kosmos/chef
kosmos
/
chef
8
3
Fork 0
Code Issues 34 Pull Requests 2 Projects 1 Activity

WIP: Set up ejabberd for kosmos.org #24

Closed
greg wants to merge 25 commits from feature/7-ejabberd_rebased into master
pull from: feature/7-ejabberd_rebased
merge into: kosmos:master
Conversation 3 Commits 25 Files Changed 71 +2811 -2657
71 changed files with 2811 additions and 2657 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Berksfile
View File

@ -34,7 +34,7 @@ cookbook 'firewall', '~> 2.6.3'
cookbook 'nginx', '= 9.0.0'
cookbook 'build-essential', '~> 8.1.1'
cookbook 'mysql', '= 6.1.3'
cookbook 'postgresql', '= 6.1.1'
cookbook 'postgresql', '= 7.1.3'
cookbook 'apt', '~> 7.0.0'
cookbook 'git', '= 6.0.0'
cookbook 'hostsfile', '= 2.4.5'

7
Berksfile.lock
View File

@ -47,7 +47,7 @@ DEPENDENCIES
poise-ruby-build (= 1.1.0)
poise-service (~> 1.5.2)
postfix (= 5.0.2)
postgresql (= 6.1.1)
postgresql (= 7.1.3)
redis
git: https://github.com/phlipper/chef-redis.git
revision: 7476279fc9c8727f082b8d77b5e1922dc2ef437b
@ -181,10 +181,7 @@ GRAPH
poise-service (1.5.2)
poise (~> 2.0)
postfix (5.0.2)
postgresql (6.1.1)
build-essential (>= 2.0.0)
compat_resource (>= 12.16.3)
openssl (>= 4.0)
postgresql (7.1.3)
rbac (1.0.3)
redis (0.5.6)
apt (>= 0.0.0)

2
cookbooks/postgresql/.foodcritic
View File

@ -1,2 +0,0 @@
~FC037
~FC016

366
cookbooks/postgresql/CHANGELOG.md
View File

@ -1,6 +1,61 @@
# postgresql Cookbook CHANGELOG
This file is used to list changes made in each version of the postgresql cookbook.
This file is used to list changes made in the last 3 major versions of the postgresql cookbook.
## Unreleased
## v7.1.3 (15-01-2019)
- Added support for dash in database role name.
## v7.1.2 (06-01-2019)
- Cleanup and update the user resource documentation and code. Removed extraneous 'sensitive' property which is a common property in all Chef resources.
- Change default permissions on the postgres.conf to be world readable so that psql can work.
## v7.1.1 (26-09-2018)
- Rename slave to follower
- Use CircleCI for testing
- Simplyfy extension resource
## v7.1.0 (22-06-2018)
- Update the `initdb` script to use initdb rather than a service. #542
- Refactor database commands to use the common connect method. #535
- Increase the unit test coverage.
## v7.0.0 (25-05-2018)
_Breaking Change_ Please see UPGRADING.md and the README.md for information how to use.
- Add custom resources for:
- `postgresql_client_install`
- `postgresql_server_install`
- `postgresql_repository`
- `postgresql_pg_gem`
- Deprecate recipes:
- `apt_pgdg_postgresql`
- `config_initdb`
- `config_pgtune`
- `contrib`
- `ruby`
- `yum_pgdg_postgresql`
- Remove deprecated tests
## v6.1.3 (2018-04-18)
- Fix recipes referencing the old helpers
## v6.1.2 (2018-04-16)
**this will be the last release of the 6.0 series before all recipes are removed from the cookbook**
- Deprecate all recipes
## v6.1.1 (2017-03-08)
@ -92,312 +147,3 @@ This file is used to list changes made in each version of the postgresql cookboo
- Remove logic in the apt_pgdg_postgresql recipe that made Chef fail when new distro releases came out
- Avoid node.set deprecation warnings
- Avoid managed_home deprecation warnings in server_redhat recipe
## v4.0.6
- Add 16.04 Xenial to the allowed list
## v4.0.4
- Add leading pound symbol on pg_hba.conf template comment line
- Update gem install for compile_time to correct deprication warning
- Add support Ubuntu Wily Werewolf pgdg apt repository
- test-kitchen platforms for Centos 7.2 and Ubuntu 15.04
- Fixes PostgreSQL version & package name defaults for EL7 distros
- Add appropriate systemd unit file overrides for EL7 distros
## v4.0.2
- Add Code of Conduct
- Add Rubocop
- Clean up of syntax in many places as result of adding and evaluating Rubocop
- Updates to test-kitchen.yml
- added additional attribute for people who are importing pgdg packages for internal repositories
- `default['postgresql']['use_pgdg_packages'] = false`
## v4.0.0
**WARNING: Please read carefully through the stated changes, as they probably will break your current setup and can result in duplicate postgresql versions being installed, configuration corruption and data loss! This list might not be complete, so be careful when using the 4.x version and make sure to test it extensively before production use!**
When in doubt, put the following in your `Berksfile` until you are ready to upgrade:
```ruby
cookbook 'postgresql', '~> 3.4.0'
```
- Potential breaking change: Restructured default attributes to avoid compile time deriving other attribute values from value of the `node[postgresql][version]` (#313, #302, #295, #288, #280, #261, #260, #254, #248, #217, #214, #167, #143). If you specify a custom postgresql version, make sure to adapt the following attributes as well:
```ruby
default['postgresql']['dir'] = "/etc/postgresql/#{node['postgresql']['version']}/main"
default['postgresql']['client']['packages'] = [ "postgresql-client-#{node['postgresql']['version']}", 'libpq-dev' ]
default['postgresql']['server']['packages'] = [ "postgresql-#{node['postgresql']['version']}" ]
default['postgresql']['contrib']['packages'] = [ "postgresql-contrib-#{node['postgresql']['version']}" ]
```
- Potential breaking change: SSL configuration parameters. Due to the new structuring, make sure you set all SSL attributes to `override` when specifying them in a cookbook:
```ruby
override['postgresql']['config']['ssl'] = true
override['postgresql']['config']['ssl_cert_file'] = "/path/to/cert.crt"
override['postgresql']['config']['ssl_key_file'] = "/path/to/cert.key"
override['postgresql']['config']['ssl_ciphers'] = "<my cipher suite>"
```
- Potential breaking change: Some node attributes are now persistet in your node configuration. This affects the following attributes:
```json
"config": {
"data_directory": "/var/lib/postgresql/9.4/main",
"hba_file": "/etc/postgresql/9.4/main/pg_hba.conf",
"ident_file": "/etc/postgresql/9.4/main/pg_ident.conf",
"external_pid_file": "/var/run/postgresql/9.4-main.pid",
"unix_socket_directories": "/var/run/postgresql",
"ssl_cert_file": "/etc/ssl/certs/ssl-cert-snakeoil.pem",
"ssl_key_file": "/etc/ssl/private/ssl-cert-snakeoil.key"
}
```
- Potential breaking change: Parsing of attributes from node/ environment configuration. It has been reported that setting the `node['postgresql']['client']['packages']` attribute in a cookbook might result in the default version of the postgresql client package being installed alongside the required version. This might affect the server packages as well.
- Correct issues which caused the inability to override installation version defaults
- Correct issues which caused configuration file entries with miss matching version numbers and incorrect file system paths being defined
- Remove method pgdgrepo_rpm_info compile time use of derived attributes case many issues
- Use correct directory path and check for the correct not_if condition to determine if the database has been initialized
- Ensure that correct packages are installed in all scenarios where pg gem is compiled
- Fix errors in configuration files for unix_socket_directory and unix_socket_directories
- Updates to test-kitchen suite configuration
- Added more grey hair to my beard
## v3.4.24
- Corrections to address repositories signed with newer certificates that some distributions have in their default ca-certificates package
- Updates to more accurately determine distributions service init systems adds better support for systemd systems
- Correct how version attribute is evaluated in certain places
- test-kitchen suite configuration corrections
- Opensuse support
## v3.4.23
- Skipping 3.4.22 with Develop branch 3.4.23 to return to releasing cookbook from master on even numbers and develop on odd numbers.
## v3.4.21
- Use more optimistic openssl version constraint
- Add Postgresql 9.4 package sources for RHEL platforms
- Update testing infrastructure to address bit rot
## v3.4.20
- Revert [#251](https://github.com/sous-chefs/postgresql/pull/251), a change which caused the postgresql service to restart every Chef run.
## v3.4.19
- node.save could better not be run on every chef run since it causes node.default attributes stored to the node objects to differ during a chef run and when
- Missing attribute in docs for yum_pgdg_postgresql
- restart postgres service immediately on config change
- Run restart command right away on the postgresql service.
- Add kitchen test for shared_preload_libraries & extension setup.
- Fix install order of contrib packages to fix pg_stat_statements issues.
- Add Debian Jessie to whitelist for apt.postgresql.org repo
- Install version 9.4 on Debian Jessie
- add amazon 2015
- add rhel7 support
## v3.4.18
- Revert changes from #201 with the intention of revisiting these changes as part of the next major version release.
- Specify version constraint on openssl cookbook due to an upstream release mishap
## v3.4.16
- Changed hard coded value to attribute #219
- Correction for directory creation under debian, etc. #222
- Fedora 20 yum support #223
- Define version-sensitive attributes in a recipe #201
## v3.4.14
- Support apt repository for Ubuntu Utopic 14.10
- Do not try and set password on standby hosts
## v3.4.12
- Create configuration templates at the appropriate time
- If template is updated restart service changed to default of :delayed
- Fix SSL for PostgreSQL versions < 9.2
## v3.4.10
- correct conditional error created in 3.4.8.
## v3.4.8
- Correct scenario where work_mem could be set to 0 if con is greater than mem Issue #185
- Add Centos7 suites to kitchen configuration
## v3.4.6
- Don't include the pgdg recipes on the wrong machine types
- Add missing dir /etc/sysconfig/pgsl for centos7
- CentOS 7 package support
## v3.4.4
- fix packages on SLES11SP2 and higher
- [COOK-4737] Add flag to control database user password behavior
- add amazon platform rpm info
- Fix issues with the server_redhat recipe on Fedora 16 and later
- attribute typo correction
- correctly check and set max_connections to an integer
## v3.4.2
- Changed the Gem::Installer::ExtensionBuildError to a Mixlib::ShellOut::ShellCommandFailed
## v3.4.1
- Added support for Ubuntu 14.04 and Postgresql 9.3
- Fix [COOK-3490] <https://tickets.opscode.com/browse/COOK-3490>
## v3.4.0
Updated CONTRIBUTING document. Refreshed test kitchen configuration. Merged Pull Requests: 122, 116, 104, 102, 99, 96, 93, 90.
## v3.3.4
Testing
## v3.3.2
- Testing maintainer transfer to Heavywater with Opscode as collaborator
## v3.3.0
### Bug
- **[COOK-3851](https://tickets.opscode.com/browse/COOK-3851)** - Postgresql: reload after config change does not pick up certain configuration changes
- **[COOK-3611](https://tickets.opscode.com/browse/COOK-3611)** - unix_socket_directory does not exists in 9.3
- **[COOK-2954](https://tickets.opscode.com/browse/COOK-2954)** - PostgreSQL installation ignores version attribute on CentOS >= 6
## v3.2.0
- [COOK-3717] Pgdg repositories improvements
- [COOK-3756] Change postgresql.conf mode from 0600 to 0644
## v3.1.0
### Improvement
- **[COOK-3685](https://tickets.opscode.com/browse/COOK-3685)** - Upgrade Repo Attributes for Postgresql 9.3
- **[COOK-3597](https://tickets.opscode.com/browse/COOK-3597)** - Fix implementation of `initdb_locale` attribute for RHEL
- **[COOK-3566](https://tickets.opscode.com/browse/COOK-3566)** - Give the user's rules more priority than the default ones in pg_hba
- **[COOK-3553](https://tickets.opscode.com/browse/COOK-3553)** - Remove automatic `apt-get update`
### Bug
- **[COOK-3611](https://tickets.opscode.com/browse/COOK-3611)** - Remove `unix_socket_directory` (it does not exists in 9.3)
- **[COOK-3599](https://tickets.opscode.com/browse/COOK-3599)** - Automatically add PGDG apt repo dependency on PostgreSQL version
- **[COOK-3555](https://tickets.opscode.com/browse/COOK-3555)** - Documentation Fix
- **[COOK-2383](https://tickets.opscode.com/browse/COOK-2383)** - Update Postgres version in attributes
## v3.0.4
### Bug
- **[COOK-3173](https://tickets.opscode.com/browse/COOK-3173)** - Use :reload instead of :restart on conf changes
- **[COOK-2939](https://tickets.opscode.com/browse/COOK-2939)** - Fix RedHat support
## v3.0.2
### Bug
- [COOK-3076]: postgresql::ruby recipe error when using pgdg repositories
## v3.0.0
This is a backwards-incompatible release because the Pitti PPA is deprecated and the recipe removed, replaced with the PGDG apt repository.
### Bug
- [COOK-2571]: Create helper library for pg extension detection
- [COOK-2797]: Contrib extension contianing '-' fails to load.
### Improvement
- [COOK-2387]: Pitti Postgresql PPA is deprecated
### Task
- [COOK-3022]: update baseboxes in .kitchen.yml
## v2.4.0
- [COOK-2163] - Dangerous "assign-postgres-password" in "recipes/server.rb" -- Can lock out dbadmin access
- [COOK-2390] - Recipes to auto-generate many postgresql.conf settings, following "initdb" and "pgtune"
- [COOK-2435] - Foodcritic fixes for postgresql cookbook
- [COOK-2476] - Installation into database of any contrib module extensions listed in a node attribute
## v2.2.2
- [COOK-2232] -Provide PGDG yum repo to install postgresql 9.x on redhat-derived distributions
## v2.2.0
- [COOK-2230] - Careful about Debian minor version numbers
- [COOK-2231] - Fix support for postgresql 9.x in server_redhat recipe
- [COOK-2238] - Postgresql recipe error in password check
- [COOK-2176] - PostgreSQL cookbook in Solo mode can cause "NoMethodError: undefined method `[]' for nil:NilClass"
- [COOK-2233] - Provide postgresql::contrib recipe to install useful server administration tools
## v2.1.0
- [COOK-1872] - Allow latest PostgreSQL deb packages to be installed
- [COOK-1961] - Postgresql config file changes with every Chef run
- [COOK-2041] - Postgres cookbook no longer installs on OpenSuSE 11.4
## v2.0.2
- [COOK-1406] - pg gem compile is unable to find libpq under Chef full stack (omnibus) installation
## v2.0.0
This version is backwards incompatible with previous versions of the cookbook due to use of `platform_family`, and the refactored configuration files using node attributes. See README.md for details on how to modify configuration of PostgreSQL.
- [COOK-1508] - fix mixlib shellout error on SUSE
- [COOK-1744] - Add service enable & start
- [COOK-1779] - Don't run apt-get update and others in ruby recipe if pg is installed
- [COOK-1871] - Attribute driven configuration files for PostgreSQL
- [COOK-1900] - don't assume ssl on all postgresql 8.4+ installs
- [COOK-1901] - fail a chef-solo run when the postgres password attribute is not set
## v1.0.0
**Important note for this release**
This version no longer installs Ruby bindings in the client recipe by default. Use the ruby recipe if you'd like the RubyGem. If you'd like packages for your distribution, use them in your application's specific cookbook/recipe, or modify the client packages attribute.
This resolves the following tickets.
- COOK-1011
- COOK-1534
The following issues are also resolved with this release.
- [COOK-1011] - Don't install postgresql packages during compile phase and remove pg gem installation
- [COOK-1224] - fix undefined variable on Debian
- [COOK-1462] - Add attribute for specifying listen address
## v0.99.4
- [COOK-421] - config template is malformed
- [COOK-956] - add make package on ubuntu/debian
## v0.99.2
- [COOK-916] - use < (with float) for version comparison.
## v0.99.0
- Better support for Red Hat-family platforms
- Integration with database cookbook
- Make sure the postgres role is updated with a (secure) password

3
cookbooks/postgresql/CONTRIBUTING.md
View File

@ -4,13 +4,12 @@
### `master` branch
The master branch is the current comitted changes. These changes may not yet be released although we try to release often.
The master branch is the current committed changes. These changes may not yet be released although we try to release often.
## Tags
All releases are tagged in git. To see the releases available to you see the changelog or the tags directly.
## Pull requests
- <https://github.com/sous-chefs/postgresql/pulls>

503
cookbooks/postgresql/README.md
View File

@ -1,273 +1,420 @@
# postgresql cookbook
# PostgreSQL cookbook
[![Build Status](https://travis-ci.org/sous-chefs/postgresql.svg?branch=master)](https://travis-ci.org/sous-chefs/postgresql) [![Cookbook Version](https://img.shields.io/cookbook/v/postgresql.svg)](https://supermarket.chef.io/cookbooks/postgresql)
[![CircleCI](https://circleci.com/gh/sous-chefs/postgresql/tree/master.svg?style=svg)](https://circleci.com/gh/sous-chefs/postgresql/tree/master) [![Cookbook Version](https://img.shields.io/cookbook/v/postgresql.svg)](https://supermarket.chef.io/cookbooks/postgresql) [![pullreminders](https://pullreminders.com/badge.svg)](https://pullreminders.com?ref=badge)
Installs and configures PostgreSQL as a client or a server.
## Upgrading
If you are wondering where all the recipes went in v7.0+, or how on earth I use this new cookbook please see upgrading.md for a full description.
## Requirements
### Platforms
- Amazon Linux
- Debian 7+
- Ubuntu 12.04+
- Red Hat/CentOS/Scientific (6.0+ required) - "EL6-family"
- Ubuntu 14.04+
- Red Hat/CentOS/Scientific 6+
- Fedora
- SLES 12+
- openSUSE 13+ / openSUSE Leap
### PostgreSQL version
We follow the currently supported versions listed on <https://www.postgresql.org/support/versioning/>
### Chef
- Chef 12.1+
- Chef 13.8+
### Cookbooks
### Cookbook Dependencies
- `compat_resource`
- `openssl`
- `build-essential`
None.
## Attributes
## Resources
The following attributes are set based on the platform, see the `attributes/default.rb` file for default values.
### postgresql_client_install
- `node['postgresql']['version']` - version of postgresql to manage
- `node['postgresql']['dir']` - home directory of where postgresql data and configuration lives.
- `node['postgresql']['client']['packages']` - An array of package names that should be installed on "client" systems.
- `node['postgresql']['server']['packages']` - An array of package names that should be installed on "server" systems.
- `node['postgresql']['server']['config_change_notify']` - Type of notification triggered when a config file changes.
- `node['postgresql']['contrib']['packages']` - An array of package names that could be installed on "server" systems for useful sysadmin tools.
- `node['postgresql']['enable_pgdg_apt']` - Whether to enable the apt repo by the PostgreSQL Global Development Group, which contains newer versions of PostgreSQL.
- `node['postgresql']['enable_pgdg_yum']` - Whether to enable the yum repo by the PostgreSQL Global Development Group, which contains newer versions of PostgreSQL.
- `node['postgresql']['initdb_locale']` - Sets the default locale for the database cluster. If this attribute is not specified, the locale is inherited from the environment that initdb runs in. Sometimes you must have a system locale that is not what you want for your database cluster, and this attribute addresses that scenario. Valid only for EL-family distros (RedHat/Centos/etc.).
This resource installs PostgreSQL client packages.
The following attributes are generated in `recipe[postgresql::server]`.
#### Actions
## Configuration
- `install` - (default) Install client packages
The `postgresql.conf` and `pg_hba.conf` files are dynamically generated from attributes. Each key in `node['postgresql']['config']` is a postgresql configuration directive, and will be rendered in the config file. For example, the attribute:
#### Properties
Name | Types | Description | Default | Required?
------------------- | ----------------- | ------------------------------------------------------------- | ----------------------------------------- | ---------
`version` | String | Version of PostgreSQL to install | '9.6' | no
`setup_repo` | Boolean | Define if you want to add the PostgreSQL repo | true | no
`hba_file` | String | | `#{conf_dir}/main/pg_hba.conf` | no
`ident_file` | String | | `#{conf_dir}/main/pg_ident.conf` | no
`external_pid_file` | String | | `/var/run/postgresql/#{version}-main.pid` | no
`password` | String, nil | Pass in a password, or have the cookbook generate one for you | <random string> | no
#### Examples
To install version 9.5:
```ruby
node['postgresql']['config']['listen_addresses'] = 'localhost'
postgresql_client_install 'My PostgreSQL Client install' do
version '9.5'
end
```
Will result in the following line in the `postgresql.conf` file:
### postgresql_server_install
This resource installs PostgreSQL client and server packages.
#### Actions
- `install` - (default) Install client and server packages
- `create` - Initialize the database
#### Properties
Name | Types | Description | Default | Required?
------------------- | --------------- | --------------------------------------------- | -------------------------------------------------- | ---------
`version` | String | Version of PostgreSQL to install | '9.6' | no
`setup_repo` | Boolean | Define if you want to add the PostgreSQL repo | true | no
`hba_file` | String | Path of pg_hba.conf file | `<default_os_path>/pg_hba.conf'` | no
`ident_file` | String | Path of pg_ident.conf file | `<default_os_path>/pg_ident.conf` | no
`external_pid_file` | String | Path of PID file | `/var/run/postgresql/<version>-main.pid</version>` | no
`password` | String, nil | Set PostgreSQL user password | 'generate' | no
`port` | Integer | Set listen port of PostgreSQL service | 5432 | no
`initdb_locale` | String | Locale to initialise the database with | 'C' | no
#### Examples
To install PostgreSQL server, set your own postgres password using non-default service port.
```ruby
listen_addresses = 'localhost'
postgresql_server_install 'My PostgreSQL Server install' do
action :install
end
postgresql_server_install 'Setup my PostgreSQL 9.6 server' do
password 'MyP4ssw0rd'
port 5433
action :create
end
```
The attributes file contains default values for Debian and RHEL platform families (per the `node['platform_family']`). These defaults have disparity between the platforms because they were originally extracted from the postgresql.conf files in the previous version of this cookbook, which differed in their default config. The resulting configuration files will be the same as before, but the content will be dynamically rendered from the attributes. The helpful commentary will no longer be present. You should consult the PostgreSQL documentation for specific configuration details.
#### Known issues
See **Recipes** `config_initdb` and `config_pgtune` below to auto-generate many postgresql.conf settings.
On some platforms (e.g. Ubuntu 18.04), your `initdb_locale` should be set to the
same as the template database [GH-555](https://github.com/sous-chefs/postgresql/issues/555).
For values that are "on" or "off", they should be specified as literal `true` or `false`. String values will be used with single quotes. Any configuration option set to the literal `nil` will be skipped entirely. All other values (e.g., numeric literals) will be used as is. So for example:
### postgresql_server_conf
This resource manages postgresql.conf configuration file.
#### Actions
- `modify` - (default) Manager PostgreSQL configuration file (postgresql.conf)
#### Properties
Name | Types | Description | Default | Required?
---------------------- | ------- | --------------------------------------- | --------------------------------------------------- | ---------
`version` | String | Version of PostgreSQL to install | '9.6' | no
`data_directory` | String | Path of PostgreSQL data directory | `<default_os_data_path>` | no
`hba_file` | String | Path of pg_hba.conf file | `<default_os_conf_path>/pg_hba.conf` | no
`ident_file` | String | Path of pg_ident.conf file | `<default_os_conf_path>/pg_ident.conf` | no
`external_pid_file` | String | Path of PID file | `/var/run/postgresql/<postgresql_version>-main.pid` | no
`stats_temp_directory` | String | Path of stats file | `/var/run/postgresql/version>-main.pg_stat_tmp` | no
`port` | Integer | Set listen port of PostgreSQL service | 5432 | no
`additional_config` | Hash | Extra configuration for the config file | {} | no
#### Examples
To setup your PostgreSQL configuration with a specific data directory. If you have installed a specific version of PostgreSQL (different from 9.6), you must specify version in this resource too.
```ruby
node.default['postgresql']['config']['logging_collector'] = true
node.default['postgresql']['config']['datestyle'] = 'iso, mdy'
node.default['postgresql']['config']['ident_file'] = nil
node.default['postgresql']['config']['port'] = 5432
postgresql_server_conf 'My PostgreSQL Config' do
version '9.5'
data_directory '/data/postgresql/9.5/main'
notifies :reload, 'service[postgresql]'
end
```
Will result in the following config lines:
### postgresql_extension
This resource manages PostgreSQL extensions for a given database.
#### Actions
- `create` - (default) Creates an extension in a given database
- `drop` - Drops an extension from the database
#### Properties
Name | Types | Description | Default | Required?
------------- | ------ | -------------------------------------------------------------------------------- | ---------------- | ---------
`database` | String | Name of the database to install the extension into | | yes
`extension` | String | Name of the extension to install the database | Name of resource | yes
`version` | String | Version of the extension to install | | no
`old_version` | String | Older module name for new extension replacement. Appends FROM to extension query | | no
#### Examples
To install the `adminpack` extension:
```ruby
logging_collector = 'on'
datestyle = 'iso,mdy'
port = 5432
# Add the contrib package in Ubuntu/Debian
package 'postgresql-contrib-9.6'
# Install adminpack extension
postgresql_extension 'postgres adminpack' do
database 'postgres'
extension 'adminpack'
end
```
(no line printed for `ident_file` as it is `nil`)
### postgresql_access
Note that the `unix_socket_directory` configuration was renamed to `unix_socket_directories` in Postgres 9.3 so make sure to use the `node['postgresql']['unix_socket_directories']` attribute instead of `node['postgresql']['unix_socket_directory']`.
This resource uses the accumulator pattern to build up the `pg_hba.conf` file via chef resources instead of piling on a mountain of chef attributes to make this cookbook more reusable. It directly mirrors the configuration options of the postgres hba file in the resource and by default notifies the server with a reload to avoid a full restart, causing a potential outage of service. To revoke access, simply remove the resource and the access change won't be computed into the final `pg_hba.conf`
The `pg_hba.conf` file is dynamically generated from the `node['postgresql']['pg_hba']` attribute. This attribute must be an array of hashes, each hash containing the authorization data. As it is an array, you can append to it in your own recipes. The hash keys in the array must be symbols. Each hash will be written as a line in `pg_hba.conf`. For example, this entry from `node['postgresql']['pg_hba']`:
#### Actions
```
[{:comment => '# Optional comment',
:type => 'local', :db => 'all', :user => 'postgres', :addr => nil, :method => 'md5'}]
- `grant` - (default) Creates an access line inside of `pg_hba.conf`
#### Properties
Name | Types | Description | Default | Required?
--------------- | ------ | ----------------------------------------------------------------------------------------- | ----------------- | ---------
`name` | String | Name of the access resource, this is left as a comment inside the `pg_hba` config | Resource name | yes
`source` | String | The cookbook template filename if you want to use your own custom template | 'pg_hba.conf.erb' | yes
`cookbook` | String | The cookbook to look in for the template source | 'postgresql' | yes
`comment` | String | A comment to leave above the entry in `pg_hba` | nil | no
`access_type` | String | The type of access, e.g. local or host | 'local' | yes
`access_db` | String | The database to access. Can use 'all' for all databases | 'all' | yes
`access_user` | String | The user accessing the database. Can use 'all' for any user | 'all' | yes
`access_addr` | String | The address(es) allowed access. Can be nil if method ident is used since it is local then | nil | no
`access_method` | String | Authentication method to use | 'ident' | yes
#### Examples
To grant access to the PostgreSQL user with ident authentication:
```ruby
postgresql_access 'local_postgres_superuser' do
comment 'Local postgres superuser access'
access_type 'local'
access_db 'all'
access_user 'postgres'
access_addr nil
access_method 'ident'
end
```
Will result in the following line in `pg_hba.conf`:
This generates the following line in the `pg_hba.conf`:
```
# Optional comment
local all postgres md5
# Local postgres superuser access
local all postgres ident
```
Use `nil` if the CIDR-ADDRESS should be empty (as above). Don't provide a comment if none is desired in the `pg_hba.conf` file.
Note that the following authorization rule is supplied automatically by the cookbook template. The cookbook needs this to execute SQL in the PostgreSQL server without supplying the clear-text password (which isn't known by the cookbook). Therefore, your `node['postgresql']['pg_hba']` attributes don't need to specify this authorization rule:
**Note**: The template by default generates a local access for Unix domain sockets only to support running the SQL execute resources. In Postgres version 9.1 and higher, the method is 'peer' instead of 'ident' which is identical. It looks like this:
```
# "local" is for Unix domain socket connections only
local all all ident
local all all peer
```
(By the way, the template uses `peer` instead of `ident` for PostgreSQL-9.1 and above, which has the same effect.)
### postgresql_ident
## Recipes
This resource generate `pg_ident.conf` configuration file to manage user mapping between system and PostgreSQL users.
### default
#### Actions
Includes the client recipe.
- `create` - (default) Creates an mapping line inside of `pg_ident.conf`
### client
#### Properties
Installs the packages defined in the `node['postgresql']['client']['packages']` attribute.
Name | Types | Description | Default | Required?
-------------- | ----------- | -------------------------------------------------------------------------- | ------------------- | ---------
`mapname` | String | Name of the user mapping | Resource name | yes
`source` | String | The cookbook template filename if you want to use your own custom template | 'pg_ident.conf.erb' | no
`cookbook` | String | The cookbook to look in for the template source | 'postgresql' | no
`comment` | String, nil | A comment to leave above the entry in `pg_ident` | nil | no
`system_user` | String | System user or regexp used for the mapping | None | yes
`pg_user` | String | Pg user or regexp used for the mapping | None | yes
### ruby
#### Examples
Install the `pg` gem under Chef's Ruby environment so it can be used in other recipes. The build-essential packages and postgresql client packages will be installed during the compile phase, so that the native extensions of `pg` can be compiled.
### server
Includes the `server_debian` or `server_redhat` recipe to get the appropriate server packages installed and service managed. Also manages the configuration for the server:
- generates a strong default password (via `openssl`) for `postgres`
- sets the password for postgres
- manages the `postgresql.conf` file.
- manages the `pg_hba.conf` file.
### config_initdb
Takes locale and timezone settings from the system configuration. This recipe creates `node.default['postgresql']['config']` attributes that conform to the system's locale and timezone. In addition, this recipe creates the same error reporting and logging settings that `initdb` provided: a rotation of 7 days of log files named postgresql-Mon.log, etc.
The default attributes created by this recipe are easy to override with normal attributes because of Chef attribute precedence. For example, suppose a DBA wanted to keep log files indefinitely, rolling over daily or when growing to 10MB. The Chef installation could include the `postgresql::config_initdb` recipe for the locale and timezone settings, but customize the logging settings with these node JSON attributes:
```javascript
"postgresql": {
"config": {
"log_rotation_age": "1d",
"log_rotation_size": "10MB",
"log_filename": "postgresql-%Y-%m-%d_%H%M%S.log"
}
}
```
Credits: This `postgresql::config_initdb` recipe is based on algorithms in the [source code](http://doxygen.postgresql.org/initdb_8c_source.html) for the PostgreSQL `initdb` utility.
### config_pgtune
Performance tuning. Takes the wimpy default postgresql.conf and expands the database server to be as powerful as the hardware it's being deployed on. This recipe creates a baseline configuration of `node.default['postgresql']['config']` attributes in the right general range for a dedicated Postgresql system. Most installations won't need additional performance tuning.
The only decision you need to make is to choose a `db_type` from the following database workloads. (See the recipe code comments for more detailed descriptions.)
- "dw" -- Data Warehouse
- "oltp" -- Online Transaction Processing
- "web" -- Web Application
- "mixed" -- Mixed DW and OLTP characteristics
- "desktop" -- Not a dedicated database
This recipe uses a performance model with three input parameters. These node attributes are completely optional, but it is obviously important to choose the `db_type` correctly:
- `node['postgresql']['config_pgtune']['db_type']` -- Specifies database type from the list of five choices above. If not specified, the default is "mixed".
- `node['postgresql']['config_pgtune']['max_connections']` -- Specifies maximum number of connections expected. If not specified, it depends on database type: "web":200, "oltp":300, "dw":20, "mixed":80, "desktop":5
- `node['postgresql']['config_pgtune']['total_memory']` -- Specifies total system memory in kB. (E.g., "49416564kB".) If not specified, it will be taken from Ohai automatic attributes. This could be used to tune a system that isn't a dedicated database.
The default attributes created by this recipe are easy to override with normal attributes because of Chef attribute precedence. For example, if you are running application benchmarks to try different buffer cache sizes, you would experiment with this node JSON attribute:
```javascript
"postgresql": {
"config": {
"shared_buffers": "3GB"
}
}
```
Note that the recipe uses `max_connections` in its computations. If you want to override that setting, you should specify `node['postgresql']['config_pgtune']['max_connections']` instead of `node['postgresql']['config']['max_connections']`.
Credits: This `postgresql::config_pgtune` recipe is based on the [pgtune python script](https://github.com/gregs1104/pgtune) developed by [Greg Smith](http://notemagnet.blogspot.com/2008/11/automating-initial-postgresqlconf.html) and [other pgsql-hackers](http://www.postgresql.org/message-id/491C6CDC.8090506@agliodbs.com).
### contrib
Installs the packages defined in the `node['postgresql']['contrib']['packages']` attribute. The contrib directory of the PostgreSQL distribution includes porting tools, analysis utilities, and plug-in features that database engineers often require. Some (like `pgbench`) are executable. Others (like `pg_buffercache`) would need to be installed into the database.
Also installs any contrib module extensions defined in the `node['postgresql']['contrib']['extensions']` attribute. These will be available in any subsequently created databases in the cluster, because they will be installed into the `template1` database using the `CREATE EXTENSION` command. For example, it is often necessary/helpful for problem troubleshooting and maintenance planning to install the views and functions in these [standard instrumentation extensions] ([http://www.postgresql.org/message-id/flat/4DC32600.6080900@pgexperts.com#4DD3D6C6.5060006@2ndquadrant.com](mailto:http://www.postgresql.org/message-id/flat/4DC32600.6080900@pgexperts.com#4DD3D6C6.5060006@2ndquadrant.com)):
Creates a `mymapping` mapping that map `john` system user to `user1` PostgreSQL user:
```ruby
node['postgresql']['contrib']['extensions'] = [
"pageinspect",
"pg_buffercache",
"pg_freespacemap",
"pgrowlocks",
"pg_stat_statements",
"pgstattuple"
]
postgresql_ident 'Map john to user1' do
comment 'John Mapping'
mapname 'mymapping'
system_user 'john'
pg_user 'user1'
end
```
Note that the `pg_stat_statements` view only works if `postgresql.conf` loads its shared library, which can be done with this node attribute:
This generates the following line in the `pg_ident.conf`:
```
# MAPNAME SYSTEM-USERNAME PG-USERNAME
# John Mapping
mymapping john user1
```
To grant access to the foo user with password authentication:
```ruby
node['postgresql']['config']['shared_preload_libraries'] = 'pg_stat_statements'
postgresql_access 'local_foo_user' do
comment 'Foo user access'
access_type 'host'
access_db 'all'
access_user 'foo'
access_addr '127.0.0.1/32'
access_method 'md5'
end
```
If using `shared_preload_libraries` in combination with the `contrib` recipe, make sure that the `contrib` recipe is called before the `server` recipe (to ensure the dependencies are installed and setup in order).
This generates the following line in the `pg_hba.conf`:
### apt_pgdg_postgresql
```
# Local postgres superuser access
host all foo 127.0.0.1/32 ident
```
Enables the PostgreSQL Global Development Group yum repository maintained by Devrim Gündüz for updated PostgreSQL packages. (The PGDG is the groups that develops PostgreSQL.) Automatically included if the `node['postgresql']['enable_pgdg_apt']` attribute is true. Also set the `node['postgresql']['client']['packages']` and `node['postgresql']['server]['packages']` to the list of packages to use from this repository, and set the `node['postgresql']['version']` attribute to the version to use (e.g., "9.2").
### postgresql_database
### yum_pgdg_postgresql
This resource manages PostgreSQL databases.
Enables the PostgreSQL Global Development Group yum repository maintained by Devrim Gündüz for updated PostgreSQL packages. (The PGDG is the groups that develops PostgreSQL.) Automatically included if the `node['postgresql']['enable_pgdg_yum']` attribute is true. Also use `override_attributes` to set a number of values that will need to have embedded version numbers. For example:
#### Actions
- `create` - (default) Creates the given database.
- `drop` - Drops the given database.
#### Properties
Name | Types | Description | Default | Required?
---------- | ------- | ------------------------------------------------------------------- | ------------------- | ---------
`database` | String | Name of the database to create | Resource name | yes
`user` | String | User which run psql command | 'postgres' | no
`template` | String | Template used to create the new database | 'template1' | no
`host` | String | Define the host server where the database creation will be executed | Not set (localhost) | no
`port` | Integer | Define the port of PostgreSQL server | 5432 | no
`encoding` | String | Define database encoding | 'UTF-8' | no
`locale` | String | Define database locale | 'en_US.UTF-8' | no
`owner` | String | Define the owner of the database | Not set | no
#### Examples
To create database named 'my_app' with owner 'user1':
```ruby
node['postgresql']['enable_pgdg_yum'] = true
node['postgresql']['version'] = "9.4"
node['postgresql']['dir'] = "/var/lib/pgsql/9.4/data"
node['postgresql']['config']['data_directory'] = node['postgresql']['dir']
node['postgresql']['client']['packages'] = ["postgresql94", "postgresql94-devel"]
node['postgresql']['server']['packages'] = ["postgresql94-server"]
node['postgresql']['server']['service_name'] = "postgresql-9.4"
node['postgresql']['contrib']['packages'] = ["postgresql94-contrib"]
node['postgresql']['setup_script'] = "postgresql94-setup"
postgresql_database 'my_app' do
owner 'user1'
end
```
You may set `node['postgresql']['pgdg']['repo_rpm_url']` attributes to pick up recent [PGDG repo packages](http://yum.postgresql.org/repopackages.php).
#### Known issues
On some platforms (e.g. Ubuntu 18.04), your `initdb_locale` should be set to the
same as the template database [GH-555](https://github.com/sous-chefs/postgresql/issues/555).
### postgresql_user
This resource manage PostgreSQL users.
#### Actions
- `create` - (default) Creates the given user with default or given privileges.
- `update` - Update user privilieges.
- `drop` - Deletes the given user.
#### Properties
Name | Types | Description | Default | Required?
-------------------- | ------- | ----------------------------------------------- | -------- | ---------
`create_user` | String | User to create (defaults to the resource name) | | Yes
`superuser` | Boolean | Define if user needs superuser role | false | no
`createdb` | Boolean | Define if user needs createdb role | false | no
`createrole` | Boolean | Define if user needs createrole role | false | no
`inherit` | Boolean | Define if user inherits the privileges of roles | true | no
`replication` | Boolean | Define if user needs replication role | false | no
`login` | Boolean | Define if user can login | true | no
`password` | String | Set user's password | | no
`encrypted_password` | String | Set user's password with an hashed password | | no
`valid_until` | String | Define an account expiration date | | no
`attributes` | Hash | Additional attributes for :update action | {} | no
`user` | String | User for command | postgres | no
`database` | String | Database for command | | no
`host` | String | Hostname for command | | no
`port` | Integer | Port number to connect to postgres | 5432 | no
#### Examples
Create a user `user1` with a password, with `createdb` role and set an expiration date to 2018, Dec 21.
```ruby
postgresql_user 'user1' do
password 'UserP4ssword'
createdb true
valid_until '2018-12-31'
end
```
Create a user `user1` with a password, with `createdb` role and set an expiration date to 2018, Dec 21.
```ruby
postgresql_user 'user1' do
password 'UserP4ssword'
createdb true
valid_until '2018-12-31'
end
```
## Usage
On systems that need to connect to a PostgreSQL database, add to a run list `recipe[postgresql]` or `recipe[postgresql::client]`.
To install and configure your PostgreSQL instance you need to create your own cookbook and call needed resources with your own parameters.
On systems that should be PostgreSQL servers, use `recipe[postgresql::server]` on a run list. This recipe does set a password for the `postgres` user. If you're using `chef server`, if the attribute `node['postgresql']['password']['postgres']` is not found, the recipe generates a random password and performs a node.save. (TODO: This is broken, as it disables the password.) If you're using `chef-solo`, you'll need to set the attribute `node['postgresql']['password']['postgres']` in your node's `json_attribs` file or in a role.
More examples can be found in `test/cookbooks/test/recipes`
On Debian family systems, SSL will be enabled, as the packages on Debian/Ubuntu also generate the SSL certificates. If you use another platform and wish to use SSL in postgresql, then generate your SSL certificates and distribute them in your own cookbook, and set the `node['postgresql']['config']['ssl']` attribute to true in your role/cookboook/node.
On server systems, the postgres server is restarted when a configuration file changes. This can be changed to reload only by setting the following attribute:
## Example Usage
```ruby
node['postgresql']['server']['config_change_notify'] = :reload
# cookbooks/my_postgresql/recipes/default.rb
postgresql_client_install 'PostgreSQL Client' do
setup_repo false
version '10.6'
end
postgresql_server_install 'PostgreSQL Server' do
version '10.6'
setup_repo false
password 'P0stgresP4ssword'
end
postgresql_server_conf 'PostgreSQL Config' do
notifies :reload, 'service[postgresql]'
end
```
## Chef Solo Note
## Contributing
The following node attribute is stored on the Chef Server when using `chef-client`. Because `chef-solo` does not connect to a server or save the node object at all, to have the password persist across `chef-solo` runs, you must specify them in the `json_attribs` file used. For Example:
Please refer to each project's style guidelines and guidelines for submitting patches and additions. In general, we follow the "fork-and-pull" Git workflow.
```
{
"postgresql": {
"password": {
"postgres": "iloverandompasswordsbutthiswilldo"
}
},
"run_list": ["recipe[postgresql::server]"]
}
```
1. **Fork** the repo on GitHub
2. **Clone** the project to your own machine
3. **Commit** changes to your own branch
4. **Push** your work back up to your fork
5. Submit a **Pull request** so that we can review your changes
That should actually be the "encrypted password" instead of cleartext, so you should generate it as an md5 hash using the PostgreSQL algorithm.
NOTE: Be sure to merge the latest from "upstream" before making a pull request!
- You could copy the md5-hashed password from an existing postgres database if you have `postgres` access and want to use the same password:<br>
`select * from pg_shadow where usename='postgres';`
- You can run this from any postgres database session to use a new password:<br>
`select 'md5'||md5('iloverandompasswordsbutthiswilldo'||'postgres');`
- You can run this from a linux commandline:<br>
`echo -n 'iloverandompasswordsbutthiswilldo''postgres' | openssl md5 | sed -e 's/.* /md5/'`
[Contribution informations for this project](CONTRIBUTING.md)
## License
Copyright 2010-2016, Chef Software, Inc.
Copyright 2010-2017, Chef Software, Inc.
```text
Licensed under the Apache License, Version 2.0 (the "License");

244
cookbooks/postgresql/attributes/default.rb
View File

@ -1,244 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Attributes:: postgresql
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['postgresql']['enable_pgdg_apt'] = false
default['postgresql']['enable_pgdg_yum'] = false
default['postgresql']['use_pgdg_packages'] = false
default['postgresql']['server']['config_change_notify'] = :restart
default['postgresql']['assign_postgres_password'] = true
# Establish default database name
default['postgresql']['database_name'] = 'template1'
# Sets OS init system (upstart, systemd, ...), instead of relying on Ohai
default['postgresql']['server']['init_package'] =
case node['platform']
when 'debian'
if node['platform_version'].to_f < 7.0
'sysv'
else
'systemd'
end
when 'ubuntu'
if node['platform_version'].to_f < 15.04
'upstart'
else
'systemd'
end
when 'amazon'
'upstart'
when 'redhat', 'centos', 'scientific', 'oracle'
if node['platform_version'].to_i < 7
'sysv'
else
'systemd'
end
when 'fedora'
'systemd'
when 'opensuse', 'opensuseleap'
'systemd'
else
'upstart'
end
case node['platform']
when 'debian'
if node['platform_version'].to_i == 7
default['postgresql']['version'] = '9.1'
default['postgresql']['dir'] = '/etc/postgresql/9.1/main'
default['postgresql']['client']['packages'] = ['postgresql-client-9.1', 'libpq-dev']
default['postgresql']['server']['packages'] = ['postgresql-9.1']
default['postgresql']['contrib']['packages'] = ['postgresql-contrib-9.1']
else # 8+
default['postgresql']['version'] = '9.4'
default['postgresql']['dir'] = '/etc/postgresql/9.4/main'
default['postgresql']['client']['packages'] = ['postgresql-client-9.4', 'libpq-dev']
default['postgresql']['server']['packages'] = ['postgresql-9.4']
default['postgresql']['contrib']['packages'] = ['postgresql-contrib-9.4']
end
default['postgresql']['server']['service_name'] = 'postgresql'
when 'ubuntu'
if node['platform_version'].to_f <= 13.10
default['postgresql']['version'] = '9.1'
default['postgresql']['dir'] = '/etc/postgresql/9.1/main'
default['postgresql']['server']['service_name'] = 'postgresql'
default['postgresql']['client']['packages'] = ['postgresql-client-9.1', 'libpq-dev']
default['postgresql']['server']['packages'] = ['postgresql-9.1']
default['postgresql']['contrib']['packages'] = ['postgresql-contrib-9.1']
elsif node['platform_version'].to_f <= 14.04
default['postgresql']['version'] = '9.3'
default['postgresql']['dir'] = '/etc/postgresql/9.3/main'
default['postgresql']['server']['service_name'] = 'postgresql'
default['postgresql']['client']['packages'] = ['postgresql-client-9.3', 'libpq-dev']
default['postgresql']['server']['packages'] = ['postgresql-9.3']
default['postgresql']['contrib']['packages'] = ['postgresql-contrib-9.3']
elsif node['platform_version'].to_f <= 15.10
default['postgresql']['version'] = '9.4'
default['postgresql']['dir'] = '/etc/postgresql/9.4/main'
default['postgresql']['server']['service_name'] = 'postgresql'
default['postgresql']['client']['packages'] = ['postgresql-client-9.4', 'libpq-dev']
default['postgresql']['server']['packages'] = ['postgresql-9.4']
default['postgresql']['contrib']['packages'] = ['postgresql-contrib-9.4']
else
default['postgresql']['version'] = '9.5'
default['postgresql']['dir'] = '/etc/postgresql/9.5/main'
default['postgresql']['server']['service_name'] = 'postgresql'
default['postgresql']['client']['packages'] = ['postgresql-client-9.5', 'libpq-dev']
default['postgresql']['server']['packages'] = ['postgresql-9.5']
default['postgresql']['contrib']['packages'] = ['postgresql-contrib-9.5']
end
when 'fedora'
default['postgresql']['version'] = '9.5'
default['postgresql']['setup_script'] = 'postgresql-setup'
default['postgresql']['dir'] = '/var/lib/pgsql/data'
default['postgresql']['client']['packages'] = %w(postgresql-devel postgresql-contrib)
default['postgresql']['server']['packages'] = %w(postgresql-server)
default['postgresql']['contrib']['packages'] = %w(postgresql-contrib)
default['postgresql']['server']['service_name'] = 'postgresql'
default['postgresql']['uid'] = '26'
default['postgresql']['gid'] = '26'
when 'amazon'
if node['platform_version'].to_f >= 2015.03
default['postgresql']['version'] = '9.2'
default['postgresql']['dir'] = '/var/lib/pgsql9/data'
end
default['postgresql']['client']['packages'] = %w(postgresql-devel)
default['postgresql']['server']['packages'] = %w(postgresql-server)
default['postgresql']['contrib']['packages'] = %w(postgresql-contrib)
default['postgresql']['server']['service_name'] = 'postgresql'
default['postgresql']['uid'] = '26'
default['postgresql']['gid'] = '26'
when 'redhat', 'centos', 'scientific', 'oracle'
default['postgresql']['version'] = '8.4'
default['postgresql']['client']['packages'] = 'postgresql84-devel'
default['postgresql']['server']['packages'] = ['postgresql84-server']
default['postgresql']['contrib']['packages'] = ['postgresql84-contrib']
default['postgresql']['setup_script'] = 'postgresql-setup'
default['postgresql']['server']['service_name'] = 'postgresql'
default['postgresql']['uid'] = '26'
default['postgresql']['gid'] = '26'
if node['platform_version'].to_f >= 6.0 && node['postgresql']['version'].to_f == 8.4
default['postgresql']['client']['packages'] = 'postgresql-devel'
default['postgresql']['server']['packages'] = ['postgresql-server']
default['postgresql']['contrib']['packages'] = ['postgresql-contrib']
end
if node['platform_version'].to_f >= 7.0
default['postgresql']['version'] = '9.2'
default['postgresql']['client']['packages'] = 'postgresql-devel'
default['postgresql']['server']['packages'] = ['postgresql-server']
default['postgresql']['contrib']['packages'] = ['postgresql-contrib']
end
when 'opensuse', 'opensuseleap'
default['postgresql']['dir'] = '/var/lib/pgsql/data'
default['postgresql']['uid'] = '26'
default['postgresql']['gid'] = '26'
case node['platform_version'].to_f
when 13.1
default['postgresql']['version'] = '9.2'
default['postgresql']['client']['packages'] = ['postgresql92', 'postgresql92-devel']
default['postgresql']['server']['packages'] = ['postgresql92-server']
default['postgresql']['contrib']['packages'] = ['postgresql92-contrib']
when 13.2
default['postgresql']['version'] = '9.3'
default['postgresql']['client']['packages'] = ['postgresql93', 'postgresql93-devel']
default['postgresql']['server']['packages'] = ['postgresql93-server']
default['postgresql']['contrib']['packages'] = ['postgresql93-contrib']
else # opensuseleap
default['postgresql']['version'] = '9.4'
default['postgresql']['client']['packages'] = ['postgresql94', 'postgresql94-devel']
default['postgresql']['server']['packages'] = ['postgresql94-server']
default['postgresql']['contrib']['packages'] = ['postgresql94-contrib']
end
default['postgresql']['server']['service_name'] = 'postgresql'
when 'suse' # sles 12+
default['postgresql']['version'] = '9.1'
default['postgresql']['client']['packages'] = ['postgresql91', 'rubygem-pg']
default['postgresql']['server']['packages'] = ['postgresql91-server']
default['postgresql']['contrib']['packages'] = ['postgresql91-contrib']
default['postgresql']['dir'] = '/var/lib/pgsql/data'
default['postgresql']['server']['service_name'] = 'postgresql'
end
case node['platform_family']
when 'debian'
default['postgresql']['config']['listen_addresses'] = 'localhost'
default['postgresql']['config']['port'] = 5432
default['postgresql']['config']['max_connections'] = 100
default['postgresql']['config']['shared_buffers'] = '24MB'
default['postgresql']['config']['log_line_prefix'] = '%t '
default['postgresql']['config']['datestyle'] = 'iso, mdy'
default['postgresql']['config']['default_text_search_config'] = 'pg_catalog.english'
default['postgresql']['config']['ssl'] = true
when 'rhel', 'fedora', 'suse'
default['postgresql']['config']['listen_addresses'] = 'localhost'
default['postgresql']['config']['port'] = 5432
default['postgresql']['config']['max_connections'] = 100
default['postgresql']['config']['shared_buffers'] = '32MB'
default['postgresql']['config']['logging_collector'] = true
default['postgresql']['config']['log_directory'] = 'pg_log'
default['postgresql']['config']['log_filename'] = 'postgresql-%a.log'
default['postgresql']['config']['log_truncate_on_rotation'] = true
default['postgresql']['config']['log_rotation_age'] = '1d'
default['postgresql']['config']['log_rotation_size'] = 0
default['postgresql']['config']['datestyle'] = 'iso, mdy'
default['postgresql']['config']['lc_messages'] = 'en_US.UTF-8'
default['postgresql']['config']['lc_monetary'] = 'en_US.UTF-8'
default['postgresql']['config']['lc_numeric'] = 'en_US.UTF-8'
default['postgresql']['config']['lc_time'] = 'en_US.UTF-8'
default['postgresql']['config']['default_text_search_config'] = 'pg_catalog.english'
end
default['postgresql']['pg_hba'] = [
{ type: 'local', db: 'all', user: 'postgres', addr: nil, method: 'ident' },
{ type: 'local', db: 'all', user: 'all', addr: nil, method: 'ident' },
{ type: 'host', db: 'all', user: 'all', addr: '127.0.0.1/32', method: 'md5' },
{ type: 'host', db: 'all', user: 'all', addr: '::1/128', method: 'md5' },
]
default['postgresql']['password'] = {}
# set to install a specific version of the ruby gem pg
# if attribute is not defined, install will pick the latest available pg gem
default['postgresql']['pg_gem']['version'] = nil
case node['platform_family']
when 'debian'
default['postgresql']['pgdg']['release_apt_codename'] = node['lsb']['codename']
end
default['postgresql']['initdb_locale'] = 'UTF-8'

507
cookbooks/postgresql/attributes/yum_pgdg_packages.rb
View File

@ -1,507 +0,0 @@
# frozen_string_literal: true
# The PostgreSQL RPM Building Project built repository RPMs for easy
# access to the PGDG yum repositories. Links to RPMs for installation
# on the supported version/platform combinations are listed at
# http://yum.postgresql.org/repopackages.php, and the links for
# PostgreSQL 9.2, 9.3, 9.4, 9.5 and 9.6 are captured below.
#
default['postgresql']['pgdg']['repo_rpm_url'] = {
'9.6' => {
'amazon' => {
'2015' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-i386/',
'package' => 'pgdg-ami201503-96-9.6-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-x86_64/',
'package' => 'pgdg-ami201503-96-9.6-3.noarch.rpm',
},
},
},
'centos' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-7-x86_64/',
'package' => 'pgdg-centos96-9.6-3.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-i386/',
'package' => 'pgdg-centos96-9.6-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-x86_64/',
'package' => 'pgdg-centos96-9.6-3.noarch.rpm',
},
},
},
'redhat' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-7-x86_64/',
'package' => 'pgdg-redhat96-9.6-3.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-i386/',
'package' => 'pgdg-redhat96-9.6-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-x86_64/',
'package' => 'pgdg-redhat96-9.6-3.noarch.rpm',
},
},
},
'oracle' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-7-x86_64/',
'package' => 'pgdg-oraclelinux96-9.6-3.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-i386/',
'package' => 'pgdg-oraclelinux96-9.6-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-x86_64/',
'package' => 'pgdg-oraclelinux96-9.6-3.noarch.rpm',
},
},
},
'scientific' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-7-x86_64/',
'package' => 'pgdg-sl96-9.6-3.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-i386/',
'package' => 'pgdg-sl96-9.6-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-x86_64/',
'package' => 'pgdg-sl96-9.6-3.noarch.rpm',
},
},
},
'fedora' => {
'22' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/fedora/fedora-22-x86_64/',
'package' => 'pgdg-fedora96-9.6-3.noarch.rpm',
},
},
'23' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/fedora/fedora-23-x86_64/',
'package' => 'pgdg-fedora96-9.6-3.noarch.rpm',
},
},
'24' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/fedora/fedora-24-x86_64/',
'package' => 'pgdg-fedora96-9.6-3.noarch.rpm',
},
},
'25' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.6/fedora/fedora-25-x86_64/',
'package' => 'pgdg-fedora96-9.6-3.noarch.rpm',
},
},
},
},
'9.5' => {
'amazon' => {
'2015' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-i386/',
'package' => 'pgdg-ami201503-95-9.5-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-x86_64/',
'package' => 'pgdg-ami201503-95-9.5-3.noarch.rpm',
},
},
},
'centos' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-7-x86_64/',
'package' => 'pgdg-centos95-9.5-3.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-i386/',
'package' => 'pgdg-centos95-9.5-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-x86_64/',
'package' => 'pgdg-centos95-9.5-3.noarch.rpm',
},
},
},
'redhat' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-7-x86_64/',
'package' => 'pgdg-redhat95-9.5-3.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-i386/',
'package' => 'pgdg-redhat95-9.5-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-x86_64/',
'package' => 'pgdg-redhat95-9.5-3.noarch.rpm',
},
},
},
'oracle' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-7-x86_64/',
'package' => 'pgdg-oraclelinux95-9.5-3.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-i386/',
'package' => 'pgdg-oraclelinux95-9.5-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-x86_64/',
'package' => 'pgdg-oraclelinux95-9.5-3.noarch.rpm',
},
},
},
'scientific' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-7-x86_64/',
'package' => 'pgdg-sl95-9.5-3.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-i386/',
'package' => 'pgdg-sl95-9.5-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-x86_64/',
'package' => 'pgdg-sl95-9.5-3.noarch.rpm',
},
},
},
'fedora' => {
'22' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/fedora/fedora-22-x86_64/',
'package' => 'pgdg-fedora95-9.5-3.noarch.rpm',
},
},
'23' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/fedora/fedora-23-x86_64/',
'package' => 'pgdg-fedora95-9.5-4.noarch.rpm',
},
},
'24' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/fedora/fedora-24-x86_64/',
'package' => 'pgdg-fedora95-9.5-4.noarch.rpm',
},
},
'25' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.5/fedora/fedora-25-x86_64/',
'package' => 'pgdg-fedora95-9.5-4.noarch.rpm',
},
},
},
},
'9.4' => {
'redhat' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/',
'package' => 'pgdg-redhat94-9.4-2.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-i386/',
'package' => 'pgdg-redhat94-9.4-2.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/',
'package' => 'pgdg-redhat94-9.4-2.noarch.rpm',
},
},
},
'centos' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/',
'package' => 'pgdg-centos94-9.4-2.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-i386/',
'package' => 'pgdg-centos94-9.4-2.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/',
'package' => 'pgdg-centos94-9.4-2.noarch.rpm',
},
},
'5' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-5-i386/',
'package' => 'pgdg-centos94-9.4-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-5-x86_64/',
'package' => 'pgdg-centos94-9.4-3.noarch.rpm',
},
},
},
'fedora' => {
'22' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/fedora/fedora-22-x86_64/',
'package' => 'pgdg-fedora94-9.4-4.noarch.rpm',
},
},
'23' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/fedora/fedora-23-x86_64/',
'package' => 'pgdg-fedora94-9.4-5.noarch.rpm',
},
},
'24' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/fedora/fedora-24-x86_64/',
'package' => 'pgdg-fedora94-9.4-5.noarch.rpm',
},
},
'25' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/fedora/fedora-25-x86_64/',
'package' => 'pgdg-fedora94-9.4-5.noarch.rpm',
},
},
},
'amazon' => {
'2015' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-i386/',
'package' => 'pgdg-ami201503-94-9.4-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/',
'package' => 'pgdg-ami201503-94-9.4-3.noarch.rpm',
},
},
},
'scientific' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/',
'package' => 'pgdg-sl94-9.4-3.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-i386/',
'package' => 'pgdg-sl94-9.4-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/',
'package' => 'pgdg-sl94-9.4-3.noarch.rpm',
},
},
},
'oracle' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/',
'package' => 'pgdg-oraclelinux94-9.4-3.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-i386/',
'package' => 'pgdg-oraclelinux94-9.4-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/',
'package' => 'pgdg-oraclelinux94-9.4-3.noarch.rpm',
},
},
},
},
'9.3' => {
'amazon' => {
'2015' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-i386/',
'package' => 'pgdg-redhat93-9.3-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-x86_64/',
'package' => 'pgdg-redhat93-9.3-3.noarch.rpm',
},
},
'2014' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-i386/',
'package' => 'pgdg-redhat93-9.3-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-x86_64/',
'package' => 'pgdg-redhat93-9.3-3.noarch.rpm',
},
},
},
'centos' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-7-x86_64/',
'package' => 'pgdg-centos93-9.3-3.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-i386/',
'package' => 'pgdg-centos93-9.3-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-x86_64/',
'package' => 'pgdg-centos93-9.3-3.noarch.rpm',
},
},
},
'fedora' => {
'23' => {
'x86_64' => {
'url' => 'https://yum.postgresql.org/9.3/fedora/fedora-23-x86_64/',
'package' => 'pgdg-fedora93-9.3-4.noarch.rpm',
},
},
},
'redhat' => {
'7' => {
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-7-x86_64/',
'package' => 'pgdg-redhat93-9.3-2.noarch.rpm',
},
},
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-i386/',
'package' => 'pgdg-redhat93-9.3-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-x86_64/',
'package' => 'pgdg-redhat93-9.3-3.noarch.rpm',
},
},
},
'oracle' => {
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-i386/',
'package' => 'pgdg-redhat93-9.3-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-x86_64/',
'package' => 'pgdg-redhat93-9.3-3.noarch.rpm',
},
},
},
'scientific' => {
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-i386/',
'package' => 'pgdg-sl93-9.3-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-x86_64/',
'package' => 'pgdg-sl93-9.3-3.noarch.rpm',
},
},
'5' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-5-i386/',
'package' => 'pgdg-sl93-9.3-3.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-5-x86_64/',
'package' => 'pgdg-sl93-9.3-3.noarch.rpm',
},
},
},
},
'9.2' => {
'centos' => {
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.2/redhat/rhel-6-i386/',
'package' => 'pgdg-centos92-9.2-8.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.2/redhat/rhel-6-x86_64/',
'package' => 'pgdg-centos92-9.2-8.noarch.rpm',
},
},
},
'redhat' => {
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.2/redhat/rhel-6-i386/',
'package' => 'pgdg-redhat92-9.2-9.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.2/redhat/rhel-6-x86_64/',
'package' => 'pgdg-redhat92-9.2-9.noarch.rpm',
},
},
},
'oracle' => {
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.2/redhat/rhel-6-i386/',
'package' => 'pgdg-redhat92-9.2-9.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.2/redhat/rhel-6-x86_64/',
'package' => 'pgdg-redhat92-9.2-9.noarch.rpm',
},
},
},
'scientific' => {
'6' => {
'i386' => {
'url' => 'http://yum.postgresql.org/9.2/redhat/rhel-6-i386/',
'package' => 'pgdg-sl92-9.2-10.noarch.rpm',
},
'x86_64' => {
'url' => 'http://yum.postgresql.org/9.2/redhat/rhel-6-x86_64/',
'package' => 'pgdg-sl92-9.2-10.noarch.rpm',
},
},
},
},
}

307
cookbooks/postgresql/libraries/default.rb
View File

@ -1,307 +0,0 @@
# frozen_string_literal: false
#
# Cookbook:: postgresql
# Library:: default
# Author:: David Crane (<davidc@donorschoose.org>)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include Chef::Mixin::ShellOut
module Opscode
module PostgresqlHelpers
#######
# Function to truncate value to 4 significant bits, render human readable.
# Used in recipes/config_initdb.rb to set this attribute:
#
# The memory settings (shared_buffers, effective_cache_size, work_mem,
# maintenance_work_mem and wal_buffers) will be rounded down to keep
# the 4 most significant bits, so that SHOW will be likely to use a
# larger divisor. The output is actually a human readable string that
# ends with "GB", "MB" or "kB" if over 1023, exactly what Postgresql
# will expect in a postgresql.conf setting. The output may be up to
# 6.25% less than the original value because of the rounding.
def binaryround(value)
# Keep a multiplier which grows through powers of 1
multiplier = 1
# Truncate value to 4 most significant bits
while value >= 16
value = (value / 2).floor
multiplier *= 2
end
# Factor any remaining powers of 2 into the multiplier
while value == 2 * (value / 2).floor
value = (value / 2).floor
multiplier *= 2
end
# Factor enough powers of 2 back into the value to
# leave the multiplier as a power of 1024 that can
# be represented as units of "GB", "MB" or "kB".
if multiplier >= 1024 * 1024 * 1024
while multiplier > 1024 * 1024 * 1024
value = 2 * value
multiplier = (multiplier / 2).floor
end
multiplier = 1
units = 'GB'
elsif multiplier >= 1024 * 1024
while multiplier > 1024 * 1024
value = 2 * value
multiplier = (multiplier / 2).floor
end
multiplier = 1
units = 'MB'
elsif multiplier >= 1024
while multiplier > 1024
value = 2 * value
multiplier = (multiplier / 2).floor
end
multiplier = 1
units = 'kB'
else
units = ''
end
# Now we can return a nice human readable string.
"#{multiplier * value}#{units}"
end
#######
# Locale Configuration
# Function to test the date order.
# Used in recipes/config_initdb.rb to set this attribute:
# node.default['postgresql']['config']['datestyle']
def locale_date_order
# Test locale conversion of mon=11, day=22, year=33
testtime = DateTime.new(2033, 11, 22, 0, 0, 0, '-00:00')
#=> #<DateTime: 2033-11-22T00:00:00-0000 ...>
# %x - Preferred representation for the date alone, no time
res = testtime.strftime('%x')
return 'mdy' if res.nil?
posM = res.index('11')
posD = res.index('22')
posY = res.index('33')
if posM.nil? || posD.nil? || posY.nil?
return 'mdy'
elseif (posY < posM && posM < posD)
return 'ymd'
elseif (posD < posM)
return 'dmy'
end
'mdy'
end
#######
# Timezone Configuration
require 'find'
# Function to determine where the system stored shared timezone data.
# Used in recipes/config_initdb.rb to detemine where it should have
# select_default_timezone(tzdir) search.
def pg_TZDIR
# System time zone conversions are controlled by a timezone data file
# identified through environment variables (TZ and TZDIR) and/or file
# and directory naming conventions specific to the Linux distribution.
# Each of these timezone names will have been loaded into the PostgreSQL
# pg_timezone_names view by the package maintainer.
#
# Instead of using the timezone name configured as the system default,
# the PostgreSQL server uses ones named in postgresql.conf settings
# (timezone and log_timezone). The initdb utility does initialize those
# settings to the timezone name that corresponds to the system default.
#
# The system's timezone name is actually a filename relative to the
# shared zoneinfo directory. That is usually /usr/share/zoneinfo, but
# it was /usr/lib/zoneinfo in older distributions and can be anywhere
# if specified by the environment variable TZDIR. The tzset(3) manpage
# seems to indicate the following precedence:
tzdir = nil
if ::File.directory?('/usr/lib/zoneinfo')
tzdir = '/usr/lib/zoneinfo'
else
share_path = [ENV['TZDIR'], '/usr/share/zoneinfo'].compact.first
tzdir = share_path if ::File.directory?(share_path)
end
tzdir
end
#######
# Function to support select_default_timezone(tzdir), which is
# used in recipes/config_initdb.rb.
def validate_zone(tzname)
# PostgreSQL does not support leap seconds, so this function tests
# the usual Linux tzname convention to avoid a misconfiguration.
# Assume that the tzdata package maintainer has kept all timezone
# data files with support for leap seconds is kept under the
# so-named "right/" subdir of the shared zoneinfo directory.
#
# The original PostgreSQL initdb is not Unix-specific, so it did a
# very complicated, thorough test in its pg_tz_acceptable() function
# that I could not begin to understand how to do in ruby :).
#
# Testing the tzname is good enough, since a misconfiguration
# will result in an immediate fatal error when the PostgreSQL
# service is started, with pgstartup.log messages such as:
# LOG: time zone "right/US/Eastern" appears to use leap seconds
# DETAIL: PostgreSQL does not support leap seconds.
if tzname.index('right/') == 0
false
else
true
end
end
# Function to support select_default_timezone(tzdir), which is
# used in recipes/config_initdb.rb.
def scan_available_timezones(tzdir)
# There should be an /etc/localtime zoneinfo file that is a link to
# (or a copy of) a timezone data file under tzdir, which should have
# been installed under the "share" directory by the tzdata package.
#
# The initdb utility determines which shared timezone file is being
# used as the system's default /etc/localtime. The timezone name is
# the timezone file path relative to the tzdir.
bestzonename = nil
if tzdir.nil?
Chef::Log.error('The zoneinfo directory not found (looked for /usr/share/zoneinfo and /usr/lib/zoneinfo)')
elsif !::File.exist?('/etc/localtime')
Chef::Log.error('The system zoneinfo file not found (looked for /etc/localtime)')
elsif ::File.directory?('/etc/localtime')
Chef::Log.error('The system zoneinfo file not found (/etc/localtime is a directory instead)')
elsif ::File.symlink?('/etc/localtime')
# PostgreSQL initdb doesn't use the symlink target, but this
# certainly will make sense to any system administrator. A full
# scan of the tzdir to find the shortest filename could result
# "US/Eastern" instead of "America/New_York" as bestzonename,
# in spite of what the sysadmin had specified in the symlink.
# (There are many duplicates under tzdir, with the same timezone
# content appearing as an average of 2-3 different file names.)
path = ::File.realdirpath('/etc/localtime')
bestzonename = path.gsub("#{tzdir}/", '')
else # /etc/localtime is a file, so scan for it under tzdir
localtime_content = File.read('/etc/localtime')
Find.find(tzdir) do |path|
# Only consider files (skip directories or symlinks)
next unless !::File.directory?(path) && !::File.symlink?(path)
# Ignore any file named "posixrules" or "localtime"
next unless ::File.basename(path) != 'posixrules' && ::File.basename(path) != 'localtime'
# Do consider if content exactly matches /etc/localtime.
next unless localtime_content == File.read(path)
tzname = path.gsub("#{tzdir}/", '')
next unless validate_zone(tzname)
if bestzonename.nil? ||
tzname.length < bestzonename.length ||
(tzname.length == bestzonename.length &&
(tzname <=> bestzonename) < 0)
bestzonename = tzname
end
end
end
bestzonename
end
# Function to support select_default_timezone(tzdir), which is
# used in recipes/config_initdb.rb.
def identify_system_timezone(tzdir)
resultbuf = scan_available_timezones(tzdir)
if !resultbuf.nil?
# Ignore Olson's rather silly "Factory" zone; use GMT instead
resultbuf = nil if (resultbuf <=> 'Factory') == 0
else
# Did not find the timezone. Fallback to use a GMT zone. Note that the
# Olson timezone database names the GMT-offset zones in POSIX style: plus
# is west of Greenwich.
testtime = DateTime.now
std_ofs = testtime.strftime('%:z').split(':')[0].to_i
resultbuf = [
'Etc/GMT',
-std_ofs > 0 ? '+' : '',
(-std_ofs).to_s,
].join('')
end
resultbuf
end
#######
# Function to determine the name of the system's default timezone.
# Used in recipes/config_initdb.rb to set these attributes:
# node.default['postgresql']['config']['log_timezone']
# node.default['postgresql']['config']['timezone']
def select_default_timezone(tzdir)
system_timezone = nil
# Check TZ environment variable
tzname = ENV['TZ']
if !tzname.nil? && !tzname.empty? && validate_zone(tzname)
system_timezone = tzname
else
# Nope, so try to identify system timezone from /etc/localtime
tzname = identify_system_timezone(tzdir)
system_timezone = tzname if validate_zone(tzname)
end
system_timezone
end
#######
# Function to execute an SQL statement in the default database.
# Input: Query could be a single String or an Array of String.
# Output: A String with |-separated columns and \n-separated rows.
# Note an empty output could mean psql couldn't connect.
# This is easiest for 1-field (1-row, 1-col) results, otherwise
# it will be complex to parse the results.
def execute_sql(query, db_name = node['postgresql']['database_name'])
# query could be a String or an Array of String
statement = query.is_a?(String) ? query : query.join("\n")
cmd = shell_out("psql -q --tuples-only --no-align -d #{db_name} -f -",
user: 'postgres',
input: statement)
# If psql fails, generally the postgresql service is down.
# Instead of aborting chef with a fatal error, let's just
# pass these non-zero exitstatus back as empty cmd.stdout.
if cmd.exitstatus == 0 && !cmd.stderr.empty?
# An SQL failure is still a zero exitstatus, but then the
# stderr explains the error, so let's rais that as fatal.
Chef::Log.fatal("psql failed executing this SQL statement:\n#{statement}")
Chef::Log.fatal(cmd.stderr)
raise 'SQL ERROR'
end
cmd.stdout.chomp
end
# End the Opscode::PostgresqlHelpers module
end
end

247
cookbooks/postgresql/libraries/helpers.rb Normal file
View File

@ -0,0 +1,247 @@
#
# Cookbook:: postgresql
# Library:: helpers
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module PostgresqlCookbook
module Helpers
include Chef::Mixin::ShellOut
require 'securerandom'
def psql_command_string(new_resource, query, grep_for: nil, value_only: false)
cmd = "/usr/bin/psql -c \"#{query}\""
cmd << " -d #{new_resource.database}" if new_resource.database
cmd << " -U #{new_resource.user}" if new_resource.user
cmd << " --host #{new_resource.host}" if new_resource.host
cmd << " --port #{new_resource.port}" if new_resource.port
cmd << ' --tuples-only' if value_only
cmd << " | grep #{grep_for}" if grep_for
cmd
end
def execute_sql(new_resource, query)
# If we don't pass in a user to the resource
# default to the postgres user
user = new_resource.user ? new_resource.user : 'postgres'
# Query could be a String or an Array of Strings
statement = query.is_a?(String) ? query : query.join("\n")
cmd = shell_out(statement, user: user)
# Pass back cmd so we can decide what to do with it in the calling method.
cmd
end
def database_exists?(new_resource)
sql = %(SELECT datname from pg_database WHERE datname='#{new_resource.database}')
exists = psql_command_string(new_resource, sql, grep_for: new_resource.database)
cmd = execute_sql(new_resource, exists)
cmd.exitstatus == 0
end
def user_exists?(new_resource)
sql = %(SELECT rolname FROM pg_roles WHERE rolname='#{new_resource.create_user}';)
exists = psql_command_string(new_resource, sql, grep_for: new_resource.create_user)
cmd = execute_sql(new_resource, exists)
cmd.exitstatus == 0
end
def extension_installed?(new_resource)
query = %(SELECT extversion FROM pg_extension WHERE extname='#{new_resource.extension}';)
check_extension_version = psql_command_string(new_resource, query, value_only: true)
version_result = execute_sql(new_resource, check_extension_version)
if new_resource.version
version_result.stdout == new_resource.version
else
!version_result.stdout.nil?
end
end
def alter_role_sql(new_resource)
sql = %(ALTER ROLE postgres ENCRYPTED PASSWORD '#{postgres_password(new_resource)}';)
psql_command_string(new_resource, sql)
end
def create_extension_sql(new_resource)
sql = "CREATE EXTENSION IF NOT EXISTS #{new_resource.extension}"
sql << " FROM \"#{new_resource.old_version}\"" if new_resource.old_version
psql_command_string(new_resource, sql)
end
def user_has_password?(new_resource)
sql = %(SELECT rolpassword from pg_authid WHERE rolname='postgres' AND rolpassword IS NOT NULL;)
cmd = psql_command_string(new_resource, sql)
res = execute_sql(new_resource, cmd)
res.stdout =~ /1 row/ ? true : false
end
def role_sql(new_resource)
sql = %(\\"#{new_resource.create_user}\\" WITH )
%w(superuser createdb createrole inherit replication login).each do |perm|
sql << "#{'NO' unless new_resource.send(perm)}#{perm.upcase} "
end
sql << if new_resource.encrypted_password
"ENCRYPTED PASSWORD '#{new_resource.encrypted_password}'"
elsif new_resource.password
"PASSWORD '#{new_resource.password}'"
else
''
end
sql << if new_resource.valid_until
" VALID UNTIL '#{new_resource.valid_until}'"
else
''
end
end
def create_user_sql(new_resource)
sql = %(CREATE ROLE #{role_sql(new_resource)})
psql_command_string(new_resource, sql)
end
def update_user_sql(new_resource)
sql = %(ALTER ROLE #{role_sql(new_resource)})
psql_command_string(new_resource, sql)
end
def update_user_with_attributes_sql(new_resource, value)
sql = %(ALTER ROLE '#{new_resource.create_user}' SET #{attr} = #{value})
psql_command_string(new_resource, sql)
end
def drop_user_sql(new_resource)
sql = %(DROP ROLE IF EXISTS '#{new_resource.create_user}')
psql_command_string(new_resource, sql)
end
def data_dir(version = node.run_state['postgresql']['version'])
case node['platform_family']
when 'rhel', 'fedora'
"/var/lib/pgsql/#{version}/data"
when 'amazon'
if node['virtualization']['system'] == 'docker'
"/var/lib/pgsql#{version.delete('.')}/data"
else
"/var/lib/pgsql/#{version}/data"
end
when 'debian'
"/var/lib/postgresql/#{version}/main"
end
end
def conf_dir(version = node.run_state['postgresql']['version'])
case node['platform_family']
when 'rhel', 'fedora'
"/var/lib/pgsql/#{version}/data"
when 'amazon'
if node['virtualization']['system'] == 'docker'
"/var/lib/pgsql#{version.delete('.')}/data"
else
"/var/lib/pgsql/#{version}/data"
end
when 'debian'
"/etc/postgresql/#{version}/main"
end
end
# determine the platform specific service name
def platform_service_name(version = node.run_state['postgresql']['version'])
case node['platform_family']
when 'rhel', 'fedora'
"postgresql-#{version}"
when 'amazon'
if node['virtualization']['system'] == 'docker'
"postgresql#{version.delete('.')}"
else
"postgresql-#{version}"
end
else
'postgresql'
end
end
def follower?
::File.exist? "#{data_dir}/recovery.conf"
end
def initialized?
return true if ::File.exist?("#{conf_dir}/PG_VERSION")
false
end
def secure_random
r = SecureRandom.hex
Chef::Log.debug "Generated password: #{r}"
r
end
# determine the platform specific server package name
def server_pkg_name
platform_family?('debian') ? "postgresql-#{new_resource.version}" : "postgresql#{new_resource.version.delete('.')}-server"
end
# determine the appropriate DB init command to run based on RHEL/Fedora/Amazon release
# initdb defaults to the execution environment.
# https://www.postgresql.org/docs/9.5/static/locale.html
def rhel_init_db_command(new_resource)
cmd = if platform_family?('amazon')
'/usr/bin/initdb'
else
"/usr/pgsql-#{new_resource.version}/bin/initdb"
end
cmd << " --locale '#{new_resource.initdb_locale}'" if new_resource.initdb_locale
cmd << " -D '#{data_dir(new_resource.version)}'"
end
# Given the base URL build the complete URL string for a yum repo
def yum_repo_url(base_url)
"#{base_url}/#{new_resource.version}/#{yum_repo_platform_family_string}/#{yum_repo_platform_string}"
end
# The postgresql yum repos URLs are organized into redhat and fedora directories.s
# route things to the right place based on platform_family
def yum_repo_platform_family_string
platform_family?('fedora') ? 'fedora' : 'redhat'
end
# Build the platform string that makes up the final component of the yum repo URL
def yum_repo_platform_string
platform = platform?('fedora') ? 'fedora' : 'rhel'
release = platform?('amazon') ? '6' : '$releasever'
"#{platform}-#{release}-$basearch"
end
# On Amazon use the RHEL 6 packages. Otherwise use the releasever yum variable
def yum_releasever
platform?('amazon') ? '6' : '$releasever'
end
# Generate a password if the value is set to generate.
def postgres_password(new_resource)
new_resource.password == 'generate' ? secure_random : new_resource.password
end
end
end

2
cookbooks/postgresql/metadata.json
View File

File diff suppressed because one or more lines are too long

15
cookbooks/postgresql/metadata.rb Normal file
View File

@ -0,0 +1,15 @@
# frozen_string_literal: true
name 'postgresql'
maintainer 'Sous Chefs'
maintainer_email 'help@sous-chefs.org'
license 'Apache-2.0'
description 'Installs and configures postgresql for clients or servers'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '7.1.3'
source_url 'https://github.com/sous-chefs/postgresql'
issues_url 'https://github.com/sous-chefs/postgresql/issues'
chef_version '>= 13.8'
%w(ubuntu debian fedora amazon redhat centos scientific oracle).each do |os|
supports os
end

8
cookbooks/postgresql/recipes/apt_pgdg_postgresql.rb
View File

@ -1,8 +0,0 @@
# frozen_string_literal: true
apt_repository 'apt.postgresql.org' do
uri 'http://apt.postgresql.org/pub/repos/apt'
distribution "#{node['postgresql']['pgdg']['release_apt_codename']}-pgdg"
components ['main', node['postgresql']['version']]
key 'https://www.postgresql.org/media/keys/ACCC4CF8.asc'
action :add
end

2
cookbooks/postgresql/recipes/ca_certificates.rb
View File

@ -1,2 +0,0 @@
# frozen_string_literal: true
Chef::Log.warn('The postgresql::ca-certificates recipe has been deprecated and will be removed in the next major release of the cookbook')

147
cookbooks/postgresql/recipes/config_initdb.rb
View File

@ -1,147 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Recipe:: config_initdb
# Author:: David Crane (<davidc@donorschoose.org>)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#######
# Load the locale_date_order() and select_default_timezone(tzdir)
# methods from libraries/default.rb
::Chef::Recipe.send(:include, Opscode::PostgresqlHelpers)
#######
# This recipe is derived from the setup_config() source code in the
# PostgreSQL initdb utility. It determines postgresql.conf settings that
# conform to the system's locale and timezone configuration, and also
# sets the error reporting and logging settings.
#
# See http://doxygen.postgresql.org/initdb_8c_source.html for the
# original initdb source code.
#
# By examining the system configuration, this recipe will set the
# following node.default['postgresql']['config'] attributes:
#
# - Locale and Formatting -
# * datestyle
# * lc_messages
# * lc_monetary
# * lc_numeric
# * lc_time
# * default_text_search_config
#
# - Timezone Conversion -
# * log_timezone
# * timezone
#
# In addition, this recipe will recommend the same error reporting and
# logging settings that initdb provided. These settings do differ from
# the PostgreSQL default settings, which would log to stderr only. The
# initdb settings rotate 7 days of log files named postgresql-Mon.log,
# etc. through these node.default['postgresql']['config'] attributes:
#
# - Where to Log -
# * log_destination = 'stderr'
# * log_directory = 'pg_log'
# * log_filename = 'postgresql-%a.log'
# (Default was: postgresql-%Y-%m-%d_%H%M%S.log)
# * logging_collector = true # on
# (Turned on to capture stderr logging and redirect into log files)
# (Default was: false # off)
# * log_rotation_age = 1d
# * log_rotation_size = 0
# (Default was: 10MB)
# * log_truncate_on_rotation = true # on
# (Default was: false # off)
#######
# Locale Configuration
# See libraries/default.rb for the locale_date_order() method.
node.default['postgresql']['config']['datestyle'] = "iso, #{locale_date_order}"
# According to the locale(1) manpage, the locale settings are determined
# by environment variables according to the following precedence:
# LC_ALL > (LC_MESSAGES, LC_MONETARY, LC_NUMERIC, LC_TIME) > LANG.
node.default['postgresql']['config']['lc_messages'] =
[ENV['LC_ALL'], ENV['LC_MESSAGES'], ENV['LANG']].compact.first
node.default['postgresql']['config']['lc_monetary'] =
[ENV['LC_ALL'], ENV['LC_MONETARY'], ENV['LANG']].compact.first
node.default['postgresql']['config']['lc_numeric'] =
[ENV['LC_ALL'], ENV['LC_NUMERIC'], ENV['LANG']].compact.first
node.default['postgresql']['config']['lc_time'] =
[ENV['LC_ALL'], ENV['LC_TIME'], ENV['LANG']].compact.first
node.default['postgresql']['config']['default_text_search_config'] =
case ENV['LANG']
when /da_.*/
'pg_catalog.danish'
when /nl_.*/
'pg_catalog.dutch'
when /en_.*/
'pg_catalog.english'
when /fi_.*/
'pg_catalog.finnish'
when /fr_.*/
'pg_catalog.french'
when /de_.*/
'pg_catalog.german'
when /hu_.*/
'pg_catalog.hungarian'
when /it_.*/
'pg_catalog.italian'
when /no_.*/
'pg_catalog.norwegian'
when /pt_.*/
'pg_catalog.portuguese'
when /ro_.*/
'pg_catalog.romanian'
when /ru_.*/
'pg_catalog.russian'
when /es_.*/
'pg_catalog.spanish'
when /sv_.*/
'pg_catalog.swedish'
when /tr_.*/
'pg_catalog.turkish'
end
#######
# Timezone Configuration
# Determine the name of the system's default timezone and specify node
# defaults for the postgresql.cof settings. If the timezone cannot be
# identified, do as initdb would do: leave it unspecified so PostgreSQL
# uses it's internal default of GMT.
tzdirpath = pg_TZDIR # See libraries/default.rb
default_timezone = select_default_timezone(tzdirpath) # See libraries/default.rb
unless default_timezone.nil?
node.default['postgresql']['config']['log_timezone'] = default_timezone
node.default['postgresql']['config']['timezone'] = default_timezone
end
#######
# - Where to Log -
node.default['postgresql']['config']['log_destination'] = 'stderr'
node.default['postgresql']['config']['log_directory'] = 'pg_log'
node.default['postgresql']['config']['log_filename'] = 'postgresql-%a.log'
node.default['postgresql']['config']['logging_collector'] = true # on
node.default['postgresql']['config']['log_rotation_age'] = '1d'
node.default['postgresql']['config']['log_rotation_size'] = 0
node.default['postgresql']['config']['log_truncate_on_rotation'] = true # on

283
cookbooks/postgresql/recipes/config_pgtune.rb
View File

@ -1,283 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Recipe:: config_pgtune
# Author:: David Crane (<davidc@donorschoose.org>)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#######
# Load the binaryround(value) method from libraries/default.rb
::Chef::Recipe.send(:include, Opscode::PostgresqlHelpers)
#######
# This recipe is based on Greg Smith's pgtune script (the Feb 1, 2012
# version at https://github.com/gregs1104/pgtune). Introduction: pgtune
# takes the wimpy default postgresql.conf and expands the database
# server to be as powerful as the hardware it's being deployed on.
#
# The default postgresql.conf aims at a system with approximately 128MB
# of RAM. This recipe recommends a baseline configuration in the right
# general range for a dedicated Postgresql system.
#
# This recipe takes three optional parameters that may be passed in as
# node['postgresql']['config_pgtune'] attributes:
# * db_type -- Specifies database type as one of: dw, oltp,
# web, mixed, desktop. If not specified, the default is mixed.
# * max_connections -- Specifies number of maximum connections
# expected. If not specified, it depends on database type.
# * total_memory -- Specifies total system memory. If not specified,
# it will be detected from the Ohai automatic attributes.
#
# Using those inputs, this recipe will compute and set the following
# node.default['postgresql']['config'] attributes:
# * max_connections
# * shared_buffers
# * effective_cache_size
# * work_mem
# * maintenance_work_mem
# * checkpoint_segments
# * checkpoint_completion_target
# * wal_buffers
# * default_statistics_target
#
# This recipe deviates from the original pgtune script for 2 settings:
# shared_buffers is capped for large memory systems (which Greg
# mentioned in a TODO.rst) and wal_buffers will auto-tune starting with
# 9.1 (which is a feature that Greg built into Postgresql).
#######
# These are the workload characteristics of the five database types
# that can be specified as node['postgresql']['config_pgtune']['db_type']:
#
# dw -- Data Warehouse
# * Typically I/O- or RAM-bound
# * Large bulk loads of data
# * Large complex reporting queries
# * Also called "Decision Support" or "Business Intelligence"
#
# oltp -- Online Transaction Processing
# * Typically CPU- or I/O-bound
# * DB slightly larger than RAM to 1TB
# * 20-40% small data write queries
# * Some long transactions and complex read queries
#
# web -- Web Application
# * Typically CPU-bound
# * DB much smaller than RAM
# * 90% or more simple queries
#
# mixed -- Mixed DW and OLTP characteristics
# * A wide mixture of queries
#
# desktop -- Not a dedicated database
# * A general workstation, perhaps for a developer
# Parse out db_type option, or use default.
db_type = 'mixed'
if node['postgresql'].attribute?('config_pgtune') && node['postgresql']['config_pgtune'].attribute?('db_type')
db_type = node['postgresql']['config_pgtune']['db_type']
unless %w(dw oltp web mixed desktop).include?(db_type)
Chef::Log.fatal([
"Bad value (#{db_type})",
"for node['postgresql']['config_pgtune']['db_type'] attribute.",
'Valid values are one of dw, oltp, web, mixed, desktop.',
].join(' '))
raise
end
end
# Parse out max_connections option, or use a value based on db_type.
con =
{ 'web' => 200,
'oltp' => 300,
'dw' => 20,
'mixed' => 80,
'desktop' => 5,
}.fetch(db_type)
if node['postgresql'].attribute?('config_pgtune') && node['postgresql']['config_pgtune'].attribute?('max_connections')
max_connections = node['postgresql']['config_pgtune']['max_connections'].to_i
if max_connections <= 0
Chef::Log.fatal([
"Bad value (#{max_connections})",
"for node['postgresql']['config_pgtune']['max_connections'] attribute.",
'Valid values are non-zero integers only.',
].join(' '))
raise
end
con = max_connections
end
# Parse out total_memory option, or use value detected by Ohai.
total_memory = node['memory']['total']
# Override max_connections with a node attribute if DevOps desires.
# For example, on a system *not* dedicated to Postgresql.
if node['postgresql'].attribute?('config_pgtune') && node['postgresql']['config_pgtune'].attribute?('total_memory')
total_memory = node['postgresql']['config_pgtune']['total_memory']
if total_memory.match(/\A[1-9]\d*kB\Z/).nil?
Chef::Application.fatal!([
"Bad value (#{total_memory})",
"for node['postgresql']['config_pgtune']['total_memory'] attribute.",
'Valid values are non-zero integers followed by kB (e.g., 49416564kB).',
].join(' '))
end
end
# Ohai reports node[:memory][:total] in kB, as in "921756kB"
mem = total_memory.split('kB')[0].to_i / 1024 # in MB
#######
# RAM-related settings computed as in Greg Smith's pgtune script.
# Remember that con and mem were either chosen above based on the
# db_type or the actual total memory, or were passed in attributes.
# (1) max_connections
# Sets the maximum number of concurrent connections.
node.default['postgresql']['config']['max_connections'] = con
# The calculations for the next four settings would not be optimal
# for low memory systems. In that case, the calculation is skipped,
# leaving the built-in Postgresql settings, which are actually
# intended for those low memory systems.
if mem >= 256
# (2) shared_buffers
# Sets the number of shared memory buffers used by the server.
shared_buffers =
{ 'web' => mem / 4,
'oltp' => mem / 4,
'dw' => mem / 4,
'mixed' => mem / 4,
'desktop' => mem / 16,
}.fetch(db_type)
# Robert Haas has advised to cap the size of shared_buffers based on
# the memory architecture: 2GB on 32-bit and 8GB on 64-bit machines.
# http://rhaas.blogspot.com/2012/03/tuning-sharedbuffers-and-walbuffers.html
case node['kernel']['machine']
when 'i386' # 32-bit machines
shared_buffers = 2 * 1024 if shared_buffers > 2 * 1024
when 'x86_64' # 64-bit machines
shared_buffers = 8 * 1024 if shared_buffers > 8 * 1024
end
node.default['postgresql']['config']['shared_buffers'] = binaryround(shared_buffers * 1024 * 1024)
# (3) effective_cache_size
# Sets the planner's assumption about the size of the disk cache.
# That is, the portion of the kernel's disk cache that will be
# used for PostgreSQL data files.
effective_cache_size =
{ 'web' => mem * 3 / 4,
'oltp' => mem * 3 / 4,
'dw' => mem * 3 / 4,
'mixed' => mem * 3 / 4,
'desktop' => mem / 4,
}.fetch(db_type)
node.default['postgresql']['config']['effective_cache_size'] = binaryround(effective_cache_size * 1024 * 1024)
# (4) work_mem
# Sets the maximum memory to be used for query workspaces.
mem_con_v = (mem.to_f / con).ceil
work_mem =
{ 'web' => mem_con_v,
'oltp' => mem_con_v,
'dw' => mem_con_v / 2,
'mixed' => mem_con_v / 2,
'desktop' => mem_con_v / 6,
}.fetch(db_type)
node.default['postgresql']['config']['work_mem'] = binaryround(work_mem * 1024 * 1024)
# (5) maintenance_work_mem
# Sets the maximum memory to be used for maintenance operations.
# This includes operations such as VACUUM and CREATE INDEX.
maintenance_work_mem =
{ 'web' => mem / 16,
'oltp' => mem / 16,
'dw' => mem / 8,
'mixed' => mem / 16,
'desktop' => mem / 16,
}.fetch(db_type)
# Cap maintenence RAM at 1GB on servers with lots of memory
maintenance_work_mem = 1 * 1024 if maintenance_work_mem > 1 * 1024
node.default['postgresql']['config']['maintenance_work_mem'] = binaryround(maintenance_work_mem * 1024 * 1024)
end
#######
# Checkpoint-related parameters that affect transaction rate and
# maximum tolerable recovery playback time.
# (6) checkpoint_segments
# Sets the maximum distance in log segments between automatic WAL checkpoints.
checkpoint_segments =
{ 'web' => 8,
'oltp' => 16,
'dw' => 64,
'mixed' => 16,
'desktop' => 3,
}.fetch(db_type)
if node['postgresql']['version'].to_f >= 9.5
node.default['postgresql']['config']['max_wal_size'] = ((3 * checkpoint_segments) * 16).to_s + 'MB'
else
node.default['postgresql']['config']['checkpoint_segments'] = checkpoint_segments
end
# (7) checkpoint_completion_target
# Time spent flushing dirty buffers during checkpoint, as fraction
# of checkpoint interval.
checkpoint_completion_target =
{ 'web' => '0.7',
'oltp' => '0.9',
'dw' => '0.9',
'mixed' => '0.9',
'desktop' => '0.5',
}.fetch(db_type)
node.default['postgresql']['config']['checkpoint_completion_target'] = checkpoint_completion_target
# (8) wal_buffers
# Sets the number of disk-page buffers in shared memory for WAL.
# Starting with 9.1, wal_buffers will auto-tune if set to the -1 default.
# For 8.X and 9.0, it needed to be specified, which pgtune did as follows.
if node['postgresql']['version'].to_f < 9.1
wal_buffers = 512 * checkpoint_segments
# The pgtune seems to use 1kB units for wal_buffers
node.default['postgresql']['config']['wal_buffers'] = binaryround(wal_buffers * 1024)
else
node.default['postgresql']['config']['wal_buffers'] = '-1'
end
# (9) default_statistics_target
# Sets the default statistics target. This applies to table columns
# that have not had a column-specific target set via
# ALTER TABLE SET STATISTICS.
default_statistics_target =
{ 'web' => 100,
'oltp' => 100,
'dw' => 500,
'mixed' => 100,
'desktop' => 100,
}.fetch(db_type)
node.default['postgresql']['config']['default_statistics_target'] = default_statistics_target

33
cookbooks/postgresql/recipes/contrib.rb
View File

@ -1,33 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Recipe:: contrib
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
db_name = node['postgresql']['database_name']
# Install the PostgreSQL contrib package(s) from the distribution,
# as specified by the node attributes.
package node['postgresql']['contrib']['packages']
include_recipe 'postgresql::server'
# Install PostgreSQL contrib extentions into the database, as specified by the
# node attribute node['postgresql']['database_name'].
if node['postgresql']['contrib'].attribute?('extensions')
node['postgresql']['contrib']['extensions'].each do |pg_ext|
postgresql_extension "#{db_name}/#{pg_ext}"
end
end

19
cookbooks/postgresql/recipes/default.rb
View File

@ -1,19 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Recipe:: default
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe 'postgresql::client'

125
cookbooks/postgresql/recipes/ruby.rb
View File

@ -1,125 +0,0 @@
# frozen_string_literal: false
#
# Cookbook:: postgresql
# Recipe:: ruby
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Load the pgdgrepo_rpm_info method from libraries/default.rb
::Chef::Recipe.send(:include, Opscode::PostgresqlHelpers)
begin
require 'pg'
rescue LoadError
if platform_family?('debian')
e = apt_update 'update' do
action :nothing
end
e.run_action(:update)
end
node.override['build-essential']['compile_time'] = true
include_recipe 'build-essential'
if node['postgresql']['enable_pgdg_yum'] && platform_family?('rhel', 'fedora')
include_recipe 'postgresql::yum_pgdg_postgresql'
rpm_platform = node['platform']
rpm_platform_version = node['platform_version'].to_i.to_s
arch = node['kernel']['machine']
resources("remote_file[#{Chef::Config[:file_cache_path]}/#{node['postgresql']['pgdg']['repo_rpm_url'][node['postgresql']['version']][rpm_platform][rpm_platform_version][arch]['package']}]").run_action(:create)
resources("package[#{node['postgresql']['pgdg']['repo_rpm_url'][node['postgresql']['version']][rpm_platform][rpm_platform_version][arch]['package']}]").run_action(:install)
ENV['PATH'] = "/usr/pgsql-#{node['postgresql']['version']}/bin:#{ENV['PATH']}"
end
if node['postgresql']['enable_pgdg_apt'] && platform_family?('debian')
include_recipe 'postgresql::apt_pgdg_postgresql'
resources('apt_repository[apt.postgresql.org]').run_action(:add)
end
include_recipe 'postgresql::client'
package node['postgresql']['client']['packages'] do
action :nothing
end.run_action(:install)
begin
chef_gem 'pg' do
compile_time true
version node['postgresql']['pg_gem']['version'] if node['postgresql']['pg_gem']['version']
end
rescue Gem::Installer::ExtensionBuildError, Mixlib::ShellOut::ShellCommandFailed => e
# Are we an omnibus install?
raise if RbConfig.ruby.scan(/(chef|opscode)/).empty?
# Still here, must be omnibus. Lets make this thing install!
Chef::Log.warn 'Failed to properly build pg gem. Forcing properly linking and retrying (omnibus fix)'
gem_dir = e.message.scan(/will remain installed in ([^ ]+)/).flatten.first
raise unless gem_dir
gem_name = File.basename(gem_dir)
ext_dir = File.join(gem_dir, 'ext')
gem_exec = File.join(File.dirname(RbConfig.ruby), 'gem')
new_content = <<-EOS
require 'rbconfig'
%w(
configure_args
LIBRUBYARG_SHARED
LIBRUBYARG_STATIC
LIBRUBYARG
LDFLAGS
).each do |key|
RbConfig::CONFIG[key].gsub!(/-Wl[^ ]+( ?\\/[^ ]+)?/, '')
RbConfig::MAKEFILE_CONFIG[key].gsub!(/-Wl[^ ]+( ?\\/[^ ]+)?/, '')
end
RbConfig::CONFIG['RPATHFLAG'] = ''
RbConfig::MAKEFILE_CONFIG['RPATHFLAG'] = ''
EOS
new_content << File.read(extconf_path = File.join(ext_dir, 'extconf.rb'))
File.open(extconf_path, 'w') do |file|
file.write(new_content)
end
lib_builder = execute 'generate pg gem Makefile' do
# [COOK-3490] pg gem install requires full path on RHEL
command "PATH=$PATH:/usr/pgsql-#{node['postgresql']['version']}/bin #{RbConfig.ruby} extconf.rb"
cwd ext_dir
action :nothing
end
lib_builder.run_action(:run)
lib_maker = execute 'make pg gem lib' do
command 'make'
cwd ext_dir
action :nothing
end
lib_maker.run_action(:run)
lib_installer = execute 'install pg gem lib' do
command 'make install'
cwd ext_dir
action :nothing
end
lib_installer.run_action(:run)
spec_installer = execute 'install pg spec' do
command "#{gem_exec} spec ./cache/#{gem_name}.gem --ruby > ./specifications/#{gem_name}.gemspec"
cwd File.join(gem_dir, '..', '..')
action :nothing
end
spec_installer.run_action(:run)
Chef::Log.warn 'Installation of pg gem successful!'
end
end

95
cookbooks/postgresql/recipes/server.rb
View File

@ -1,95 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Recipe:: server
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
::Chef::Recipe.send(:include, OpenSSLCookbook::RandomPassword)
include_recipe 'postgresql::client'
# randomly generate postgres password, unless using solo - see README
if Chef::Config[:solo]
missing_attrs = %w(
postgres
).select do |attr|
node['postgresql']['password'][attr].nil?
end.map { |attr| "node['postgresql']['password']['#{attr}']" }
unless missing_attrs.empty?
Chef::Log.fatal([
"You must set #{missing_attrs.join(', ')} in chef-solo mode.",
'For more information, see https://github.com/opscode-cookbooks/postgresql#chef-solo-note',
].join(' '))
raise
end
else
# TODO: The "secure_password" is randomly generated plain text, so it
# should be converted to a PostgreSQL specific "encrypted password" if
# it should actually install a password (as opposed to disable password
# login for user 'postgres'). However, a random password wouldn't be
# useful if it weren't saved as clear text in Chef Server for later
# retrieval.
unless node.key?('postgresql') && node['postgresql'].key?('password') && node['postgresql']['password'].key?('postgres')
node.normal_unless['postgresql']['password']['postgres'] = random_password(length: 20, mode: :base64)
node.save
end
end
# Include the right "family" recipe for installing the server
# since they do things slightly differently.
case node['platform_family']
when 'rhel', 'fedora'
node.normal['postgresql']['dir'] = "/var/lib/pgsql/#{node['postgresql']['version']}/data"
node.normal['postgresql']['config']['data_directory'] = "/var/lib/pgsql/#{node['postgresql']['version']}/data"
include_recipe 'postgresql::server_redhat'
when 'debian'
node.normal['postgresql']['config']['data_directory'] = "/var/lib/postgresql/#{node['postgresql']['version']}/main"
include_recipe 'postgresql::server_debian'
when 'suse'
node.normal['postgresql']['config']['data_directory'] = node['postgresql']['dir']
include_recipe 'postgresql::server_redhat'
end
# Versions prior to 9.2 do not have a config file option to set the SSL
# key and cert path, and instead expect them to be in a specific location.
link ::File.join(node['postgresql']['config']['data_directory'], 'server.crt') do
to node['postgresql']['config']['ssl_cert_file']
only_if { node['postgresql']['version'].to_f < 9.2 && node['postgresql']['config'].attribute?('ssl_cert_file') }
end
link ::File.join(node['postgresql']['config']['data_directory'], 'server.key') do
to node['postgresql']['config']['ssl_key_file']
only_if { node['postgresql']['version'].to_f < 9.2 && node['postgresql']['config'].attribute?('ssl_key_file') }
end
# NOTE: Consider two facts before modifying "assign-postgres-password":
# (1) Passing the "ALTER ROLE ..." through the psql command only works
# if passwordless authorization was configured for local connections.
# For example, if pg_hba.conf has a "local all postgres ident" rule.
# (2) It is probably fruitless to optimize this with a not_if to avoid
# setting the same password. This chef recipe doesn't have access to
# the plain text password, and testing the encrypted (md5 digest)
# version is not straight-forward.
bash 'assign-postgres-password' do
user 'postgres'
code <<-EOH
echo "ALTER ROLE postgres ENCRYPTED PASSWORD \'#{node['postgresql']['password']['postgres']}\';" | psql -p #{node['postgresql']['config']['port']}
EOH
action :run
not_if "ls #{node['postgresql']['config']['data_directory']}/recovery.conf"
only_if { node['postgresql']['assign_postgres_password'] }
end

55
cookbooks/postgresql/recipes/server_conf.rb
View File

@ -1,55 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Recipe:: server
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
change_notify = node['postgresql']['server']['config_change_notify']
# There are some configuration items which depend on correctly evaluating the intended version being installed
if node['platform_family'] == 'debian'
node.normal['postgresql']['config']['hba_file'] = "/etc/postgresql/#{node['postgresql']['version']}/main/pg_hba.conf"
node.normal['postgresql']['config']['ident_file'] = "/etc/postgresql/#{node['postgresql']['version']}/main/pg_ident.conf"
node.normal['postgresql']['config']['external_pid_file'] = "/var/run/postgresql/#{node['postgresql']['version']}-main.pid"
if node['postgresql']['version'].to_f < 9.3
node.normal['postgresql']['config']['unix_socket_directory'] = '/var/run/postgresql'
else
node.normal['postgresql']['config']['unix_socket_directories'] = '/var/run/postgresql'
end
if node['postgresql']['config']['ssl']
node.normal['postgresql']['config']['ssl_cert_file'] = '/etc/ssl/certs/ssl-cert-snakeoil.pem' if node['postgresql']['version'].to_f >= 9.2
node.normal['postgresql']['config']['ssl_key_file'] = '/etc/ssl/private/ssl-cert-snakeoil.key' if node['postgresql']['version'].to_f >= 9.2
end
end
template "#{node['postgresql']['dir']}/postgresql.conf" do
source 'postgresql.conf.erb'
owner 'postgres'
group 'postgres'
mode '0600'
notifies change_notify, 'service[postgresql]', :immediately
end
template "#{node['postgresql']['dir']}/pg_hba.conf" do
source 'pg_hba.conf.erb'
owner 'postgres'
group 'postgres'
mode '0600'
notifies change_notify, 'service[postgresql]', :immediately
end

35
cookbooks/postgresql/recipes/server_debian.rb
View File

@ -1,35 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Recipe:: server
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe 'postgresql::client'
package node['postgresql']['server']['packages']
include_recipe 'postgresql::server_conf'
service 'postgresql' do
service_name node['postgresql']['server']['service_name']
supports restart: true, status: true, reload: true
action [:enable, :start]
end
execute 'Set locale and Create cluster' do
command 'export LC_ALL=C; /usr/bin/pg_createcluster --start ' + node['postgresql']['version'] + ' main'
action :run
not_if { ::File.directory?('/etc/postgresql/' + node['postgresql']['version'] + '/main') }
end

140
cookbooks/postgresql/recipes/server_redhat.rb
View File

@ -1,140 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Recipe:: server
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe 'postgresql::client'
svc_name = node['postgresql']['server']['service_name']
initdb_locale = node['postgresql']['initdb_locale']
shortver = node['postgresql']['version'].split('.').join
# Create a group and user like the package will.
# Otherwise the templates fail.
group 'postgres' do
gid node['postgresql']['gid']
end
user 'postgres' do
shell '/bin/bash'
comment 'PostgreSQL Server'
home '/var/lib/pgsql'
gid 'postgres'
system true
uid node['postgresql']['uid']
manage_home false
end
directory node['postgresql']['config']['data_directory'] do
owner 'postgres'
group 'postgres'
recursive true
action :create
mode '0700'
end
package node['postgresql']['server']['packages']
# If using PGDG, add symlinks so that downstream commands all work
if node['postgresql']['enable_pgdg_yum'] == true || node['postgresql']['use_pgdg_packages'] == true
[
"postgresql#{shortver}-setup",
"postgresql#{shortver}-check-db-dir",
].each do |cmd|
link "/usr/bin/#{cmd}" do
to "/usr/pgsql-#{node['postgresql']['version']}/bin/#{cmd}"
end
end
end
# The systemd unit file does not support 'initdb' or 'upgrade' actions.
# Use the postgresql-setup script instead.
unless node['postgresql']['server']['init_package'] == 'systemd'
directory '/etc/sysconfig/pgsql' do
mode '0644'
recursive true
action :create
end
template "/etc/sysconfig/pgsql/#{svc_name}" do
source 'pgsql.sysconfig.erb'
mode '0644'
notifies :restart, 'service[postgresql]', :delayed
end
end
if node['postgresql']['server']['init_package'] == 'systemd'
if node['platform_family'] == 'rhel'
template_path = if node['postgresql']['use_pgdg_packages']
"/etc/systemd/system/postgresql-#{node['postgresql']['version']}.service"
else
'/etc/systemd/system/postgresql.service'
end
template template_path do
source 'postgresql.service.erb'
owner 'root'
group 'root'
mode '0644'
notifies :run, 'execute[systemctl-reload]', :immediately
notifies :reload, 'service[postgresql]', :delayed
end
execute 'systemctl-reload' do
command 'systemctl daemon-reload'
action :nothing
end
end
case node['platform_family']
when 'suse'
execute "initdb -d #{node['postgresql']['dir']}" do
user 'postgres'
not_if { ::File.exist?("#{node['postgresql']['config']['data_directory']}/PG_VERSION") }
end
else
execute "#{node['postgresql']['setup_script']} initdb #{svc_name}" do
not_if { ::File.exist?("#{node['postgresql']['config']['data_directory']}/PG_VERSION") }
end
end
elsif !platform_family?('suse') && node['postgresql']['version'].to_f <= 9.3
execute "/sbin/service #{svc_name} initdb #{initdb_locale}" do
not_if { ::File.exist?("#{node['postgresql']['config']['data_directory']}/PG_VERSION") }
end
else
execute "/sbin/service #{svc_name} initdb" do
not_if { ::File.exist?("#{node['postgresql']['config']['data_directory']}/PG_VERSION") }
end
end
service 'postgresql' do
service_name svc_name
supports restart: true, status: true, reload: true
action [:enable, :start]
end
include_recipe 'postgresql::server_conf'

41
cookbooks/postgresql/recipes/yum_pgdg_postgresql.rb
View File

@ -1,41 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Recipe::yum_pgdg_postgresql
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
######################################
# Install the "PostgreSQL RPM Building Project - Yum Repository"
rpm_platform = node['platform']
rpm_platform_version = node['platform_version'].to_f.to_i.to_s
arch = node['kernel']['machine']
pg_version = node['postgresql']['version']
pgdg_setup = node['postgresql']['pgdg']['repo_rpm_url'][pg_version][rpm_platform][rpm_platform_version][arch]
pgdg_package = pgdg_setup['package']
pgdg_repository = pgdg_setup['url']
# Download the PGDG repository RPM as a local file
remote_file "#{Chef::Config[:file_cache_path]}/#{pgdg_package}" do
source "#{pgdg_repository}#{pgdg_package}"
mode '0644'
end
# Install the PGDG repository RPM from the local file
package pgdg_package.to_s do
provider Chef::Provider::Package::Rpm
source "#{Chef::Config[:file_cache_path]}/#{pgdg_package}"
action :install
end

59
cookbooks/postgresql/resources/access.rb Normal file
View File

@ -0,0 +1,59 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Resource:: access
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :access_type, String, required: true, default: 'local'
property :access_db, String, required: true, default: 'all'
property :access_user, String, required: true, default: 'postgres'
property :access_method, String, required: true, default: 'ident'
property :cookbook, String, default: 'postgresql'
property :source, String, default: 'pg_hba.conf.erb'
property :access_addr, String
property :comment, String
action :grant do
config_resource = new_resource
with_run_context :root do # ~FC037
edit_resource(:template, "#{conf_dir}/pg_hba.conf") do |new_resource|
source new_resource.source
cookbook new_resource.cookbook
owner 'postgres'
group 'postgres'
mode '0600'
variables[:pg_hba] ||= {}
variables[:pg_hba][new_resource.name] = {
comment: new_resource.comment,
type: new_resource.access_type,
db: new_resource.access_db,
user: new_resource.access_user,
addr: new_resource.access_addr,
method: new_resource.access_method,
}
action :nothing
delayed_action :create
notifies :trigger, config_resource, :immediately
end
end
end
action :trigger do
new_resource.updated_by_last_action(true) # ~FC085
end
action_class do
include PostgresqlCookbook::Helpers
end

27
cookbooks/postgresql/recipes/client.rb → cookbooks/postgresql/resources/client_install.rb
View File

@ -1,7 +1,7 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Recipe:: client
# Resource:: client_install
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -16,19 +16,20 @@
# limitations under the License.
#
case node['platform_family']
when 'debian'
if node['postgresql']['version'].to_f > 9.3
node.normal['postgresql']['enable_pgdg_apt'] = true
property :version, String, default: '9.6'
property :setup_repo, [true, false], default: true
action :install do
postgresql_repository 'Add downloads.postgresql.org repository' do
version new_resource.version
only_if { new_resource.setup_repo }
end
if node['postgresql']['enable_pgdg_apt']
include_recipe 'postgresql::apt_pgdg_postgresql'
end
when 'rhel', 'fedora'
if node['postgresql']['enable_pgdg_yum']
include_recipe 'postgresql::yum_pgdg_postgresql'
case node['platform_family']
when 'debian'
package "postgresql-client-#{new_resource.version}"
when 'rhel', 'fedora', 'amazon'
ver = new_resource.version.delete('.')
package "postgresql#{ver}"
end
end
package node['postgresql']['client']['packages']

67
cookbooks/postgresql/resources/database.rb Normal file
View File

@ -0,0 +1,67 @@
#
# Cookbook:: postgresql
# Resource:: database
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :template, String, default: 'template1'
property :encoding, String, default: 'UTF-8'
property :locale, String, default: 'en_US.UTF-8'
property :owner, String
# Connection prefernces
property :user, String, default: 'postgres'
property :database, String, name_property: true
property :host, [String, nil], default: nil
property :port, Integer, default: 5432
action :create do
createdb = 'createdb'
createdb << " -E #{new_resource.encoding}" if new_resource.encoding
createdb << " -l #{new_resource.locale}" if new_resource.locale
createdb << " -T #{new_resource.template}" unless new_resource.template.empty?
createdb << " -O #{new_resource.owner}" if new_resource.owner
createdb << " -U #{new_resource.user}" if new_resource.user
createdb << " -h #{new_resource.host}" if new_resource.host
createdb << " -p #{new_resource.port}" if new_resource.port
createdb << " #{new_resource.database}"
bash "Create Database #{new_resource.database}" do
code createdb
user new_resource.user
not_if { follower? }
not_if { database_exists?(new_resource) }
end
end
action :drop do
converge_by "Drop PostgreSQL Database #{new_resource.database}" do
dropdb = 'dropdb'
dropdb << " -U #{new_resource.user}" if new_resource.user
dropdb << " --host #{new_resource.host}" if new_resource.host
dropdb << " --port #{new_resource.port}" if new_resource.port
dropdb << " #{new_resource.database}"
bash "drop postgresql database #{new_resource.database})" do
user 'postgres'
code dropdb
not_if { follower? }
only_if { database_exists?(new_resource) }
end
end
end
action_class do
include PostgresqlCookbook::Helpers
end

42
cookbooks/postgresql/resources/extension.rb
View File

@ -1,4 +1,3 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Resource:: extension
@ -16,42 +15,35 @@
# limitations under the License.
#
include Opscode::PostgresqlHelpers
property :extension, String, name_property: true
property :old_version, String
property :version, String
# name property should take the form:
# database/extension
property :database, String,
required: true,
default: lazy { name.scan(%r{\A[^/]+(?=/)}).first }
property :extension, String,
required: true,
default: lazy { name.scan(%r{(?<=/)[^/]+\Z}).first }
# Connection prefernces
property :user, String, default: 'postgres'
property :database, String, required: true
property :host, [String, nil]
property :port, Integer, default: 5432
action :create do
bash "CREATE EXTENSION #{name}" do
code psql("CREATE EXTENSION IF NOT EXISTS \"#{extension}\"")
bash "CREATE EXTENSION #{new_resource.name}" do
code create_extension_sql(new_resource)
user 'postgres'
action :run
not_if { extension_installed? }
not_if { follower? || extension_installed?(new_resource) }
end
end
action :drop do
bash "DROP EXTENSION #{name}" do
code psql("DROP EXTENSION IF EXISTS \"#{extension}\"")
bash "DROP EXTENSION #{new_resource.name}" do
code psql_command_string(new_resource, "DROP EXTENSION IF EXISTS \"#{new_resource.extension}\"")
user 'postgres'
action :run
only_if { extension_installed? }
not_if { follower? }
only_if { extension_installed?(new_resource) }
end
end
def psql(query)
"psql -d #{database} <<< '\\set ON_ERROR_STOP on\n#{query};'"
end
def extension_installed?
query = "SELECT 'installed' FROM pg_extension WHERE extname = '#{extension}';"
!(execute_sql(query, database) =~ /^installed$/).nil?
action_class do
include PostgresqlCookbook::Helpers
end

55
cookbooks/postgresql/resources/ident.rb Normal file
View File

@ -0,0 +1,55 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Resource:: access
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :mapname, String, required: true
property :source, String, default: 'pg_ident.conf.erb'
property :cookbook, String, default: 'postgresql'
property :system_user, String, required: true
property :pg_user, String, required: true
property :comment, [String, nil], default: nil
action :create do
ident_resource = new_resource
with_run_context :root do # ~FC037
edit_resource(:template, "#{conf_dir}/pg_ident.conf") do |new_resource|
source new_resource.source
cookbook new_resource.cookbook
owner 'postgres'
group 'postgres'
mode '0640'
variables[:pg_ident] ||= {}
variables[:pg_ident][new_resource.name] = {
comment: new_resource.comment,
mapname: new_resource.mapname,
system_user: new_resource.system_user,
pg_user: new_resource.pg_user,
}
action :nothing
delayed_action :create
notifies :trigger, ident_resource, :immediately
end
end
end
action :trigger do
new_resource.updated_by_last_action(true) # ~FC085
end
action_class do
include PostgresqlCookbook::Helpers
end

90
cookbooks/postgresql/resources/repository.rb Normal file
View File

@ -0,0 +1,90 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Resource:: repository
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :version, String, default: '9.6'
property :enable_pgdg, [true, false], default: true
property :enable_pgdg_source, [true, false], default: false
property :enable_pgdg_updates_testing, [true, false], default: false
property :enable_pgdg_source_updates_testing, [true, false], default: false
property :yum_gpg_key_uri, String, default: 'https://download.postgresql.org/pub/repos/yum/RPM-GPG-KEY-PGDG'
property :apt_gpg_key_uri, String, default: 'https://download.postgresql.org/pub/repos/apt/ACCC4CF8.asc'
action :add do
case node['platform_family']
when 'rhel', 'fedora', 'amazon'
remote_file "/etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}" do
source new_resource.yum_gpg_key_uri
end
yum_repository "PostgreSQL #{new_resource.version}" do # ~FC005
repositoryid "pgdg#{new_resource.version}"
description "PostgreSQL.org #{new_resource.version}"
baseurl yum_repo_url('https://download.postgresql.org/pub/repos/yum')
enabled new_resource.enable_pgdg
gpgcheck true
gpgkey "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}"
end
yum_repository "PostgreSQL #{new_resource.version} - source " do
repositoryid "pgdg#{new_resource.version}-source"
description "PostgreSQL.org #{new_resource.version} Source"
baseurl yum_repo_url('https://download.postgresql.org/pub/repos/yum/srpms')
enabled new_resource.enable_pgdg_source
gpgcheck true
gpgkey "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}"
end
yum_repository "PostgreSQL #{new_resource.version} - updates testing" do
repositoryid "pgdg#{new_resource.version}-updates-testing"
description "PostgreSQL.org #{new_resource.version} Updates Testing"
baseurl yum_repo_url('https://download.postgresql.org/pub/repos/yum/testing')
enabled new_resource.enable_pgdg_updates_testing
gpgcheck true
gpgkey "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}"
end
yum_repository "PostgreSQL #{new_resource.version} - source - updates testing" do
repositoryid "pgdg#{new_resource.version}-source-updates-testing"
description "PostgreSQL.org #{new_resource.version} Source Updates Testing"
baseurl yum_repo_url('https://download.postgresql.org/pub/repos/yum/srpms/testing')
enabled new_resource.enable_pgdg_source_updates_testing
gpgcheck true
gpgkey "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}"
end
when 'debian'
apt_update
package 'apt-transport-https'
apt_repository 'postgresql_org_repository' do
uri 'https://download.postgresql.org/pub/repos/apt/'
components ['main', new_resource.version.to_s]
distribution "#{node['lsb']['codename']}-pgdg"
key new_resource.apt_gpg_key_uri
cache_rebuild true
end
else
raise "The platform_family '#{node['platform_family']}' or platform '#{node['platform']}' is not supported by the postgresql_repository resource. If you believe this platform can/should be supported by this resource please file and issue or open a pull request at https://github.com/sous-chefs/postgresql"
end
end
action_class do
include PostgresqlCookbook::Helpers
end

52
cookbooks/postgresql/resources/server_conf.rb Normal file
View File

@ -0,0 +1,52 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Resource:: server_conf
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include PostgresqlCookbook::Helpers
property :version, String, default: '9.6'
property :data_directory, String, default: lazy { data_dir }
property :hba_file, String, default: lazy { "#{conf_dir}/pg_hba.conf" }
property :ident_file, String, default: lazy { "#{conf_dir}/pg_ident.conf" }
property :external_pid_file, String, default: lazy { "/var/run/postgresql/#{version}-main.pid" }
property :stats_temp_directory, String, default: lazy { "/var/run/postgresql/#{version}-main.pg_stat_tmp" }
property :port, Integer, default: 5432
property :additional_config, Hash, default: {}
property :cookbook, String, default: 'postgresql'
action :modify do
template "#{conf_dir}/postgresql.conf" do
cookbook new_resource.cookbook
source 'postgresql.conf.erb'
owner 'postgres'
group 'postgres'
mode '0644'
variables(
data_dir: new_resource.data_directory,
hba_file: new_resource.hba_file,
ident_file: new_resource.ident_file,
external_pid_file: new_resource.external_pid_file,
stats_temp_directory: new_resource.stats_temp_directory,
port: new_resource.port,
additional_config: new_resource.additional_config
)
end
end
action_class do
include PostgresqlCookbook::Helpers
end

76
cookbooks/postgresql/resources/server_install.rb Normal file
View File

@ -0,0 +1,76 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Resource:: server_install
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include PostgresqlCookbook::Helpers
property :version, String, default: '9.6'
property :setup_repo, [true, false], default: true
property :hba_file, String, default: lazy { "#{conf_dir}/main/pg_hba.conf" }
property :ident_file, String, default: lazy { "#{conf_dir}/main/pg_ident.conf" }
property :external_pid_file, String, default: lazy { "/var/run/postgresql/#{version}-main.pid" }
property :password, [String, nil], default: 'generate' # Set to nil if we do not want to set a password
property :port, Integer, default: 5432
property :initdb_locale, String
# Connection preferences
property :user, String, default: 'postgres'
property :database, String
property :host, [String, nil]
action :install do
node.run_state['postgresql'] ||= {}
node.run_state['postgresql']['version'] = new_resource.version
postgresql_client_install 'Install PostgreSQL Client' do
version new_resource.version
setup_repo new_resource.setup_repo
end
package server_pkg_name
end
action :create do
execute 'init_db' do
command rhel_init_db_command(new_resource)
user new_resource.user
not_if { initialized? }
only_if { platform_family?('rhel', 'fedora', 'amazon') }
end
# We use to use find_resource here.
# But that required the user to do the same in their recipe.
# This also seemed to never trigger notifications, therefore requiring a log resource
# to notify the enable/start on the service, which always fires (Check v7.0 tag for more)
service 'postgresql' do
service_name platform_service_name
supports restart: true, status: true, reload: true
action [:enable, :start]
end
# Generate a random password or set it as per new_resource.password.
bash 'generate-postgres-password' do
user 'postgres'
code alter_role_sql(new_resource)
not_if { user_has_password?(new_resource) }
not_if { new_resource.password.nil? }
end
end
action_class do
include PostgresqlCookbook::Helpers
end

87
cookbooks/postgresql/resources/user.rb Normal file
View File

@ -0,0 +1,87 @@
#
# Cookbook:: postgresql
# Resource:: user
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :create_user, String, name_property: true
property :superuser, [true, false], default: false
property :createdb, [true, false], default: false
property :createrole, [true, false], default: false
property :inherit, [true, false], default: true
property :replication, [true, false], default: false
property :login, [true, false], default: true
property :password, String
property :encrypted_password, String
property :valid_until, String
property :attributes, Hash, default: {}
# Connection prefernces
property :user, String, default: 'postgres'
property :database, String
property :host, String
property :port, Integer, default: 5432
action :create do
Chef::Log.warn('You cannot use "attributes" property with create action.') unless new_resource.attributes.empty?
execute "create postgresql user #{new_resource.create_user}" do # ~FC009
user 'postgres'
command create_user_sql(new_resource)
sensitive new_resource.sensitive
not_if { follower? || user_exists?(new_resource) }
end
end
action :update do
if new_resource.attributes.empty?
execute "update postgresql user #{new_resource.create_user}" do
user 'postgres'
command update_user_sql(new_resource)
sensitive true
not_if { follower? }
only_if { user_exists?(new_resource) }
end
else
new_resource.attributes.each do |attr, value|
v = if value.is_a?(TrueClass) || value.is_a?(FalseClass)
value.to_s
else
"'#{value}'"
end
execute "Update postgresql user #{new_resource.create_user} to set #{attr}" do
user 'postgres'
command update_user_with_attributes_sql(new_resource, v)
sensitive true
not_if { follower? }
only_if { user_exists?(new_resource) }
end
end
end
end
action :drop do
execute "drop postgresql user #{new_resource.create_user}" do
user 'postgres'
command drop_user_sql(new_resource)
sensitive true
not_if { follower? }
only_if { user_exists?(new_resource) }
end
end
action_class do
include PostgresqlCookbook::Helpers
end

35
cookbooks/postgresql/templates/default/pg_hba.conf.erb
View File

@ -1,35 +0,0 @@
# This file was automatically generated and dropped off by Chef!
# PostgreSQL Client Authentication Configuration File
# ===================================================
#
# Refer to the "Client Authentication" section in the PostgreSQL
# documentation for a complete description of this file.
<% if node['postgresql']['version'].to_f < 9.1 -%>
# TYPE DATABASE USER CIDR-ADDRESS METHOD
<% elsif node['postgresql']['version'].to_f >= 9.1 -%>
# TYPE DATABASE USER ADDRESS METHOD
<% end -%>
###########
# Other authentication configurations taken from chef node defaults:
###########
<% node['postgresql']['pg_hba'].each do |auth| -%>
<% if auth[:comment] %>
# <%= auth[:comment] %>
<% end %>
<% if auth[:addr] %>
<%= auth[:type].ljust(7) %> <%= auth[:db].ljust(15) %> <%= auth[:user].ljust(15) %> <%= auth[:addr].ljust(23) %> <%= auth[:method] %>
<% else %>
<%= auth[:type].ljust(7) %> <%= auth[:db].ljust(15) %> <%= auth[:user].ljust(15) %> <%= auth[:method] %>
<% end %>
<% end %>
# "local" is for Unix domain socket connections only
<% if node['postgresql']['version'].to_f < 9.1 -%>
local all all ident
<% elsif node['postgresql']['version'].to_f >= 9.1 -%>
local all all peer
<% end -%>

4
cookbooks/postgresql/templates/default/pgsql.sysconfig.erb
View File

@ -1,4 +0,0 @@
PGDATA=<%= node['postgresql']['dir'] %>
<% if node['postgresql']['config'].attribute?("port") -%>
PGPORT=<%= node['postgresql']['config']['port'] %>
<% end -%>

10
cookbooks/postgresql/templates/default/postgresql.service.erb
View File

@ -1,10 +0,0 @@
[Service]
<% if node['postgresql']['use_pgdg_packages'] %>
.include /usr/lib/systemd/system/postgresql-<%= node['postgresql']['version'] %>.service
<% else %>
.include /usr/lib/systemd/system/postgresql.service
<% end %>
Environment=
Environment=PGPORT=<%= node['postgresql']['config']['port'] %>
Environment=PGDATA=<%= node['postgresql']['config']['data_directory'] %>

33
cookbooks/postgresql/templates/pg_hba.conf.erb Normal file
View File

@ -0,0 +1,33 @@
# This file was automatically generated and dropped off by Chef!
# PostgreSQL Client Authentication Configuration File
# ===================================================
#
# Refer to the "Client Authentication" section in the PostgreSQL
# documentation for a complete description of this file.
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
###########
# From the postgresql_access resources
###########
<% @pg_hba.each do |k,v| -%>
# <%= k %>
<% if v[:comment] -%>
# <%= v[:comment] %>
<% end -%>
<% if v[:addr] %>
<%= v[:type].ljust(7) %> <%= v[:db].ljust(15) %> <%= v[:user].ljust(15) %> <%= v[:addr].ljust(23) %> <%= v[:method] %>
<% else %>
<%= v[:type].ljust(7) %> <%= v[:db].ljust(15) %> <%= v[:user].ljust(15) %> <%= v[:method] %>
<% end %>
<% end %>

49
cookbooks/postgresql/templates/pg_ident.conf.erb Normal file
View File

@ -0,0 +1,49 @@
# PostgreSQL User Name Maps
# =========================
#
# Refer to the PostgreSQL documentation, chapter "Client
# Authentication" for a complete description. A short synopsis
# follows.
#
# This file controls PostgreSQL user name mapping. It maps external
# user names to their corresponding PostgreSQL user names. Records
# are of the form:
#
# MAPNAME SYSTEM-USERNAME PG-USERNAME
#
# (The uppercase quantities must be replaced by actual values.)
#
# MAPNAME is the (otherwise freely chosen) map name that was used in
# pg_hba.conf. SYSTEM-USERNAME is the detected user name of the
# client. PG-USERNAME is the requested PostgreSQL user name. The
# existence of a record specifies that SYSTEM-USERNAME may connect as
# PG-USERNAME.
#
# If SYSTEM-USERNAME starts with a slash (/), it will be treated as a
# regular expression. Optionally this can contain a capture (a
# parenthesized subexpression). The substring matching the capture
# will be substituted for \1 (backslash-one) if present in
# PG-USERNAME.
#
# Multiple maps may be specified in this file and used by pg_hba.conf.
#
# No map names are defined in the default configuration. If all
# system user names and PostgreSQL user names are the same, you don't
# need anything in this file.
#
# This file is read on server startup and when the postmaster receives
# a SIGHUP signal. If you edit the file on a running system, you have
# to SIGHUP the postmaster for the changes to take effect. You can
# use "pg_ctl reload" to do that.
# Put your actual configuration here
# ----------------------------------
# MAPNAME SYSTEM-USERNAME PG-USERNAME
<% @pg_ident.each do |k,v| -%>
<% if v[:comment] -%>
# <%= v[:comment] %>
<% end -%>
<%= v[:mapname].ljust(15) %> <%= v[:system_user].ljust(23) %> <%= v[:pg_user].ljust(15) %>
<% end %>

2
cookbooks/postgresql/templates/pgsql.sysconfig.erb Normal file
View File

@ -0,0 +1,2 @@
PGDATA=<%= @postgresql_dir %>
PGPORT=<%= @port %>

9
cookbooks/postgresql/templates/default/postgresql.conf.erb → cookbooks/postgresql/templates/postgresql.conf.erb
View File

@ -3,9 +3,14 @@
# Please refer to the PostgreSQL documentation for details on
# configuration settings.
<% node['postgresql']['config'].sort.each do |key, value| %>
data_directory = '<%= @data_dir %>'
hba_file = '<%= @hba_file %>'
ident_file = '<%= @ident_file %>'
external_pid_file = '<%= @external_pid_file %>'
stats_temp_directory = '<%= @stats_temp_directory %>'
port = <%= @port %>
<% @additional_config.sort.each do |key, value| %>
<% next if value.nil? -%>
<% next if node['postgresql']['version'].to_f < 9.2 && /ssl_.*._file/.match(key) -%>
<%= key %> = <%=
case value
when String

6
cookbooks/postgresql/templates/postgresql.service.erb Normal file
View File

@ -0,0 +1,6 @@
[Service]
.include /usr/lib/systemd/system/<%= @svc_name %>.service
Environment=
Environment=PGPORT=<%= @port %>
Environment=PGDATA=<%= @data_dir %>

17
data_bags/credentials/postgresql.json Normal file
View File

@ -0,0 +1,17 @@
{
"id": "postgresql",
"ejabberd_user_password": {
"encrypted_data": "S/vdx+qZ4FWtbM29yDRoIgjvFORoArJVlanPm/el1nCM0se0pnxw\n",
"iv": "ARRo7yYYb7fve7Fv\n",
"auth_tag": "q7AGIahxB50jHjD+/9po0g==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"server_password": {
"encrypted_data": "guWsuw7EqHQGMawW9P77Q12P8tUslpXE3AwRbobJlaTClVU08kcz\n",
"iv": "ELRNrSW+zKYfL/eb\n",
"auth_tag": "zayCIjABap1NsOewJDzapA==\n",
"version": 3,
"cipher": "aes-256-gcm"
}
}

11
nodes/andromeda.kosmos.org.json
View File

@ -2,8 +2,17 @@
"run_list": [
"kosmos-base",
"kosmos-base::andromeda_firewall",
"role[ipfs_cluster_with_tls]"
"role[ipfs_cluster_with_tls]",
"kosmos-postgresql",
"kosmos-ejabberd::backup"
],
"normal": {
"postgresql": {
"password": {
"postgres": "iezah7ochae9uizu1Isha2Chuok8ra"
}
}
},
"automatic": {
"ipaddress": "andromeda.kosmos.org"
}

38
site-cookbooks/backup/attributes/default.rb
View File

@ -1,41 +1,41 @@
# Directory where backup config and models are stored
set_unless["backup"]["dir"] = "/usr/local/lib/backup"
default["backup"]["dir"] = "/usr/local/lib/backup"
# Use default backup model?
set_unless["backup"]["default_model"] = true
default["backup"]["default_model"] = true
# Compression default settings
set_unless["backup"]["compression"]["best"] = true
set_unless["backup"]["compression"]["fast"] = false
default["backup"]["compression"]["best"] = true
default["backup"]["compression"]["fast"] = false
default['backup']['user'] = 'backup'
# Archive default settings
set_unless["backup"]["archives"] = {}
default["backup"]["archives"] = {}
# MongoDB default settings
if node["mongodb"]
set_unless["backup"]["mongodb"]["databases"] = []
set_unless["backup"]["mongodb"]["host"] = "localhost"
set_unless["backup"]["mongodb"]["ipv6"] = false
set_unless["backup"]["mongodb"]["lock"] = false
default["backup"]["mongodb"]["databases"] = []
default["backup"]["mongodb"]["host"] = "localhost"
default["backup"]["mongodb"]["ipv6"] = false
default["backup"]["mongodb"]["lock"] = false
end
# MySQL default settings
set_unless["backup"]["mysql"]["databases"] = []
set_unless["backup"]["mysql"]["username"] = "root"
set_unless["backup"]["mysql"]["host"] = "localhost"
default["backup"]["mysql"]["databases"] = []
default["backup"]["mysql"]["username"] = "root"
default["backup"]["mysql"]["host"] = "localhost"
# PostgreSQL default settings
set_unless["backup"]["postgresql"]["databases"] = []
set_unless["backup"]["postgresql"]["host"] = "localhost"
set_unless["backup"]["postgresql"]["port"] = 5432
default["backup"]["postgresql"]["databases"] = []
default["backup"]["postgresql"]["host"] = "localhost"
default["backup"]["postgresql"]["port"] = 5432
# Redis default settings
set_unless["backup"]["redis"]["databases"] = []
set_unless["backup"]["redis"]["host"] = "localhost"
set_unless["backup"]["redis"]["invoke_save"] = false
set_unless["backup"]["redis"]["dump_dir"] = "/var/lib/redis"
default["backup"]["redis"]["databases"] = []
default["backup"]["redis"]["host"] = "localhost"
default["backup"]["redis"]["invoke_save"] = false
default["backup"]["redis"]["dump_dir"] = "/var/lib/redis"
default['backup']['orbit']['keep'] = 10
default['backup']['cron']['hour'] = "05"

2
site-cookbooks/backup/metadata.rb
View File

@ -8,3 +8,5 @@ name "backup"
depends 'logrotate'
depends 'mysql'
depends 'postgresql'
depends 'build-essential'

6
site-cookbooks/backup/templates/default/config.rb.erb
View File

@ -1,7 +1,7 @@
# encoding: utf-8
##
# Backup v4.x Configuration
# Backup v5.x Configuration
#
# Documentation: http://backup.github.io/backup
# Issue Tracker: https://github.com/backup/backup/issues
@ -56,8 +56,8 @@ end
<%- if node["backup"]["postgresql"] -%>
Database::PostgreSQL.defaults do |db|
db.username = "<%= node["backup"]["postgresql"]["username"] %>"
db.password = "<%= node["backup"]["postgresql"]["password"] %>"
db.username = "postgres"
db.password = "<%= node['postgresql']['password']['postgres'] %>"
db.host = "<%= node["backup"]["postgresql"]["host"] %>"
db.port = "<%= node["backup"]["postgresql"]["port"] %>"
# db.socket = "/var/run/postgresql/.s.PGSQL.5432"

12
site-cookbooks/kosmos-base/recipes/letsencrypt.rb
View File

@ -29,11 +29,13 @@ else
end
end
directory "/etc/letsencrypt/renewal-hooks" do
recursive true
mode 0755
owner "root"
group "root"
["deploy", "post", "pre"].each do |subdir|
directory "/etc/letsencrypt/renewal-hooks/#{subdir}" do
recursive true
mode 0755
owner "root"
group "root"
end
end
file "/etc/letsencrypt/renewal-hooks/deploy/nginx" do

1
site-cookbooks/kosmos-ejabberd/.delivery/project.toml Normal file
View File

@ -0,0 +1 @@
remote_file = "https://raw.githubusercontent.com/chef-cookbooks/community_cookbook_tools/master/delivery/project.toml"

22
site-cookbooks/kosmos-ejabberd/.gitignore vendored Normal file
View File

@ -0,0 +1,22 @@
.vagrant
*~
*#
.#*
\#*#
.*.sw[a-z]
*.un~
# Bundler
Gemfile.lock
gems.locked
bin/*
.bundle/*
# test kitchen
.kitchen/
.kitchen.local.yml
# Chef
Berksfile.lock
.zero-knife.rb
Policyfile.lock.json

23
site-cookbooks/kosmos-ejabberd/.kitchen.yml Normal file
View File

@ -0,0 +1,23 @@
---
driver:
name: vagrant
provisioner:
name: chef_zero
# You may wish to disable always updating cookbooks in CI or other testing environments.
# For example:
# always_update_cookbooks: <%= !ENV['CI'] %>
always_update_cookbooks: true
verifier:
name: inspec
platforms:
- name: ubuntu-16.04
- name: ubuntu-18.04
suites:
- name: default
run_list:
- recipe[kosmos-ejabberd::default]
attributes:

6
site-cookbooks/kosmos-ejabberd/Berksfile Normal file
View File

@ -0,0 +1,6 @@
# frozen_string_literal: true
source 'https://supermarket.chef.io'
source chef_repo: ".."
cookbook "kosmos-postgresql", path: "../kosmos-postgresql"
metadata

11
site-cookbooks/kosmos-ejabberd/CHANGELOG.md Normal file
View File

@ -0,0 +1,11 @@
# kosmos-ejabberd CHANGELOG
This file is used to list changes made in each version of the kosmos-ejabberd cookbook.
# 0.1.0
Initial release.
- change 0
- change 1

3
site-cookbooks/kosmos-ejabberd/LICENSE Normal file
View File

@ -0,0 +1,3 @@
Copyright 2019 Kosmos
All rights reserved, do not redistribute.

4
site-cookbooks/kosmos-ejabberd/README.md Normal file
View File

@ -0,0 +1,4 @@
# kosmos-ejabberd
Sets up ejabberd with vhosts for kosmos.org (public server) and 5apps.com
(private server).

2
site-cookbooks/kosmos-ejabberd/attributes/default.rb Normal file
View File

@ -0,0 +1,2 @@
node.default["kosmos-ejabberd"]["version"] = "19.02"
node.default["kosmos-ejabberd"]["checksum"] = "aea550c58e61eab04ca9beb8896d8b04f4a79321c21dee160a67ad6787236f51"

104
site-cookbooks/kosmos-ejabberd/chefignore Normal file
View File

@ -0,0 +1,104 @@
# Put files/directories that should be ignored in this file when uploading
# to a chef-server or supermarket.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
Icon?
nohup.out
ehthumbs.db
Thumbs.db
# SASS #
########
.sass-cache
# EDITORS #
###########
\#*
.#*
*~
*.sw[a-z]
*.bak
REVISION
TAGS*
tmtags
*_flymake.*
*_flymake
*.tmproj
.project
.settings
mkmf.log
## COMPILED ##
##############
a.out
*.o
*.pyc
*.so
*.com
*.class
*.dll
*.exe
*/rdoc/
# Testing #
###########
.watchr
.rspec
spec/*
spec/fixtures/*
test/*
features/*
examples/*
Guardfile
Procfile
.kitchen*
kitchen.yml*
.rubocop.yml
spec/*
Rakefile
.travis.yml
.foodcritic
.codeclimate.yml
# SCM #
#######
.git
*/.git
.gitignore
.gitmodules
.gitconfig
.gitattributes
.svn
*/.bzr/*
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Bundler #
###########
vendor/*
# Policyfile #
##############
Policyfile.rb
Policyfile.lock.json
# Cookbooks #
#############
CONTRIBUTING*
CHANGELOG*
TESTING*
# Vagrant #
###########
.vagrant
Vagrantfile

644
site-cookbooks/kosmos-ejabberd/files/pg.new.sql Normal file
View File

@ -0,0 +1,644 @@
--
-- ejabberd, Copyright (C) 2002-2019 ProcessOne
--
-- This program is free software; you can redistribute it and/or
-- modify it under the terms of the GNU General Public License as
-- published by the Free Software Foundation; either version 2 of the
-- License, or (at your option) any later version.
--
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-- General Public License for more details.
--
-- You should have received a copy of the GNU General Public License along
-- with this program; if not, write to the Free Software Foundation, Inc.,
-- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
--
-- To update from the old schema, replace <HOST> with the host's domain:
-- ALTER TABLE users ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE users DROP CONSTRAINT users_pkey;
-- ALTER TABLE users ADD PRIMARY KEY (server_host, username);
-- ALTER TABLE users ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE last ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE last DROP CONSTRAINT last_pkey;
-- ALTER TABLE last ADD PRIMARY KEY (server_host, username);
-- ALTER TABLE last ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE rosterusers ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- DROP INDEX i_rosteru_user_jid;
-- DROP INDEX i_rosteru_username;
-- DROP INDEX i_rosteru_jid;
-- CREATE UNIQUE INDEX i_rosteru_sh_user_jid ON rosterusers USING btree (server_host, username, jid);
-- CREATE INDEX i_rosteru_sh_username ON rosterusers USING btree (server_host, username);
-- CREATE INDEX i_rosteru_sh_jid ON rosterusers USING btree (server_host, jid);
-- ALTER TABLE rosterusers ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE rostergroups ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- DROP INDEX pk_rosterg_user_jid;
-- CREATE INDEX i_rosterg_sh_user_jid ON rostergroups USING btree (server_host, username, jid);
-- ALTER TABLE rostergroups ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE sr_group ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE sr_group ADD PRIMARY KEY (server_host, name);
-- ALTER TABLE sr_group ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE sr_user ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- DROP INDEX i_sr_user_jid_grp;
-- DROP INDEX i_sr_user_jid;
-- DROP INDEX i_sr_user_grp;
-- ALTER TABLE sr_user ADD PRIMARY KEY (server_host, jid, grp);
-- CREATE INDEX i_sr_user_sh_jid ON sr_user USING btree (server_host, jid);
-- CREATE INDEX i_sr_user_sh_grp ON sr_user USING btree (server_host, grp);
-- ALTER TABLE sr_user ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE spool ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- DROP INDEX i_despool;
-- CREATE INDEX i_spool_sh_username ON spool USING btree (server_host, username);
-- ALTER TABLE spool ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE archive ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- DROP INDEX i_username_timestamp;
-- DROP INDEX i_username_peer;
-- DROP INDEX i_username_bare_peer;
-- DROP INDEX i_timestamp;
-- CREATE INDEX i_archive_sh_username_timestamp ON archive USING btree (server_host, username, timestamp);
-- CREATE INDEX i_archive_sh_username_peer ON archive USING btree (server_host, username, peer);
-- CREATE INDEX i_archive_sh_username_bare_peer ON archive USING btree (server_host, username, bare_peer);
-- CREATE INDEX i_archive_sh_timestamp ON archive USING btree (server_host, timestamp);
-- ALTER TABLE archive ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE archive_prefs ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE archive_prefs DROP CONSTRAINT archive_prefs_pkey;
-- ALTER TABLE archive_prefs ADD PRIMARY KEY (server_host, username);
-- ALTER TABLE archive_prefs ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE vcard ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE vcard DROP CONSTRAINT vcard_pkey;
-- ALTER TABLE vcard ADD PRIMARY KEY (server_host, username);
-- ALTER TABLE vcard ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE vcard_search ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE vcard_search DROP CONSTRAINT vcard_search_pkey;
-- DROP INDEX i_vcard_search_lfn;
-- DROP INDEX i_vcard_search_lfamily;
-- DROP INDEX i_vcard_search_lgiven;
-- DROP INDEX i_vcard_search_lmiddle;
-- DROP INDEX i_vcard_search_lnickname;
-- DROP INDEX i_vcard_search_lbday;
-- DROP INDEX i_vcard_search_lctry;
-- DROP INDEX i_vcard_search_llocality;
-- DROP INDEX i_vcard_search_lemail;
-- DROP INDEX i_vcard_search_lorgname;
-- DROP INDEX i_vcard_search_lorgunit;
-- ALTER TABLE vcard_search ADD PRIMARY KEY (server_host, username);
-- CREATE INDEX i_vcard_search_sh_lfn ON vcard_search(server_host, lfn);
-- CREATE INDEX i_vcard_search_sh_lfamily ON vcard_search(server_host, lfamily);
-- CREATE INDEX i_vcard_search_sh_lgiven ON vcard_search(server_host, lgiven);
-- CREATE INDEX i_vcard_search_sh_lmiddle ON vcard_search(server_host, lmiddle);
-- CREATE INDEX i_vcard_search_sh_lnickname ON vcard_search(server_host, lnickname);
-- CREATE INDEX i_vcard_search_sh_lbday ON vcard_search(server_host, lbday);
-- CREATE INDEX i_vcard_search_sh_lctry ON vcard_search(server_host, lctry);
-- CREATE INDEX i_vcard_search_sh_llocality ON vcard_search(server_host, llocality);
-- CREATE INDEX i_vcard_search_sh_lemail ON vcard_search(server_host, lemail);
-- CREATE INDEX i_vcard_search_sh_lorgname ON vcard_search(server_host, lorgname);
-- CREATE INDEX i_vcard_search_sh_lorgunit ON vcard_search(server_host, lorgunit);
-- ALTER TABLE vcard_search ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE privacy_default_list ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE privacy_default_list DROP CONSTRAINT privacy_default_list_pkey;
-- ALTER TABLE privacy_default_list ADD PRIMARY KEY (server_host, username);
-- ALTER TABLE privacy_default_list ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE privacy_list ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- DROP INDEX i_privacy_list_username;
-- DROP INDEX i_privacy_list_username_name;
-- CREATE INDEX i_privacy_list_sh_username ON privacy_list USING btree (server_host, username);
-- CREATE UNIQUE INDEX i_privacy_list_sh_username_name ON privacy_list USING btree (server_host, username, name);
-- ALTER TABLE privacy_list ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE private_storage ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- DROP INDEX i_private_storage_username;
-- DROP INDEX i_private_storage_username_namespace;
-- ALTER TABLE private_storage ADD PRIMARY KEY (server_host, username, namespace);
-- CREATE INDEX i_private_storage_sh_username ON private_storage USING btree (server_host, username);
-- ALTER TABLE private_storage ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE roster_version ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE roster_version DROP CONSTRAINT roster_version_pkey;
-- ALTER TABLE roster_version ADD PRIMARY KEY (server_host, username);
-- ALTER TABLE roster_version ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE muc_room ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE muc_room ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE muc_registered ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE muc_registered ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE muc_online_room ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE muc_online_room ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE muc_online_users ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE muc_online_users ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE motd ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE motd DROP CONSTRAINT motd_pkey;
-- ALTER TABLE motd ADD PRIMARY KEY (server_host, username);
-- ALTER TABLE motd ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE sm ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- DROP INDEX i_sm_sid;
-- DROP INDEX i_sm_username;
-- ALTER TABLE sm ADD PRIMARY KEY (usec, pid);
-- CREATE INDEX i_sm_sh_username ON sm USING btree (server_host, username);
-- ALTER TABLE sm ALTER COLUMN server_host DROP DEFAULT;
CREATE TABLE users (
username text NOT NULL,
server_host text NOT NULL,
"password" text NOT NULL,
serverkey text NOT NULL DEFAULT '',
salt text NOT NULL DEFAULT '',
iterationcount integer NOT NULL DEFAULT 0,
created_at TIMESTAMP NOT NULL DEFAULT now(),
PRIMARY KEY (server_host, username)
);
-- Add support for SCRAM auth to a database created before ejabberd 16.03:
-- ALTER TABLE users ADD COLUMN serverkey text NOT NULL DEFAULT '';
-- ALTER TABLE users ADD COLUMN salt text NOT NULL DEFAULT '';
-- ALTER TABLE users ADD COLUMN iterationcount integer NOT NULL DEFAULT 0;
CREATE TABLE last (
username text NOT NULL,
server_host text NOT NULL,
seconds text NOT NULL,
state text NOT NULL,
PRIMARY KEY (server_host, username)
);
CREATE TABLE rosterusers (
username text NOT NULL,
server_host text NOT NULL,
jid text NOT NULL,
nick text NOT NULL,
subscription character(1) NOT NULL,
ask character(1) NOT NULL,
askmessage text NOT NULL,
server character(1) NOT NULL,
subscribe text NOT NULL,
"type" text,
created_at TIMESTAMP NOT NULL DEFAULT now()
);
CREATE UNIQUE INDEX i_rosteru_sh_user_jid ON rosterusers USING btree (server_host, username, jid);
CREATE INDEX i_rosteru_sh_username ON rosterusers USING btree (server_host, username);
CREATE INDEX i_rosteru_sh_jid ON rosterusers USING btree (server_host, jid);
CREATE TABLE rostergroups (
username text NOT NULL,
server_host text NOT NULL,
jid text NOT NULL,
grp text NOT NULL
);
CREATE INDEX i_rosterg_sh_user_jid ON rostergroups USING btree (server_host, username, jid);
CREATE TABLE sr_group (
name text NOT NULL,
server_host text NOT NULL,
opts text NOT NULL,
created_at TIMESTAMP NOT NULL DEFAULT now(),
PRIMARY KEY (server_host, name)
);
CREATE TABLE sr_user (
jid text NOT NULL,
server_host text NOT NULL,
grp text NOT NULL,
created_at TIMESTAMP NOT NULL DEFAULT now(),
PRIMARY KEY (server_host, jid, grp)
);
CREATE INDEX i_sr_user_sh_jid ON sr_user USING btree (server_host, jid);
CREATE INDEX i_sr_user_sh_grp ON sr_user USING btree (server_host, grp);
CREATE TABLE spool (
username text NOT NULL,
server_host text NOT NULL,
xml text NOT NULL,
seq SERIAL,
created_at TIMESTAMP NOT NULL DEFAULT now()
);
CREATE INDEX i_spool_sh_username ON spool USING btree (server_host, username);
CREATE TABLE archive (
username text NOT NULL,
server_host text NOT NULL,
timestamp BIGINT NOT NULL,
peer text NOT NULL,
bare_peer text NOT NULL,
xml text NOT NULL,
txt text,
id SERIAL,
kind text,
nick text,
created_at TIMESTAMP NOT NULL DEFAULT now()
);
CREATE INDEX i_archive_sh_username_timestamp ON archive USING btree (server_host, username, timestamp);
CREATE INDEX i_archive_sh_username_peer ON archive USING btree (server_host, username, peer);
CREATE INDEX i_archive_sh_username_bare_peer ON archive USING btree (server_host, username, bare_peer);
CREATE INDEX i_archive_sh_timestamp ON archive USING btree (server_host, timestamp);
CREATE TABLE archive_prefs (
username text NOT NULL,
server_host text NOT NULL,
def text NOT NULL,
always text NOT NULL,
never text NOT NULL,
created_at TIMESTAMP NOT NULL DEFAULT now(),
PRIMARY KEY (server_host, username)
);
CREATE TABLE vcard (
username text NOT NULL,
server_host text NOT NULL,
vcard text NOT NULL,
created_at TIMESTAMP NOT NULL DEFAULT now(),
PRIMARY KEY (server_host, username)
);
CREATE TABLE vcard_search (
username text NOT NULL,
lusername text NOT NULL,
server_host text NOT NULL,
fn text NOT NULL,
lfn text NOT NULL,
family text NOT NULL,
lfamily text NOT NULL,
given text NOT NULL,
lgiven text NOT NULL,
middle text NOT NULL,
lmiddle text NOT NULL,
nickname text NOT NULL,
lnickname text NOT NULL,
bday text NOT NULL,
lbday text NOT NULL,
ctry text NOT NULL,
lctry text NOT NULL,
locality text NOT NULL,
llocality text NOT NULL,
email text NOT NULL,
lemail text NOT NULL,
orgname text NOT NULL,
lorgname text NOT NULL,
orgunit text NOT NULL,
lorgunit text NOT NULL,
PRIMARY KEY (server_host, username)
);
CREATE INDEX i_vcard_search_sh_lfn ON vcard_search(server_host, lfn);
CREATE INDEX i_vcard_search_sh_lfamily ON vcard_search(server_host, lfamily);
CREATE INDEX i_vcard_search_sh_lgiven ON vcard_search(server_host, lgiven);
CREATE INDEX i_vcard_search_sh_lmiddle ON vcard_search(server_host, lmiddle);
CREATE INDEX i_vcard_search_sh_lnickname ON vcard_search(server_host, lnickname);
CREATE INDEX i_vcard_search_sh_lbday ON vcard_search(server_host, lbday);
CREATE INDEX i_vcard_search_sh_lctry ON vcard_search(server_host, lctry);
CREATE INDEX i_vcard_search_sh_llocality ON vcard_search(server_host, llocality);
CREATE INDEX i_vcard_search_sh_lemail ON vcard_search(server_host, lemail);
CREATE INDEX i_vcard_search_sh_lorgname ON vcard_search(server_host, lorgname);
CREATE INDEX i_vcard_search_sh_lorgunit ON vcard_search(server_host, lorgunit);
CREATE TABLE privacy_default_list (
username text NOT NULL,
server_host text NOT NULL,
name text NOT NULL,
PRIMARY KEY (server_host, username)
);
CREATE TABLE privacy_list (
username text NOT NULL,
server_host text NOT NULL,
name text NOT NULL,
id SERIAL UNIQUE,
created_at TIMESTAMP NOT NULL DEFAULT now()
);
CREATE INDEX i_privacy_list_sh_username ON privacy_list USING btree (server_host, username);
CREATE UNIQUE INDEX i_privacy_list_sh_username_name ON privacy_list USING btree (server_host, username, name);
CREATE TABLE privacy_list_data (
id bigint REFERENCES privacy_list(id) ON DELETE CASCADE,
t character(1) NOT NULL,
value text NOT NULL,
action character(1) NOT NULL,
ord NUMERIC NOT NULL,
match_all boolean NOT NULL,
match_iq boolean NOT NULL,
match_message boolean NOT NULL,
match_presence_in boolean NOT NULL,
match_presence_out boolean NOT NULL
);
CREATE INDEX i_privacy_list_data_id ON privacy_list_data USING btree (id);
CREATE TABLE private_storage (
username text NOT NULL,
server_host text NOT NULL,
namespace text NOT NULL,
data text NOT NULL,
created_at TIMESTAMP NOT NULL DEFAULT now(),
PRIMARY KEY (server_host, username, namespace)
);
CREATE INDEX i_private_storage_sh_username ON private_storage USING btree (server_host, username);
CREATE TABLE roster_version (
username text NOT NULL,
server_host text NOT NULL,
version text NOT NULL,
PRIMARY KEY (server_host, username)
);
-- To update from 0.9.8:
-- CREATE SEQUENCE spool_seq_seq;
-- ALTER TABLE spool ADD COLUMN seq integer;
-- ALTER TABLE spool ALTER COLUMN seq SET DEFAULT nextval('spool_seq_seq');
-- UPDATE spool SET seq = DEFAULT;
-- ALTER TABLE spool ALTER COLUMN seq SET NOT NULL;
-- To update from 1.x:
-- ALTER TABLE rosterusers ADD COLUMN askmessage text;
-- UPDATE rosterusers SET askmessage = '';
-- ALTER TABLE rosterusers ALTER COLUMN askmessage SET NOT NULL;
CREATE TABLE pubsub_node (
host text NOT NULL,
node text NOT NULL,
parent text NOT NULL DEFAULT '',
plugin text NOT NULL,
nodeid SERIAL UNIQUE
);
CREATE INDEX i_pubsub_node_parent ON pubsub_node USING btree (parent);
CREATE UNIQUE INDEX i_pubsub_node_tuple ON pubsub_node USING btree (host, node);
CREATE TABLE pubsub_node_option (
nodeid bigint REFERENCES pubsub_node(nodeid) ON DELETE CASCADE,
name text NOT NULL,
val text NOT NULL
);
CREATE INDEX i_pubsub_node_option_nodeid ON pubsub_node_option USING btree (nodeid);
CREATE TABLE pubsub_node_owner (
nodeid bigint REFERENCES pubsub_node(nodeid) ON DELETE CASCADE,
owner text NOT NULL
);
CREATE INDEX i_pubsub_node_owner_nodeid ON pubsub_node_owner USING btree (nodeid);
CREATE TABLE pubsub_state (
nodeid bigint REFERENCES pubsub_node(nodeid) ON DELETE CASCADE,
jid text NOT NULL,
affiliation character(1),
subscriptions text NOT NULL DEFAULT '',
stateid SERIAL UNIQUE
);
CREATE INDEX i_pubsub_state_jid ON pubsub_state USING btree (jid);
CREATE UNIQUE INDEX i_pubsub_state_tuple ON pubsub_state USING btree (nodeid, jid);
CREATE TABLE pubsub_item (
nodeid bigint REFERENCES pubsub_node(nodeid) ON DELETE CASCADE,
itemid text NOT NULL,
publisher text NOT NULL,
creation varchar(32) NOT NULL,
modification varchar(32) NOT NULL,
payload text NOT NULL DEFAULT ''
);
CREATE INDEX i_pubsub_item_itemid ON pubsub_item USING btree (itemid);
CREATE UNIQUE INDEX i_pubsub_item_tuple ON pubsub_item USING btree (nodeid, itemid);
CREATE TABLE pubsub_subscription_opt (
subid text NOT NULL,
opt_name varchar(32),
opt_value text NOT NULL
);
CREATE UNIQUE INDEX i_pubsub_subscription_opt ON pubsub_subscription_opt USING btree (subid, opt_name);
CREATE TABLE muc_room (
name text NOT NULL,
host text NOT NULL,
server_host text NOT NULL,
opts text NOT NULL,
created_at TIMESTAMP NOT NULL DEFAULT now()
);
CREATE UNIQUE INDEX i_muc_room_name_host ON muc_room USING btree (name, host);
CREATE TABLE muc_registered (
jid text NOT NULL,
host text NOT NULL,
server_host text NOT NULL,
nick text NOT NULL,
created_at TIMESTAMP NOT NULL DEFAULT now()
);
CREATE INDEX i_muc_registered_nick ON muc_registered USING btree (nick);
CREATE UNIQUE INDEX i_muc_registered_jid_host ON muc_registered USING btree (jid, host);
CREATE TABLE muc_online_room (
name text NOT NULL,
host text NOT NULL,
server_host text NOT NULL,
node text NOT NULL,
pid text NOT NULL
);
CREATE UNIQUE INDEX i_muc_online_room_name_host ON muc_online_room USING btree (name, host);
CREATE TABLE muc_online_users (
username text NOT NULL,
server text NOT NULL,
resource text NOT NULL,
name text NOT NULL,
host text NOT NULL,
server_host text NOT NULL,
node text NOT NULL
);
CREATE UNIQUE INDEX i_muc_online_users ON muc_online_users USING btree (username, server, resource, name, host);
CREATE INDEX i_muc_online_users_us ON muc_online_users USING btree (username, server);
CREATE TABLE muc_room_subscribers (
room text NOT NULL,
host text NOT NULL,
jid text NOT NULL,
nick text NOT NULL,
nodes text NOT NULL,
created_at TIMESTAMP NOT NULL DEFAULT now()
);
CREATE INDEX i_muc_room_subscribers_host_jid ON muc_room_subscribers USING btree (host, jid);
CREATE UNIQUE INDEX i_muc_room_subscribers_host_room_jid ON muc_room_subscribers USING btree (host, room, jid);
CREATE TABLE motd (
username text NOT NULL,
server_host text NOT NULL,
xml text,
created_at TIMESTAMP NOT NULL DEFAULT now(),
PRIMARY KEY (server_host, username)
);
CREATE TABLE caps_features (
node text NOT NULL,
subnode text NOT NULL,
feature text,
created_at TIMESTAMP NOT NULL DEFAULT now()
);
CREATE INDEX i_caps_features_node_subnode ON caps_features USING btree (node, subnode);
CREATE TABLE sm (
usec bigint NOT NULL,
pid text NOT NULL,
node text NOT NULL,
username text NOT NULL,
server_host text NOT NULL,
resource text NOT NULL,
priority text NOT NULL,
info text NOT NULL,
PRIMARY KEY (usec, pid)
);
CREATE INDEX i_sm_node ON sm USING btree (node);
CREATE INDEX i_sm_sh_username ON sm USING btree (server_host, username);
CREATE TABLE oauth_token (
token text NOT NULL,
jid text NOT NULL,
scope text NOT NULL,
expire bigint NOT NULL
);
CREATE UNIQUE INDEX i_oauth_token_token ON oauth_token USING btree (token);
CREATE TABLE route (
domain text NOT NULL,
server_host text NOT NULL,
node text NOT NULL,
pid text NOT NULL,
local_hint text NOT NULL
);
CREATE UNIQUE INDEX i_route ON route USING btree (domain, server_host, node, pid);
CREATE INDEX i_route_domain ON route USING btree (domain);
CREATE TABLE bosh (
sid text NOT NULL,
node text NOT NULL,
pid text NOT NULL
);
CREATE UNIQUE INDEX i_bosh_sid ON bosh USING btree (sid);
CREATE TABLE proxy65 (
sid text NOT NULL,
pid_t text NOT NULL,
pid_i text NOT NULL,
node_t text NOT NULL,
node_i text NOT NULL,
jid_i text NOT NULL
);
CREATE UNIQUE INDEX i_proxy65_sid ON proxy65 USING btree (sid);
CREATE INDEX i_proxy65_jid ON proxy65 USING btree (jid_i);
CREATE TABLE push_session (
username text NOT NULL,
server_host text NOT NULL,
timestamp bigint NOT NULL,
service text NOT NULL,
node text NOT NULL,
xml text NOT NULL,
PRIMARY KEY (server_host, username, timestamp)
);
CREATE UNIQUE INDEX i_push_session_susn ON push_session USING btree (server_host, username, service, node);
CREATE TABLE mix_channel (
channel text NOT NULL,
service text NOT NULL,
username text NOT NULL,
domain text NOT NULL,
jid text NOT NULL,
hidden boolean NOT NULL,
hmac_key text NOT NULL,
created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
);
CREATE UNIQUE INDEX i_mix_channel ON mix_channel (channel, service);
CREATE INDEX i_mix_channel_serv ON mix_channel (service);
CREATE TABLE mix_participant (
channel text NOT NULL,
service text NOT NULL,
username text NOT NULL,
domain text NOT NULL,
jid text NOT NULL,
id text NOT NULL,
nick text NOT NULL,
created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
);
CREATE UNIQUE INDEX i_mix_participant ON mix_participant (channel, service, username, domain);
CREATE INDEX i_mix_participant_chan_serv ON mix_participant (channel, service);
CREATE TABLE mix_subscription (
channel text NOT NULL,
service text NOT NULL,
username text NOT NULL,
domain text NOT NULL,
node text NOT NULL,
jid text NOT NULL
);
CREATE UNIQUE INDEX i_mix_subscription ON mix_subscription (channel, service, username, domain, node);
CREATE INDEX i_mix_subscription_chan_serv_ud ON mix_subscription (channel, service, username, domain);
CREATE INDEX i_mix_subscription_chan_serv_node ON mix_subscription (channel, service, node);
CREATE INDEX i_mix_subscription_chan_serv ON mix_subscription (channel, service);
CREATE TABLE mix_pam (
username text NOT NULL,
server_host text NOT NULL,
channel text NOT NULL,
service text NOT NULL,
id text NOT NULL,
created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
);
CREATE UNIQUE INDEX i_mix_pam ON mix_pam (username, server_host, channel, service);
CREATE INDEX i_mix_pam_us ON mix_pam (username, server_host);
CREATE TABLE mqtt_pub (
username text NOT NULL,
server_host text NOT NULL,
resource text NOT NULL,
topic text NOT NULL,
qos smallint NOT NULL,
payload bytea NOT NULL,
payload_format smallint NOT NULL,
content_type text NOT NULL,
response_topic text NOT NULL,
correlation_data bytea NOT NULL,
user_properties bytea NOT NULL,
expiry bigint NOT NULL
);
CREATE UNIQUE INDEX i_mqtt_topic_server ON mqtt_pub (topic, server_host);

24
site-cookbooks/kosmos-ejabberd/metadata.rb Normal file
View File

@ -0,0 +1,24 @@
name 'kosmos-ejabberd'
maintainer 'Kosmos'
maintainer_email 'ops@5apps.com'
license 'All Rights Reserved'
description 'Installs/Configures kosmos-ejabberd'
long_description 'Installs/Configures kosmos-ejabberd'
version '0.1.0'
chef_version '>= 12.14' if respond_to?(:chef_version)
# The `issues_url` points to the location where issues for this cookbook are
# tracked. A `View Issues` link will be displayed on this cookbook's page when
# uploaded to a Supermarket.
#
# issues_url 'https://github.com/<insert_org_here>/kosmos-ejabberd/issues'
# The `source_url` points to the development repository for this cookbook. A
# `View Source` link will be displayed on this cookbook's page when uploaded to
# a Supermarket.
#
# source_url 'https://github.com/<insert_org_here>/kosmos-ejabberd'
depends "kosmos-postgresql"
depends "kosmos-base"
depends "backup"

16
site-cookbooks/kosmos-ejabberd/recipes/backup.rb Normal file
View File

@ -0,0 +1,16 @@
#
# Cookbook:: kosmos-ejabberd
# Recipe:: backup
#
# Copyright:: 2019, Kosmos, All Rights Reserved.
#
unless node.chef_environment == "development"
# backup the data dir and the config files
node.override["backup"]["archives"]["ejabberd"] = ["/opt/ejabberd", "/var/www/xmpp.kosmos.org"]
unless node["backup"]["postgresql"]["databases"].include? "ejabberd"
node.override["backup"]["postgresql"]["databases"] =
node["backup"]["postgresql"]["databases"].to_a << "ejabberd"
end
include_recipe "backup"
end

82
site-cookbooks/kosmos-ejabberd/recipes/default.rb Normal file
View File

@ -0,0 +1,82 @@
#
# Cookbook:: kosmos-ejabberd
# Recipe:: default
#
# Copyright:: 2019, Kosmos, All Rights Reserved.
#
include_recipe "kosmos-postgresql"
cookbook_file "#{Chef::Config[:file_cache_path]}/pg.new.sql" do
source "pg.new.sql"
mode "0664"
end
ejabberd_version = node["kosmos-ejabberd"]["version"]
package_checksum = node["kosmos-ejabberd"]["checksum"]
package_path = "#{Chef::Config['file_cache_path']}/ejabberd_#{ejabberd_version}-0_amd64.deb"
remote_file package_path do
source "https://www.process-one.net/downloads/downloads-action.php?file=/ejabberd/#{ejabberd_version}/ejabberd_#{ejabberd_version}-0_amd64.deb"
checksum package_checksum
notifies :install, "dpkg_package[ejabberd]", :immediately
end
dpkg_package "ejabberd" do
source package_path
action :nothing
notifies :create, "file[/lib/systemd/system/ejabberd.service]", :immediately
end
postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
ejabberd_user_password = postgresql_data_bag_item['ejabberd_user_password']
postgresql_database 'ejabberd' do
action :create
notifies :run, "execute[create db schema]", :delayed
end
postgresql_user 'ejabberd' do
password ejabberd_user_password
database 'ejabberd'
action [:create]
end
execute "create db schema" do
user "ejabberd"
command "psql ejabberd < #{Chef::Config[:file_cache_path]}/pg.new.sql"
action :nothing
end
template "/opt/ejabberd/conf/ejabberd.yml" do
source "ejabberd.yml.erb"
mode 0640
sensitive true
variables pgsql_password: ejabberd_user_password
notifies :run, "execute[ejabberdctl reload_config]", :delayed
end
execute "ejabberdctl reload_config" do
command "/opt/ejabberd-#{ejabberd_version}/bin/ejabberdctl reload_config"
action :nothing
end
file "/etc/init.d/ejabberd" do
action :delete
end
# Copy the systemd service file
file "/lib/systemd/system/ejabberd.service" do
content lazy { IO.read("/opt/ejabberd-#{ejabberd_version}/bin/ejabberd.service") }
action :nothing
notifies :run, "execute[systemctl daemon-reload]", :immediately
end
execute "systemctl daemon-reload" do
command "systemctl daemon-reload"
action :nothing
end
service "ejabberd" do
action [:enable, :start]
end

50
site-cookbooks/kosmos-ejabberd/recipes/letsencrypt.rb Normal file
View File

@ -0,0 +1,50 @@
#
# Cookbook:: kosmos-ejabberd
# Recipe:: letsencrypt
#
# Copyright:: 2019, Kosmos, All Rights Reserved.
#
include_recipe "kosmos-base::letsencrypt"
domain = "kosmos.org"
domain_and_subdomains = [domain, "chat.#{domain}" "xmpp.#{domain}"]
ejabberd_post_hook = <<-EOF
#!/usr/bin/env bash
set -e
# Copy the ejabberd certificate and restart the server if it has been renewed
# This is necessary because the ejabberd user doesn't have access to the
# letsencrypt live folder
for domain in $RENEWED_DOMAINS; do
case $domain in
# Do not copy over when renewing other kosmos.org domains
#{domain})
cat "${RENEWED_LINEAGE}/privkey.pem" "${RENEWED_LINEAGE}/fullchain.pem" > /opt/ejabberd/conf/#{domain}.pem
chown ejabberd:ejabberd /opt/ejabberd/conf/#{domain}.pem
chmod 600 /opt/ejabberd/conf/#{domain}.pem
/opt/ejabberd-#{node["kosmos-ejabberd"]["version"]}/bin/ejabberdctl reload_config
;;
esac
done
EOF
file "/etc/letsencrypt/renewal-hooks/post/ejabberd" do
content ejabberd_post_hook
mode 0755
owner "root"
group "root"
end
domain_and_subdomains_switch = domain_and_subdomains.map { |d| "-d #{d}" }.join(" ")
# Generate a Let's Encrypt cert (only if no cert has been generated before).
# The systemd timer will take care of renewing
execute "letsencrypt cert for kosmos xmpp" do
command "/usr/bin/certbot certonly --manual --preferred-challenges dns --manual-public-ip-logging-ok --agree-tos --manual-auth-hook \"/root/gandi_dns_certbot_hook.sh auth\" --manual-cleanup-hook \"/root/gandi_dns_certbot_hook.sh cleanup\" --deploy-hook \"/etc/letsencrypt/renewal-hooks/post/ejabberd\" --email ops@#{domain} #{domain_and_subdomains_switch} -n"
not_if do
File.exist?("/opt/ejabberd/conf/#{domain}.pem")
end
end

277
site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb Normal file
View File

@ -0,0 +1,277 @@
loglevel: 4
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
log_rate_limit: 100
hosts:
- "kosmos.org"
<% if File.exist?("/opt/ejabberd/conf/kosmos.org.pem") -%>
certfiles:
- "/opt/ejabberd/conf/kosmos.org.pem"
<% end -%>
ca_file: "/opt/ejabberd/conf/cacert.pem"
define_macro:
'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH"
'TLS_OPTIONS':
- "no_sslv3"
- "cipher_server_preference"
- "no_compression"
'DH_FILE': "/opt/ejabberd/conf/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048
c2s_dhfile: 'DH_FILE'
s2s_dhfile: 'DH_FILE'
c2s_ciphers: 'TLS_CIPHERS'
s2s_ciphers: 'TLS_CIPHERS'
c2s_protocol_options: 'TLS_OPTIONS'
s2s_protocol_options: 'TLS_OPTIONS'
listen:
-
port: 5222
ip: "::"
module: ejabberd_c2s
starttls: true
max_stanza_size: 65536
shaper: c2s_shaper
access: c2s
-
port: 5223
ip: "::"
module: ejabberd_c2s
tls: true
max_stanza_size: 65536
shaper: c2s_shaper
access: c2s
-
port: 5269
ip: "::"
module: ejabberd_s2s_in
max_stanza_size: 131072
shaper: s2s_shaper
-
port: 5280
ip: "::"
module: ejabberd_http
request_handlers:
"/ws": ejabberd_http_ws
"/bosh": mod_bosh
"/api": mod_http_api
tls: true
## "/pub/archive": mod_http_fileserver
web_admin: true
## register: true
captcha: false
-
port: 5443
module: ejabberd_http
request_handlers:
"upload": mod_http_upload
<% if File.exist?("/opt/ejabberd/conf/kosmos.org.pem") -%>
tls: true
certfiles:
- "/opt/ejabberd/conf/kosmos.org.pem"
<% end -%>
custom_headers:
"Access-Control-Allow-Origin": "*"
"Access-Control-Allow-Methods": "OPTIONS, HEAD, GET, PUT"
"Access-Control-Allow-Headers": "Authorization"
"Access-Control-Allow-Credentials": "true"
s2s_use_starttls: optional
auth_password_format: scram
auth_method: sql
default_db: sql
sql_type: pgsql
sql_server: "localhost"
sql_database: "ejabberd"
sql_username: "ejabberd"
sql_password: "<%= @pgsql_password %>"
new_sql_schema: true
shaper:
normal: 1000
fast: 50000
max_fsm_queue: 10000
acl:
admin:
user:
- "greg@5apps.com"
- "sebastian@5apps.com"
- "garret@5apps.com"
- "raucao@kosmos.org"
- "greg@kosmos.org"
- "galfert@kosmos.org"
local:
user_regexp: ""
loopback:
ip:
- "127.0.0.0/8"
- "::1/128"
- "::FFFF:127.0.0.1/128"
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
- 5000: admin
- 100
c2s_shaper:
- none: admin
- normal
s2s_shaper: fast
access_rules:
local:
- allow: local
c2s:
- deny: blocked
- allow
announce:
- allow: admin
configure:
- allow: admin
muc_create:
- allow: admin
- allow: local
pubsub_createnode:
- allow: local
register:
- allow
trusted_network:
- allow: loopback
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
- access:
- allow:
- acl: loopback
- acl: admin
- oauth:
- scope: "ejabberd:admin"
- access:
- allow:
- acl: loopback
- acl: admin
what:
- "*"
- "!stop"
- "!start"
"public commands":
who:
- ip: "127.0.0.1/8"
what:
- "status"
- "connected_users_number"
language: "en"
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce: # recommends mod_adhoc
access: announce
mod_blocking: {} # requires mod_privacy
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {} # requires mod_adhoc
mod_disco:
server_info:
-
modules: all
name: "abuse-addresses"
urls: ["mailto:abuse@kosmos.org"]
mod_bosh: {}
mod_http_upload:
docroot: "/var/www/xmpp.@HOST@/uploads/"
put_url: "https://xmpp.@HOST@:5443/upload"
thumbnail: false # otherwise needs the identify command from ImageMagick installed
mod_last: {}
mod_mam:
default: always
request_activates_archiving: true
mod_muc:
access:
- allow
access_admin:
- allow: admin
raucao commented 2019-03-27 10:50:21 +00:00
Outdated
Review
Copy Link

It seems like this should be set to "open", according to the linked issue, no?

It seems like this should be set to "open", according to the linked issue, no?
greg commented 2019-03-27 10:58:40 +00:00
Outdated
Review
Copy Link

Fixed in ce4a4bf

Fixed in ce4a4bf
access_create: muc_create
access_persistent: muc_create
default_room_options:
mam: true
mod_muc_admin: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_privacy: {}
mod_private: {}
mod_proxy65: {}
mod_pubsub:
access_createnode: pubsub_createnode
ignore_pep_from_offline: false
last_item_cache: false
max_items_node: 10
plugins:
- "flat"
- "pep" # pep requires mod_caps
mod_push: {}
mod_push_keepalive: {}
mod_register:
welcome_message:
subject: "Welcome!"
body: |-
Hi.
Welcome to this XMPP server.
ip_access: trusted_network
access: register
mod_roster:
versioning: true
store_current_id: true
mod_shared_roster: {}
mod_vcard:
search: false
mod_vcard_xupdate: {}
mod_avatar: {}
mod_version: {}
mod_stream_mgmt: {}
mod_s2s_dialback: {}
mod_http_api: {}
append_host_config:
"kosmos.org":
modules:
mod_muc:
host: "chat.kosmos.org"
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
default_room_options:
mam: true
allow_contrib_modules: true
### Local Variables:
### mode: yaml
### End:
### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker:

23
site-cookbooks/kosmos-ejabberd/test/integration/default/serverspec/default_spec.rb Normal file
View File

@ -0,0 +1,23 @@
require 'serverspec'
# Required by serverspec
set :backend, :exec
describe 'ejabberd' do
describe package('ejabberd') do
it { should be_installed }
end
it 'is listening on port 5222 (client-to-server)' do
expect(port(5222)).to be_listening
end
it 'is listening on port 5269 (server-to-server)' do
expect(port(5269)).to be_listening
end
it 'runs the ejabberd service' do
expect(service('ejabberd')).to be_running
expect(service('ejabberd')).to be_enabled
end
end

22
site-cookbooks/kosmos-postgresql/.gitignore vendored Normal file
View File

@ -0,0 +1,22 @@
.vagrant
*~
*#
.#*
\#*#
.*.sw[a-z]
*.un~
# Bundler
Gemfile.lock
gems.locked
bin/*
.bundle/*
# test kitchen
.kitchen/
.kitchen.local.yml
# Chef
Berksfile.lock
.zero-knife.rb
Policyfile.lock.json

4
site-cookbooks/kosmos-postgresql/Berksfile Normal file
View File

@ -0,0 +1,4 @@
# frozen_string_literal: true
source 'https://supermarket.chef.io'
metadata

11
site-cookbooks/kosmos-postgresql/CHANGELOG.md Normal file
View File

@ -0,0 +1,11 @@
# kosmos-postgresql CHANGELOG
This file is used to list changes made in each version of the kosmos-postgresql cookbook.
# 0.1.0
Initial release.
- change 0
- change 1

3
site-cookbooks/kosmos-postgresql/LICENSE Normal file
View File

@ -0,0 +1,3 @@
Copyright 2019 Kosmos
All rights reserved, do not redistribute.

4
site-cookbooks/kosmos-postgresql/README.md Normal file
View File

@ -0,0 +1,4 @@
# kosmos-postgresql
TODO: Enter the cookbook description here.

104
site-cookbooks/kosmos-postgresql/chefignore Normal file
View File

@ -0,0 +1,104 @@
# Put files/directories that should be ignored in this file when uploading
# to a chef-server or supermarket.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
Icon?
nohup.out
ehthumbs.db
Thumbs.db
# SASS #
########
.sass-cache
# EDITORS #
###########
\#*
.#*
*~
*.sw[a-z]
*.bak
REVISION
TAGS*
tmtags
*_flymake.*
*_flymake
*.tmproj
.project
.settings
mkmf.log
## COMPILED ##
##############
a.out
*.o
*.pyc
*.so
*.com
*.class
*.dll
*.exe
*/rdoc/
# Testing #
###########
.watchr
.rspec
spec/*
spec/fixtures/*
test/*
features/*
examples/*
Guardfile
Procfile
.kitchen*
kitchen.yml*
.rubocop.yml
spec/*
Rakefile
.travis.yml
.foodcritic
.codeclimate.yml
# SCM #
#######
.git
*/.git
.gitignore
.gitmodules
.gitconfig
.gitattributes
.svn
*/.bzr/*
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Bundler #
###########
vendor/*
# Policyfile #
##############
Policyfile.rb
Policyfile.lock.json
# Cookbooks #
#############
CONTRIBUTING*
CHANGELOG*
TESTING*
# Vagrant #
###########
.vagrant
Vagrantfile

22
site-cookbooks/kosmos-postgresql/metadata.rb Normal file
View File

@ -0,0 +1,22 @@
name 'kosmos-postgresql'
maintainer 'Kosmos'
maintainer_email 'ops@5apps.com'
license 'All Rights Reserved'
description 'Installs/Configures kosmos-postgresql'
long_description 'Installs/Configures kosmos-postgresql'
version '0.1.0'
chef_version '>= 12.14' if respond_to?(:chef_version)
# The `issues_url` points to the location where issues for this cookbook are
# tracked. A `View Issues` link will be displayed on this cookbook's page when
# uploaded to a Supermarket.
#
# issues_url 'https://github.com/<insert_org_here>/kosmos-postgresql/issues'
# The `source_url` points to the development repository for this cookbook. A
# `View Source` link will be displayed on this cookbook's page when uploaded to
# a Supermarket.
#
# source_url 'https://github.com/<insert_org_here>/kosmos-postgresql'
depends "postgresql", ">= 7.0.0"

29
site-cookbooks/kosmos-postgresql/recipes/default.rb Normal file
View File

@ -0,0 +1,29 @@
#
# Cookbook:: kosmos-postgresql
# Recipe:: default
#
# Copyright:: 2019, Kosmos, All Rights Reserved.
node.override['build-essential']['compile_time'] = true
include_recipe 'build-essential::default'
package("libpq-dev") { action :nothing }.run_action(:install)
chef_gem 'pg' do
compile_time true
end
postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
postgresql_server_install "main" do
version "10"
setup_repo false
password postgresql_data_bag_item['server_password']
action :install
end
postgresql_client_install "main" do
version "10"
setup_repo false
action :install
end