end
end
action_class do
include PostgresqlCookbook::Helpers
end

42
cookbooks/postgresql/resources/extension.rb
View File

@ -1,4 +1,3 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Resource:: extension
@ -16,42 +15,35 @@
# limitations under the License.
#
include Opscode::PostgresqlHelpers
property :extension, String, name_property: true
property :old_version, String
property :version, String
# name property should take the form:
# database/extension
property :database, String,
required: true,
default: lazy { name.scan(%r{\A[^/]+(?=/)}).first }
property :extension, String,
required: true,
default: lazy { name.scan(%r{(?<=/)[^/]+\Z}).first }
# Connection prefernces
property :user, String, default: 'postgres'
property :database, String, required: true
property :host, [String, nil]
property :port, Integer, default: 5432
action :create do
bash "CREATE EXTENSION #{name}" do
code psql("CREATE EXTENSION IF NOT EXISTS \"#{extension}\"")
bash "CREATE EXTENSION #{new_resource.name}" do
code create_extension_sql(new_resource)
user 'postgres'
action :run
not_if { extension_installed? }
not_if { follower? || extension_installed?(new_resource) }
end
end
action :drop do
bash "DROP EXTENSION #{name}" do
code psql("DROP EXTENSION IF EXISTS \"#{extension}\"")
bash "DROP EXTENSION #{new_resource.name}" do
code psql_command_string(new_resource, "DROP EXTENSION IF EXISTS \"#{new_resource.extension}\"")
user 'postgres'
action :run
only_if { extension_installed? }
not_if { follower? }
only_if { extension_installed?(new_resource) }
end
end
def psql(query)
"psql -d #{database} <<< '\\set ON_ERROR_STOP on\n#{query};'"
end
def extension_installed?
query = "SELECT 'installed' FROM pg_extension WHERE extname = '#{extension}';"
!(execute_sql(query, database) =~ /^installed$/).nil?
action_class do
include PostgresqlCookbook::Helpers
end

55
cookbooks/postgresql/resources/ident.rb Normal file
View File

@ -0,0 +1,55 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Resource:: access
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :mapname, String, required: true
property :source, String, default: 'pg_ident.conf.erb'
property :cookbook, String, default: 'postgresql'
property :system_user, String, required: true
property :pg_user, String, required: true
property :comment, [String, nil], default: nil
action :create do
ident_resource = new_resource
with_run_context :root do # ~FC037
edit_resource(:template, "#{conf_dir}/pg_ident.conf") do |new_resource|
source new_resource.source
cookbook new_resource.cookbook
owner 'postgres'
group 'postgres'
mode '0640'
variables[:pg_ident] ||= {}
variables[:pg_ident][new_resource.name] = {
comment: new_resource.comment,
mapname: new_resource.mapname,
system_user: new_resource.system_user,
pg_user: new_resource.pg_user,
}
action :nothing
delayed_action :create
notifies :trigger, ident_resource, :immediately
end
end
end
action :trigger do
new_resource.updated_by_last_action(true) # ~FC085
end
action_class do
include PostgresqlCookbook::Helpers
end

90
cookbooks/postgresql/resources/repository.rb Normal file
View File

@ -0,0 +1,90 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Resource:: repository
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :version, String, default: '9.6'
property :enable_pgdg, [true, false], default: true
property :enable_pgdg_source, [true, false], default: false
property :enable_pgdg_updates_testing, [true, false], default: false
property :enable_pgdg_source_updates_testing, [true, false], default: false
property :yum_gpg_key_uri, String, default: 'https://download.postgresql.org/pub/repos/yum/RPM-GPG-KEY-PGDG'
property :apt_gpg_key_uri, String, default: 'https://download.postgresql.org/pub/repos/apt/ACCC4CF8.asc'
action :add do
case node['platform_family']
when 'rhel', 'fedora', 'amazon'
remote_file "/etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}" do
source new_resource.yum_gpg_key_uri
end
yum_repository "PostgreSQL #{new_resource.version}" do # ~FC005
repositoryid "pgdg#{new_resource.version}"
description "PostgreSQL.org #{new_resource.version}"
baseurl yum_repo_url('https://download.postgresql.org/pub/repos/yum')
enabled new_resource.enable_pgdg
gpgcheck true
gpgkey "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}"
end
yum_repository "PostgreSQL #{new_resource.version} - source " do
repositoryid "pgdg#{new_resource.version}-source"
description "PostgreSQL.org #{new_resource.version} Source"
baseurl yum_repo_url('https://download.postgresql.org/pub/repos/yum/srpms')
enabled new_resource.enable_pgdg_source
gpgcheck true
gpgkey "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}"
end
yum_repository "PostgreSQL #{new_resource.version} - updates testing" do
repositoryid "pgdg#{new_resource.version}-updates-testing"
description "PostgreSQL.org #{new_resource.version} Updates Testing"
baseurl yum_repo_url('https://download.postgresql.org/pub/repos/yum/testing')
enabled new_resource.enable_pgdg_updates_testing
gpgcheck true
gpgkey "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}"
end
yum_repository "PostgreSQL #{new_resource.version} - source - updates testing" do
repositoryid "pgdg#{new_resource.version}-source-updates-testing"
description "PostgreSQL.org #{new_resource.version} Source Updates Testing"
baseurl yum_repo_url('https://download.postgresql.org/pub/repos/yum/srpms/testing')
enabled new_resource.enable_pgdg_source_updates_testing
gpgcheck true
gpgkey "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}"
end
when 'debian'
apt_update
package 'apt-transport-https'
apt_repository 'postgresql_org_repository' do
uri 'https://download.postgresql.org/pub/repos/apt/'
components ['main', new_resource.version.to_s]
distribution "#{node['lsb']['codename']}-pgdg"
key new_resource.apt_gpg_key_uri
cache_rebuild true
end
else
raise "The platform_family '#{node['platform_family']}' or platform '#{node['platform']}' is not supported by the postgresql_repository resource. If you believe this platform can/should be supported by this resource please file and issue or open a pull request at https://github.com/sous-chefs/postgresql"
end
end
action_class do
include PostgresqlCookbook::Helpers
end

52
cookbooks/postgresql/resources/server_conf.rb Normal file
View File

@ -0,0 +1,52 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Resource:: server_conf
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include PostgresqlCookbook::Helpers
property :version, String, default: '9.6'
property :data_directory, String, default: lazy { data_dir }
property :hba_file, String, default: lazy { "#{conf_dir}/pg_hba.conf" }
property :ident_file, String, default: lazy { "#{conf_dir}/pg_ident.conf" }
property :external_pid_file, String, default: lazy { "/var/run/postgresql/#{version}-main.pid" }
property :stats_temp_directory, String, default: lazy { "/var/run/postgresql/#{version}-main.pg_stat_tmp" }
property :port, Integer, default: 5432
property :additional_config, Hash, default: {}
property :cookbook, String, default: 'postgresql'
action :modify do
template "#{conf_dir}/postgresql.conf" do
cookbook new_resource.cookbook
source 'postgresql.conf.erb'
owner 'postgres'
group 'postgres'
mode '0644'
variables(
data_dir: new_resource.data_directory,
hba_file: new_resource.hba_file,
ident_file: new_resource.ident_file,
external_pid_file: new_resource.external_pid_file,
stats_temp_directory: new_resource.stats_temp_directory,
port: new_resource.port,
additional_config: new_resource.additional_config
)
end
end
action_class do
include PostgresqlCookbook::Helpers
end

76
cookbooks/postgresql/resources/server_install.rb Normal file
View File

@ -0,0 +1,76 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Resource:: server_install
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include PostgresqlCookbook::Helpers
property :version, String, default: '9.6'
property :setup_repo, [true, false], default: true
property :hba_file, String, default: lazy { "#{conf_dir}/main/pg_hba.conf" }
property :ident_file, String, default: lazy { "#{conf_dir}/main/pg_ident.conf" }
property :external_pid_file, String, default: lazy { "/var/run/postgresql/#{version}-main.pid" }
property :password, [String, nil], default: 'generate' # Set to nil if we do not want to set a password
property :port, Integer, default: 5432
property :initdb_locale, String
# Connection preferences
property :user, String, default: 'postgres'
property :database, String
property :host, [String, nil]
action :install do
node.run_state['postgresql'] ||= {}
node.run_state['postgresql']['version'] = new_resource.version
postgresql_client_install 'Install PostgreSQL Client' do
version new_resource.version
setup_repo new_resource.setup_repo
end
package server_pkg_name
end
action :create do
execute 'init_db' do
command rhel_init_db_command(new_resource)
user new_resource.user
not_if { initialized? }
only_if { platform_family?('rhel', 'fedora', 'amazon') }
end
# We use to use find_resource here.
# But that required the user to do the same in their recipe.
# This also seemed to never trigger notifications, therefore requiring a log resource
# to notify the enable/start on the service, which always fires (Check v7.0 tag for more)
service 'postgresql' do
service_name platform_service_name
supports restart: true, status: true, reload: true
action [:enable, :start]
end
# Generate a random password or set it as per new_resource.password.
bash 'generate-postgres-password' do
user 'postgres'
code alter_role_sql(new_resource)
not_if { user_has_password?(new_resource) }
not_if { new_resource.password.nil? }
end
end
action_class do
include PostgresqlCookbook::Helpers
end

87
cookbooks/postgresql/resources/user.rb Normal file
View File

@ -0,0 +1,87 @@
#
# Cookbook:: postgresql
# Resource:: user
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :create_user, String, name_property: true
property :superuser, [true, false], default: false
property :createdb, [true, false], default: false
property :createrole, [true, false], default: false
property :inherit, [true, false], default: true
property :replication, [true, false], default: false
property :login, [true, false], default: true
property :password, String
property :encrypted_password, String
property :valid_until, String
property :attributes, Hash, default: {}
# Connection prefernces
property :user, String, default: 'postgres'
property :database, String
property :host, String
property :port, Integer, default: 5432
action :create do
Chef::Log.warn('You cannot use "attributes" property with create action.') unless new_resource.attributes.empty?
execute "create postgresql user #{new_resource.create_user}" do # ~FC009
user 'postgres'
command create_user_sql(new_resource)
sensitive new_resource.sensitive
not_if { follower? || user_exists?(new_resource) }
end
end
action :update do
if new_resource.attributes.empty?
execute "update postgresql user #{new_resource.create_user}" do
user 'postgres'
command update_user_sql(new_resource)
sensitive true
not_if { follower? }
only_if { user_exists?(new_resource) }
end
else
new_resource.attributes.each do |attr, value|
v = if value.is_a?(TrueClass) || value.is_a?(FalseClass)
value.to_s
else
"'#{value}'"
end
execute "Update postgresql user #{new_resource.create_user} to set #{attr}" do
user 'postgres'
command update_user_with_attributes_sql(new_resource, v)
sensitive true
not_if { follower? }
only_if { user_exists?(new_resource) }
end
end
end
end
action :drop do
execute "drop postgresql user #{new_resource.create_user}" do
user 'postgres'
command drop_user_sql(new_resource)
sensitive true
not_if { follower? }
only_if { user_exists?(new_resource) }
end
end
action_class do
include PostgresqlCookbook::Helpers
end

35
cookbooks/postgresql/templates/default/pg_hba.conf.erb
View File

@ -1,35 +0,0 @@
# This file was automatically generated and dropped off by Chef!
# PostgreSQL Client Authentication Configuration File
# ===================================================
#
# Refer to the "Client Authentication" section in the PostgreSQL
# documentation for a complete description of this file.
<% if node['postgresql']['version'].to_f < 9.1 -%>
# TYPE DATABASE USER CIDR-ADDRESS METHOD
<% elsif node['postgresql']['version'].to_f >= 9.1 -%>
# TYPE DATABASE USER ADDRESS METHOD
<% end -%>
###########
# Other authentication configurations taken from chef node defaults:
###########
<% node['postgresql']['pg_hba'].each do |auth| -%>
<% if auth[:comment] %>
# <%= auth[:comment] %>
<% end %>
<% if auth[:addr] %>
<%= auth[:type].ljust(7) %> <%= auth[:db].ljust(15) %> <%= auth[:user].ljust(15) %> <%= auth[:addr].ljust(23) %> <%= auth[:method] %>
<% else %>
<%= auth[:type].ljust(7) %> <%= auth[:db].ljust(15) %> <%= auth[:user].ljust(15) %> <%= auth[:method] %>
<% end %>
<% end %>
# "local" is for Unix domain socket connections only
<% if node['postgresql']['version'].to_f < 9.1 -%>
local all all ident
<% elsif node['postgresql']['version'].to_f >= 9.1 -%>
local all all peer
<% end -%>

4
cookbooks/postgresql/templates/default/pgsql.sysconfig.erb
View File

@ -1,4 +0,0 @@
PGDATA=<%= node['postgresql']['dir'] %>
<% if node['postgresql']['config'].attribute?("port") -%>
PGPORT=<%= node['postgresql']['config']['port'] %>
<% end -%>

10
cookbooks/postgresql/templates/default/postgresql.service.erb
View File

@ -1,10 +0,0 @@
[Service]
<% if node['postgresql']['use_pgdg_packages'] %>
.include /usr/lib/systemd/system/postgresql-<%= node['postgresql']['version'] %>.service
<% else %>
.include /usr/lib/systemd/system/postgresql.service
<% end %>
Environment=
Environment=PGPORT=<%= node['postgresql']['config']['port'] %>
Environment=PGDATA=<%= node['postgresql']['config']['data_directory'] %>

33
cookbooks/postgresql/templates/pg_hba.conf.erb Normal file
View File

@ -0,0 +1,33 @@
# This file was automatically generated and dropped off by Chef!
# PostgreSQL Client Authentication Configuration File
# ===================================================
#
# Refer to the "Client Authentication" section in the PostgreSQL
# documentation for a complete description of this file.
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
###########
# From the postgresql_access resources
###########
<% @pg_hba.each do |k,v| -%>
# <%= k %>
<% if v[:comment] -%>
# <%= v[:comment] %>
<% end -%>
<% if v[:addr] %>
<%= v[:type].ljust(7) %> <%= v[:db].ljust(15) %> <%= v[:user].ljust(15) %> <%= v[:addr].ljust(23) %> <%= v[:method] %>
<% else %>
<%= v[:type].ljust(7) %> <%= v[:db].ljust(15) %> <%= v[:user].ljust(15) %> <%= v[:method] %>
<% end %>
<% end %>

49
cookbooks/postgresql/templates/pg_ident.conf.erb Normal file
View File

@ -0,0 +1,49 @@
# PostgreSQL User Name Maps
# =========================
#
# Refer to the PostgreSQL documentation, chapter "Client
# Authentication" for a complete description. A short synopsis
# follows.
#
# This file controls PostgreSQL user name mapping. It maps external
# user names to their corresponding PostgreSQL user names. Records
# are of the form:
#
# MAPNAME SYSTEM-USERNAME PG-USERNAME
#
# (The uppercase quantities must be replaced by actual values.)
#
# MAPNAME is the (otherwise freely chosen) map name that was used in
# pg_hba.conf. SYSTEM-USERNAME is the detected user name of the
# client. PG-USERNAME is the requested PostgreSQL user name. The
# existence of a record specifies that SYSTEM-USERNAME may connect as
# PG-USERNAME.
#
# If SYSTEM-USERNAME starts with a slash (/), it will be treated as a
# regular expression. Optionally this can contain a capture (a
# parenthesized subexpression). The substring matching the capture
# will be substituted for \1 (backslash-one) if present in
# PG-USERNAME.
#
# Multiple maps may be specified in this file and used by pg_hba.conf.
#
# No map names are defined in the default configuration. If all
# system user names and PostgreSQL user names are the same, you don't
# need anything in this file.
#
# This file is read on server startup and when the postmaster receives
# a SIGHUP signal. If you edit the file on a running system, you have
# to SIGHUP the postmaster for the changes to take effect. You can
# use "pg_ctl reload" to do that.
# Put your actual configuration here
# ----------------------------------
# MAPNAME SYSTEM-USERNAME PG-USERNAME
<% @pg_ident.each do |k,v| -%>
<% if v[:comment] -%>
# <%= v[:comment] %>
<% end -%>
<%= v[:mapname].ljust(15) %> <%= v[:system_user].ljust(23) %> <%= v[:pg_user].ljust(15) %>
<% end %>

2
cookbooks/postgresql/templates/pgsql.sysconfig.erb Normal file
View File

@ -0,0 +1,2 @@
PGDATA=<%= @postgresql_dir %>
PGPORT=<%= @port %>

9
cookbooks/postgresql/templates/default/postgresql.conf.erb → cookbooks/postgresql/templates/postgresql.conf.erb
View File

@ -3,9 +3,14 @@
# Please refer to the PostgreSQL documentation for details on
# configuration settings.
<% node['postgresql']['config'].sort.each do |key, value| %>
data_directory = '<%= @data_dir %>'
hba_file = '<%= @hba_file %>'
ident_file = '<%= @ident_file %>'
external_pid_file = '<%= @external_pid_file %>'
stats_temp_directory = '<%= @stats_temp_directory %>'
port = <%= @port %>
<% @additional_config.sort.each do |key, value| %>
<% next if value.nil? -%>
<% next if node['postgresql']['version'].to_f < 9.2 && /ssl_.*._file/.match(key) -%>
<%= key %> = <%=
case value
when String

6
cookbooks/postgresql/templates/postgresql.service.erb Normal file
View File

@ -0,0 +1,6 @@
[Service]
.include /usr/lib/systemd/system/<%= @svc_name %>.service
Environment=
Environment=PGPORT=<%= @port %>
Environment=PGDATA=<%= @data_dir %>

2
site-cookbooks/kosmos-postgresql/metadata.rb
View File

@ -19,4 +19,4 @@ chef_version '>= 12.14' if respond_to?(:chef_version)
#
# source_url 'https://github.com/<insert_org_here>/kosmos-postgresql'
depends "postgresql", "= 6.1.1"
depends "postgresql", ">= 7.0.0"

17
site-cookbooks/kosmos-postgresql/recipes/default.rb
View File

@ -4,13 +4,14 @@
#
# Copyright:: 2019, Kosmos, All Rights Reserved.
node.override['postgresql']['enable_pgdg_apt'] = false
# See https://github.com/sous-chefs/postgresql/issues/480
node.override['postgresql']['pg_gem']['version'] = '0.21.0'
include_recipe "postgresql::server"
include_recipe "postgresql::ruby"
unless node.chef_environment == "development"
node.override['postgresql']['config_pgtune']['db_type'] = "web"
include_recipe "postgresql::config_pgtune"
postgresql_server_install "main" do
version "10"
setup_repo false
action :install
end
postgresql_client_install "main" do
version "10"
setup_repo false
action :install
end