WIP: Set up ejabberd for kosmos.org #24
|
@ -34,7 +34,7 @@ cookbook 'firewall', '~> 2.6.3'
|
|||
cookbook 'nginx', '= 9.0.0'
|
||||
cookbook 'build-essential', '~> 8.1.1'
|
||||
cookbook 'mysql', '= 6.1.3'
|
||||
cookbook 'postgresql', '= 6.1.1'
|
||||
cookbook 'postgresql', '= 7.1.3'
|
||||
cookbook 'apt', '~> 7.0.0'
|
||||
cookbook 'git', '= 6.0.0'
|
||||
cookbook 'hostsfile', '= 2.4.5'
|
||||
|
|
|
@ -47,7 +47,7 @@ DEPENDENCIES
|
|||
poise-ruby-build (= 1.1.0)
|
||||
poise-service (~> 1.5.2)
|
||||
postfix (= 5.0.2)
|
||||
postgresql (= 6.1.1)
|
||||
postgresql (= 7.1.3)
|
||||
redis
|
||||
git: https://github.com/phlipper/chef-redis.git
|
||||
revision: 7476279fc9c8727f082b8d77b5e1922dc2ef437b
|
||||
|
@ -181,10 +181,7 @@ GRAPH
|
|||
poise-service (1.5.2)
|
||||
poise (~> 2.0)
|
||||
postfix (5.0.2)
|
||||
postgresql (6.1.1)
|
||||
build-essential (>= 2.0.0)
|
||||
compat_resource (>= 12.16.3)
|
||||
openssl (>= 4.0)
|
||||
postgresql (7.1.3)
|
||||
rbac (1.0.3)
|
||||
redis (0.5.6)
|
||||
apt (>= 0.0.0)
|
||||
|
|
|
@ -1,2 +0,0 @@
|
|||
~FC037
|
||||
~FC016
|
|
@ -1,6 +1,61 @@
|
|||
# postgresql Cookbook CHANGELOG
|
||||
|
||||
This file is used to list changes made in each version of the postgresql cookbook.
|
||||
This file is used to list changes made in the last 3 major versions of the postgresql cookbook.
|
||||
|
||||
## Unreleased
|
||||
|
||||
## v7.1.3 (15-01-2019)
|
||||
|
||||
- Added support for dash in database role name.
|
||||
|
||||
## v7.1.2 (06-01-2019)
|
||||
|
||||
- Cleanup and update the user resource documentation and code. Removed extraneous 'sensitive' property which is a common property in all Chef resources.
|
||||
- Change default permissions on the postgres.conf to be world readable so that psql can work.
|
||||
|
||||
## v7.1.1 (26-09-2018)
|
||||
|
||||
- Rename slave to follower
|
||||
- Use CircleCI for testing
|
||||
- Simplyfy extension resource
|
||||
|
||||
## v7.1.0 (22-06-2018)
|
||||
|
||||
- Update the `initdb` script to use initdb rather than a service. #542
|
||||
- Refactor database commands to use the common connect method. #535
|
||||
- Increase the unit test coverage.
|
||||
|
||||
## v7.0.0 (25-05-2018)
|
||||
|
||||
_Breaking Change_ Please see UPGRADING.md and the README.md for information how to use.
|
||||
|
||||
- Add custom resources for:
|
||||
|
||||
- `postgresql_client_install`
|
||||
- `postgresql_server_install`
|
||||
- `postgresql_repository`
|
||||
- `postgresql_pg_gem`
|
||||
|
||||
- Deprecate recipes:
|
||||
|
||||
- `apt_pgdg_postgresql`
|
||||
- `config_initdb`
|
||||
- `config_pgtune`
|
||||
- `contrib`
|
||||
- `ruby`
|
||||
- `yum_pgdg_postgresql`
|
||||
|
||||
- Remove deprecated tests
|
||||
|
||||
## v6.1.3 (2018-04-18)
|
||||
|
||||
- Fix recipes referencing the old helpers
|
||||
|
||||
## v6.1.2 (2018-04-16)
|
||||
|
||||
**this will be the last release of the 6.0 series before all recipes are removed from the cookbook**
|
||||
|
||||
- Deprecate all recipes
|
||||
|
||||
## v6.1.1 (2017-03-08)
|
||||
|
||||
|
@ -92,312 +147,3 @@ This file is used to list changes made in each version of the postgresql cookboo
|
|||
- Remove logic in the apt_pgdg_postgresql recipe that made Chef fail when new distro releases came out
|
||||
- Avoid node.set deprecation warnings
|
||||
- Avoid managed_home deprecation warnings in server_redhat recipe
|
||||
|
||||
## v4.0.6
|
||||
|
||||
- Add 16.04 Xenial to the allowed list
|
||||
|
||||
## v4.0.4
|
||||
|
||||
- Add leading pound symbol on pg_hba.conf template comment line
|
||||
- Update gem install for compile_time to correct deprication warning
|
||||
- Add support Ubuntu Wily Werewolf pgdg apt repository
|
||||
- test-kitchen platforms for Centos 7.2 and Ubuntu 15.04
|
||||
- Fixes PostgreSQL version & package name defaults for EL7 distros
|
||||
- Add appropriate systemd unit file overrides for EL7 distros
|
||||
|
||||
## v4.0.2
|
||||
|
||||
- Add Code of Conduct
|
||||
- Add Rubocop
|
||||
- Clean up of syntax in many places as result of adding and evaluating Rubocop
|
||||
- Updates to test-kitchen.yml
|
||||
- added additional attribute for people who are importing pgdg packages for internal repositories
|
||||
|
||||
- `default['postgresql']['use_pgdg_packages'] = false`
|
||||
|
||||
## v4.0.0
|
||||
|
||||
**WARNING: Please read carefully through the stated changes, as they probably will break your current setup and can result in duplicate postgresql versions being installed, configuration corruption and data loss! This list might not be complete, so be careful when using the 4.x version and make sure to test it extensively before production use!**
|
||||
|
||||
When in doubt, put the following in your `Berksfile` until you are ready to upgrade:
|
||||
|
||||
```ruby
|
||||
cookbook 'postgresql', '~> 3.4.0'
|
||||
```
|
||||
|
||||
- Potential breaking change: Restructured default attributes to avoid compile time deriving other attribute values from value of the `node[‘postgresql’][‘version’]` (#313, #302, #295, #288, #280, #261, #260, #254, #248, #217, #214, #167, #143). If you specify a custom postgresql version, make sure to adapt the following attributes as well:
|
||||
|
||||
```ruby
|
||||
default['postgresql']['dir'] = "/etc/postgresql/#{node['postgresql']['version']}/main"
|
||||
default['postgresql']['client']['packages'] = [ "postgresql-client-#{node['postgresql']['version']}", 'libpq-dev' ]
|
||||
default['postgresql']['server']['packages'] = [ "postgresql-#{node['postgresql']['version']}" ]
|
||||
default['postgresql']['contrib']['packages'] = [ "postgresql-contrib-#{node['postgresql']['version']}" ]
|
||||
```
|
||||
|
||||
- Potential breaking change: SSL configuration parameters. Due to the new structuring, make sure you set all SSL attributes to `override` when specifying them in a cookbook:
|
||||
|
||||
```ruby
|
||||
override['postgresql']['config']['ssl'] = true
|
||||
override['postgresql']['config']['ssl_cert_file'] = "/path/to/cert.crt"
|
||||
override['postgresql']['config']['ssl_key_file'] = "/path/to/cert.key"
|
||||
override['postgresql']['config']['ssl_ciphers'] = "<my cipher suite>"
|
||||
```
|
||||
|
||||
- Potential breaking change: Some node attributes are now persistet in your node configuration. This affects the following attributes:
|
||||
|
||||
```json
|
||||
"config": {
|
||||
"data_directory": "/var/lib/postgresql/9.4/main",
|
||||
"hba_file": "/etc/postgresql/9.4/main/pg_hba.conf",
|
||||
"ident_file": "/etc/postgresql/9.4/main/pg_ident.conf",
|
||||
"external_pid_file": "/var/run/postgresql/9.4-main.pid",
|
||||
"unix_socket_directories": "/var/run/postgresql",
|
||||
"ssl_cert_file": "/etc/ssl/certs/ssl-cert-snakeoil.pem",
|
||||
"ssl_key_file": "/etc/ssl/private/ssl-cert-snakeoil.key"
|
||||
}
|
||||
```
|
||||
|
||||
- Potential breaking change: Parsing of attributes from node/ environment configuration. It has been reported that setting the `node['postgresql']['client']['packages']` attribute in a cookbook might result in the default version of the postgresql client package being installed alongside the required version. This might affect the server packages as well.
|
||||
- Correct issues which caused the inability to override installation version defaults
|
||||
- Correct issues which caused configuration file entries with miss matching version numbers and incorrect file system paths being defined
|
||||
- Remove method pgdgrepo_rpm_info compile time use of derived attributes case many issues
|
||||
- Use correct directory path and check for the correct not_if condition to determine if the database has been initialized
|
||||
- Ensure that correct packages are installed in all scenarios where pg gem is compiled
|
||||
- Fix errors in configuration files for unix_socket_directory and unix_socket_directories
|
||||
- Updates to test-kitchen suite configuration
|
||||
- Added more grey hair to my beard
|
||||
|
||||
## v3.4.24
|
||||
|
||||
- Corrections to address repositories signed with newer certificates that some distributions have in their default ca-certificates package
|
||||
- Updates to more accurately determine distributions service init systems adds better support for systemd systems
|
||||
- Correct how version attribute is evaluated in certain places
|
||||
- test-kitchen suite configuration corrections
|
||||
- Opensuse support
|
||||
|
||||
## v3.4.23
|
||||
|
||||
- Skipping 3.4.22 with Develop branch 3.4.23 to return to releasing cookbook from master on even numbers and develop on odd numbers.
|
||||
|
||||
## v3.4.21
|
||||
|
||||
- Use more optimistic openssl version constraint
|
||||
- Add Postgresql 9.4 package sources for RHEL platforms
|
||||
- Update testing infrastructure to address bit rot
|
||||
|
||||
## v3.4.20
|
||||
|
||||
- Revert [#251](https://github.com/sous-chefs/postgresql/pull/251), a change which caused the postgresql service to restart every Chef run.
|
||||
|
||||
## v3.4.19
|
||||
|
||||
- node.save could better not be run on every chef run since it causes node.default attributes stored to the node objects to differ during a chef run and when
|
||||
- Missing attribute in docs for yum_pgdg_postgresql
|
||||
- restart postgres service immediately on config change
|
||||
- Run restart command right away on the postgresql service.
|
||||
- Add kitchen test for shared_preload_libraries & extension setup.
|
||||
- Fix install order of contrib packages to fix pg_stat_statements issues.
|
||||
- Add Debian Jessie to whitelist for apt.postgresql.org repo
|
||||
- Install version 9.4 on Debian Jessie
|
||||
- add amazon 2015
|
||||
- add rhel7 support
|
||||
|
||||
## v3.4.18
|
||||
|
||||
- Revert changes from #201 with the intention of revisiting these changes as part of the next major version release.
|
||||
- Specify version constraint on openssl cookbook due to an upstream release mishap
|
||||
|
||||
## v3.4.16
|
||||
|
||||
- Changed hard coded value to attribute #219
|
||||
- Correction for directory creation under debian, etc. #222
|
||||
- Fedora 20 yum support #223
|
||||
- Define version-sensitive attributes in a recipe #201
|
||||
|
||||
## v3.4.14
|
||||
|
||||
- Support apt repository for Ubuntu Utopic 14.10
|
||||
- Do not try and set password on standby hosts
|
||||
|
||||
## v3.4.12
|
||||
|
||||
- Create configuration templates at the appropriate time
|
||||
- If template is updated restart service changed to default of :delayed
|
||||
- Fix SSL for PostgreSQL versions < 9.2
|
||||
|
||||
## v3.4.10
|
||||
|
||||
- correct conditional error created in 3.4.8.
|
||||
|
||||
## v3.4.8
|
||||
|
||||
- Correct scenario where work_mem could be set to 0 if con is greater than mem Issue #185
|
||||
- Add Centos7 suites to kitchen configuration
|
||||
|
||||
## v3.4.6
|
||||
|
||||
- Don't include the pgdg recipes on the wrong machine types
|
||||
- Add missing dir /etc/sysconfig/pgsl for centos7
|
||||
- CentOS 7 package support
|
||||
|
||||
## v3.4.4
|
||||
|
||||
- fix packages on SLES11SP2 and higher
|
||||
- [COOK-4737] Add flag to control database user password behavior
|
||||
- add amazon platform rpm info
|
||||
- Fix issues with the server_redhat recipe on Fedora 16 and later
|
||||
- attribute typo correction
|
||||
- correctly check and set max_connections to an integer
|
||||
|
||||
## v3.4.2
|
||||
|
||||
- Changed the Gem::Installer::ExtensionBuildError to a Mixlib::ShellOut::ShellCommandFailed
|
||||
|
||||
## v3.4.1
|
||||
|
||||
- Added support for Ubuntu 14.04 and Postgresql 9.3
|
||||
- Fix [COOK-3490] <https://tickets.opscode.com/browse/COOK-3490>
|
||||
|
||||
## v3.4.0
|
||||
|
||||
Updated CONTRIBUTING document. Refreshed test kitchen configuration. Merged Pull Requests: 122, 116, 104, 102, 99, 96, 93, 90.
|
||||
|
||||
## v3.3.4
|
||||
|
||||
Testing
|
||||
|
||||
## v3.3.2
|
||||
|
||||
- Testing maintainer transfer to Heavywater with Opscode as collaborator
|
||||
|
||||
## v3.3.0
|
||||
|
||||
### Bug
|
||||
|
||||
- **[COOK-3851](https://tickets.opscode.com/browse/COOK-3851)** - Postgresql: reload after config change does not pick up certain configuration changes
|
||||
- **[COOK-3611](https://tickets.opscode.com/browse/COOK-3611)** - unix_socket_directory does not exists in 9.3
|
||||
- **[COOK-2954](https://tickets.opscode.com/browse/COOK-2954)** - PostgreSQL installation ignores version attribute on CentOS >= 6
|
||||
|
||||
## v3.2.0
|
||||
|
||||
- [COOK-3717] Pgdg repositories improvements
|
||||
- [COOK-3756] Change postgresql.conf mode from 0600 to 0644
|
||||
|
||||
## v3.1.0
|
||||
|
||||
### Improvement
|
||||
|
||||
- **[COOK-3685](https://tickets.opscode.com/browse/COOK-3685)** - Upgrade Repo Attributes for Postgresql 9.3
|
||||
- **[COOK-3597](https://tickets.opscode.com/browse/COOK-3597)** - Fix implementation of `initdb_locale` attribute for RHEL
|
||||
- **[COOK-3566](https://tickets.opscode.com/browse/COOK-3566)** - Give the user's rules more priority than the default ones in pg_hba
|
||||
- **[COOK-3553](https://tickets.opscode.com/browse/COOK-3553)** - Remove automatic `apt-get update`
|
||||
|
||||
### Bug
|
||||
|
||||
- **[COOK-3611](https://tickets.opscode.com/browse/COOK-3611)** - Remove `unix_socket_directory` (it does not exists in 9.3)
|
||||
- **[COOK-3599](https://tickets.opscode.com/browse/COOK-3599)** - Automatically add PGDG apt repo dependency on PostgreSQL version
|
||||
- **[COOK-3555](https://tickets.opscode.com/browse/COOK-3555)** - Documentation Fix
|
||||
- **[COOK-2383](https://tickets.opscode.com/browse/COOK-2383)** - Update Postgres version in attributes
|
||||
|
||||
## v3.0.4
|
||||
|
||||
### Bug
|
||||
|
||||
- **[COOK-3173](https://tickets.opscode.com/browse/COOK-3173)** - Use :reload instead of :restart on conf changes
|
||||
- **[COOK-2939](https://tickets.opscode.com/browse/COOK-2939)** - Fix RedHat support
|
||||
|
||||
## v3.0.2
|
||||
|
||||
### Bug
|
||||
|
||||
- [COOK-3076]: postgresql::ruby recipe error when using pgdg repositories
|
||||
|
||||
## v3.0.0
|
||||
|
||||
This is a backwards-incompatible release because the Pitti PPA is deprecated and the recipe removed, replaced with the PGDG apt repository.
|
||||
|
||||
### Bug
|
||||
|
||||
- [COOK-2571]: Create helper library for pg extension detection
|
||||
- [COOK-2797]: Contrib extension contianing '-' fails to load.
|
||||
|
||||
### Improvement
|
||||
|
||||
- [COOK-2387]: Pitti Postgresql PPA is deprecated
|
||||
|
||||
### Task
|
||||
|
||||
- [COOK-3022]: update baseboxes in .kitchen.yml
|
||||
|
||||
## v2.4.0
|
||||
|
||||
- [COOK-2163] - Dangerous "assign-postgres-password" in "recipes/server.rb" -- Can lock out dbadmin access
|
||||
- [COOK-2390] - Recipes to auto-generate many postgresql.conf settings, following "initdb" and "pgtune"
|
||||
- [COOK-2435] - Foodcritic fixes for postgresql cookbook
|
||||
- [COOK-2476] - Installation into database of any contrib module extensions listed in a node attribute
|
||||
|
||||
## v2.2.2
|
||||
|
||||
- [COOK-2232] -Provide PGDG yum repo to install postgresql 9.x on redhat-derived distributions
|
||||
|
||||
## v2.2.0
|
||||
|
||||
- [COOK-2230] - Careful about Debian minor version numbers
|
||||
- [COOK-2231] - Fix support for postgresql 9.x in server_redhat recipe
|
||||
- [COOK-2238] - Postgresql recipe error in password check
|
||||
- [COOK-2176] - PostgreSQL cookbook in Solo mode can cause "NoMethodError: undefined method `[]' for nil:NilClass"
|
||||
- [COOK-2233] - Provide postgresql::contrib recipe to install useful server administration tools
|
||||
|
||||
## v2.1.0
|
||||
|
||||
- [COOK-1872] - Allow latest PostgreSQL deb packages to be installed
|
||||
- [COOK-1961] - Postgresql config file changes with every Chef run
|
||||
- [COOK-2041] - Postgres cookbook no longer installs on OpenSuSE 11.4
|
||||
|
||||
## v2.0.2
|
||||
|
||||
- [COOK-1406] - pg gem compile is unable to find libpq under Chef full stack (omnibus) installation
|
||||
|
||||
## v2.0.0
|
||||
|
||||
This version is backwards incompatible with previous versions of the cookbook due to use of `platform_family`, and the refactored configuration files using node attributes. See README.md for details on how to modify configuration of PostgreSQL.
|
||||
|
||||
- [COOK-1508] - fix mixlib shellout error on SUSE
|
||||
- [COOK-1744] - Add service enable & start
|
||||
- [COOK-1779] - Don't run apt-get update and others in ruby recipe if pg is installed
|
||||
- [COOK-1871] - Attribute driven configuration files for PostgreSQL
|
||||
- [COOK-1900] - don't assume ssl on all postgresql 8.4+ installs
|
||||
- [COOK-1901] - fail a chef-solo run when the postgres password attribute is not set
|
||||
|
||||
## v1.0.0
|
||||
|
||||
**Important note for this release**
|
||||
|
||||
This version no longer installs Ruby bindings in the client recipe by default. Use the ruby recipe if you'd like the RubyGem. If you'd like packages for your distribution, use them in your application's specific cookbook/recipe, or modify the client packages attribute.
|
||||
|
||||
This resolves the following tickets.
|
||||
|
||||
- COOK-1011
|
||||
- COOK-1534
|
||||
|
||||
The following issues are also resolved with this release.
|
||||
|
||||
- [COOK-1011] - Don't install postgresql packages during compile phase and remove pg gem installation
|
||||
- [COOK-1224] - fix undefined variable on Debian
|
||||
- [COOK-1462] - Add attribute for specifying listen address
|
||||
|
||||
## v0.99.4
|
||||
|
||||
- [COOK-421] - config template is malformed
|
||||
- [COOK-956] - add make package on ubuntu/debian
|
||||
|
||||
## v0.99.2
|
||||
|
||||
- [COOK-916] - use < (with float) for version comparison.
|
||||
|
||||
## v0.99.0
|
||||
|
||||
- Better support for Red Hat-family platforms
|
||||
- Integration with database cookbook
|
||||
- Make sure the postgres role is updated with a (secure) password
|
||||
|
|
|
@ -4,13 +4,12 @@
|
|||
|
||||
### `master` branch
|
||||
|
||||
The master branch is the current comitted changes. These changes may not yet be released although we try to release often.
|
||||
The master branch is the current committed changes. These changes may not yet be released although we try to release often.
|
||||
|
||||
## Tags
|
||||
|
||||
All releases are tagged in git. To see the releases available to you see the changelog or the tags directly.
|
||||
|
||||
|
||||
## Pull requests
|
||||
|
||||
- <https://github.com/sous-chefs/postgresql/pulls>
|
||||
|
|
|
@ -1,273 +1,420 @@
|
|||
# postgresql cookbook
|
||||
# PostgreSQL cookbook
|
||||
|
||||
[![Build Status](https://travis-ci.org/sous-chefs/postgresql.svg?branch=master)](https://travis-ci.org/sous-chefs/postgresql) [![Cookbook Version](https://img.shields.io/cookbook/v/postgresql.svg)](https://supermarket.chef.io/cookbooks/postgresql)
|
||||
[![CircleCI](https://circleci.com/gh/sous-chefs/postgresql/tree/master.svg?style=svg)](https://circleci.com/gh/sous-chefs/postgresql/tree/master) [![Cookbook Version](https://img.shields.io/cookbook/v/postgresql.svg)](https://supermarket.chef.io/cookbooks/postgresql) [![pullreminders](https://pullreminders.com/badge.svg)](https://pullreminders.com?ref=badge)
|
||||
|
||||
Installs and configures PostgreSQL as a client or a server.
|
||||
|
||||
## Upgrading
|
||||
|
||||
If you are wondering where all the recipes went in v7.0+, or how on earth I use this new cookbook please see upgrading.md for a full description.
|
||||
|
||||
## Requirements
|
||||
|
||||
### Platforms
|
||||
|
||||
- Amazon Linux
|
||||
- Debian 7+
|
||||
- Ubuntu 12.04+
|
||||
- Red Hat/CentOS/Scientific (6.0+ required) - "EL6-family"
|
||||
- Ubuntu 14.04+
|
||||
- Red Hat/CentOS/Scientific 6+
|
||||
- Fedora
|
||||
- SLES 12+
|
||||
- openSUSE 13+ / openSUSE Leap
|
||||
|
||||
### PostgreSQL version
|
||||
|
||||
We follow the currently supported versions listed on <https://www.postgresql.org/support/versioning/>
|
||||
|
||||
### Chef
|
||||
|
||||
- Chef 12.1+
|
||||
- Chef 13.8+
|
||||
|
||||
### Cookbooks
|
||||
### Cookbook Dependencies
|
||||
|
||||
- `compat_resource`
|
||||
- `openssl`
|
||||
- `build-essential`
|
||||
None.
|
||||
|
||||
## Attributes
|
||||
## Resources
|
||||
|
||||
The following attributes are set based on the platform, see the `attributes/default.rb` file for default values.
|
||||
### postgresql_client_install
|
||||
|
||||
- `node['postgresql']['version']` - version of postgresql to manage
|
||||
- `node['postgresql']['dir']` - home directory of where postgresql data and configuration lives.
|
||||
- `node['postgresql']['client']['packages']` - An array of package names that should be installed on "client" systems.
|
||||
- `node['postgresql']['server']['packages']` - An array of package names that should be installed on "server" systems.
|
||||
- `node['postgresql']['server']['config_change_notify']` - Type of notification triggered when a config file changes.
|
||||
- `node['postgresql']['contrib']['packages']` - An array of package names that could be installed on "server" systems for useful sysadmin tools.
|
||||
- `node['postgresql']['enable_pgdg_apt']` - Whether to enable the apt repo by the PostgreSQL Global Development Group, which contains newer versions of PostgreSQL.
|
||||
- `node['postgresql']['enable_pgdg_yum']` - Whether to enable the yum repo by the PostgreSQL Global Development Group, which contains newer versions of PostgreSQL.
|
||||
- `node['postgresql']['initdb_locale']` - Sets the default locale for the database cluster. If this attribute is not specified, the locale is inherited from the environment that initdb runs in. Sometimes you must have a system locale that is not what you want for your database cluster, and this attribute addresses that scenario. Valid only for EL-family distros (RedHat/Centos/etc.).
|
||||
This resource installs PostgreSQL client packages.
|
||||
|
||||
The following attributes are generated in `recipe[postgresql::server]`.
|
||||
#### Actions
|
||||
|
||||
## Configuration
|
||||
- `install` - (default) Install client packages
|
||||
|
||||
The `postgresql.conf` and `pg_hba.conf` files are dynamically generated from attributes. Each key in `node['postgresql']['config']` is a postgresql configuration directive, and will be rendered in the config file. For example, the attribute:
|
||||
#### Properties
|
||||
|
||||
Name | Types | Description | Default | Required?
|
||||
------------------- | ----------------- | ------------------------------------------------------------- | ----------------------------------------- | ---------
|
||||
`version` | String | Version of PostgreSQL to install | '9.6' | no
|
||||
`setup_repo` | Boolean | Define if you want to add the PostgreSQL repo | true | no
|
||||
`hba_file` | String | | `#{conf_dir}/main/pg_hba.conf` | no
|
||||
`ident_file` | String | | `#{conf_dir}/main/pg_ident.conf` | no
|
||||
`external_pid_file` | String | | `/var/run/postgresql/#{version}-main.pid` | no
|
||||
`password` | String, nil | Pass in a password, or have the cookbook generate one for you | <random string> | no
|
||||
|
||||
#### Examples
|
||||
|
||||
To install version 9.5:
|
||||
|
||||
```ruby
|
||||
node['postgresql']['config']['listen_addresses'] = 'localhost'
|
||||
postgresql_client_install 'My PostgreSQL Client install' do
|
||||
version '9.5'
|
||||
end
|
||||
```
|
||||
|
||||
Will result in the following line in the `postgresql.conf` file:
|
||||
### postgresql_server_install
|
||||
|
||||
This resource installs PostgreSQL client and server packages.
|
||||
|
||||
#### Actions
|
||||
|
||||
- `install` - (default) Install client and server packages
|
||||
- `create` - Initialize the database
|
||||
|
||||
#### Properties
|
||||
|
||||
Name | Types | Description | Default | Required?
|
||||
------------------- | --------------- | --------------------------------------------- | -------------------------------------------------- | ---------
|
||||
`version` | String | Version of PostgreSQL to install | '9.6' | no
|
||||
`setup_repo` | Boolean | Define if you want to add the PostgreSQL repo | true | no
|
||||
`hba_file` | String | Path of pg_hba.conf file | `<default_os_path>/pg_hba.conf'` | no
|
||||
`ident_file` | String | Path of pg_ident.conf file | `<default_os_path>/pg_ident.conf` | no
|
||||
`external_pid_file` | String | Path of PID file | `/var/run/postgresql/<version>-main.pid</version>` | no
|
||||
`password` | String, nil | Set PostgreSQL user password | 'generate' | no
|
||||
`port` | Integer | Set listen port of PostgreSQL service | 5432 | no
|
||||
`initdb_locale` | String | Locale to initialise the database with | 'C' | no
|
||||
|
||||
#### Examples
|
||||
|
||||
To install PostgreSQL server, set your own postgres password using non-default service port.
|
||||
|
||||
```ruby
|
||||
listen_addresses = 'localhost'
|
||||
postgresql_server_install 'My PostgreSQL Server install' do
|
||||
action :install
|
||||
end
|
||||
|
||||
postgresql_server_install 'Setup my PostgreSQL 9.6 server' do
|
||||
password 'MyP4ssw0rd'
|
||||
port 5433
|
||||
action :create
|
||||
end
|
||||
```
|
||||
|
||||
The attributes file contains default values for Debian and RHEL platform families (per the `node['platform_family']`). These defaults have disparity between the platforms because they were originally extracted from the postgresql.conf files in the previous version of this cookbook, which differed in their default config. The resulting configuration files will be the same as before, but the content will be dynamically rendered from the attributes. The helpful commentary will no longer be present. You should consult the PostgreSQL documentation for specific configuration details.
|
||||
#### Known issues
|
||||
|
||||
See **Recipes** `config_initdb` and `config_pgtune` below to auto-generate many postgresql.conf settings.
|
||||
On some platforms (e.g. Ubuntu 18.04), your `initdb_locale` should be set to the
|
||||
same as the template database [GH-555](https://github.com/sous-chefs/postgresql/issues/555).
|
||||
|
||||
For values that are "on" or "off", they should be specified as literal `true` or `false`. String values will be used with single quotes. Any configuration option set to the literal `nil` will be skipped entirely. All other values (e.g., numeric literals) will be used as is. So for example:
|
||||
### postgresql_server_conf
|
||||
|
||||
This resource manages postgresql.conf configuration file.
|
||||
|
||||
#### Actions
|
||||
|
||||
- `modify` - (default) Manager PostgreSQL configuration file (postgresql.conf)
|
||||
|
||||
#### Properties
|
||||
|
||||
Name | Types | Description | Default | Required?
|
||||
---------------------- | ------- | --------------------------------------- | --------------------------------------------------- | ---------
|
||||
`version` | String | Version of PostgreSQL to install | '9.6' | no
|
||||
`data_directory` | String | Path of PostgreSQL data directory | `<default_os_data_path>` | no
|
||||
`hba_file` | String | Path of pg_hba.conf file | `<default_os_conf_path>/pg_hba.conf` | no
|
||||
`ident_file` | String | Path of pg_ident.conf file | `<default_os_conf_path>/pg_ident.conf` | no
|
||||
`external_pid_file` | String | Path of PID file | `/var/run/postgresql/<postgresql_version>-main.pid` | no
|
||||
`stats_temp_directory` | String | Path of stats file | `/var/run/postgresql/version>-main.pg_stat_tmp` | no
|
||||
`port` | Integer | Set listen port of PostgreSQL service | 5432 | no
|
||||
`additional_config` | Hash | Extra configuration for the config file | {} | no
|
||||
|
||||
#### Examples
|
||||
|
||||
To setup your PostgreSQL configuration with a specific data directory. If you have installed a specific version of PostgreSQL (different from 9.6), you must specify version in this resource too.
|
||||
|
||||
```ruby
|
||||
node.default['postgresql']['config']['logging_collector'] = true
|
||||
node.default['postgresql']['config']['datestyle'] = 'iso, mdy'
|
||||
node.default['postgresql']['config']['ident_file'] = nil
|
||||
node.default['postgresql']['config']['port'] = 5432
|
||||
postgresql_server_conf 'My PostgreSQL Config' do
|
||||
version '9.5'
|
||||
data_directory '/data/postgresql/9.5/main'
|
||||
notifies :reload, 'service[postgresql]'
|
||||
end
|
||||
```
|
||||
|
||||
Will result in the following config lines:
|
||||
### postgresql_extension
|
||||
|
||||
This resource manages PostgreSQL extensions for a given database.
|
||||
|
||||
#### Actions
|
||||
|
||||
- `create` - (default) Creates an extension in a given database
|
||||
- `drop` - Drops an extension from the database
|
||||
|
||||
#### Properties
|
||||
|
||||
Name | Types | Description | Default | Required?
|
||||
------------- | ------ | -------------------------------------------------------------------------------- | ---------------- | ---------
|
||||
`database` | String | Name of the database to install the extension into | | yes
|
||||
`extension` | String | Name of the extension to install the database | Name of resource | yes
|
||||
`version` | String | Version of the extension to install | | no
|
||||
`old_version` | String | Older module name for new extension replacement. Appends FROM to extension query | | no
|
||||
|
||||
#### Examples
|
||||
|
||||
To install the `adminpack` extension:
|
||||
|
||||
```ruby
|
||||
logging_collector = 'on'
|
||||
datestyle = 'iso,mdy'
|
||||
port = 5432
|
||||
# Add the contrib package in Ubuntu/Debian
|
||||
package 'postgresql-contrib-9.6'
|
||||
|
||||
# Install adminpack extension
|
||||
postgresql_extension 'postgres adminpack' do
|
||||
database 'postgres'
|
||||
extension 'adminpack'
|
||||
end
|
||||
```
|
||||
|
||||
(no line printed for `ident_file` as it is `nil`)
|
||||
### postgresql_access
|
||||
|
||||
Note that the `unix_socket_directory` configuration was renamed to `unix_socket_directories` in Postgres 9.3 so make sure to use the `node['postgresql']['unix_socket_directories']` attribute instead of `node['postgresql']['unix_socket_directory']`.
|
||||
This resource uses the accumulator pattern to build up the `pg_hba.conf` file via chef resources instead of piling on a mountain of chef attributes to make this cookbook more reusable. It directly mirrors the configuration options of the postgres hba file in the resource and by default notifies the server with a reload to avoid a full restart, causing a potential outage of service. To revoke access, simply remove the resource and the access change won't be computed into the final `pg_hba.conf`
|
||||
|
||||
The `pg_hba.conf` file is dynamically generated from the `node['postgresql']['pg_hba']` attribute. This attribute must be an array of hashes, each hash containing the authorization data. As it is an array, you can append to it in your own recipes. The hash keys in the array must be symbols. Each hash will be written as a line in `pg_hba.conf`. For example, this entry from `node['postgresql']['pg_hba']`:
|
||||
#### Actions
|
||||
|
||||
```
|
||||
[{:comment => '# Optional comment',
|
||||
:type => 'local', :db => 'all', :user => 'postgres', :addr => nil, :method => 'md5'}]
|
||||
- `grant` - (default) Creates an access line inside of `pg_hba.conf`
|
||||
|
||||
#### Properties
|
||||
|
||||
Name | Types | Description | Default | Required?
|
||||
--------------- | ------ | ----------------------------------------------------------------------------------------- | ----------------- | ---------
|
||||
`name` | String | Name of the access resource, this is left as a comment inside the `pg_hba` config | Resource name | yes
|
||||
`source` | String | The cookbook template filename if you want to use your own custom template | 'pg_hba.conf.erb' | yes
|
||||
`cookbook` | String | The cookbook to look in for the template source | 'postgresql' | yes
|
||||
`comment` | String | A comment to leave above the entry in `pg_hba` | nil | no
|
||||
`access_type` | String | The type of access, e.g. local or host | 'local' | yes
|
||||
`access_db` | String | The database to access. Can use 'all' for all databases | 'all' | yes
|
||||
`access_user` | String | The user accessing the database. Can use 'all' for any user | 'all' | yes
|
||||
`access_addr` | String | The address(es) allowed access. Can be nil if method ident is used since it is local then | nil | no
|
||||
`access_method` | String | Authentication method to use | 'ident' | yes
|
||||
|
||||
#### Examples
|
||||
|
||||
To grant access to the PostgreSQL user with ident authentication:
|
||||
|
||||
```ruby
|
||||
postgresql_access 'local_postgres_superuser' do
|
||||
comment 'Local postgres superuser access'
|
||||
access_type 'local'
|
||||
access_db 'all'
|
||||
access_user 'postgres'
|
||||
access_addr nil
|
||||
access_method 'ident'
|
||||
end
|
||||
```
|
||||
|
||||
Will result in the following line in `pg_hba.conf`:
|
||||
This generates the following line in the `pg_hba.conf`:
|
||||
|
||||
```
|
||||
# Optional comment
|
||||
local all postgres md5
|
||||
# Local postgres superuser access
|
||||
local all postgres ident
|
||||
```
|
||||
|
||||
Use `nil` if the CIDR-ADDRESS should be empty (as above). Don't provide a comment if none is desired in the `pg_hba.conf` file.
|
||||
|
||||
Note that the following authorization rule is supplied automatically by the cookbook template. The cookbook needs this to execute SQL in the PostgreSQL server without supplying the clear-text password (which isn't known by the cookbook). Therefore, your `node['postgresql']['pg_hba']` attributes don't need to specify this authorization rule:
|
||||
**Note**: The template by default generates a local access for Unix domain sockets only to support running the SQL execute resources. In Postgres version 9.1 and higher, the method is 'peer' instead of 'ident' which is identical. It looks like this:
|
||||
|
||||
```
|
||||
# "local" is for Unix domain socket connections only
|
||||
local all all ident
|
||||
local all all peer
|
||||
```
|
||||
|
||||
(By the way, the template uses `peer` instead of `ident` for PostgreSQL-9.1 and above, which has the same effect.)
|
||||
### postgresql_ident
|
||||
|
||||
## Recipes
|
||||
This resource generate `pg_ident.conf` configuration file to manage user mapping between system and PostgreSQL users.
|
||||
|
||||
### default
|
||||
#### Actions
|
||||
|
||||
Includes the client recipe.
|
||||
- `create` - (default) Creates an mapping line inside of `pg_ident.conf`
|
||||
|
||||
### client
|
||||
#### Properties
|
||||
|
||||
Installs the packages defined in the `node['postgresql']['client']['packages']` attribute.
|
||||
Name | Types | Description | Default | Required?
|
||||
-------------- | ----------- | -------------------------------------------------------------------------- | ------------------- | ---------
|
||||
`mapname` | String | Name of the user mapping | Resource name | yes
|
||||
`source` | String | The cookbook template filename if you want to use your own custom template | 'pg_ident.conf.erb' | no
|
||||
`cookbook` | String | The cookbook to look in for the template source | 'postgresql' | no
|
||||
`comment` | String, nil | A comment to leave above the entry in `pg_ident` | nil | no
|
||||
`system_user` | String | System user or regexp used for the mapping | None | yes
|
||||
`pg_user` | String | Pg user or regexp used for the mapping | None | yes
|
||||
|
||||
### ruby
|
||||
#### Examples
|
||||
|
||||
Install the `pg` gem under Chef's Ruby environment so it can be used in other recipes. The build-essential packages and postgresql client packages will be installed during the compile phase, so that the native extensions of `pg` can be compiled.
|
||||
|
||||
### server
|
||||
|
||||
Includes the `server_debian` or `server_redhat` recipe to get the appropriate server packages installed and service managed. Also manages the configuration for the server:
|
||||
|
||||
- generates a strong default password (via `openssl`) for `postgres`
|
||||
- sets the password for postgres
|
||||
- manages the `postgresql.conf` file.
|
||||
- manages the `pg_hba.conf` file.
|
||||
|
||||
### config_initdb
|
||||
|
||||
Takes locale and timezone settings from the system configuration. This recipe creates `node.default['postgresql']['config']` attributes that conform to the system's locale and timezone. In addition, this recipe creates the same error reporting and logging settings that `initdb` provided: a rotation of 7 days of log files named postgresql-Mon.log, etc.
|
||||
|
||||
The default attributes created by this recipe are easy to override with normal attributes because of Chef attribute precedence. For example, suppose a DBA wanted to keep log files indefinitely, rolling over daily or when growing to 10MB. The Chef installation could include the `postgresql::config_initdb` recipe for the locale and timezone settings, but customize the logging settings with these node JSON attributes:
|
||||
|
||||
```javascript
|
||||
"postgresql": {
|
||||
"config": {
|
||||
"log_rotation_age": "1d",
|
||||
"log_rotation_size": "10MB",
|
||||
"log_filename": "postgresql-%Y-%m-%d_%H%M%S.log"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
Credits: This `postgresql::config_initdb` recipe is based on algorithms in the [source code](http://doxygen.postgresql.org/initdb_8c_source.html) for the PostgreSQL `initdb` utility.
|
||||
|
||||
### config_pgtune
|
||||
|
||||
Performance tuning. Takes the wimpy default postgresql.conf and expands the database server to be as powerful as the hardware it's being deployed on. This recipe creates a baseline configuration of `node.default['postgresql']['config']` attributes in the right general range for a dedicated Postgresql system. Most installations won't need additional performance tuning.
|
||||
|
||||
The only decision you need to make is to choose a `db_type` from the following database workloads. (See the recipe code comments for more detailed descriptions.)
|
||||
|
||||
- "dw" -- Data Warehouse
|
||||
- "oltp" -- Online Transaction Processing
|
||||
- "web" -- Web Application
|
||||
- "mixed" -- Mixed DW and OLTP characteristics
|
||||
- "desktop" -- Not a dedicated database
|
||||
|
||||
This recipe uses a performance model with three input parameters. These node attributes are completely optional, but it is obviously important to choose the `db_type` correctly:
|
||||
|
||||
- `node['postgresql']['config_pgtune']['db_type']` -- Specifies database type from the list of five choices above. If not specified, the default is "mixed".
|
||||
|
||||
- `node['postgresql']['config_pgtune']['max_connections']` -- Specifies maximum number of connections expected. If not specified, it depends on database type: "web":200, "oltp":300, "dw":20, "mixed":80, "desktop":5
|
||||
|
||||
- `node['postgresql']['config_pgtune']['total_memory']` -- Specifies total system memory in kB. (E.g., "49416564kB".) If not specified, it will be taken from Ohai automatic attributes. This could be used to tune a system that isn't a dedicated database.
|
||||
|
||||
The default attributes created by this recipe are easy to override with normal attributes because of Chef attribute precedence. For example, if you are running application benchmarks to try different buffer cache sizes, you would experiment with this node JSON attribute:
|
||||
|
||||
```javascript
|
||||
"postgresql": {
|
||||
"config": {
|
||||
"shared_buffers": "3GB"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
Note that the recipe uses `max_connections` in its computations. If you want to override that setting, you should specify `node['postgresql']['config_pgtune']['max_connections']` instead of `node['postgresql']['config']['max_connections']`.
|
||||
|
||||
Credits: This `postgresql::config_pgtune` recipe is based on the [pgtune python script](https://github.com/gregs1104/pgtune) developed by [Greg Smith](http://notemagnet.blogspot.com/2008/11/automating-initial-postgresqlconf.html) and [other pgsql-hackers](http://www.postgresql.org/message-id/491C6CDC.8090506@agliodbs.com).
|
||||
|
||||
### contrib
|
||||
|
||||
Installs the packages defined in the `node['postgresql']['contrib']['packages']` attribute. The contrib directory of the PostgreSQL distribution includes porting tools, analysis utilities, and plug-in features that database engineers often require. Some (like `pgbench`) are executable. Others (like `pg_buffercache`) would need to be installed into the database.
|
||||
|
||||
Also installs any contrib module extensions defined in the `node['postgresql']['contrib']['extensions']` attribute. These will be available in any subsequently created databases in the cluster, because they will be installed into the `template1` database using the `CREATE EXTENSION` command. For example, it is often necessary/helpful for problem troubleshooting and maintenance planning to install the views and functions in these [standard instrumentation extensions] ([http://www.postgresql.org/message-id/flat/4DC32600.6080900@pgexperts.com#4DD3D6C6.5060006@2ndquadrant.com](mailto:http://www.postgresql.org/message-id/flat/4DC32600.6080900@pgexperts.com#4DD3D6C6.5060006@2ndquadrant.com)):
|
||||
Creates a `mymapping` mapping that map `john` system user to `user1` PostgreSQL user:
|
||||
|
||||
```ruby
|
||||
node['postgresql']['contrib']['extensions'] = [
|
||||
"pageinspect",
|
||||
"pg_buffercache",
|
||||
"pg_freespacemap",
|
||||
"pgrowlocks",
|
||||
"pg_stat_statements",
|
||||
"pgstattuple"
|
||||
]
|
||||
postgresql_ident 'Map john to user1' do
|
||||
comment 'John Mapping'
|
||||
mapname 'mymapping'
|
||||
system_user 'john'
|
||||
pg_user 'user1'
|
||||
end
|
||||
```
|
||||
|
||||
Note that the `pg_stat_statements` view only works if `postgresql.conf` loads its shared library, which can be done with this node attribute:
|
||||
This generates the following line in the `pg_ident.conf`:
|
||||
|
||||
```
|
||||
# MAPNAME SYSTEM-USERNAME PG-USERNAME
|
||||
|
||||
# John Mapping
|
||||
mymapping john user1
|
||||
```
|
||||
|
||||
To grant access to the foo user with password authentication:
|
||||
|
||||
```ruby
|
||||
node['postgresql']['config']['shared_preload_libraries'] = 'pg_stat_statements'
|
||||
postgresql_access 'local_foo_user' do
|
||||
comment 'Foo user access'
|
||||
access_type 'host'
|
||||
access_db 'all'
|
||||
access_user 'foo'
|
||||
access_addr '127.0.0.1/32'
|
||||
access_method 'md5'
|
||||
end
|
||||
```
|
||||
|
||||
If using `shared_preload_libraries` in combination with the `contrib` recipe, make sure that the `contrib` recipe is called before the `server` recipe (to ensure the dependencies are installed and setup in order).
|
||||
This generates the following line in the `pg_hba.conf`:
|
||||
|
||||
### apt_pgdg_postgresql
|
||||
```
|
||||
# Local postgres superuser access
|
||||
host all foo 127.0.0.1/32 ident
|
||||
```
|
||||
|
||||
Enables the PostgreSQL Global Development Group yum repository maintained by Devrim Gündüz for updated PostgreSQL packages. (The PGDG is the groups that develops PostgreSQL.) Automatically included if the `node['postgresql']['enable_pgdg_apt']` attribute is true. Also set the `node['postgresql']['client']['packages']` and `node['postgresql']['server]['packages']` to the list of packages to use from this repository, and set the `node['postgresql']['version']` attribute to the version to use (e.g., "9.2").
|
||||
### postgresql_database
|
||||
|
||||
### yum_pgdg_postgresql
|
||||
This resource manages PostgreSQL databases.
|
||||
|
||||
Enables the PostgreSQL Global Development Group yum repository maintained by Devrim Gündüz for updated PostgreSQL packages. (The PGDG is the groups that develops PostgreSQL.) Automatically included if the `node['postgresql']['enable_pgdg_yum']` attribute is true. Also use `override_attributes` to set a number of values that will need to have embedded version numbers. For example:
|
||||
#### Actions
|
||||
|
||||
- `create` - (default) Creates the given database.
|
||||
- `drop` - Drops the given database.
|
||||
|
||||
#### Properties
|
||||
|
||||
Name | Types | Description | Default | Required?
|
||||
---------- | ------- | ------------------------------------------------------------------- | ------------------- | ---------
|
||||
`database` | String | Name of the database to create | Resource name | yes
|
||||
`user` | String | User which run psql command | 'postgres' | no
|
||||
`template` | String | Template used to create the new database | 'template1' | no
|
||||
`host` | String | Define the host server where the database creation will be executed | Not set (localhost) | no
|
||||
`port` | Integer | Define the port of PostgreSQL server | 5432 | no
|
||||
`encoding` | String | Define database encoding | 'UTF-8' | no
|
||||
`locale` | String | Define database locale | 'en_US.UTF-8' | no
|
||||
`owner` | String | Define the owner of the database | Not set | no
|
||||
|
||||
#### Examples
|
||||
|
||||
To create database named 'my_app' with owner 'user1':
|
||||
|
||||
```ruby
|
||||
node['postgresql']['enable_pgdg_yum'] = true
|
||||
node['postgresql']['version'] = "9.4"
|
||||
node['postgresql']['dir'] = "/var/lib/pgsql/9.4/data"
|
||||
node['postgresql']['config']['data_directory'] = node['postgresql']['dir']
|
||||
node['postgresql']['client']['packages'] = ["postgresql94", "postgresql94-devel"]
|
||||
node['postgresql']['server']['packages'] = ["postgresql94-server"]
|
||||
node['postgresql']['server']['service_name'] = "postgresql-9.4"
|
||||
node['postgresql']['contrib']['packages'] = ["postgresql94-contrib"]
|
||||
node['postgresql']['setup_script'] = "postgresql94-setup"
|
||||
postgresql_database 'my_app' do
|
||||
owner 'user1'
|
||||
end
|
||||
```
|
||||
|
||||
You may set `node['postgresql']['pgdg']['repo_rpm_url']` attributes to pick up recent [PGDG repo packages](http://yum.postgresql.org/repopackages.php).
|
||||
#### Known issues
|
||||
|
||||
On some platforms (e.g. Ubuntu 18.04), your `initdb_locale` should be set to the
|
||||
same as the template database [GH-555](https://github.com/sous-chefs/postgresql/issues/555).
|
||||
|
||||
### postgresql_user
|
||||
|
||||
This resource manage PostgreSQL users.
|
||||
|
||||
#### Actions
|
||||
|
||||
- `create` - (default) Creates the given user with default or given privileges.
|
||||
- `update` - Update user privilieges.
|
||||
- `drop` - Deletes the given user.
|
||||
|
||||
#### Properties
|
||||
|
||||
Name | Types | Description | Default | Required?
|
||||
-------------------- | ------- | ----------------------------------------------- | -------- | ---------
|
||||
`create_user` | String | User to create (defaults to the resource name) | | Yes
|
||||
`superuser` | Boolean | Define if user needs superuser role | false | no
|
||||
`createdb` | Boolean | Define if user needs createdb role | false | no
|
||||
`createrole` | Boolean | Define if user needs createrole role | false | no
|
||||
`inherit` | Boolean | Define if user inherits the privileges of roles | true | no
|
||||
`replication` | Boolean | Define if user needs replication role | false | no
|
||||
`login` | Boolean | Define if user can login | true | no
|
||||
`password` | String | Set user's password | | no
|
||||
`encrypted_password` | String | Set user's password with an hashed password | | no
|
||||
`valid_until` | String | Define an account expiration date | | no
|
||||
`attributes` | Hash | Additional attributes for :update action | {} | no
|
||||
`user` | String | User for command | postgres | no
|
||||
`database` | String | Database for command | | no
|
||||
`host` | String | Hostname for command | | no
|
||||
`port` | Integer | Port number to connect to postgres | 5432 | no
|
||||
|
||||
#### Examples
|
||||
|
||||
Create a user `user1` with a password, with `createdb` role and set an expiration date to 2018, Dec 21.
|
||||
|
||||
```ruby
|
||||
postgresql_user 'user1' do
|
||||
password 'UserP4ssword'
|
||||
createdb true
|
||||
valid_until '2018-12-31'
|
||||
end
|
||||
```
|
||||
|
||||
Create a user `user1` with a password, with `createdb` role and set an expiration date to 2018, Dec 21.
|
||||
|
||||
```ruby
|
||||
postgresql_user 'user1' do
|
||||
password 'UserP4ssword'
|
||||
createdb true
|
||||
valid_until '2018-12-31'
|
||||
end
|
||||
```
|
||||
|
||||
## Usage
|
||||
|
||||
On systems that need to connect to a PostgreSQL database, add to a run list `recipe[postgresql]` or `recipe[postgresql::client]`.
|
||||
To install and configure your PostgreSQL instance you need to create your own cookbook and call needed resources with your own parameters.
|
||||
|
||||
On systems that should be PostgreSQL servers, use `recipe[postgresql::server]` on a run list. This recipe does set a password for the `postgres` user. If you're using `chef server`, if the attribute `node['postgresql']['password']['postgres']` is not found, the recipe generates a random password and performs a node.save. (TODO: This is broken, as it disables the password.) If you're using `chef-solo`, you'll need to set the attribute `node['postgresql']['password']['postgres']` in your node's `json_attribs` file or in a role.
|
||||
More examples can be found in `test/cookbooks/test/recipes`
|
||||
|
||||
On Debian family systems, SSL will be enabled, as the packages on Debian/Ubuntu also generate the SSL certificates. If you use another platform and wish to use SSL in postgresql, then generate your SSL certificates and distribute them in your own cookbook, and set the `node['postgresql']['config']['ssl']` attribute to true in your role/cookboook/node.
|
||||
|
||||
On server systems, the postgres server is restarted when a configuration file changes. This can be changed to reload only by setting the following attribute:
|
||||
## Example Usage
|
||||
|
||||
```ruby
|
||||
node['postgresql']['server']['config_change_notify'] = :reload
|
||||
# cookbooks/my_postgresql/recipes/default.rb
|
||||
|
||||
postgresql_client_install 'PostgreSQL Client' do
|
||||
setup_repo false
|
||||
version '10.6'
|
||||
end
|
||||
|
||||
postgresql_server_install 'PostgreSQL Server' do
|
||||
version '10.6'
|
||||
setup_repo false
|
||||
password 'P0stgresP4ssword'
|
||||
end
|
||||
|
||||
postgresql_server_conf 'PostgreSQL Config' do
|
||||
notifies :reload, 'service[postgresql]'
|
||||
end
|
||||
```
|
||||
|
||||
## Chef Solo Note
|
||||
## Contributing
|
||||
|
||||
The following node attribute is stored on the Chef Server when using `chef-client`. Because `chef-solo` does not connect to a server or save the node object at all, to have the password persist across `chef-solo` runs, you must specify them in the `json_attribs` file used. For Example:
|
||||
Please refer to each project's style guidelines and guidelines for submitting patches and additions. In general, we follow the "fork-and-pull" Git workflow.
|
||||
|
||||
```
|
||||
{
|
||||
"postgresql": {
|
||||
"password": {
|
||||
"postgres": "iloverandompasswordsbutthiswilldo"
|
||||
}
|
||||
},
|
||||
"run_list": ["recipe[postgresql::server]"]
|
||||
}
|
||||
```
|
||||
1. **Fork** the repo on GitHub
|
||||
2. **Clone** the project to your own machine
|
||||
3. **Commit** changes to your own branch
|
||||
4. **Push** your work back up to your fork
|
||||
5. Submit a **Pull request** so that we can review your changes
|
||||
|
||||
That should actually be the "encrypted password" instead of cleartext, so you should generate it as an md5 hash using the PostgreSQL algorithm.
|
||||
NOTE: Be sure to merge the latest from "upstream" before making a pull request!
|
||||
|
||||
- You could copy the md5-hashed password from an existing postgres database if you have `postgres` access and want to use the same password:<br>
|
||||
`select * from pg_shadow where usename='postgres';`
|
||||
- You can run this from any postgres database session to use a new password:<br>
|
||||
`select 'md5'||md5('iloverandompasswordsbutthiswilldo'||'postgres');`
|
||||
- You can run this from a linux commandline:<br>
|
||||
`echo -n 'iloverandompasswordsbutthiswilldo''postgres' | openssl md5 | sed -e 's/.* /md5/'`
|
||||
[Contribution informations for this project](CONTRIBUTING.md)
|
||||
|
||||
## License
|
||||
|
||||
Copyright 2010-2016, Chef Software, Inc.
|
||||
Copyright 2010-2017, Chef Software, Inc.
|
||||
|
||||
```text
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
|
|
|
@ -1,244 +0,0 @@
|
|||
# frozen_string_literal: true
|
||||
#
|
||||
# Cookbook:: postgresql
|
||||
# Attributes:: postgresql
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
default['postgresql']['enable_pgdg_apt'] = false
|
||||
default['postgresql']['enable_pgdg_yum'] = false
|
||||
default['postgresql']['use_pgdg_packages'] = false
|
||||
|
||||
default['postgresql']['server']['config_change_notify'] = :restart
|
||||
default['postgresql']['assign_postgres_password'] = true
|
||||
|
||||
# Establish default database name
|
||||
default['postgresql']['database_name'] = 'template1'
|
||||
|
||||
# Sets OS init system (upstart, systemd, ...), instead of relying on Ohai
|
||||
default['postgresql']['server']['init_package'] =
|
||||
case node['platform']
|
||||
when 'debian'
|
||||
if node['platform_version'].to_f < 7.0
|
||||
'sysv'
|
||||
else
|
||||
'systemd'
|
||||
end
|
||||
when 'ubuntu'
|
||||
if node['platform_version'].to_f < 15.04
|
||||
'upstart'
|
||||
else
|
||||
'systemd'
|
||||
end
|
||||
when 'amazon'
|
||||
'upstart'
|
||||
when 'redhat', 'centos', 'scientific', 'oracle'
|
||||
if node['platform_version'].to_i < 7
|
||||
'sysv'
|
||||
else
|
||||
'systemd'
|
||||
end
|
||||
when 'fedora'
|
||||
'systemd'
|
||||
when 'opensuse', 'opensuseleap'
|
||||
'systemd'
|
||||
else
|
||||
'upstart'
|
||||
end
|
||||
|
||||
case node['platform']
|
||||
when 'debian'
|
||||
if node['platform_version'].to_i == 7
|
||||
default['postgresql']['version'] = '9.1'
|
||||
default['postgresql']['dir'] = '/etc/postgresql/9.1/main'
|
||||
default['postgresql']['client']['packages'] = ['postgresql-client-9.1', 'libpq-dev']
|
||||
default['postgresql']['server']['packages'] = ['postgresql-9.1']
|
||||
default['postgresql']['contrib']['packages'] = ['postgresql-contrib-9.1']
|
||||
else # 8+
|
||||
default['postgresql']['version'] = '9.4'
|
||||
default['postgresql']['dir'] = '/etc/postgresql/9.4/main'
|
||||
default['postgresql']['client']['packages'] = ['postgresql-client-9.4', 'libpq-dev']
|
||||
default['postgresql']['server']['packages'] = ['postgresql-9.4']
|
||||
default['postgresql']['contrib']['packages'] = ['postgresql-contrib-9.4']
|
||||
end
|
||||
|
||||
default['postgresql']['server']['service_name'] = 'postgresql'
|
||||
|
||||
when 'ubuntu'
|
||||
|
||||
if node['platform_version'].to_f <= 13.10
|
||||
default['postgresql']['version'] = '9.1'
|
||||
default['postgresql']['dir'] = '/etc/postgresql/9.1/main'
|
||||
default['postgresql']['server']['service_name'] = 'postgresql'
|
||||
default['postgresql']['client']['packages'] = ['postgresql-client-9.1', 'libpq-dev']
|
||||
default['postgresql']['server']['packages'] = ['postgresql-9.1']
|
||||
default['postgresql']['contrib']['packages'] = ['postgresql-contrib-9.1']
|
||||
elsif node['platform_version'].to_f <= 14.04
|
||||
default['postgresql']['version'] = '9.3'
|
||||
default['postgresql']['dir'] = '/etc/postgresql/9.3/main'
|
||||
default['postgresql']['server']['service_name'] = 'postgresql'
|
||||
default['postgresql']['client']['packages'] = ['postgresql-client-9.3', 'libpq-dev']
|
||||
default['postgresql']['server']['packages'] = ['postgresql-9.3']
|
||||
default['postgresql']['contrib']['packages'] = ['postgresql-contrib-9.3']
|
||||
elsif node['platform_version'].to_f <= 15.10
|
||||
default['postgresql']['version'] = '9.4'
|
||||
default['postgresql']['dir'] = '/etc/postgresql/9.4/main'
|
||||
default['postgresql']['server']['service_name'] = 'postgresql'
|
||||
default['postgresql']['client']['packages'] = ['postgresql-client-9.4', 'libpq-dev']
|
||||
default['postgresql']['server']['packages'] = ['postgresql-9.4']
|
||||
default['postgresql']['contrib']['packages'] = ['postgresql-contrib-9.4']
|
||||
else
|
||||
default['postgresql']['version'] = '9.5'
|
||||
default['postgresql']['dir'] = '/etc/postgresql/9.5/main'
|
||||
default['postgresql']['server']['service_name'] = 'postgresql'
|
||||
default['postgresql']['client']['packages'] = ['postgresql-client-9.5', 'libpq-dev']
|
||||
default['postgresql']['server']['packages'] = ['postgresql-9.5']
|
||||
default['postgresql']['contrib']['packages'] = ['postgresql-contrib-9.5']
|
||||
end
|
||||
|
||||
when 'fedora'
|
||||
|
||||
default['postgresql']['version'] = '9.5'
|
||||
default['postgresql']['setup_script'] = 'postgresql-setup'
|
||||
default['postgresql']['dir'] = '/var/lib/pgsql/data'
|
||||
default['postgresql']['client']['packages'] = %w(postgresql-devel postgresql-contrib)
|
||||
default['postgresql']['server']['packages'] = %w(postgresql-server)
|
||||
default['postgresql']['contrib']['packages'] = %w(postgresql-contrib)
|
||||
default['postgresql']['server']['service_name'] = 'postgresql'
|
||||
default['postgresql']['uid'] = '26'
|
||||
default['postgresql']['gid'] = '26'
|
||||
|
||||
when 'amazon'
|
||||
|
||||
if node['platform_version'].to_f >= 2015.03
|
||||
default['postgresql']['version'] = '9.2'
|
||||
default['postgresql']['dir'] = '/var/lib/pgsql9/data'
|
||||
end
|
||||
|
||||
default['postgresql']['client']['packages'] = %w(postgresql-devel)
|
||||
default['postgresql']['server']['packages'] = %w(postgresql-server)
|
||||
default['postgresql']['contrib']['packages'] = %w(postgresql-contrib)
|
||||
default['postgresql']['server']['service_name'] = 'postgresql'
|
||||
default['postgresql']['uid'] = '26'
|
||||
default['postgresql']['gid'] = '26'
|
||||
|
||||
when 'redhat', 'centos', 'scientific', 'oracle'
|
||||
|
||||
default['postgresql']['version'] = '8.4'
|
||||
|
||||
default['postgresql']['client']['packages'] = 'postgresql84-devel'
|
||||
default['postgresql']['server']['packages'] = ['postgresql84-server']
|
||||
default['postgresql']['contrib']['packages'] = ['postgresql84-contrib']
|
||||
|
||||
default['postgresql']['setup_script'] = 'postgresql-setup'
|
||||
default['postgresql']['server']['service_name'] = 'postgresql'
|
||||
default['postgresql']['uid'] = '26'
|
||||
default['postgresql']['gid'] = '26'
|
||||
|
||||
if node['platform_version'].to_f >= 6.0 && node['postgresql']['version'].to_f == 8.4
|
||||
default['postgresql']['client']['packages'] = 'postgresql-devel'
|
||||
default['postgresql']['server']['packages'] = ['postgresql-server']
|
||||
default['postgresql']['contrib']['packages'] = ['postgresql-contrib']
|
||||
end
|
||||
|
||||
if node['platform_version'].to_f >= 7.0
|
||||
default['postgresql']['version'] = '9.2'
|
||||
default['postgresql']['client']['packages'] = 'postgresql-devel'
|
||||
default['postgresql']['server']['packages'] = ['postgresql-server']
|
||||
default['postgresql']['contrib']['packages'] = ['postgresql-contrib']
|
||||
end
|
||||
|
||||
when 'opensuse', 'opensuseleap'
|
||||
|
||||
default['postgresql']['dir'] = '/var/lib/pgsql/data'
|
||||
default['postgresql']['uid'] = '26'
|
||||
default['postgresql']['gid'] = '26'
|
||||
|
||||
case node['platform_version'].to_f
|
||||
when 13.1
|
||||
default['postgresql']['version'] = '9.2'
|
||||
default['postgresql']['client']['packages'] = ['postgresql92', 'postgresql92-devel']
|
||||
default['postgresql']['server']['packages'] = ['postgresql92-server']
|
||||
default['postgresql']['contrib']['packages'] = ['postgresql92-contrib']
|
||||
when 13.2
|
||||
default['postgresql']['version'] = '9.3'
|
||||
default['postgresql']['client']['packages'] = ['postgresql93', 'postgresql93-devel']
|
||||
default['postgresql']['server']['packages'] = ['postgresql93-server']
|
||||
default['postgresql']['contrib']['packages'] = ['postgresql93-contrib']
|
||||
else # opensuseleap
|
||||
default['postgresql']['version'] = '9.4'
|
||||
default['postgresql']['client']['packages'] = ['postgresql94', 'postgresql94-devel']
|
||||
default['postgresql']['server']['packages'] = ['postgresql94-server']
|
||||
default['postgresql']['contrib']['packages'] = ['postgresql94-contrib']
|
||||
end
|
||||
|
||||
default['postgresql']['server']['service_name'] = 'postgresql'
|
||||
|
||||
when 'suse' # sles 12+
|
||||
default['postgresql']['version'] = '9.1'
|
||||
default['postgresql']['client']['packages'] = ['postgresql91', 'rubygem-pg']
|
||||
default['postgresql']['server']['packages'] = ['postgresql91-server']
|
||||
default['postgresql']['contrib']['packages'] = ['postgresql91-contrib']
|
||||
default['postgresql']['dir'] = '/var/lib/pgsql/data'
|
||||
default['postgresql']['server']['service_name'] = 'postgresql'
|
||||
end
|
||||
|
||||
case node['platform_family']
|
||||
when 'debian'
|
||||
default['postgresql']['config']['listen_addresses'] = 'localhost'
|
||||
default['postgresql']['config']['port'] = 5432
|
||||
default['postgresql']['config']['max_connections'] = 100
|
||||
default['postgresql']['config']['shared_buffers'] = '24MB'
|
||||
default['postgresql']['config']['log_line_prefix'] = '%t '
|
||||
default['postgresql']['config']['datestyle'] = 'iso, mdy'
|
||||
default['postgresql']['config']['default_text_search_config'] = 'pg_catalog.english'
|
||||
default['postgresql']['config']['ssl'] = true
|
||||
when 'rhel', 'fedora', 'suse'
|
||||
default['postgresql']['config']['listen_addresses'] = 'localhost'
|
||||
default['postgresql']['config']['port'] = 5432
|
||||
default['postgresql']['config']['max_connections'] = 100
|
||||
default['postgresql']['config']['shared_buffers'] = '32MB'
|
||||
default['postgresql']['config']['logging_collector'] = true
|
||||
default['postgresql']['config']['log_directory'] = 'pg_log'
|
||||
default['postgresql']['config']['log_filename'] = 'postgresql-%a.log'
|
||||
default['postgresql']['config']['log_truncate_on_rotation'] = true
|
||||
default['postgresql']['config']['log_rotation_age'] = '1d'
|
||||
default['postgresql']['config']['log_rotation_size'] = 0
|
||||
default['postgresql']['config']['datestyle'] = 'iso, mdy'
|
||||
default['postgresql']['config']['lc_messages'] = 'en_US.UTF-8'
|
||||
default['postgresql']['config']['lc_monetary'] = 'en_US.UTF-8'
|
||||
default['postgresql']['config']['lc_numeric'] = 'en_US.UTF-8'
|
||||
default['postgresql']['config']['lc_time'] = 'en_US.UTF-8'
|
||||
default['postgresql']['config']['default_text_search_config'] = 'pg_catalog.english'
|
||||
end
|
||||
|
||||
default['postgresql']['pg_hba'] = [
|
||||
{ type: 'local', db: 'all', user: 'postgres', addr: nil, method: 'ident' },
|
||||
{ type: 'local', db: 'all', user: 'all', addr: nil, method: 'ident' },
|
||||
{ type: 'host', db: 'all', user: 'all', addr: '127.0.0.1/32', method: 'md5' },
|
||||
{ type: 'host', db: 'all', user: 'all', addr: '::1/128', method: 'md5' },
|
||||
]
|
||||
|
||||
default['postgresql']['password'] = {}
|
||||
|
||||
# set to install a specific version of the ruby gem pg
|
||||
# if attribute is not defined, install will pick the latest available pg gem
|
||||
default['postgresql']['pg_gem']['version'] = nil
|
||||
|
||||
case node['platform_family']
|
||||
when 'debian'
|
||||
default['postgresql']['pgdg']['release_apt_codename'] = node['lsb']['codename']
|
||||
end
|
||||
|
||||
default['postgresql']['initdb_locale'] = 'UTF-8'
|
|
@ -1,507 +0,0 @@
|
|||
# frozen_string_literal: true
|
||||
# The PostgreSQL RPM Building Project built repository RPMs for easy
|
||||
# access to the PGDG yum repositories. Links to RPMs for installation
|
||||
# on the supported version/platform combinations are listed at
|
||||
# http://yum.postgresql.org/repopackages.php, and the links for
|
||||
# PostgreSQL 9.2, 9.3, 9.4, 9.5 and 9.6 are captured below.
|
||||
#
|
||||
default['postgresql']['pgdg']['repo_rpm_url'] = {
|
||||
'9.6' => {
|
||||
'amazon' => {
|
||||
'2015' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-ami201503-96-9.6-3.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-ami201503-96-9.6-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
'centos' => {
|
||||
'7' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-7-x86_64/',
|
||||
'package' => 'pgdg-centos96-9.6-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'6' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-centos96-9.6-3.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-centos96-9.6-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
'redhat' => {
|
||||
'7' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-7-x86_64/',
|
||||
'package' => 'pgdg-redhat96-9.6-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'6' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-redhat96-9.6-3.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-redhat96-9.6-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
'oracle' => {
|
||||
'7' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-7-x86_64/',
|
||||
'package' => 'pgdg-oraclelinux96-9.6-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'6' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-oraclelinux96-9.6-3.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-oraclelinux96-9.6-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
'scientific' => {
|
||||
'7' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-7-x86_64/',
|
||||
'package' => 'pgdg-sl96-9.6-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'6' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-sl96-9.6-3.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.6/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-sl96-9.6-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
'fedora' => {
|
||||
'22' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.6/fedora/fedora-22-x86_64/',
|
||||
'package' => 'pgdg-fedora96-9.6-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'23' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.6/fedora/fedora-23-x86_64/',
|
||||
'package' => 'pgdg-fedora96-9.6-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'24' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.6/fedora/fedora-24-x86_64/',
|
||||
'package' => 'pgdg-fedora96-9.6-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'25' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.6/fedora/fedora-25-x86_64/',
|
||||
'package' => 'pgdg-fedora96-9.6-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
'9.5' => {
|
||||
'amazon' => {
|
||||
'2015' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-ami201503-95-9.5-3.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-ami201503-95-9.5-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
'centos' => {
|
||||
'7' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-7-x86_64/',
|
||||
'package' => 'pgdg-centos95-9.5-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'6' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-centos95-9.5-3.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-centos95-9.5-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
'redhat' => {
|
||||
'7' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-7-x86_64/',
|
||||
'package' => 'pgdg-redhat95-9.5-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'6' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-redhat95-9.5-3.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-redhat95-9.5-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
'oracle' => {
|
||||
'7' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-7-x86_64/',
|
||||
'package' => 'pgdg-oraclelinux95-9.5-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'6' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-oraclelinux95-9.5-3.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-oraclelinux95-9.5-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
'scientific' => {
|
||||
'7' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-7-x86_64/',
|
||||
'package' => 'pgdg-sl95-9.5-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'6' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-sl95-9.5-3.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.5/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-sl95-9.5-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
'fedora' => {
|
||||
'22' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.5/fedora/fedora-22-x86_64/',
|
||||
'package' => 'pgdg-fedora95-9.5-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'23' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.5/fedora/fedora-23-x86_64/',
|
||||
'package' => 'pgdg-fedora95-9.5-4.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'24' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.5/fedora/fedora-24-x86_64/',
|
||||
'package' => 'pgdg-fedora95-9.5-4.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'25' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.5/fedora/fedora-25-x86_64/',
|
||||
'package' => 'pgdg-fedora95-9.5-4.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
'9.4' => {
|
||||
'redhat' => {
|
||||
'7' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/',
|
||||
'package' => 'pgdg-redhat94-9.4-2.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'6' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-redhat94-9.4-2.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-redhat94-9.4-2.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
'centos' => {
|
||||
'7' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/',
|
||||
'package' => 'pgdg-centos94-9.4-2.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'6' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-centos94-9.4-2.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-centos94-9.4-2.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'5' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-5-i386/',
|
||||
'package' => 'pgdg-centos94-9.4-3.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-5-x86_64/',
|
||||
'package' => 'pgdg-centos94-9.4-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
'fedora' => {
|
||||
'22' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.4/fedora/fedora-22-x86_64/',
|
||||
'package' => 'pgdg-fedora94-9.4-4.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'23' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.4/fedora/fedora-23-x86_64/',
|
||||
'package' => 'pgdg-fedora94-9.4-5.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'24' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.4/fedora/fedora-24-x86_64/',
|
||||
'package' => 'pgdg-fedora94-9.4-5.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'25' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.4/fedora/fedora-25-x86_64/',
|
||||
'package' => 'pgdg-fedora94-9.4-5.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
'amazon' => {
|
||||
'2015' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-ami201503-94-9.4-3.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-ami201503-94-9.4-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
'scientific' => {
|
||||
'7' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/',
|
||||
'package' => 'pgdg-sl94-9.4-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'6' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-sl94-9.4-3.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-sl94-9.4-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
'oracle' => {
|
||||
'7' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/',
|
||||
'package' => 'pgdg-oraclelinux94-9.4-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'6' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-oraclelinux94-9.4-3.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-oraclelinux94-9.4-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
'9.3' => {
|
||||
'amazon' => {
|
||||
'2015' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-redhat93-9.3-3.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-redhat93-9.3-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'2014' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-redhat93-9.3-3.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-redhat93-9.3-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
'centos' => {
|
||||
'7' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-7-x86_64/',
|
||||
'package' => 'pgdg-centos93-9.3-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'6' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-centos93-9.3-3.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-centos93-9.3-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
'fedora' => {
|
||||
'23' => {
|
||||
'x86_64' => {
|
||||
'url' => 'https://yum.postgresql.org/9.3/fedora/fedora-23-x86_64/',
|
||||
'package' => 'pgdg-fedora93-9.3-4.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
'redhat' => {
|
||||
'7' => {
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-7-x86_64/',
|
||||
'package' => 'pgdg-redhat93-9.3-2.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'6' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-redhat93-9.3-3.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-redhat93-9.3-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
'oracle' => {
|
||||
'6' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-redhat93-9.3-3.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-redhat93-9.3-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
'scientific' => {
|
||||
'6' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-sl93-9.3-3.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-sl93-9.3-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
'5' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-5-i386/',
|
||||
'package' => 'pgdg-sl93-9.3-3.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.3/redhat/rhel-5-x86_64/',
|
||||
'package' => 'pgdg-sl93-9.3-3.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
'9.2' => {
|
||||
'centos' => {
|
||||
'6' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.2/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-centos92-9.2-8.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.2/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-centos92-9.2-8.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
'redhat' => {
|
||||
'6' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.2/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-redhat92-9.2-9.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.2/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-redhat92-9.2-9.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
'oracle' => {
|
||||
'6' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.2/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-redhat92-9.2-9.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.2/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-redhat92-9.2-9.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
'scientific' => {
|
||||
'6' => {
|
||||
'i386' => {
|
||||
'url' => 'http://yum.postgresql.org/9.2/redhat/rhel-6-i386/',
|
||||
'package' => 'pgdg-sl92-9.2-10.noarch.rpm',
|
||||
},
|
||||
'x86_64' => {
|
||||
'url' => 'http://yum.postgresql.org/9.2/redhat/rhel-6-x86_64/',
|
||||
'package' => 'pgdg-sl92-9.2-10.noarch.rpm',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
|
@ -1,307 +0,0 @@
|
|||
# frozen_string_literal: false
|
||||
#
|
||||
# Cookbook:: postgresql
|
||||
# Library:: default
|
||||
# Author:: David Crane (<davidc@donorschoose.org>)
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
include Chef::Mixin::ShellOut
|
||||
|
||||
module Opscode
|
||||
module PostgresqlHelpers
|
||||
#######
|
||||
# Function to truncate value to 4 significant bits, render human readable.
|
||||
# Used in recipes/config_initdb.rb to set this attribute:
|
||||
#
|
||||
# The memory settings (shared_buffers, effective_cache_size, work_mem,
|
||||
# maintenance_work_mem and wal_buffers) will be rounded down to keep
|
||||
# the 4 most significant bits, so that SHOW will be likely to use a
|
||||
# larger divisor. The output is actually a human readable string that
|
||||
# ends with "GB", "MB" or "kB" if over 1023, exactly what Postgresql
|
||||
# will expect in a postgresql.conf setting. The output may be up to
|
||||
# 6.25% less than the original value because of the rounding.
|
||||
def binaryround(value)
|
||||
# Keep a multiplier which grows through powers of 1
|
||||
multiplier = 1
|
||||
|
||||
# Truncate value to 4 most significant bits
|
||||
while value >= 16
|
||||
value = (value / 2).floor
|
||||
multiplier *= 2
|
||||
end
|
||||
|
||||
# Factor any remaining powers of 2 into the multiplier
|
||||
while value == 2 * (value / 2).floor
|
||||
value = (value / 2).floor
|
||||
multiplier *= 2
|
||||
end
|
||||
|
||||
# Factor enough powers of 2 back into the value to
|
||||
# leave the multiplier as a power of 1024 that can
|
||||
# be represented as units of "GB", "MB" or "kB".
|
||||
if multiplier >= 1024 * 1024 * 1024
|
||||
while multiplier > 1024 * 1024 * 1024
|
||||
value = 2 * value
|
||||
multiplier = (multiplier / 2).floor
|
||||
end
|
||||
multiplier = 1
|
||||
units = 'GB'
|
||||
|
||||
elsif multiplier >= 1024 * 1024
|
||||
while multiplier > 1024 * 1024
|
||||
value = 2 * value
|
||||
multiplier = (multiplier / 2).floor
|
||||
end
|
||||
multiplier = 1
|
||||
units = 'MB'
|
||||
|
||||
elsif multiplier >= 1024
|
||||
while multiplier > 1024
|
||||
value = 2 * value
|
||||
multiplier = (multiplier / 2).floor
|
||||
end
|
||||
multiplier = 1
|
||||
units = 'kB'
|
||||
|
||||
else
|
||||
units = ''
|
||||
end
|
||||
|
||||
# Now we can return a nice human readable string.
|
||||
"#{multiplier * value}#{units}"
|
||||
end
|
||||
|
||||
#######
|
||||
# Locale Configuration
|
||||
|
||||
# Function to test the date order.
|
||||
# Used in recipes/config_initdb.rb to set this attribute:
|
||||
# node.default['postgresql']['config']['datestyle']
|
||||
def locale_date_order
|
||||
# Test locale conversion of mon=11, day=22, year=33
|
||||
testtime = DateTime.new(2033, 11, 22, 0, 0, 0, '-00:00')
|
||||
#=> #<DateTime: 2033-11-22T00:00:00-0000 ...>
|
||||
|
||||
# %x - Preferred representation for the date alone, no time
|
||||
res = testtime.strftime('%x')
|
||||
|
||||
return 'mdy' if res.nil?
|
||||
|
||||
posM = res.index('11')
|
||||
posD = res.index('22')
|
||||
posY = res.index('33')
|
||||
|
||||
if posM.nil? || posD.nil? || posY.nil?
|
||||
return 'mdy'
|
||||
elseif (posY < posM && posM < posD)
|
||||
return 'ymd'
|
||||
elseif (posD < posM)
|
||||
return 'dmy'
|
||||
end
|
||||
'mdy'
|
||||
end
|
||||
|
||||
#######
|
||||
# Timezone Configuration
|
||||
require 'find'
|
||||
|
||||
# Function to determine where the system stored shared timezone data.
|
||||
# Used in recipes/config_initdb.rb to detemine where it should have
|
||||
# select_default_timezone(tzdir) search.
|
||||
def pg_TZDIR
|
||||
# System time zone conversions are controlled by a timezone data file
|
||||
# identified through environment variables (TZ and TZDIR) and/or file
|
||||
# and directory naming conventions specific to the Linux distribution.
|
||||
# Each of these timezone names will have been loaded into the PostgreSQL
|
||||
# pg_timezone_names view by the package maintainer.
|
||||
#
|
||||
# Instead of using the timezone name configured as the system default,
|
||||
# the PostgreSQL server uses ones named in postgresql.conf settings
|
||||
# (timezone and log_timezone). The initdb utility does initialize those
|
||||
# settings to the timezone name that corresponds to the system default.
|
||||
#
|
||||
# The system's timezone name is actually a filename relative to the
|
||||
# shared zoneinfo directory. That is usually /usr/share/zoneinfo, but
|
||||
# it was /usr/lib/zoneinfo in older distributions and can be anywhere
|
||||
# if specified by the environment variable TZDIR. The tzset(3) manpage
|
||||
# seems to indicate the following precedence:
|
||||
tzdir = nil
|
||||
if ::File.directory?('/usr/lib/zoneinfo')
|
||||
tzdir = '/usr/lib/zoneinfo'
|
||||
else
|
||||
share_path = [ENV['TZDIR'], '/usr/share/zoneinfo'].compact.first
|
||||
tzdir = share_path if ::File.directory?(share_path)
|
||||
end
|
||||
tzdir
|
||||
end
|
||||
|
||||
#######
|
||||
# Function to support select_default_timezone(tzdir), which is
|
||||
# used in recipes/config_initdb.rb.
|
||||
def validate_zone(tzname)
|
||||
# PostgreSQL does not support leap seconds, so this function tests
|
||||
# the usual Linux tzname convention to avoid a misconfiguration.
|
||||
# Assume that the tzdata package maintainer has kept all timezone
|
||||
# data files with support for leap seconds is kept under the
|
||||
# so-named "right/" subdir of the shared zoneinfo directory.
|
||||
#
|
||||
# The original PostgreSQL initdb is not Unix-specific, so it did a
|
||||
# very complicated, thorough test in its pg_tz_acceptable() function
|
||||
# that I could not begin to understand how to do in ruby :).
|
||||
#
|
||||
# Testing the tzname is good enough, since a misconfiguration
|
||||
# will result in an immediate fatal error when the PostgreSQL
|
||||
# service is started, with pgstartup.log messages such as:
|
||||
# LOG: time zone "right/US/Eastern" appears to use leap seconds
|
||||
# DETAIL: PostgreSQL does not support leap seconds.
|
||||
|
||||
if tzname.index('right/') == 0
|
||||
false
|
||||
else
|
||||
true
|
||||
end
|
||||
end
|
||||
|
||||
# Function to support select_default_timezone(tzdir), which is
|
||||
# used in recipes/config_initdb.rb.
|
||||
def scan_available_timezones(tzdir)
|
||||
# There should be an /etc/localtime zoneinfo file that is a link to
|
||||
# (or a copy of) a timezone data file under tzdir, which should have
|
||||
# been installed under the "share" directory by the tzdata package.
|
||||
#
|
||||
# The initdb utility determines which shared timezone file is being
|
||||
# used as the system's default /etc/localtime. The timezone name is
|
||||
# the timezone file path relative to the tzdir.
|
||||
|
||||
bestzonename = nil
|
||||
|
||||
if tzdir.nil?
|
||||
Chef::Log.error('The zoneinfo directory not found (looked for /usr/share/zoneinfo and /usr/lib/zoneinfo)')
|
||||
elsif !::File.exist?('/etc/localtime')
|
||||
Chef::Log.error('The system zoneinfo file not found (looked for /etc/localtime)')
|
||||
elsif ::File.directory?('/etc/localtime')
|
||||
Chef::Log.error('The system zoneinfo file not found (/etc/localtime is a directory instead)')
|
||||
elsif ::File.symlink?('/etc/localtime')
|
||||
# PostgreSQL initdb doesn't use the symlink target, but this
|
||||
# certainly will make sense to any system administrator. A full
|
||||
# scan of the tzdir to find the shortest filename could result
|
||||
# "US/Eastern" instead of "America/New_York" as bestzonename,
|
||||
# in spite of what the sysadmin had specified in the symlink.
|
||||
# (There are many duplicates under tzdir, with the same timezone
|
||||
# content appearing as an average of 2-3 different file names.)
|
||||
path = ::File.realdirpath('/etc/localtime')
|
||||
bestzonename = path.gsub("#{tzdir}/", '')
|
||||
else # /etc/localtime is a file, so scan for it under tzdir
|
||||
localtime_content = File.read('/etc/localtime')
|
||||
|
||||
Find.find(tzdir) do |path|
|
||||
# Only consider files (skip directories or symlinks)
|
||||
next unless !::File.directory?(path) && !::File.symlink?(path)
|
||||
# Ignore any file named "posixrules" or "localtime"
|
||||
next unless ::File.basename(path) != 'posixrules' && ::File.basename(path) != 'localtime'
|
||||
# Do consider if content exactly matches /etc/localtime.
|
||||
next unless localtime_content == File.read(path)
|
||||
tzname = path.gsub("#{tzdir}/", '')
|
||||
next unless validate_zone(tzname)
|
||||
if bestzonename.nil? ||
|
||||
tzname.length < bestzonename.length ||
|
||||
(tzname.length == bestzonename.length &&
|
||||
(tzname <=> bestzonename) < 0)
|
||||
|
||||
bestzonename = tzname
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
bestzonename
|
||||
end
|
||||
|
||||
# Function to support select_default_timezone(tzdir), which is
|
||||
# used in recipes/config_initdb.rb.
|
||||
def identify_system_timezone(tzdir)
|
||||
resultbuf = scan_available_timezones(tzdir)
|
||||
|
||||
if !resultbuf.nil?
|
||||
# Ignore Olson's rather silly "Factory" zone; use GMT instead
|
||||
resultbuf = nil if (resultbuf <=> 'Factory') == 0
|
||||
|
||||
else
|
||||
# Did not find the timezone. Fallback to use a GMT zone. Note that the
|
||||
# Olson timezone database names the GMT-offset zones in POSIX style: plus
|
||||
# is west of Greenwich.
|
||||
testtime = DateTime.now
|
||||
std_ofs = testtime.strftime('%:z').split(':')[0].to_i
|
||||
|
||||
resultbuf = [
|
||||
'Etc/GMT',
|
||||
-std_ofs > 0 ? '+' : '',
|
||||
(-std_ofs).to_s,
|
||||
].join('')
|
||||
end
|
||||
|
||||
resultbuf
|
||||
end
|
||||
|
||||
#######
|
||||
# Function to determine the name of the system's default timezone.
|
||||
# Used in recipes/config_initdb.rb to set these attributes:
|
||||
# node.default['postgresql']['config']['log_timezone']
|
||||
# node.default['postgresql']['config']['timezone']
|
||||
def select_default_timezone(tzdir)
|
||||
system_timezone = nil
|
||||
|
||||
# Check TZ environment variable
|
||||
tzname = ENV['TZ']
|
||||
if !tzname.nil? && !tzname.empty? && validate_zone(tzname)
|
||||
system_timezone = tzname
|
||||
|
||||
else
|
||||
# Nope, so try to identify system timezone from /etc/localtime
|
||||
tzname = identify_system_timezone(tzdir)
|
||||
system_timezone = tzname if validate_zone(tzname)
|
||||
end
|
||||
|
||||
system_timezone
|
||||
end
|
||||
|
||||
#######
|
||||
# Function to execute an SQL statement in the default database.
|
||||
# Input: Query could be a single String or an Array of String.
|
||||
# Output: A String with |-separated columns and \n-separated rows.
|
||||
# Note an empty output could mean psql couldn't connect.
|
||||
# This is easiest for 1-field (1-row, 1-col) results, otherwise
|
||||
# it will be complex to parse the results.
|
||||
def execute_sql(query, db_name = node['postgresql']['database_name'])
|
||||
# query could be a String or an Array of String
|
||||
statement = query.is_a?(String) ? query : query.join("\n")
|
||||
cmd = shell_out("psql -q --tuples-only --no-align -d #{db_name} -f -",
|
||||
user: 'postgres',
|
||||
input: statement)
|
||||
# If psql fails, generally the postgresql service is down.
|
||||
# Instead of aborting chef with a fatal error, let's just
|
||||
# pass these non-zero exitstatus back as empty cmd.stdout.
|
||||
if cmd.exitstatus == 0 && !cmd.stderr.empty?
|
||||
# An SQL failure is still a zero exitstatus, but then the
|
||||
# stderr explains the error, so let's rais that as fatal.
|
||||
Chef::Log.fatal("psql failed executing this SQL statement:\n#{statement}")
|
||||
Chef::Log.fatal(cmd.stderr)
|
||||
raise 'SQL ERROR'
|
||||
end
|
||||
cmd.stdout.chomp
|
||||
end
|
||||
|
||||
# End the Opscode::PostgresqlHelpers module
|
||||
end
|
||||
end
|
|
@ -0,0 +1,247 @@
|
|||
#
|
||||
# Cookbook:: postgresql
|
||||
# Library:: helpers
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
module PostgresqlCookbook
|
||||
module Helpers
|
||||
include Chef::Mixin::ShellOut
|
||||
|
||||
require 'securerandom'
|
||||
|
||||
def psql_command_string(new_resource, query, grep_for: nil, value_only: false)
|
||||
cmd = "/usr/bin/psql -c \"#{query}\""
|
||||
cmd << " -d #{new_resource.database}" if new_resource.database
|
||||
cmd << " -U #{new_resource.user}" if new_resource.user
|
||||
cmd << " --host #{new_resource.host}" if new_resource.host
|
||||
cmd << " --port #{new_resource.port}" if new_resource.port
|
||||
cmd << ' --tuples-only' if value_only
|
||||
cmd << " | grep #{grep_for}" if grep_for
|
||||
cmd
|
||||
end
|
||||
|
||||
def execute_sql(new_resource, query)
|
||||
# If we don't pass in a user to the resource
|
||||
# default to the postgres user
|
||||
user = new_resource.user ? new_resource.user : 'postgres'
|
||||
|
||||
# Query could be a String or an Array of Strings
|
||||
statement = query.is_a?(String) ? query : query.join("\n")
|
||||
|
||||
cmd = shell_out(statement, user: user)
|
||||
|
||||
# Pass back cmd so we can decide what to do with it in the calling method.
|
||||
cmd
|
||||
end
|
||||
|
||||
def database_exists?(new_resource)
|
||||
sql = %(SELECT datname from pg_database WHERE datname='#{new_resource.database}')
|
||||
|
||||
exists = psql_command_string(new_resource, sql, grep_for: new_resource.database)
|
||||
|
||||
cmd = execute_sql(new_resource, exists)
|
||||
cmd.exitstatus == 0
|
||||
end
|
||||
|
||||
def user_exists?(new_resource)
|
||||
sql = %(SELECT rolname FROM pg_roles WHERE rolname='#{new_resource.create_user}';)
|
||||
|
||||
exists = psql_command_string(new_resource, sql, grep_for: new_resource.create_user)
|
||||
|
||||
cmd = execute_sql(new_resource, exists)
|
||||
cmd.exitstatus == 0
|
||||
end
|
||||
|
||||
def extension_installed?(new_resource)
|
||||
query = %(SELECT extversion FROM pg_extension WHERE extname='#{new_resource.extension}';)
|
||||
check_extension_version = psql_command_string(new_resource, query, value_only: true)
|
||||
version_result = execute_sql(new_resource, check_extension_version)
|
||||
if new_resource.version
|
||||
version_result.stdout == new_resource.version
|
||||
else
|
||||
!version_result.stdout.nil?
|
||||
end
|
||||
end
|
||||
|
||||
def alter_role_sql(new_resource)
|
||||
sql = %(ALTER ROLE postgres ENCRYPTED PASSWORD '#{postgres_password(new_resource)}';)
|
||||
psql_command_string(new_resource, sql)
|
||||
end
|
||||
|
||||
def create_extension_sql(new_resource)
|
||||
sql = "CREATE EXTENSION IF NOT EXISTS #{new_resource.extension}"
|
||||
sql << " FROM \"#{new_resource.old_version}\"" if new_resource.old_version
|
||||
|
||||
psql_command_string(new_resource, sql)
|
||||
end
|
||||
|
||||
def user_has_password?(new_resource)
|
||||
sql = %(SELECT rolpassword from pg_authid WHERE rolname='postgres' AND rolpassword IS NOT NULL;)
|
||||
cmd = psql_command_string(new_resource, sql)
|
||||
|
||||
res = execute_sql(new_resource, cmd)
|
||||
res.stdout =~ /1 row/ ? true : false
|
||||
end
|
||||
|
||||
def role_sql(new_resource)
|
||||
sql = %(\\"#{new_resource.create_user}\\" WITH )
|
||||
|
||||
%w(superuser createdb createrole inherit replication login).each do |perm|
|
||||
sql << "#{'NO' unless new_resource.send(perm)}#{perm.upcase} "
|
||||
end
|
||||
|
||||
sql << if new_resource.encrypted_password
|
||||
"ENCRYPTED PASSWORD '#{new_resource.encrypted_password}'"
|
||||
elsif new_resource.password
|
||||
"PASSWORD '#{new_resource.password}'"
|
||||
else
|
||||
''
|
||||
end
|
||||
|
||||
sql << if new_resource.valid_until
|
||||
" VALID UNTIL '#{new_resource.valid_until}'"
|
||||
else
|
||||
''
|
||||
end
|
||||
end
|
||||
|
||||
def create_user_sql(new_resource)
|
||||
sql = %(CREATE ROLE #{role_sql(new_resource)})
|
||||
psql_command_string(new_resource, sql)
|
||||
end
|
||||
|
||||
def update_user_sql(new_resource)
|
||||
sql = %(ALTER ROLE #{role_sql(new_resource)})
|
||||
psql_command_string(new_resource, sql)
|
||||
end
|
||||
|
||||
def update_user_with_attributes_sql(new_resource, value)
|
||||
sql = %(ALTER ROLE '#{new_resource.create_user}' SET #{attr} = #{value})
|
||||
psql_command_string(new_resource, sql)
|
||||
end
|
||||
|
||||
def drop_user_sql(new_resource)
|
||||
sql = %(DROP ROLE IF EXISTS '#{new_resource.create_user}')
|
||||
psql_command_string(new_resource, sql)
|
||||
end
|
||||
|
||||
def data_dir(version = node.run_state['postgresql']['version'])
|
||||
case node['platform_family']
|
||||
when 'rhel', 'fedora'
|
||||
"/var/lib/pgsql/#{version}/data"
|
||||
when 'amazon'
|
||||
if node['virtualization']['system'] == 'docker'
|
||||
"/var/lib/pgsql#{version.delete('.')}/data"
|
||||
else
|
||||
"/var/lib/pgsql/#{version}/data"
|
||||
end
|
||||
when 'debian'
|
||||
"/var/lib/postgresql/#{version}/main"
|
||||
end
|
||||
end
|
||||
|
||||
def conf_dir(version = node.run_state['postgresql']['version'])
|
||||
case node['platform_family']
|
||||
when 'rhel', 'fedora'
|
||||
"/var/lib/pgsql/#{version}/data"
|
||||
when 'amazon'
|
||||
if node['virtualization']['system'] == 'docker'
|
||||
"/var/lib/pgsql#{version.delete('.')}/data"
|
||||
else
|
||||
"/var/lib/pgsql/#{version}/data"
|
||||
end
|
||||
when 'debian'
|
||||
"/etc/postgresql/#{version}/main"
|
||||
end
|
||||
end
|
||||
|
||||
# determine the platform specific service name
|
||||
def platform_service_name(version = node.run_state['postgresql']['version'])
|
||||
case node['platform_family']
|
||||
when 'rhel', 'fedora'
|
||||
"postgresql-#{version}"
|
||||
when 'amazon'
|
||||
if node['virtualization']['system'] == 'docker'
|
||||
"postgresql#{version.delete('.')}"
|
||||
else
|
||||
"postgresql-#{version}"
|
||||
end
|
||||
else
|
||||
'postgresql'
|
||||
end
|
||||
end
|
||||
|
||||
def follower?
|
||||
::File.exist? "#{data_dir}/recovery.conf"
|
||||
end
|
||||
|
||||
def initialized?
|
||||
return true if ::File.exist?("#{conf_dir}/PG_VERSION")
|
||||
false
|
||||
end
|
||||
|
||||
def secure_random
|
||||
r = SecureRandom.hex
|
||||
Chef::Log.debug "Generated password: #{r}"
|
||||
r
|
||||
end
|
||||
|
||||
# determine the platform specific server package name
|
||||
def server_pkg_name
|
||||
platform_family?('debian') ? "postgresql-#{new_resource.version}" : "postgresql#{new_resource.version.delete('.')}-server"
|
||||
end
|
||||
|
||||
# determine the appropriate DB init command to run based on RHEL/Fedora/Amazon release
|
||||
# initdb defaults to the execution environment.
|
||||
# https://www.postgresql.org/docs/9.5/static/locale.html
|
||||
def rhel_init_db_command(new_resource)
|
||||
cmd = if platform_family?('amazon')
|
||||
'/usr/bin/initdb'
|
||||
else
|
||||
"/usr/pgsql-#{new_resource.version}/bin/initdb"
|
||||
end
|
||||
cmd << " --locale '#{new_resource.initdb_locale}'" if new_resource.initdb_locale
|
||||
cmd << " -D '#{data_dir(new_resource.version)}'"
|
||||
end
|
||||
|
||||
# Given the base URL build the complete URL string for a yum repo
|
||||
def yum_repo_url(base_url)
|
||||
"#{base_url}/#{new_resource.version}/#{yum_repo_platform_family_string}/#{yum_repo_platform_string}"
|
||||
end
|
||||
|
||||
# The postgresql yum repos URLs are organized into redhat and fedora directories.s
|
||||
# route things to the right place based on platform_family
|
||||
def yum_repo_platform_family_string
|
||||
platform_family?('fedora') ? 'fedora' : 'redhat'
|
||||
end
|
||||
|
||||
# Build the platform string that makes up the final component of the yum repo URL
|
||||
def yum_repo_platform_string
|
||||
platform = platform?('fedora') ? 'fedora' : 'rhel'
|
||||
release = platform?('amazon') ? '6' : '$releasever'
|
||||
"#{platform}-#{release}-$basearch"
|
||||
end
|
||||
|
||||
# On Amazon use the RHEL 6 packages. Otherwise use the releasever yum variable
|
||||
def yum_releasever
|
||||
platform?('amazon') ? '6' : '$releasever'
|
||||
end
|
||||
|
||||
# Generate a password if the value is set to generate.
|
||||
def postgres_password(new_resource)
|
||||
new_resource.password == 'generate' ? secure_random : new_resource.password
|
||||
end
|
||||
end
|
||||
end
|
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,15 @@
|
|||
# frozen_string_literal: true
|
||||
name 'postgresql'
|
||||
maintainer 'Sous Chefs'
|
||||
maintainer_email 'help@sous-chefs.org'
|
||||
license 'Apache-2.0'
|
||||
description 'Installs and configures postgresql for clients or servers'
|
||||
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
|
||||
version '7.1.3'
|
||||
source_url 'https://github.com/sous-chefs/postgresql'
|
||||
issues_url 'https://github.com/sous-chefs/postgresql/issues'
|
||||
chef_version '>= 13.8'
|
||||
|
||||
%w(ubuntu debian fedora amazon redhat centos scientific oracle).each do |os|
|
||||
supports os
|
||||
end
|
|
@ -1,8 +0,0 @@
|
|||
# frozen_string_literal: true
|
||||
apt_repository 'apt.postgresql.org' do
|
||||
uri 'http://apt.postgresql.org/pub/repos/apt'
|
||||
distribution "#{node['postgresql']['pgdg']['release_apt_codename']}-pgdg"
|
||||
components ['main', node['postgresql']['version']]
|
||||
key 'https://www.postgresql.org/media/keys/ACCC4CF8.asc'
|
||||
action :add
|
||||
end
|
|
@ -1,2 +0,0 @@
|
|||
# frozen_string_literal: true
|
||||
Chef::Log.warn('The postgresql::ca-certificates recipe has been deprecated and will be removed in the next major release of the cookbook')
|
|
@ -1,147 +0,0 @@
|
|||
# frozen_string_literal: true
|
||||
#
|
||||
# Cookbook:: postgresql
|
||||
# Recipe:: config_initdb
|
||||
# Author:: David Crane (<davidc@donorschoose.org>)
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
#######
|
||||
# Load the locale_date_order() and select_default_timezone(tzdir)
|
||||
# methods from libraries/default.rb
|
||||
::Chef::Recipe.send(:include, Opscode::PostgresqlHelpers)
|
||||
|
||||
#######
|
||||
# This recipe is derived from the setup_config() source code in the
|
||||
# PostgreSQL initdb utility. It determines postgresql.conf settings that
|
||||
# conform to the system's locale and timezone configuration, and also
|
||||
# sets the error reporting and logging settings.
|
||||
#
|
||||
# See http://doxygen.postgresql.org/initdb_8c_source.html for the
|
||||
# original initdb source code.
|
||||
#
|
||||
# By examining the system configuration, this recipe will set the
|
||||
# following node.default['postgresql']['config'] attributes:
|
||||
#
|
||||
# - Locale and Formatting -
|
||||
# * datestyle
|
||||
# * lc_messages
|
||||
# * lc_monetary
|
||||
# * lc_numeric
|
||||
# * lc_time
|
||||
# * default_text_search_config
|
||||
#
|
||||
# - Timezone Conversion -
|
||||
# * log_timezone
|
||||
# * timezone
|
||||
#
|
||||
# In addition, this recipe will recommend the same error reporting and
|
||||
# logging settings that initdb provided. These settings do differ from
|
||||
# the PostgreSQL default settings, which would log to stderr only. The
|
||||
# initdb settings rotate 7 days of log files named postgresql-Mon.log,
|
||||
# etc. through these node.default['postgresql']['config'] attributes:
|
||||
#
|
||||
# - Where to Log -
|
||||
# * log_destination = 'stderr'
|
||||
# * log_directory = 'pg_log'
|
||||
# * log_filename = 'postgresql-%a.log'
|
||||
# (Default was: postgresql-%Y-%m-%d_%H%M%S.log)
|
||||
# * logging_collector = true # on
|
||||
# (Turned on to capture stderr logging and redirect into log files)
|
||||
# (Default was: false # off)
|
||||
# * log_rotation_age = 1d
|
||||
# * log_rotation_size = 0
|
||||
# (Default was: 10MB)
|
||||
# * log_truncate_on_rotation = true # on
|
||||
# (Default was: false # off)
|
||||
|
||||
#######
|
||||
# Locale Configuration
|
||||
|
||||
# See libraries/default.rb for the locale_date_order() method.
|
||||
node.default['postgresql']['config']['datestyle'] = "iso, #{locale_date_order}"
|
||||
|
||||
# According to the locale(1) manpage, the locale settings are determined
|
||||
# by environment variables according to the following precedence:
|
||||
# LC_ALL > (LC_MESSAGES, LC_MONETARY, LC_NUMERIC, LC_TIME) > LANG.
|
||||
|
||||
node.default['postgresql']['config']['lc_messages'] =
|
||||
[ENV['LC_ALL'], ENV['LC_MESSAGES'], ENV['LANG']].compact.first
|
||||
|
||||
node.default['postgresql']['config']['lc_monetary'] =
|
||||
[ENV['LC_ALL'], ENV['LC_MONETARY'], ENV['LANG']].compact.first
|
||||
|
||||
node.default['postgresql']['config']['lc_numeric'] =
|
||||
[ENV['LC_ALL'], ENV['LC_NUMERIC'], ENV['LANG']].compact.first
|
||||
|
||||
node.default['postgresql']['config']['lc_time'] =
|
||||
[ENV['LC_ALL'], ENV['LC_TIME'], ENV['LANG']].compact.first
|
||||
|
||||
node.default['postgresql']['config']['default_text_search_config'] =
|
||||
case ENV['LANG']
|
||||
when /da_.*/
|
||||
'pg_catalog.danish'
|
||||
when /nl_.*/
|
||||
'pg_catalog.dutch'
|
||||
when /en_.*/
|
||||
'pg_catalog.english'
|
||||
when /fi_.*/
|
||||
'pg_catalog.finnish'
|
||||
when /fr_.*/
|
||||
'pg_catalog.french'
|
||||
when /de_.*/
|
||||
'pg_catalog.german'
|
||||
when /hu_.*/
|
||||
'pg_catalog.hungarian'
|
||||
when /it_.*/
|
||||
'pg_catalog.italian'
|
||||
when /no_.*/
|
||||
'pg_catalog.norwegian'
|
||||
when /pt_.*/
|
||||
'pg_catalog.portuguese'
|
||||
when /ro_.*/
|
||||
'pg_catalog.romanian'
|
||||
when /ru_.*/
|
||||
'pg_catalog.russian'
|
||||
when /es_.*/
|
||||
'pg_catalog.spanish'
|
||||
when /sv_.*/
|
||||
'pg_catalog.swedish'
|
||||
when /tr_.*/
|
||||
'pg_catalog.turkish'
|
||||
end
|
||||
|
||||
#######
|
||||
# Timezone Configuration
|
||||
|
||||
# Determine the name of the system's default timezone and specify node
|
||||
# defaults for the postgresql.cof settings. If the timezone cannot be
|
||||
# identified, do as initdb would do: leave it unspecified so PostgreSQL
|
||||
# uses it's internal default of GMT.
|
||||
tzdirpath = pg_TZDIR # See libraries/default.rb
|
||||
default_timezone = select_default_timezone(tzdirpath) # See libraries/default.rb
|
||||
unless default_timezone.nil?
|
||||
node.default['postgresql']['config']['log_timezone'] = default_timezone
|
||||
node.default['postgresql']['config']['timezone'] = default_timezone
|
||||
end
|
||||
|
||||
#######
|
||||
# - Where to Log -
|
||||
node.default['postgresql']['config']['log_destination'] = 'stderr'
|
||||
node.default['postgresql']['config']['log_directory'] = 'pg_log'
|
||||
node.default['postgresql']['config']['log_filename'] = 'postgresql-%a.log'
|
||||
node.default['postgresql']['config']['logging_collector'] = true # on
|
||||
node.default['postgresql']['config']['log_rotation_age'] = '1d'
|
||||
node.default['postgresql']['config']['log_rotation_size'] = 0
|
||||
node.default['postgresql']['config']['log_truncate_on_rotation'] = true # on
|
|
@ -1,283 +0,0 @@
|
|||
# frozen_string_literal: true
|
||||
#
|
||||
# Cookbook:: postgresql
|
||||
# Recipe:: config_pgtune
|
||||
# Author:: David Crane (<davidc@donorschoose.org>)
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
#######
|
||||
# Load the binaryround(value) method from libraries/default.rb
|
||||
::Chef::Recipe.send(:include, Opscode::PostgresqlHelpers)
|
||||
|
||||
#######
|
||||
# This recipe is based on Greg Smith's pgtune script (the Feb 1, 2012
|
||||
# version at https://github.com/gregs1104/pgtune). Introduction: pgtune
|
||||
# takes the wimpy default postgresql.conf and expands the database
|
||||
# server to be as powerful as the hardware it's being deployed on.
|
||||
#
|
||||
# The default postgresql.conf aims at a system with approximately 128MB
|
||||
# of RAM. This recipe recommends a baseline configuration in the right
|
||||
# general range for a dedicated Postgresql system.
|
||||
#
|
||||
# This recipe takes three optional parameters that may be passed in as
|
||||
# node['postgresql']['config_pgtune'] attributes:
|
||||
# * db_type -- Specifies database type as one of: dw, oltp,
|
||||
# web, mixed, desktop. If not specified, the default is mixed.
|
||||
# * max_connections -- Specifies number of maximum connections
|
||||
# expected. If not specified, it depends on database type.
|
||||
# * total_memory -- Specifies total system memory. If not specified,
|
||||
# it will be detected from the Ohai automatic attributes.
|
||||
#
|
||||
# Using those inputs, this recipe will compute and set the following
|
||||
# node.default['postgresql']['config'] attributes:
|
||||
# * max_connections
|
||||
# * shared_buffers
|
||||
# * effective_cache_size
|
||||
# * work_mem
|
||||
# * maintenance_work_mem
|
||||
# * checkpoint_segments
|
||||
# * checkpoint_completion_target
|
||||
# * wal_buffers
|
||||
# * default_statistics_target
|
||||
#
|
||||
# This recipe deviates from the original pgtune script for 2 settings:
|
||||
# shared_buffers is capped for large memory systems (which Greg
|
||||
# mentioned in a TODO.rst) and wal_buffers will auto-tune starting with
|
||||
# 9.1 (which is a feature that Greg built into Postgresql).
|
||||
|
||||
#######
|
||||
# These are the workload characteristics of the five database types
|
||||
# that can be specified as node['postgresql']['config_pgtune']['db_type']:
|
||||
#
|
||||
# dw -- Data Warehouse
|
||||
# * Typically I/O- or RAM-bound
|
||||
# * Large bulk loads of data
|
||||
# * Large complex reporting queries
|
||||
# * Also called "Decision Support" or "Business Intelligence"
|
||||
#
|
||||
# oltp -- Online Transaction Processing
|
||||
# * Typically CPU- or I/O-bound
|
||||
# * DB slightly larger than RAM to 1TB
|
||||
# * 20-40% small data write queries
|
||||
# * Some long transactions and complex read queries
|
||||
#
|
||||
# web -- Web Application
|
||||
# * Typically CPU-bound
|
||||
# * DB much smaller than RAM
|
||||
# * 90% or more simple queries
|
||||
#
|
||||
# mixed -- Mixed DW and OLTP characteristics
|
||||
# * A wide mixture of queries
|
||||
#
|
||||
# desktop -- Not a dedicated database
|
||||
# * A general workstation, perhaps for a developer
|
||||
|
||||
# Parse out db_type option, or use default.
|
||||
db_type = 'mixed'
|
||||
|
||||
if node['postgresql'].attribute?('config_pgtune') && node['postgresql']['config_pgtune'].attribute?('db_type')
|
||||
db_type = node['postgresql']['config_pgtune']['db_type']
|
||||
unless %w(dw oltp web mixed desktop).include?(db_type)
|
||||
Chef::Log.fatal([
|
||||
"Bad value (#{db_type})",
|
||||
"for node['postgresql']['config_pgtune']['db_type'] attribute.",
|
||||
'Valid values are one of dw, oltp, web, mixed, desktop.',
|
||||
].join(' '))
|
||||
raise
|
||||
end
|
||||
end
|
||||
|
||||
# Parse out max_connections option, or use a value based on db_type.
|
||||
con =
|
||||
{ 'web' => 200,
|
||||
'oltp' => 300,
|
||||
'dw' => 20,
|
||||
'mixed' => 80,
|
||||
'desktop' => 5,
|
||||
}.fetch(db_type)
|
||||
|
||||
if node['postgresql'].attribute?('config_pgtune') && node['postgresql']['config_pgtune'].attribute?('max_connections')
|
||||
max_connections = node['postgresql']['config_pgtune']['max_connections'].to_i
|
||||
if max_connections <= 0
|
||||
Chef::Log.fatal([
|
||||
"Bad value (#{max_connections})",
|
||||
"for node['postgresql']['config_pgtune']['max_connections'] attribute.",
|
||||
'Valid values are non-zero integers only.',
|
||||
].join(' '))
|
||||
raise
|
||||
end
|
||||
con = max_connections
|
||||
end
|
||||
|
||||
# Parse out total_memory option, or use value detected by Ohai.
|
||||
total_memory = node['memory']['total']
|
||||
|
||||
# Override max_connections with a node attribute if DevOps desires.
|
||||
# For example, on a system *not* dedicated to Postgresql.
|
||||
if node['postgresql'].attribute?('config_pgtune') && node['postgresql']['config_pgtune'].attribute?('total_memory')
|
||||
total_memory = node['postgresql']['config_pgtune']['total_memory']
|
||||
if total_memory.match(/\A[1-9]\d*kB\Z/).nil?
|
||||
Chef::Application.fatal!([
|
||||
"Bad value (#{total_memory})",
|
||||
"for node['postgresql']['config_pgtune']['total_memory'] attribute.",
|
||||
'Valid values are non-zero integers followed by kB (e.g., 49416564kB).',
|
||||
].join(' '))
|
||||
end
|
||||
end
|
||||
|
||||
# Ohai reports node[:memory][:total] in kB, as in "921756kB"
|
||||
mem = total_memory.split('kB')[0].to_i / 1024 # in MB
|
||||
|
||||
#######
|
||||
# RAM-related settings computed as in Greg Smith's pgtune script.
|
||||
# Remember that con and mem were either chosen above based on the
|
||||
# db_type or the actual total memory, or were passed in attributes.
|
||||
|
||||
# (1) max_connections
|
||||
# Sets the maximum number of concurrent connections.
|
||||
node.default['postgresql']['config']['max_connections'] = con
|
||||
|
||||
# The calculations for the next four settings would not be optimal
|
||||
# for low memory systems. In that case, the calculation is skipped,
|
||||
# leaving the built-in Postgresql settings, which are actually
|
||||
# intended for those low memory systems.
|
||||
if mem >= 256
|
||||
|
||||
# (2) shared_buffers
|
||||
# Sets the number of shared memory buffers used by the server.
|
||||
shared_buffers =
|
||||
{ 'web' => mem / 4,
|
||||
'oltp' => mem / 4,
|
||||
'dw' => mem / 4,
|
||||
'mixed' => mem / 4,
|
||||
'desktop' => mem / 16,
|
||||
}.fetch(db_type)
|
||||
|
||||
# Robert Haas has advised to cap the size of shared_buffers based on
|
||||
# the memory architecture: 2GB on 32-bit and 8GB on 64-bit machines.
|
||||
# http://rhaas.blogspot.com/2012/03/tuning-sharedbuffers-and-walbuffers.html
|
||||
case node['kernel']['machine']
|
||||
when 'i386' # 32-bit machines
|
||||
shared_buffers = 2 * 1024 if shared_buffers > 2 * 1024
|
||||
when 'x86_64' # 64-bit machines
|
||||
shared_buffers = 8 * 1024 if shared_buffers > 8 * 1024
|
||||
end
|
||||
|
||||
node.default['postgresql']['config']['shared_buffers'] = binaryround(shared_buffers * 1024 * 1024)
|
||||
|
||||
# (3) effective_cache_size
|
||||
# Sets the planner's assumption about the size of the disk cache.
|
||||
# That is, the portion of the kernel's disk cache that will be
|
||||
# used for PostgreSQL data files.
|
||||
effective_cache_size =
|
||||
{ 'web' => mem * 3 / 4,
|
||||
'oltp' => mem * 3 / 4,
|
||||
'dw' => mem * 3 / 4,
|
||||
'mixed' => mem * 3 / 4,
|
||||
'desktop' => mem / 4,
|
||||
}.fetch(db_type)
|
||||
|
||||
node.default['postgresql']['config']['effective_cache_size'] = binaryround(effective_cache_size * 1024 * 1024)
|
||||
|
||||
# (4) work_mem
|
||||
# Sets the maximum memory to be used for query workspaces.
|
||||
mem_con_v = (mem.to_f / con).ceil
|
||||
|
||||
work_mem =
|
||||
{ 'web' => mem_con_v,
|
||||
'oltp' => mem_con_v,
|
||||
'dw' => mem_con_v / 2,
|
||||
'mixed' => mem_con_v / 2,
|
||||
'desktop' => mem_con_v / 6,
|
||||
}.fetch(db_type)
|
||||
|
||||
node.default['postgresql']['config']['work_mem'] = binaryround(work_mem * 1024 * 1024)
|
||||
|
||||
# (5) maintenance_work_mem
|
||||
# Sets the maximum memory to be used for maintenance operations.
|
||||
# This includes operations such as VACUUM and CREATE INDEX.
|
||||
maintenance_work_mem =
|
||||
{ 'web' => mem / 16,
|
||||
'oltp' => mem / 16,
|
||||
'dw' => mem / 8,
|
||||
'mixed' => mem / 16,
|
||||
'desktop' => mem / 16,
|
||||
}.fetch(db_type)
|
||||
|
||||
# Cap maintenence RAM at 1GB on servers with lots of memory
|
||||
maintenance_work_mem = 1 * 1024 if maintenance_work_mem > 1 * 1024
|
||||
|
||||
node.default['postgresql']['config']['maintenance_work_mem'] = binaryround(maintenance_work_mem * 1024 * 1024)
|
||||
|
||||
end
|
||||
|
||||
#######
|
||||
# Checkpoint-related parameters that affect transaction rate and
|
||||
# maximum tolerable recovery playback time.
|
||||
|
||||
# (6) checkpoint_segments
|
||||
# Sets the maximum distance in log segments between automatic WAL checkpoints.
|
||||
checkpoint_segments =
|
||||
{ 'web' => 8,
|
||||
'oltp' => 16,
|
||||
'dw' => 64,
|
||||
'mixed' => 16,
|
||||
'desktop' => 3,
|
||||
}.fetch(db_type)
|
||||
|
||||
if node['postgresql']['version'].to_f >= 9.5
|
||||
node.default['postgresql']['config']['max_wal_size'] = ((3 * checkpoint_segments) * 16).to_s + 'MB'
|
||||
else
|
||||
node.default['postgresql']['config']['checkpoint_segments'] = checkpoint_segments
|
||||
end
|
||||
|
||||
# (7) checkpoint_completion_target
|
||||
# Time spent flushing dirty buffers during checkpoint, as fraction
|
||||
# of checkpoint interval.
|
||||
checkpoint_completion_target =
|
||||
{ 'web' => '0.7',
|
||||
'oltp' => '0.9',
|
||||
'dw' => '0.9',
|
||||
'mixed' => '0.9',
|
||||
'desktop' => '0.5',
|
||||
}.fetch(db_type)
|
||||
|
||||
node.default['postgresql']['config']['checkpoint_completion_target'] = checkpoint_completion_target
|
||||
|
||||
# (8) wal_buffers
|
||||
# Sets the number of disk-page buffers in shared memory for WAL.
|
||||
# Starting with 9.1, wal_buffers will auto-tune if set to the -1 default.
|
||||
# For 8.X and 9.0, it needed to be specified, which pgtune did as follows.
|
||||
if node['postgresql']['version'].to_f < 9.1
|
||||
wal_buffers = 512 * checkpoint_segments
|
||||
# The pgtune seems to use 1kB units for wal_buffers
|
||||
node.default['postgresql']['config']['wal_buffers'] = binaryround(wal_buffers * 1024)
|
||||
else
|
||||
node.default['postgresql']['config']['wal_buffers'] = '-1'
|
||||
end
|
||||
|
||||
# (9) default_statistics_target
|
||||
# Sets the default statistics target. This applies to table columns
|
||||
# that have not had a column-specific target set via
|
||||
# ALTER TABLE SET STATISTICS.
|
||||
default_statistics_target =
|
||||
{ 'web' => 100,
|
||||
'oltp' => 100,
|
||||
'dw' => 500,
|
||||
'mixed' => 100,
|
||||
'desktop' => 100,
|
||||
}.fetch(db_type)
|
||||
|
||||
node.default['postgresql']['config']['default_statistics_target'] = default_statistics_target
|
|
@ -1,33 +0,0 @@
|
|||
# frozen_string_literal: true
|
||||
#
|
||||
# Cookbook:: postgresql
|
||||
# Recipe:: contrib
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
db_name = node['postgresql']['database_name']
|
||||
|
||||
# Install the PostgreSQL contrib package(s) from the distribution,
|
||||
# as specified by the node attributes.
|
||||
package node['postgresql']['contrib']['packages']
|
||||
|
||||
include_recipe 'postgresql::server'
|
||||
|
||||
# Install PostgreSQL contrib extentions into the database, as specified by the
|
||||
# node attribute node['postgresql']['database_name'].
|
||||
if node['postgresql']['contrib'].attribute?('extensions')
|
||||
node['postgresql']['contrib']['extensions'].each do |pg_ext|
|
||||
postgresql_extension "#{db_name}/#{pg_ext}"
|
||||
end
|
||||
end
|
|
@ -1,19 +0,0 @@
|
|||
# frozen_string_literal: true
|
||||
#
|
||||
# Cookbook:: postgresql
|
||||
# Recipe:: default
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
include_recipe 'postgresql::client'
|
|
@ -1,125 +0,0 @@
|
|||
# frozen_string_literal: false
|
||||
#
|
||||
# Cookbook:: postgresql
|
||||
# Recipe:: ruby
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
# Load the pgdgrepo_rpm_info method from libraries/default.rb
|
||||
::Chef::Recipe.send(:include, Opscode::PostgresqlHelpers)
|
||||
|
||||
begin
|
||||
require 'pg'
|
||||
rescue LoadError
|
||||
if platform_family?('debian')
|
||||
e = apt_update 'update' do
|
||||
action :nothing
|
||||
end
|
||||
e.run_action(:update)
|
||||
end
|
||||
|
||||
node.override['build-essential']['compile_time'] = true
|
||||
include_recipe 'build-essential'
|
||||
|
||||
if node['postgresql']['enable_pgdg_yum'] && platform_family?('rhel', 'fedora')
|
||||
include_recipe 'postgresql::yum_pgdg_postgresql'
|
||||
|
||||
rpm_platform = node['platform']
|
||||
rpm_platform_version = node['platform_version'].to_i.to_s
|
||||
arch = node['kernel']['machine']
|
||||
|
||||
resources("remote_file[#{Chef::Config[:file_cache_path]}/#{node['postgresql']['pgdg']['repo_rpm_url'][node['postgresql']['version']][rpm_platform][rpm_platform_version][arch]['package']}]").run_action(:create)
|
||||
resources("package[#{node['postgresql']['pgdg']['repo_rpm_url'][node['postgresql']['version']][rpm_platform][rpm_platform_version][arch]['package']}]").run_action(:install)
|
||||
|
||||
ENV['PATH'] = "/usr/pgsql-#{node['postgresql']['version']}/bin:#{ENV['PATH']}"
|
||||
end
|
||||
|
||||
if node['postgresql']['enable_pgdg_apt'] && platform_family?('debian')
|
||||
include_recipe 'postgresql::apt_pgdg_postgresql'
|
||||
resources('apt_repository[apt.postgresql.org]').run_action(:add)
|
||||
end
|
||||
|
||||
include_recipe 'postgresql::client'
|
||||
|
||||
package node['postgresql']['client']['packages'] do
|
||||
action :nothing
|
||||
end.run_action(:install)
|
||||
|
||||
begin
|
||||
chef_gem 'pg' do
|
||||
compile_time true
|
||||
version node['postgresql']['pg_gem']['version'] if node['postgresql']['pg_gem']['version']
|
||||
end
|
||||
rescue Gem::Installer::ExtensionBuildError, Mixlib::ShellOut::ShellCommandFailed => e
|
||||
# Are we an omnibus install?
|
||||
raise if RbConfig.ruby.scan(/(chef|opscode)/).empty?
|
||||
# Still here, must be omnibus. Lets make this thing install!
|
||||
Chef::Log.warn 'Failed to properly build pg gem. Forcing properly linking and retrying (omnibus fix)'
|
||||
gem_dir = e.message.scan(/will remain installed in ([^ ]+)/).flatten.first
|
||||
raise unless gem_dir
|
||||
gem_name = File.basename(gem_dir)
|
||||
ext_dir = File.join(gem_dir, 'ext')
|
||||
gem_exec = File.join(File.dirname(RbConfig.ruby), 'gem')
|
||||
new_content = <<-EOS
|
||||
require 'rbconfig'
|
||||
%w(
|
||||
configure_args
|
||||
LIBRUBYARG_SHARED
|
||||
LIBRUBYARG_STATIC
|
||||
LIBRUBYARG
|
||||
LDFLAGS
|
||||
).each do |key|
|
||||
RbConfig::CONFIG[key].gsub!(/-Wl[^ ]+( ?\\/[^ ]+)?/, '')
|
||||
RbConfig::MAKEFILE_CONFIG[key].gsub!(/-Wl[^ ]+( ?\\/[^ ]+)?/, '')
|
||||
end
|
||||
RbConfig::CONFIG['RPATHFLAG'] = ''
|
||||
RbConfig::MAKEFILE_CONFIG['RPATHFLAG'] = ''
|
||||
EOS
|
||||
new_content << File.read(extconf_path = File.join(ext_dir, 'extconf.rb'))
|
||||
File.open(extconf_path, 'w') do |file|
|
||||
file.write(new_content)
|
||||
end
|
||||
|
||||
lib_builder = execute 'generate pg gem Makefile' do
|
||||
# [COOK-3490] pg gem install requires full path on RHEL
|
||||
command "PATH=$PATH:/usr/pgsql-#{node['postgresql']['version']}/bin #{RbConfig.ruby} extconf.rb"
|
||||
cwd ext_dir
|
||||
action :nothing
|
||||
end
|
||||
lib_builder.run_action(:run)
|
||||
|
||||
lib_maker = execute 'make pg gem lib' do
|
||||
command 'make'
|
||||
cwd ext_dir
|
||||
action :nothing
|
||||
end
|
||||
lib_maker.run_action(:run)
|
||||
|
||||
lib_installer = execute 'install pg gem lib' do
|
||||
command 'make install'
|
||||
cwd ext_dir
|
||||
action :nothing
|
||||
end
|
||||
lib_installer.run_action(:run)
|
||||
|
||||
spec_installer = execute 'install pg spec' do
|
||||
command "#{gem_exec} spec ./cache/#{gem_name}.gem --ruby > ./specifications/#{gem_name}.gemspec"
|
||||
cwd File.join(gem_dir, '..', '..')
|
||||
action :nothing
|
||||
end
|
||||
spec_installer.run_action(:run)
|
||||
|
||||
Chef::Log.warn 'Installation of pg gem successful!'
|
||||
end
|
||||
end
|
|
@ -1,95 +0,0 @@
|
|||
# frozen_string_literal: true
|
||||
#
|
||||
# Cookbook:: postgresql
|
||||
# Recipe:: server
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
::Chef::Recipe.send(:include, OpenSSLCookbook::RandomPassword)
|
||||
|
||||
include_recipe 'postgresql::client'
|
||||
|
||||
# randomly generate postgres password, unless using solo - see README
|
||||
if Chef::Config[:solo]
|
||||
missing_attrs = %w(
|
||||
postgres
|
||||
).select do |attr|
|
||||
node['postgresql']['password'][attr].nil?
|
||||
end.map { |attr| "node['postgresql']['password']['#{attr}']" }
|
||||
|
||||
unless missing_attrs.empty?
|
||||
Chef::Log.fatal([
|
||||
"You must set #{missing_attrs.join(', ')} in chef-solo mode.",
|
||||
'For more information, see https://github.com/opscode-cookbooks/postgresql#chef-solo-note',
|
||||
].join(' '))
|
||||
raise
|
||||
end
|
||||
else
|
||||
# TODO: The "secure_password" is randomly generated plain text, so it
|
||||
# should be converted to a PostgreSQL specific "encrypted password" if
|
||||
# it should actually install a password (as opposed to disable password
|
||||
# login for user 'postgres'). However, a random password wouldn't be
|
||||
# useful if it weren't saved as clear text in Chef Server for later
|
||||
# retrieval.
|
||||
unless node.key?('postgresql') && node['postgresql'].key?('password') && node['postgresql']['password'].key?('postgres')
|
||||
node.normal_unless['postgresql']['password']['postgres'] = random_password(length: 20, mode: :base64)
|
||||
node.save
|
||||
end
|
||||
end
|
||||
|
||||
# Include the right "family" recipe for installing the server
|
||||
# since they do things slightly differently.
|
||||
case node['platform_family']
|
||||
when 'rhel', 'fedora'
|
||||
node.normal['postgresql']['dir'] = "/var/lib/pgsql/#{node['postgresql']['version']}/data"
|
||||
node.normal['postgresql']['config']['data_directory'] = "/var/lib/pgsql/#{node['postgresql']['version']}/data"
|
||||
include_recipe 'postgresql::server_redhat'
|
||||
when 'debian'
|
||||
node.normal['postgresql']['config']['data_directory'] = "/var/lib/postgresql/#{node['postgresql']['version']}/main"
|
||||
include_recipe 'postgresql::server_debian'
|
||||
when 'suse'
|
||||
node.normal['postgresql']['config']['data_directory'] = node['postgresql']['dir']
|
||||
include_recipe 'postgresql::server_redhat'
|
||||
end
|
||||
|
||||
# Versions prior to 9.2 do not have a config file option to set the SSL
|
||||
# key and cert path, and instead expect them to be in a specific location.
|
||||
|
||||
link ::File.join(node['postgresql']['config']['data_directory'], 'server.crt') do
|
||||
to node['postgresql']['config']['ssl_cert_file']
|
||||
only_if { node['postgresql']['version'].to_f < 9.2 && node['postgresql']['config'].attribute?('ssl_cert_file') }
|
||||
end
|
||||
|
||||
link ::File.join(node['postgresql']['config']['data_directory'], 'server.key') do
|
||||
to node['postgresql']['config']['ssl_key_file']
|
||||
only_if { node['postgresql']['version'].to_f < 9.2 && node['postgresql']['config'].attribute?('ssl_key_file') }
|
||||
end
|
||||
|
||||
# NOTE: Consider two facts before modifying "assign-postgres-password":
|
||||
# (1) Passing the "ALTER ROLE ..." through the psql command only works
|
||||
# if passwordless authorization was configured for local connections.
|
||||
# For example, if pg_hba.conf has a "local all postgres ident" rule.
|
||||
# (2) It is probably fruitless to optimize this with a not_if to avoid
|
||||
# setting the same password. This chef recipe doesn't have access to
|
||||
# the plain text password, and testing the encrypted (md5 digest)
|
||||
# version is not straight-forward.
|
||||
bash 'assign-postgres-password' do
|
||||
user 'postgres'
|
||||
code <<-EOH
|
||||
echo "ALTER ROLE postgres ENCRYPTED PASSWORD \'#{node['postgresql']['password']['postgres']}\';" | psql -p #{node['postgresql']['config']['port']}
|
||||
EOH
|
||||
action :run
|
||||
not_if "ls #{node['postgresql']['config']['data_directory']}/recovery.conf"
|
||||
only_if { node['postgresql']['assign_postgres_password'] }
|
||||
end
|
|
@ -1,55 +0,0 @@
|
|||
# frozen_string_literal: true
|
||||
#
|
||||
# Cookbook:: postgresql
|
||||
# Recipe:: server
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
change_notify = node['postgresql']['server']['config_change_notify']
|
||||
|
||||
# There are some configuration items which depend on correctly evaluating the intended version being installed
|
||||
if node['platform_family'] == 'debian'
|
||||
|
||||
node.normal['postgresql']['config']['hba_file'] = "/etc/postgresql/#{node['postgresql']['version']}/main/pg_hba.conf"
|
||||
node.normal['postgresql']['config']['ident_file'] = "/etc/postgresql/#{node['postgresql']['version']}/main/pg_ident.conf"
|
||||
node.normal['postgresql']['config']['external_pid_file'] = "/var/run/postgresql/#{node['postgresql']['version']}-main.pid"
|
||||
|
||||
if node['postgresql']['version'].to_f < 9.3
|
||||
node.normal['postgresql']['config']['unix_socket_directory'] = '/var/run/postgresql'
|
||||
else
|
||||
node.normal['postgresql']['config']['unix_socket_directories'] = '/var/run/postgresql'
|
||||
end
|
||||
|
||||
if node['postgresql']['config']['ssl']
|
||||
node.normal['postgresql']['config']['ssl_cert_file'] = '/etc/ssl/certs/ssl-cert-snakeoil.pem' if node['postgresql']['version'].to_f >= 9.2
|
||||
node.normal['postgresql']['config']['ssl_key_file'] = '/etc/ssl/private/ssl-cert-snakeoil.key' if node['postgresql']['version'].to_f >= 9.2
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
template "#{node['postgresql']['dir']}/postgresql.conf" do
|
||||
source 'postgresql.conf.erb'
|
||||
owner 'postgres'
|
||||
group 'postgres'
|
||||
mode '0600'
|
||||
notifies change_notify, 'service[postgresql]', :immediately
|
||||
end
|
||||
|
||||
template "#{node['postgresql']['dir']}/pg_hba.conf" do
|
||||
source 'pg_hba.conf.erb'
|
||||
owner 'postgres'
|
||||
group 'postgres'
|
||||
mode '0600'
|
||||
notifies change_notify, 'service[postgresql]', :immediately
|
||||
end
|
|
@ -1,35 +0,0 @@
|
|||
# frozen_string_literal: true
|
||||
#
|
||||
# Cookbook:: postgresql
|
||||
# Recipe:: server
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
include_recipe 'postgresql::client'
|
||||
|
||||
package node['postgresql']['server']['packages']
|
||||
|
||||
include_recipe 'postgresql::server_conf'
|
||||
|
||||
service 'postgresql' do
|
||||
service_name node['postgresql']['server']['service_name']
|
||||
supports restart: true, status: true, reload: true
|
||||
action [:enable, :start]
|
||||
end
|
||||
|
||||
execute 'Set locale and Create cluster' do
|
||||
command 'export LC_ALL=C; /usr/bin/pg_createcluster --start ' + node['postgresql']['version'] + ' main'
|
||||
action :run
|
||||
not_if { ::File.directory?('/etc/postgresql/' + node['postgresql']['version'] + '/main') }
|
||||
end
|
|
@ -1,140 +0,0 @@
|
|||
# frozen_string_literal: true
|
||||
#
|
||||
# Cookbook:: postgresql
|
||||
# Recipe:: server
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
include_recipe 'postgresql::client'
|
||||
|
||||
svc_name = node['postgresql']['server']['service_name']
|
||||
initdb_locale = node['postgresql']['initdb_locale']
|
||||
|
||||
shortver = node['postgresql']['version'].split('.').join
|
||||
|
||||
# Create a group and user like the package will.
|
||||
# Otherwise the templates fail.
|
||||
|
||||
group 'postgres' do
|
||||
gid node['postgresql']['gid']
|
||||
end
|
||||
|
||||
user 'postgres' do
|
||||
shell '/bin/bash'
|
||||
comment 'PostgreSQL Server'
|
||||
home '/var/lib/pgsql'
|
||||
gid 'postgres'
|
||||
system true
|
||||
uid node['postgresql']['uid']
|
||||
manage_home false
|
||||
end
|
||||
|
||||
directory node['postgresql']['config']['data_directory'] do
|
||||
owner 'postgres'
|
||||
group 'postgres'
|
||||
recursive true
|
||||
action :create
|
||||
mode '0700'
|
||||
end
|
||||
|
||||
package node['postgresql']['server']['packages']
|
||||
|
||||
# If using PGDG, add symlinks so that downstream commands all work
|
||||
if node['postgresql']['enable_pgdg_yum'] == true || node['postgresql']['use_pgdg_packages'] == true
|
||||
[
|
||||
"postgresql#{shortver}-setup",
|
||||
"postgresql#{shortver}-check-db-dir",
|
||||
].each do |cmd|
|
||||
link "/usr/bin/#{cmd}" do
|
||||
to "/usr/pgsql-#{node['postgresql']['version']}/bin/#{cmd}"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
# The systemd unit file does not support 'initdb' or 'upgrade' actions.
|
||||
# Use the postgresql-setup script instead.
|
||||
|
||||
unless node['postgresql']['server']['init_package'] == 'systemd'
|
||||
|
||||
directory '/etc/sysconfig/pgsql' do
|
||||
mode '0644'
|
||||
recursive true
|
||||
action :create
|
||||
end
|
||||
|
||||
template "/etc/sysconfig/pgsql/#{svc_name}" do
|
||||
source 'pgsql.sysconfig.erb'
|
||||
mode '0644'
|
||||
notifies :restart, 'service[postgresql]', :delayed
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
if node['postgresql']['server']['init_package'] == 'systemd'
|
||||
|
||||
if node['platform_family'] == 'rhel'
|
||||
|
||||
template_path = if node['postgresql']['use_pgdg_packages']
|
||||
"/etc/systemd/system/postgresql-#{node['postgresql']['version']}.service"
|
||||
else
|
||||
'/etc/systemd/system/postgresql.service'
|
||||
end
|
||||
|
||||
template template_path do
|
||||
source 'postgresql.service.erb'
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode '0644'
|
||||
notifies :run, 'execute[systemctl-reload]', :immediately
|
||||
notifies :reload, 'service[postgresql]', :delayed
|
||||
end
|
||||
execute 'systemctl-reload' do
|
||||
command 'systemctl daemon-reload'
|
||||
action :nothing
|
||||
end
|
||||
end
|
||||
|
||||
case node['platform_family']
|
||||
when 'suse'
|
||||
execute "initdb -d #{node['postgresql']['dir']}" do
|
||||
user 'postgres'
|
||||
not_if { ::File.exist?("#{node['postgresql']['config']['data_directory']}/PG_VERSION") }
|
||||
end
|
||||
else
|
||||
execute "#{node['postgresql']['setup_script']} initdb #{svc_name}" do
|
||||
not_if { ::File.exist?("#{node['postgresql']['config']['data_directory']}/PG_VERSION") }
|
||||
end
|
||||
end
|
||||
|
||||
elsif !platform_family?('suse') && node['postgresql']['version'].to_f <= 9.3
|
||||
|
||||
execute "/sbin/service #{svc_name} initdb #{initdb_locale}" do
|
||||
not_if { ::File.exist?("#{node['postgresql']['config']['data_directory']}/PG_VERSION") }
|
||||
end
|
||||
|
||||
else
|
||||
|
||||
execute "/sbin/service #{svc_name} initdb" do
|
||||
not_if { ::File.exist?("#{node['postgresql']['config']['data_directory']}/PG_VERSION") }
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
service 'postgresql' do
|
||||
service_name svc_name
|
||||
supports restart: true, status: true, reload: true
|
||||
action [:enable, :start]
|
||||
end
|
||||
|
||||
include_recipe 'postgresql::server_conf'
|
|
@ -1,41 +0,0 @@
|
|||
# frozen_string_literal: true
|
||||
#
|
||||
# Cookbook:: postgresql
|
||||
# Recipe::yum_pgdg_postgresql
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
######################################
|
||||
# Install the "PostgreSQL RPM Building Project - Yum Repository"
|
||||
|
||||
rpm_platform = node['platform']
|
||||
rpm_platform_version = node['platform_version'].to_f.to_i.to_s
|
||||
arch = node['kernel']['machine']
|
||||
pg_version = node['postgresql']['version']
|
||||
pgdg_setup = node['postgresql']['pgdg']['repo_rpm_url'][pg_version][rpm_platform][rpm_platform_version][arch]
|
||||
pgdg_package = pgdg_setup['package']
|
||||
pgdg_repository = pgdg_setup['url']
|
||||
|
||||
# Download the PGDG repository RPM as a local file
|
||||
remote_file "#{Chef::Config[:file_cache_path]}/#{pgdg_package}" do
|
||||
source "#{pgdg_repository}#{pgdg_package}"
|
||||
mode '0644'
|
||||
end
|
||||
|
||||
# Install the PGDG repository RPM from the local file
|
||||
package pgdg_package.to_s do
|
||||
provider Chef::Provider::Package::Rpm
|
||||
source "#{Chef::Config[:file_cache_path]}/#{pgdg_package}"
|
||||
action :install
|
||||
end
|
|
@ -0,0 +1,59 @@
|
|||
# frozen_string_literal: true
|
||||
#
|
||||
# Cookbook:: postgresql
|
||||
# Resource:: access
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
property :access_type, String, required: true, default: 'local'
|
||||
property :access_db, String, required: true, default: 'all'
|
||||
property :access_user, String, required: true, default: 'postgres'
|
||||
property :access_method, String, required: true, default: 'ident'
|
||||
property :cookbook, String, default: 'postgresql'
|
||||
property :source, String, default: 'pg_hba.conf.erb'
|
||||
property :access_addr, String
|
||||
property :comment, String
|
||||
|
||||
action :grant do
|
||||
config_resource = new_resource
|
||||
with_run_context :root do # ~FC037
|
||||
edit_resource(:template, "#{conf_dir}/pg_hba.conf") do |new_resource|
|
||||
source new_resource.source
|
||||
cookbook new_resource.cookbook
|
||||
owner 'postgres'
|
||||
group 'postgres'
|
||||
mode '0600'
|
||||
variables[:pg_hba] ||= {}
|
||||
variables[:pg_hba][new_resource.name] = {
|
||||
comment: new_resource.comment,
|
||||
type: new_resource.access_type,
|
||||
db: new_resource.access_db,
|
||||
user: new_resource.access_user,
|
||||
addr: new_resource.access_addr,
|
||||
method: new_resource.access_method,
|
||||
}
|
||||
action :nothing
|
||||
delayed_action :create
|
||||
notifies :trigger, config_resource, :immediately
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
action :trigger do
|
||||
new_resource.updated_by_last_action(true) # ~FC085
|
||||
end
|
||||
|
||||
action_class do
|
||||
include PostgresqlCookbook::Helpers
|
||||
end
|
|
@ -1,7 +1,7 @@
|
|||
# frozen_string_literal: true
|
||||
#
|
||||
# Cookbook:: postgresql
|
||||
# Recipe:: client
|
||||
# Resource:: client_install
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -16,19 +16,20 @@
|
|||
# limitations under the License.
|
||||
#
|
||||
|
||||
case node['platform_family']
|
||||
when 'debian'
|
||||
if node['postgresql']['version'].to_f > 9.3
|
||||
node.normal['postgresql']['enable_pgdg_apt'] = true
|
||||
property :version, String, default: '9.6'
|
||||
property :setup_repo, [true, false], default: true
|
||||
|
||||
action :install do
|
||||
postgresql_repository 'Add downloads.postgresql.org repository' do
|
||||
version new_resource.version
|
||||
only_if { new_resource.setup_repo }
|
||||
end
|
||||
|
||||
if node['postgresql']['enable_pgdg_apt']
|
||||
include_recipe 'postgresql::apt_pgdg_postgresql'
|
||||
end
|
||||
when 'rhel', 'fedora'
|
||||
if node['postgresql']['enable_pgdg_yum']
|
||||
include_recipe 'postgresql::yum_pgdg_postgresql'
|
||||
case node['platform_family']
|
||||
when 'debian'
|
||||
package "postgresql-client-#{new_resource.version}"
|
||||
when 'rhel', 'fedora', 'amazon'
|
||||
ver = new_resource.version.delete('.')
|
||||
package "postgresql#{ver}"
|
||||
end
|
||||
end
|
||||
|
||||
package node['postgresql']['client']['packages']
|
|
@ -0,0 +1,67 @@
|
|||
#
|
||||
# Cookbook:: postgresql
|
||||
# Resource:: database
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
property :template, String, default: 'template1'
|
||||
property :encoding, String, default: 'UTF-8'
|
||||
property :locale, String, default: 'en_US.UTF-8'
|
||||
property :owner, String
|
||||
|
||||
# Connection prefernces
|
||||
property :user, String, default: 'postgres'
|
||||
property :database, String, name_property: true
|
||||
property :host, [String, nil], default: nil
|
||||
property :port, Integer, default: 5432
|
||||
|
||||
action :create do
|
||||
createdb = 'createdb'
|
||||
createdb << " -E #{new_resource.encoding}" if new_resource.encoding
|
||||
createdb << " -l #{new_resource.locale}" if new_resource.locale
|
||||
createdb << " -T #{new_resource.template}" unless new_resource.template.empty?
|
||||
createdb << " -O #{new_resource.owner}" if new_resource.owner
|
||||
createdb << " -U #{new_resource.user}" if new_resource.user
|
||||
createdb << " -h #{new_resource.host}" if new_resource.host
|
||||
createdb << " -p #{new_resource.port}" if new_resource.port
|
||||
createdb << " #{new_resource.database}"
|
||||
|
||||
bash "Create Database #{new_resource.database}" do
|
||||
code createdb
|
||||
user new_resource.user
|
||||
not_if { follower? }
|
||||
not_if { database_exists?(new_resource) }
|
||||
end
|
||||
end
|
||||
|
||||
action :drop do
|
||||
converge_by "Drop PostgreSQL Database #{new_resource.database}" do
|
||||
dropdb = 'dropdb'
|
||||
dropdb << " -U #{new_resource.user}" if new_resource.user
|
||||
dropdb << " --host #{new_resource.host}" if new_resource.host
|
||||
dropdb << " --port #{new_resource.port}" if new_resource.port
|
||||
dropdb << " #{new_resource.database}"
|
||||
|
||||
bash "drop postgresql database #{new_resource.database})" do
|
||||
user 'postgres'
|
||||
code dropdb
|
||||
not_if { follower? }
|
||||
only_if { database_exists?(new_resource) }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
action_class do
|
||||
include PostgresqlCookbook::Helpers
|
||||
end
|
|
@ -1,4 +1,3 @@
|
|||
# frozen_string_literal: true
|
||||
#
|
||||
# Cookbook:: postgresql
|
||||
# Resource:: extension
|
||||
|
@ -16,42 +15,35 @@
|
|||
# limitations under the License.
|
||||
#
|
||||
|
||||
include Opscode::PostgresqlHelpers
|
||||
property :extension, String, name_property: true
|
||||
property :old_version, String
|
||||
property :version, String
|
||||
|
||||
# name property should take the form:
|
||||
# database/extension
|
||||
|
||||
property :database, String,
|
||||
required: true,
|
||||
default: lazy { name.scan(%r{\A[^/]+(?=/)}).first }
|
||||
|
||||
property :extension, String,
|
||||
required: true,
|
||||
default: lazy { name.scan(%r{(?<=/)[^/]+\Z}).first }
|
||||
# Connection prefernces
|
||||
property :user, String, default: 'postgres'
|
||||
property :database, String, required: true
|
||||
property :host, [String, nil]
|
||||
property :port, Integer, default: 5432
|
||||
|
||||
action :create do
|
||||
bash "CREATE EXTENSION #{name}" do
|
||||
code psql("CREATE EXTENSION IF NOT EXISTS \"#{extension}\"")
|
||||
bash "CREATE EXTENSION #{new_resource.name}" do
|
||||
code create_extension_sql(new_resource)
|
||||
user 'postgres'
|
||||
action :run
|
||||
not_if { extension_installed? }
|
||||
not_if { follower? || extension_installed?(new_resource) }
|
||||
end
|
||||
end
|
||||
|
||||
action :drop do
|
||||
bash "DROP EXTENSION #{name}" do
|
||||
code psql("DROP EXTENSION IF EXISTS \"#{extension}\"")
|
||||
bash "DROP EXTENSION #{new_resource.name}" do
|
||||
code psql_command_string(new_resource, "DROP EXTENSION IF EXISTS \"#{new_resource.extension}\"")
|
||||
user 'postgres'
|
||||
action :run
|
||||
only_if { extension_installed? }
|
||||
not_if { follower? }
|
||||
only_if { extension_installed?(new_resource) }
|
||||
end
|
||||
end
|
||||
|
||||
def psql(query)
|
||||
"psql -d #{database} <<< '\\set ON_ERROR_STOP on\n#{query};'"
|
||||
end
|
||||
|
||||
def extension_installed?
|
||||
query = "SELECT 'installed' FROM pg_extension WHERE extname = '#{extension}';"
|
||||
!(execute_sql(query, database) =~ /^installed$/).nil?
|
||||
action_class do
|
||||
include PostgresqlCookbook::Helpers
|
||||
end
|
||||
|
|
|
@ -0,0 +1,55 @@
|
|||
# frozen_string_literal: true
|
||||
#
|
||||
# Cookbook:: postgresql
|
||||
# Resource:: access
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
property :mapname, String, required: true
|
||||
property :source, String, default: 'pg_ident.conf.erb'
|
||||
property :cookbook, String, default: 'postgresql'
|
||||
property :system_user, String, required: true
|
||||
property :pg_user, String, required: true
|
||||
property :comment, [String, nil], default: nil
|
||||
|
||||
action :create do
|
||||
ident_resource = new_resource
|
||||
with_run_context :root do # ~FC037
|
||||
edit_resource(:template, "#{conf_dir}/pg_ident.conf") do |new_resource|
|
||||
source new_resource.source
|
||||
cookbook new_resource.cookbook
|
||||
owner 'postgres'
|
||||
group 'postgres'
|
||||
mode '0640'
|
||||
variables[:pg_ident] ||= {}
|
||||
variables[:pg_ident][new_resource.name] = {
|
||||
comment: new_resource.comment,
|
||||
mapname: new_resource.mapname,
|
||||
system_user: new_resource.system_user,
|
||||
pg_user: new_resource.pg_user,
|
||||
}
|
||||
action :nothing
|
||||
delayed_action :create
|
||||
notifies :trigger, ident_resource, :immediately
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
action :trigger do
|
||||
new_resource.updated_by_last_action(true) # ~FC085
|
||||
end
|
||||
|
||||
action_class do
|
||||
include PostgresqlCookbook::Helpers
|
||||
end
|
|
@ -0,0 +1,90 @@
|
|||
# frozen_string_literal: true
|
||||
#
|
||||
# Cookbook:: postgresql
|
||||
# Resource:: repository
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
property :version, String, default: '9.6'
|
||||
property :enable_pgdg, [true, false], default: true
|
||||
property :enable_pgdg_source, [true, false], default: false
|
||||
property :enable_pgdg_updates_testing, [true, false], default: false
|
||||
property :enable_pgdg_source_updates_testing, [true, false], default: false
|
||||
property :yum_gpg_key_uri, String, default: 'https://download.postgresql.org/pub/repos/yum/RPM-GPG-KEY-PGDG'
|
||||
property :apt_gpg_key_uri, String, default: 'https://download.postgresql.org/pub/repos/apt/ACCC4CF8.asc'
|
||||
|
||||
action :add do
|
||||
case node['platform_family']
|
||||
|
||||
when 'rhel', 'fedora', 'amazon'
|
||||
remote_file "/etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}" do
|
||||
source new_resource.yum_gpg_key_uri
|
||||
end
|
||||
|
||||
yum_repository "PostgreSQL #{new_resource.version}" do # ~FC005
|
||||
repositoryid "pgdg#{new_resource.version}"
|
||||
description "PostgreSQL.org #{new_resource.version}"
|
||||
baseurl yum_repo_url('https://download.postgresql.org/pub/repos/yum')
|
||||
enabled new_resource.enable_pgdg
|
||||
gpgcheck true
|
||||
gpgkey "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}"
|
||||
end
|
||||
|
||||
yum_repository "PostgreSQL #{new_resource.version} - source " do
|
||||
repositoryid "pgdg#{new_resource.version}-source"
|
||||
description "PostgreSQL.org #{new_resource.version} Source"
|
||||
baseurl yum_repo_url('https://download.postgresql.org/pub/repos/yum/srpms')
|
||||
enabled new_resource.enable_pgdg_source
|
||||
gpgcheck true
|
||||
gpgkey "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}"
|
||||
end
|
||||
|
||||
yum_repository "PostgreSQL #{new_resource.version} - updates testing" do
|
||||
repositoryid "pgdg#{new_resource.version}-updates-testing"
|
||||
description "PostgreSQL.org #{new_resource.version} Updates Testing"
|
||||
baseurl yum_repo_url('https://download.postgresql.org/pub/repos/yum/testing')
|
||||
enabled new_resource.enable_pgdg_updates_testing
|
||||
gpgcheck true
|
||||
gpgkey "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}"
|
||||
end
|
||||
|
||||
yum_repository "PostgreSQL #{new_resource.version} - source - updates testing" do
|
||||
repositoryid "pgdg#{new_resource.version}-source-updates-testing"
|
||||
description "PostgreSQL.org #{new_resource.version} Source Updates Testing"
|
||||
baseurl yum_repo_url('https://download.postgresql.org/pub/repos/yum/srpms/testing')
|
||||
enabled new_resource.enable_pgdg_source_updates_testing
|
||||
gpgcheck true
|
||||
gpgkey "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}"
|
||||
end
|
||||
|
||||
when 'debian'
|
||||
apt_update
|
||||
|
||||
package 'apt-transport-https'
|
||||
|
||||
apt_repository 'postgresql_org_repository' do
|
||||
uri 'https://download.postgresql.org/pub/repos/apt/'
|
||||
components ['main', new_resource.version.to_s]
|
||||
distribution "#{node['lsb']['codename']}-pgdg"
|
||||
key new_resource.apt_gpg_key_uri
|
||||
cache_rebuild true
|
||||
end
|
||||
else
|
||||
raise "The platform_family '#{node['platform_family']}' or platform '#{node['platform']}' is not supported by the postgresql_repository resource. If you believe this platform can/should be supported by this resource please file and issue or open a pull request at https://github.com/sous-chefs/postgresql"
|
||||
end
|
||||
end
|
||||
|
||||
action_class do
|
||||
include PostgresqlCookbook::Helpers
|
||||
end
|
|
@ -0,0 +1,52 @@
|
|||
# frozen_string_literal: true
|
||||
#
|
||||
# Cookbook:: postgresql
|
||||
# Resource:: server_conf
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
include PostgresqlCookbook::Helpers
|
||||
|
||||
property :version, String, default: '9.6'
|
||||
property :data_directory, String, default: lazy { data_dir }
|
||||
property :hba_file, String, default: lazy { "#{conf_dir}/pg_hba.conf" }
|
||||
property :ident_file, String, default: lazy { "#{conf_dir}/pg_ident.conf" }
|
||||
property :external_pid_file, String, default: lazy { "/var/run/postgresql/#{version}-main.pid" }
|
||||
property :stats_temp_directory, String, default: lazy { "/var/run/postgresql/#{version}-main.pg_stat_tmp" }
|
||||
property :port, Integer, default: 5432
|
||||
property :additional_config, Hash, default: {}
|
||||
property :cookbook, String, default: 'postgresql'
|
||||
|
||||
action :modify do
|
||||
template "#{conf_dir}/postgresql.conf" do
|
||||
cookbook new_resource.cookbook
|
||||
source 'postgresql.conf.erb'
|
||||
owner 'postgres'
|
||||
group 'postgres'
|
||||
mode '0644'
|
||||
variables(
|
||||
data_dir: new_resource.data_directory,
|
||||
hba_file: new_resource.hba_file,
|
||||
ident_file: new_resource.ident_file,
|
||||
external_pid_file: new_resource.external_pid_file,
|
||||
stats_temp_directory: new_resource.stats_temp_directory,
|
||||
port: new_resource.port,
|
||||
additional_config: new_resource.additional_config
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
action_class do
|
||||
include PostgresqlCookbook::Helpers
|
||||
end
|
|
@ -0,0 +1,76 @@
|
|||
# frozen_string_literal: true
|
||||
#
|
||||
# Cookbook:: postgresql
|
||||
# Resource:: server_install
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
include PostgresqlCookbook::Helpers
|
||||
|
||||
property :version, String, default: '9.6'
|
||||
property :setup_repo, [true, false], default: true
|
||||
property :hba_file, String, default: lazy { "#{conf_dir}/main/pg_hba.conf" }
|
||||
property :ident_file, String, default: lazy { "#{conf_dir}/main/pg_ident.conf" }
|
||||
property :external_pid_file, String, default: lazy { "/var/run/postgresql/#{version}-main.pid" }
|
||||
property :password, [String, nil], default: 'generate' # Set to nil if we do not want to set a password
|
||||
property :port, Integer, default: 5432
|
||||
property :initdb_locale, String
|
||||
|
||||
# Connection preferences
|
||||
property :user, String, default: 'postgres'
|
||||
property :database, String
|
||||
property :host, [String, nil]
|
||||
|
||||
action :install do
|
||||
node.run_state['postgresql'] ||= {}
|
||||
node.run_state['postgresql']['version'] = new_resource.version
|
||||
|
||||
postgresql_client_install 'Install PostgreSQL Client' do
|
||||
version new_resource.version
|
||||
setup_repo new_resource.setup_repo
|
||||
end
|
||||
|
||||
package server_pkg_name
|
||||
end
|
||||
|
||||
action :create do
|
||||
execute 'init_db' do
|
||||
command rhel_init_db_command(new_resource)
|
||||
user new_resource.user
|
||||
not_if { initialized? }
|
||||
only_if { platform_family?('rhel', 'fedora', 'amazon') }
|
||||
end
|
||||
|
||||
# We use to use find_resource here.
|
||||
# But that required the user to do the same in their recipe.
|
||||
# This also seemed to never trigger notifications, therefore requiring a log resource
|
||||
# to notify the enable/start on the service, which always fires (Check v7.0 tag for more)
|
||||
service 'postgresql' do
|
||||
service_name platform_service_name
|
||||
supports restart: true, status: true, reload: true
|
||||
action [:enable, :start]
|
||||
end
|
||||
|
||||
# Generate a random password or set it as per new_resource.password.
|
||||
bash 'generate-postgres-password' do
|
||||
user 'postgres'
|
||||
code alter_role_sql(new_resource)
|
||||
not_if { user_has_password?(new_resource) }
|
||||
not_if { new_resource.password.nil? }
|
||||
end
|
||||
end
|
||||
|
||||
action_class do
|
||||
include PostgresqlCookbook::Helpers
|
||||
end
|
|
@ -0,0 +1,87 @@
|
|||
#
|
||||
# Cookbook:: postgresql
|
||||
# Resource:: user
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
property :create_user, String, name_property: true
|
||||
property :superuser, [true, false], default: false
|
||||
property :createdb, [true, false], default: false
|
||||
property :createrole, [true, false], default: false
|
||||
property :inherit, [true, false], default: true
|
||||
property :replication, [true, false], default: false
|
||||
property :login, [true, false], default: true
|
||||
property :password, String
|
||||
property :encrypted_password, String
|
||||
property :valid_until, String
|
||||
property :attributes, Hash, default: {}
|
||||
|
||||
# Connection prefernces
|
||||
property :user, String, default: 'postgres'
|
||||
property :database, String
|
||||
property :host, String
|
||||
property :port, Integer, default: 5432
|
||||
|
||||
action :create do
|
||||
Chef::Log.warn('You cannot use "attributes" property with create action.') unless new_resource.attributes.empty?
|
||||
|
||||
execute "create postgresql user #{new_resource.create_user}" do # ~FC009
|
||||
user 'postgres'
|
||||
command create_user_sql(new_resource)
|
||||
sensitive new_resource.sensitive
|
||||
not_if { follower? || user_exists?(new_resource) }
|
||||
end
|
||||
end
|
||||
|
||||
action :update do
|
||||
if new_resource.attributes.empty?
|
||||
execute "update postgresql user #{new_resource.create_user}" do
|
||||
user 'postgres'
|
||||
command update_user_sql(new_resource)
|
||||
sensitive true
|
||||
not_if { follower? }
|
||||
only_if { user_exists?(new_resource) }
|
||||
end
|
||||
else
|
||||
new_resource.attributes.each do |attr, value|
|
||||
v = if value.is_a?(TrueClass) || value.is_a?(FalseClass)
|
||||
value.to_s
|
||||
else
|
||||
"'#{value}'"
|
||||
end
|
||||
|
||||
execute "Update postgresql user #{new_resource.create_user} to set #{attr}" do
|
||||
user 'postgres'
|
||||
command update_user_with_attributes_sql(new_resource, v)
|
||||
sensitive true
|
||||
not_if { follower? }
|
||||
only_if { user_exists?(new_resource) }
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
action :drop do
|
||||
execute "drop postgresql user #{new_resource.create_user}" do
|
||||
user 'postgres'
|
||||
command drop_user_sql(new_resource)
|
||||
sensitive true
|
||||
not_if { follower? }
|
||||
only_if { user_exists?(new_resource) }
|
||||
end
|
||||
end
|
||||
|
||||
action_class do
|
||||
include PostgresqlCookbook::Helpers
|
||||
end
|
|
@ -1,35 +0,0 @@
|
|||
# This file was automatically generated and dropped off by Chef!
|
||||
|
||||
# PostgreSQL Client Authentication Configuration File
|
||||
# ===================================================
|
||||
#
|
||||
# Refer to the "Client Authentication" section in the PostgreSQL
|
||||
# documentation for a complete description of this file.
|
||||
|
||||
<% if node['postgresql']['version'].to_f < 9.1 -%>
|
||||
# TYPE DATABASE USER CIDR-ADDRESS METHOD
|
||||
<% elsif node['postgresql']['version'].to_f >= 9.1 -%>
|
||||
# TYPE DATABASE USER ADDRESS METHOD
|
||||
<% end -%>
|
||||
|
||||
###########
|
||||
# Other authentication configurations taken from chef node defaults:
|
||||
###########
|
||||
<% node['postgresql']['pg_hba'].each do |auth| -%>
|
||||
|
||||
<% if auth[:comment] %>
|
||||
# <%= auth[:comment] %>
|
||||
<% end %>
|
||||
<% if auth[:addr] %>
|
||||
<%= auth[:type].ljust(7) %> <%= auth[:db].ljust(15) %> <%= auth[:user].ljust(15) %> <%= auth[:addr].ljust(23) %> <%= auth[:method] %>
|
||||
<% else %>
|
||||
<%= auth[:type].ljust(7) %> <%= auth[:db].ljust(15) %> <%= auth[:user].ljust(15) %> <%= auth[:method] %>
|
||||
<% end %>
|
||||
<% end %>
|
||||
|
||||
# "local" is for Unix domain socket connections only
|
||||
<% if node['postgresql']['version'].to_f < 9.1 -%>
|
||||
local all all ident
|
||||
<% elsif node['postgresql']['version'].to_f >= 9.1 -%>
|
||||
local all all peer
|
||||
<% end -%>
|
|
@ -1,4 +0,0 @@
|
|||
PGDATA=<%= node['postgresql']['dir'] %>
|
||||
<% if node['postgresql']['config'].attribute?("port") -%>
|
||||
PGPORT=<%= node['postgresql']['config']['port'] %>
|
||||
<% end -%>
|
|
@ -1,10 +0,0 @@
|
|||
[Service]
|
||||
<% if node['postgresql']['use_pgdg_packages'] %>
|
||||
.include /usr/lib/systemd/system/postgresql-<%= node['postgresql']['version'] %>.service
|
||||
<% else %>
|
||||
.include /usr/lib/systemd/system/postgresql.service
|
||||
<% end %>
|
||||
|
||||
Environment=
|
||||
Environment=PGPORT=<%= node['postgresql']['config']['port'] %>
|
||||
Environment=PGDATA=<%= node['postgresql']['config']['data_directory'] %>
|
|
@ -0,0 +1,33 @@
|
|||
# This file was automatically generated and dropped off by Chef!
|
||||
|
||||
# PostgreSQL Client Authentication Configuration File
|
||||
# ===================================================
|
||||
#
|
||||
# Refer to the "Client Authentication" section in the PostgreSQL
|
||||
# documentation for a complete description of this file.
|
||||
|
||||
local all postgres peer
|
||||
|
||||
# TYPE DATABASE USER ADDRESS METHOD
|
||||
|
||||
# "local" is for Unix domain socket connections only
|
||||
local all all peer
|
||||
# IPv4 local connections:
|
||||
host all all 127.0.0.1/32 md5
|
||||
# IPv6 local connections:
|
||||
host all all ::1/128 md5
|
||||
|
||||
###########
|
||||
# From the postgresql_access resources
|
||||
###########
|
||||
<% @pg_hba.each do |k,v| -%>
|
||||
# <%= k %>
|
||||
<% if v[:comment] -%>
|
||||
# <%= v[:comment] %>
|
||||
<% end -%>
|
||||
<% if v[:addr] %>
|
||||
<%= v[:type].ljust(7) %> <%= v[:db].ljust(15) %> <%= v[:user].ljust(15) %> <%= v[:addr].ljust(23) %> <%= v[:method] %>
|
||||
<% else %>
|
||||
<%= v[:type].ljust(7) %> <%= v[:db].ljust(15) %> <%= v[:user].ljust(15) %> <%= v[:method] %>
|
||||
<% end %>
|
||||
<% end %>
|
|
@ -0,0 +1,49 @@
|
|||
# PostgreSQL User Name Maps
|
||||
# =========================
|
||||
#
|
||||
# Refer to the PostgreSQL documentation, chapter "Client
|
||||
# Authentication" for a complete description. A short synopsis
|
||||
# follows.
|
||||
#
|
||||
# This file controls PostgreSQL user name mapping. It maps external
|
||||
# user names to their corresponding PostgreSQL user names. Records
|
||||
# are of the form:
|
||||
#
|
||||
# MAPNAME SYSTEM-USERNAME PG-USERNAME
|
||||
#
|
||||
# (The uppercase quantities must be replaced by actual values.)
|
||||
#
|
||||
# MAPNAME is the (otherwise freely chosen) map name that was used in
|
||||
# pg_hba.conf. SYSTEM-USERNAME is the detected user name of the
|
||||
# client. PG-USERNAME is the requested PostgreSQL user name. The
|
||||
# existence of a record specifies that SYSTEM-USERNAME may connect as
|
||||
# PG-USERNAME.
|
||||
#
|
||||
# If SYSTEM-USERNAME starts with a slash (/), it will be treated as a
|
||||
# regular expression. Optionally this can contain a capture (a
|
||||
# parenthesized subexpression). The substring matching the capture
|
||||
# will be substituted for \1 (backslash-one) if present in
|
||||
# PG-USERNAME.
|
||||
#
|
||||
# Multiple maps may be specified in this file and used by pg_hba.conf.
|
||||
#
|
||||
# No map names are defined in the default configuration. If all
|
||||
# system user names and PostgreSQL user names are the same, you don't
|
||||
# need anything in this file.
|
||||
#
|
||||
# This file is read on server startup and when the postmaster receives
|
||||
# a SIGHUP signal. If you edit the file on a running system, you have
|
||||
# to SIGHUP the postmaster for the changes to take effect. You can
|
||||
# use "pg_ctl reload" to do that.
|
||||
|
||||
# Put your actual configuration here
|
||||
# ----------------------------------
|
||||
|
||||
# MAPNAME SYSTEM-USERNAME PG-USERNAME
|
||||
<% @pg_ident.each do |k,v| -%>
|
||||
<% if v[:comment] -%>
|
||||
|
||||
# <%= v[:comment] %>
|
||||
<% end -%>
|
||||
<%= v[:mapname].ljust(15) %> <%= v[:system_user].ljust(23) %> <%= v[:pg_user].ljust(15) %>
|
||||
<% end %>
|
|
@ -0,0 +1,2 @@
|
|||
PGDATA=<%= @postgresql_dir %>
|
||||
PGPORT=<%= @port %>
|
|
@ -3,9 +3,14 @@
|
|||
# Please refer to the PostgreSQL documentation for details on
|
||||
# configuration settings.
|
||||
|
||||
<% node['postgresql']['config'].sort.each do |key, value| %>
|
||||
data_directory = '<%= @data_dir %>'
|
||||
hba_file = '<%= @hba_file %>'
|
||||
ident_file = '<%= @ident_file %>'
|
||||
external_pid_file = '<%= @external_pid_file %>'
|
||||
stats_temp_directory = '<%= @stats_temp_directory %>'
|
||||
port = <%= @port %>
|
||||
<% @additional_config.sort.each do |key, value| %>
|
||||
<% next if value.nil? -%>
|
||||
<% next if node['postgresql']['version'].to_f < 9.2 && /ssl_.*._file/.match(key) -%>
|
||||
<%= key %> = <%=
|
||||
case value
|
||||
when String
|
|
@ -0,0 +1,6 @@
|
|||
[Service]
|
||||
.include /usr/lib/systemd/system/<%= @svc_name %>.service
|
||||
|
||||
Environment=
|
||||
Environment=PGPORT=<%= @port %>
|
||||
Environment=PGDATA=<%= @data_dir %>
|
|
@ -0,0 +1,17 @@
|
|||
{
|
||||
"id": "postgresql",
|
||||
"ejabberd_user_password": {
|
||||
"encrypted_data": "S/vdx+qZ4FWtbM29yDRoIgjvFORoArJVlanPm/el1nCM0se0pnxw\n",
|
||||
"iv": "ARRo7yYYb7fve7Fv\n",
|
||||
"auth_tag": "q7AGIahxB50jHjD+/9po0g==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"server_password": {
|
||||
"encrypted_data": "guWsuw7EqHQGMawW9P77Q12P8tUslpXE3AwRbobJlaTClVU08kcz\n",
|
||||
"iv": "ELRNrSW+zKYfL/eb\n",
|
||||
"auth_tag": "zayCIjABap1NsOewJDzapA==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
}
|
||||
}
|
|
@ -2,8 +2,17 @@
|
|||
"run_list": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::andromeda_firewall",
|
||||
"role[ipfs_cluster_with_tls]"
|
||||
"role[ipfs_cluster_with_tls]",
|
||||
"kosmos-postgresql",
|
||||
"kosmos-ejabberd::backup"
|
||||
],
|
||||
"normal": {
|
||||
"postgresql": {
|
||||
"password": {
|
||||
"postgres": "iezah7ochae9uizu1Isha2Chuok8ra"
|
||||
}
|
||||
}
|
||||
},
|
||||
"automatic": {
|
||||
"ipaddress": "andromeda.kosmos.org"
|
||||
}
|
||||
|
|
|
@ -1,41 +1,41 @@
|
|||
# Directory where backup config and models are stored
|
||||
set_unless["backup"]["dir"] = "/usr/local/lib/backup"
|
||||
default["backup"]["dir"] = "/usr/local/lib/backup"
|
||||
|
||||
# Use default backup model?
|
||||
set_unless["backup"]["default_model"] = true
|
||||
default["backup"]["default_model"] = true
|
||||
|
||||
# Compression default settings
|
||||
set_unless["backup"]["compression"]["best"] = true
|
||||
set_unless["backup"]["compression"]["fast"] = false
|
||||
default["backup"]["compression"]["best"] = true
|
||||
default["backup"]["compression"]["fast"] = false
|
||||
|
||||
default['backup']['user'] = 'backup'
|
||||
|
||||
# Archive default settings
|
||||
set_unless["backup"]["archives"] = {}
|
||||
default["backup"]["archives"] = {}
|
||||
|
||||
# MongoDB default settings
|
||||
if node["mongodb"]
|
||||
set_unless["backup"]["mongodb"]["databases"] = []
|
||||
set_unless["backup"]["mongodb"]["host"] = "localhost"
|
||||
set_unless["backup"]["mongodb"]["ipv6"] = false
|
||||
set_unless["backup"]["mongodb"]["lock"] = false
|
||||
default["backup"]["mongodb"]["databases"] = []
|
||||
default["backup"]["mongodb"]["host"] = "localhost"
|
||||
default["backup"]["mongodb"]["ipv6"] = false
|
||||
default["backup"]["mongodb"]["lock"] = false
|
||||
end
|
||||
|
||||
# MySQL default settings
|
||||
set_unless["backup"]["mysql"]["databases"] = []
|
||||
set_unless["backup"]["mysql"]["username"] = "root"
|
||||
set_unless["backup"]["mysql"]["host"] = "localhost"
|
||||
default["backup"]["mysql"]["databases"] = []
|
||||
default["backup"]["mysql"]["username"] = "root"
|
||||
default["backup"]["mysql"]["host"] = "localhost"
|
||||
|
||||
# PostgreSQL default settings
|
||||
set_unless["backup"]["postgresql"]["databases"] = []
|
||||
set_unless["backup"]["postgresql"]["host"] = "localhost"
|
||||
set_unless["backup"]["postgresql"]["port"] = 5432
|
||||
default["backup"]["postgresql"]["databases"] = []
|
||||
default["backup"]["postgresql"]["host"] = "localhost"
|
||||
default["backup"]["postgresql"]["port"] = 5432
|
||||
|
||||
# Redis default settings
|
||||
set_unless["backup"]["redis"]["databases"] = []
|
||||
set_unless["backup"]["redis"]["host"] = "localhost"
|
||||
set_unless["backup"]["redis"]["invoke_save"] = false
|
||||
set_unless["backup"]["redis"]["dump_dir"] = "/var/lib/redis"
|
||||
default["backup"]["redis"]["databases"] = []
|
||||
default["backup"]["redis"]["host"] = "localhost"
|
||||
default["backup"]["redis"]["invoke_save"] = false
|
||||
default["backup"]["redis"]["dump_dir"] = "/var/lib/redis"
|
||||
|
||||
default['backup']['orbit']['keep'] = 10
|
||||
default['backup']['cron']['hour'] = "05"
|
||||
|
|
|
@ -8,3 +8,5 @@ name "backup"
|
|||
|
||||
depends 'logrotate'
|
||||
depends 'mysql'
|
||||
depends 'postgresql'
|
||||
depends 'build-essential'
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# encoding: utf-8
|
||||
|
||||
##
|
||||
# Backup v4.x Configuration
|
||||
# Backup v5.x Configuration
|
||||
#
|
||||
# Documentation: http://backup.github.io/backup
|
||||
# Issue Tracker: https://github.com/backup/backup/issues
|
||||
|
@ -56,8 +56,8 @@ end
|
|||
|
||||
<%- if node["backup"]["postgresql"] -%>
|
||||
Database::PostgreSQL.defaults do |db|
|
||||
db.username = "<%= node["backup"]["postgresql"]["username"] %>"
|
||||
db.password = "<%= node["backup"]["postgresql"]["password"] %>"
|
||||
db.username = "postgres"
|
||||
db.password = "<%= node['postgresql']['password']['postgres'] %>"
|
||||
db.host = "<%= node["backup"]["postgresql"]["host"] %>"
|
||||
db.port = "<%= node["backup"]["postgresql"]["port"] %>"
|
||||
# db.socket = "/var/run/postgresql/.s.PGSQL.5432"
|
||||
|
|
|
@ -29,11 +29,13 @@ else
|
|||
end
|
||||
end
|
||||
|
||||
directory "/etc/letsencrypt/renewal-hooks" do
|
||||
recursive true
|
||||
mode 0755
|
||||
owner "root"
|
||||
group "root"
|
||||
["deploy", "post", "pre"].each do |subdir|
|
||||
directory "/etc/letsencrypt/renewal-hooks/#{subdir}" do
|
||||
recursive true
|
||||
mode 0755
|
||||
owner "root"
|
||||
group "root"
|
||||
end
|
||||
end
|
||||
|
||||
file "/etc/letsencrypt/renewal-hooks/deploy/nginx" do
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
remote_file = "https://raw.githubusercontent.com/chef-cookbooks/community_cookbook_tools/master/delivery/project.toml"
|
|
@ -0,0 +1,22 @@
|
|||
.vagrant
|
||||
*~
|
||||
*#
|
||||
.#*
|
||||
\#*#
|
||||
.*.sw[a-z]
|
||||
*.un~
|
||||
|
||||
# Bundler
|
||||
Gemfile.lock
|
||||
gems.locked
|
||||
bin/*
|
||||
.bundle/*
|
||||
|
||||
# test kitchen
|
||||
.kitchen/
|
||||
.kitchen.local.yml
|
||||
|
||||
# Chef
|
||||
Berksfile.lock
|
||||
.zero-knife.rb
|
||||
Policyfile.lock.json
|
|
@ -0,0 +1,23 @@
|
|||
---
|
||||
driver:
|
||||
name: vagrant
|
||||
|
||||
provisioner:
|
||||
name: chef_zero
|
||||
# You may wish to disable always updating cookbooks in CI or other testing environments.
|
||||
# For example:
|
||||
# always_update_cookbooks: <%= !ENV['CI'] %>
|
||||
always_update_cookbooks: true
|
||||
|
||||
verifier:
|
||||
name: inspec
|
||||
|
||||
platforms:
|
||||
- name: ubuntu-16.04
|
||||
- name: ubuntu-18.04
|
||||
|
||||
suites:
|
||||
- name: default
|
||||
run_list:
|
||||
- recipe[kosmos-ejabberd::default]
|
||||
attributes:
|
|
@ -0,0 +1,6 @@
|
|||
# frozen_string_literal: true
|
||||
source 'https://supermarket.chef.io'
|
||||
source chef_repo: ".."
|
||||
|
||||
cookbook "kosmos-postgresql", path: "../kosmos-postgresql"
|
||||
metadata
|
|
@ -0,0 +1,11 @@
|
|||
# kosmos-ejabberd CHANGELOG
|
||||
|
||||
This file is used to list changes made in each version of the kosmos-ejabberd cookbook.
|
||||
|
||||
# 0.1.0
|
||||
|
||||
Initial release.
|
||||
|
||||
- change 0
|
||||
- change 1
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
Copyright 2019 Kosmos
|
||||
|
||||
All rights reserved, do not redistribute.
|
|
@ -0,0 +1,4 @@
|
|||
# kosmos-ejabberd
|
||||
|
||||
Sets up ejabberd with vhosts for kosmos.org (public server) and 5apps.com
|
||||
(private server).
|
|
@ -0,0 +1,2 @@
|
|||
node.default["kosmos-ejabberd"]["version"] = "19.02"
|
||||
node.default["kosmos-ejabberd"]["checksum"] = "aea550c58e61eab04ca9beb8896d8b04f4a79321c21dee160a67ad6787236f51"
|
|
@ -0,0 +1,104 @@
|
|||
# Put files/directories that should be ignored in this file when uploading
|
||||
# to a chef-server or supermarket.
|
||||
# Lines that start with '# ' are comments.
|
||||
|
||||
# OS generated files #
|
||||
######################
|
||||
.DS_Store
|
||||
Icon?
|
||||
nohup.out
|
||||
ehthumbs.db
|
||||
Thumbs.db
|
||||
|
||||
# SASS #
|
||||
########
|
||||
.sass-cache
|
||||
|
||||
# EDITORS #
|
||||
###########
|
||||
\#*
|
||||
.#*
|
||||
*~
|
||||
*.sw[a-z]
|
||||
*.bak
|
||||
REVISION
|
||||
TAGS*
|
||||
tmtags
|
||||
*_flymake.*
|
||||
*_flymake
|
||||
*.tmproj
|
||||
.project
|
||||
.settings
|
||||
mkmf.log
|
||||
|
||||
## COMPILED ##
|
||||
##############
|
||||
a.out
|
||||
*.o
|
||||
*.pyc
|
||||
*.so
|
||||
*.com
|
||||
*.class
|
||||
*.dll
|
||||
*.exe
|
||||
*/rdoc/
|
||||
|
||||
# Testing #
|
||||
###########
|
||||
.watchr
|
||||
.rspec
|
||||
spec/*
|
||||
spec/fixtures/*
|
||||
test/*
|
||||
features/*
|
||||
examples/*
|
||||
Guardfile
|
||||
Procfile
|
||||
.kitchen*
|
||||
kitchen.yml*
|
||||
.rubocop.yml
|
||||
spec/*
|
||||
Rakefile
|
||||
.travis.yml
|
||||
.foodcritic
|
||||
.codeclimate.yml
|
||||
|
||||
# SCM #
|
||||
#######
|
||||
.git
|
||||
*/.git
|
||||
.gitignore
|
||||
.gitmodules
|
||||
.gitconfig
|
||||
.gitattributes
|
||||
.svn
|
||||
*/.bzr/*
|
||||
*/.hg/*
|
||||
*/.svn/*
|
||||
|
||||
# Berkshelf #
|
||||
#############
|
||||
Berksfile
|
||||
Berksfile.lock
|
||||
cookbooks/*
|
||||
tmp
|
||||
|
||||
# Bundler #
|
||||
###########
|
||||
vendor/*
|
||||
|
||||
# Policyfile #
|
||||
##############
|
||||
Policyfile.rb
|
||||
Policyfile.lock.json
|
||||
|
||||
# Cookbooks #
|
||||
#############
|
||||
CONTRIBUTING*
|
||||
CHANGELOG*
|
||||
TESTING*
|
||||
|
||||
# Vagrant #
|
||||
###########
|
||||
.vagrant
|
||||
Vagrantfile
|
|
@ -0,0 +1,644 @@
|
|||
--
|
||||
-- ejabberd, Copyright (C) 2002-2019 ProcessOne
|
||||
--
|
||||
-- This program is free software; you can redistribute it and/or
|
||||
-- modify it under the terms of the GNU General Public License as
|
||||
-- published by the Free Software Foundation; either version 2 of the
|
||||
-- License, or (at your option) any later version.
|
||||
--
|
||||
-- This program is distributed in the hope that it will be useful,
|
||||
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
-- General Public License for more details.
|
||||
--
|
||||
-- You should have received a copy of the GNU General Public License along
|
||||
-- with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
-- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
--
|
||||
|
||||
-- To update from the old schema, replace <HOST> with the host's domain:
|
||||
|
||||
-- ALTER TABLE users ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
|
||||
-- ALTER TABLE users DROP CONSTRAINT users_pkey;
|
||||
-- ALTER TABLE users ADD PRIMARY KEY (server_host, username);
|
||||
-- ALTER TABLE users ALTER COLUMN server_host DROP DEFAULT;
|
||||
|
||||
-- ALTER TABLE last ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
|
||||
-- ALTER TABLE last DROP CONSTRAINT last_pkey;
|
||||
-- ALTER TABLE last ADD PRIMARY KEY (server_host, username);
|
||||
-- ALTER TABLE last ALTER COLUMN server_host DROP DEFAULT;
|
||||
|
||||
-- ALTER TABLE rosterusers ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
|
||||
-- DROP INDEX i_rosteru_user_jid;
|
||||
-- DROP INDEX i_rosteru_username;
|
||||
-- DROP INDEX i_rosteru_jid;
|
||||
-- CREATE UNIQUE INDEX i_rosteru_sh_user_jid ON rosterusers USING btree (server_host, username, jid);
|
||||
-- CREATE INDEX i_rosteru_sh_username ON rosterusers USING btree (server_host, username);
|
||||
-- CREATE INDEX i_rosteru_sh_jid ON rosterusers USING btree (server_host, jid);
|
||||
-- ALTER TABLE rosterusers ALTER COLUMN server_host DROP DEFAULT;
|
||||
|
||||
-- ALTER TABLE rostergroups ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
|
||||
-- DROP INDEX pk_rosterg_user_jid;
|
||||
-- CREATE INDEX i_rosterg_sh_user_jid ON rostergroups USING btree (server_host, username, jid);
|
||||
-- ALTER TABLE rostergroups ALTER COLUMN server_host DROP DEFAULT;
|
||||
|
||||
-- ALTER TABLE sr_group ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
|
||||
-- ALTER TABLE sr_group ADD PRIMARY KEY (server_host, name);
|
||||
-- ALTER TABLE sr_group ALTER COLUMN server_host DROP DEFAULT;
|
||||
|
||||
-- ALTER TABLE sr_user ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
|
||||
-- DROP INDEX i_sr_user_jid_grp;
|
||||
-- DROP INDEX i_sr_user_jid;
|
||||
-- DROP INDEX i_sr_user_grp;
|
||||
-- ALTER TABLE sr_user ADD PRIMARY KEY (server_host, jid, grp);
|
||||
-- CREATE INDEX i_sr_user_sh_jid ON sr_user USING btree (server_host, jid);
|
||||
-- CREATE INDEX i_sr_user_sh_grp ON sr_user USING btree (server_host, grp);
|
||||
-- ALTER TABLE sr_user ALTER COLUMN server_host DROP DEFAULT;
|
||||
|
||||
-- ALTER TABLE spool ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
|
||||
-- DROP INDEX i_despool;
|
||||
-- CREATE INDEX i_spool_sh_username ON spool USING btree (server_host, username);
|
||||
-- ALTER TABLE spool ALTER COLUMN server_host DROP DEFAULT;
|
||||
|
||||
-- ALTER TABLE archive ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
|
||||
-- DROP INDEX i_username_timestamp;
|
||||
-- DROP INDEX i_username_peer;
|
||||
-- DROP INDEX i_username_bare_peer;
|
||||
-- DROP INDEX i_timestamp;
|
||||
-- CREATE INDEX i_archive_sh_username_timestamp ON archive USING btree (server_host, username, timestamp);
|
||||
-- CREATE INDEX i_archive_sh_username_peer ON archive USING btree (server_host, username, peer);
|
||||
-- CREATE INDEX i_archive_sh_username_bare_peer ON archive USING btree (server_host, username, bare_peer);
|
||||
-- CREATE INDEX i_archive_sh_timestamp ON archive USING btree (server_host, timestamp);
|
||||
-- ALTER TABLE archive ALTER COLUMN server_host DROP DEFAULT;
|
||||
|
||||
-- ALTER TABLE archive_prefs ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
|
||||
-- ALTER TABLE archive_prefs DROP CONSTRAINT archive_prefs_pkey;
|
||||
-- ALTER TABLE archive_prefs ADD PRIMARY KEY (server_host, username);
|
||||
-- ALTER TABLE archive_prefs ALTER COLUMN server_host DROP DEFAULT;
|
||||
|
||||
-- ALTER TABLE vcard ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
|
||||
-- ALTER TABLE vcard DROP CONSTRAINT vcard_pkey;
|
||||
-- ALTER TABLE vcard ADD PRIMARY KEY (server_host, username);
|
||||
-- ALTER TABLE vcard ALTER COLUMN server_host DROP DEFAULT;
|
||||
|
||||
-- ALTER TABLE vcard_search ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
|
||||
-- ALTER TABLE vcard_search DROP CONSTRAINT vcard_search_pkey;
|
||||
-- DROP INDEX i_vcard_search_lfn;
|
||||
-- DROP INDEX i_vcard_search_lfamily;
|
||||
-- DROP INDEX i_vcard_search_lgiven;
|
||||
-- DROP INDEX i_vcard_search_lmiddle;
|
||||
-- DROP INDEX i_vcard_search_lnickname;
|
||||
-- DROP INDEX i_vcard_search_lbday;
|
||||
-- DROP INDEX i_vcard_search_lctry;
|
||||
-- DROP INDEX i_vcard_search_llocality;
|
||||
-- DROP INDEX i_vcard_search_lemail;
|
||||
-- DROP INDEX i_vcard_search_lorgname;
|
||||
-- DROP INDEX i_vcard_search_lorgunit;
|
||||
-- ALTER TABLE vcard_search ADD PRIMARY KEY (server_host, username);
|
||||
-- CREATE INDEX i_vcard_search_sh_lfn ON vcard_search(server_host, lfn);
|
||||
-- CREATE INDEX i_vcard_search_sh_lfamily ON vcard_search(server_host, lfamily);
|
||||
-- CREATE INDEX i_vcard_search_sh_lgiven ON vcard_search(server_host, lgiven);
|
||||
-- CREATE INDEX i_vcard_search_sh_lmiddle ON vcard_search(server_host, lmiddle);
|
||||
-- CREATE INDEX i_vcard_search_sh_lnickname ON vcard_search(server_host, lnickname);
|
||||
-- CREATE INDEX i_vcard_search_sh_lbday ON vcard_search(server_host, lbday);
|
||||
-- CREATE INDEX i_vcard_search_sh_lctry ON vcard_search(server_host, lctry);
|
||||
-- CREATE INDEX i_vcard_search_sh_llocality ON vcard_search(server_host, llocality);
|
||||
-- CREATE INDEX i_vcard_search_sh_lemail ON vcard_search(server_host, lemail);
|
||||
-- CREATE INDEX i_vcard_search_sh_lorgname ON vcard_search(server_host, lorgname);
|
||||
-- CREATE INDEX i_vcard_search_sh_lorgunit ON vcard_search(server_host, lorgunit);
|
||||
-- ALTER TABLE vcard_search ALTER COLUMN server_host DROP DEFAULT;
|
||||
|
||||
-- ALTER TABLE privacy_default_list ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
|
||||
-- ALTER TABLE privacy_default_list DROP CONSTRAINT privacy_default_list_pkey;
|
||||
-- ALTER TABLE privacy_default_list ADD PRIMARY KEY (server_host, username);
|
||||
-- ALTER TABLE privacy_default_list ALTER COLUMN server_host DROP DEFAULT;
|
||||
|
||||
-- ALTER TABLE privacy_list ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
|
||||
-- DROP INDEX i_privacy_list_username;
|
||||
-- DROP INDEX i_privacy_list_username_name;
|
||||
-- CREATE INDEX i_privacy_list_sh_username ON privacy_list USING btree (server_host, username);
|
||||
-- CREATE UNIQUE INDEX i_privacy_list_sh_username_name ON privacy_list USING btree (server_host, username, name);
|
||||
-- ALTER TABLE privacy_list ALTER COLUMN server_host DROP DEFAULT;
|
||||
|
||||
-- ALTER TABLE private_storage ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
|
||||
-- DROP INDEX i_private_storage_username;
|
||||
-- DROP INDEX i_private_storage_username_namespace;
|
||||
-- ALTER TABLE private_storage ADD PRIMARY KEY (server_host, username, namespace);
|
||||
-- CREATE INDEX i_private_storage_sh_username ON private_storage USING btree (server_host, username);
|
||||
-- ALTER TABLE private_storage ALTER COLUMN server_host DROP DEFAULT;
|
||||
|
||||
-- ALTER TABLE roster_version ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
|
||||
-- ALTER TABLE roster_version DROP CONSTRAINT roster_version_pkey;
|
||||
-- ALTER TABLE roster_version ADD PRIMARY KEY (server_host, username);
|
||||
-- ALTER TABLE roster_version ALTER COLUMN server_host DROP DEFAULT;
|
||||
|
||||
-- ALTER TABLE muc_room ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
|
||||
-- ALTER TABLE muc_room ALTER COLUMN server_host DROP DEFAULT;
|
||||
|
||||
-- ALTER TABLE muc_registered ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
|
||||
-- ALTER TABLE muc_registered ALTER COLUMN server_host DROP DEFAULT;
|
||||
|
||||
-- ALTER TABLE muc_online_room ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
|
||||
-- ALTER TABLE muc_online_room ALTER COLUMN server_host DROP DEFAULT;
|
||||
|
||||
-- ALTER TABLE muc_online_users ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
|
||||
-- ALTER TABLE muc_online_users ALTER COLUMN server_host DROP DEFAULT;
|
||||
|
||||
-- ALTER TABLE motd ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
|
||||
-- ALTER TABLE motd DROP CONSTRAINT motd_pkey;
|
||||
-- ALTER TABLE motd ADD PRIMARY KEY (server_host, username);
|
||||
-- ALTER TABLE motd ALTER COLUMN server_host DROP DEFAULT;
|
||||
|
||||
-- ALTER TABLE sm ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
|
||||
-- DROP INDEX i_sm_sid;
|
||||
-- DROP INDEX i_sm_username;
|
||||
-- ALTER TABLE sm ADD PRIMARY KEY (usec, pid);
|
||||
-- CREATE INDEX i_sm_sh_username ON sm USING btree (server_host, username);
|
||||
-- ALTER TABLE sm ALTER COLUMN server_host DROP DEFAULT;
|
||||
|
||||
|
||||
CREATE TABLE users (
|
||||
username text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
"password" text NOT NULL,
|
||||
serverkey text NOT NULL DEFAULT '',
|
||||
salt text NOT NULL DEFAULT '',
|
||||
iterationcount integer NOT NULL DEFAULT 0,
|
||||
created_at TIMESTAMP NOT NULL DEFAULT now(),
|
||||
PRIMARY KEY (server_host, username)
|
||||
);
|
||||
|
||||
-- Add support for SCRAM auth to a database created before ejabberd 16.03:
|
||||
-- ALTER TABLE users ADD COLUMN serverkey text NOT NULL DEFAULT '';
|
||||
-- ALTER TABLE users ADD COLUMN salt text NOT NULL DEFAULT '';
|
||||
-- ALTER TABLE users ADD COLUMN iterationcount integer NOT NULL DEFAULT 0;
|
||||
|
||||
CREATE TABLE last (
|
||||
username text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
seconds text NOT NULL,
|
||||
state text NOT NULL,
|
||||
PRIMARY KEY (server_host, username)
|
||||
);
|
||||
|
||||
|
||||
CREATE TABLE rosterusers (
|
||||
username text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
jid text NOT NULL,
|
||||
nick text NOT NULL,
|
||||
subscription character(1) NOT NULL,
|
||||
ask character(1) NOT NULL,
|
||||
askmessage text NOT NULL,
|
||||
server character(1) NOT NULL,
|
||||
subscribe text NOT NULL,
|
||||
"type" text,
|
||||
created_at TIMESTAMP NOT NULL DEFAULT now()
|
||||
);
|
||||
|
||||
CREATE UNIQUE INDEX i_rosteru_sh_user_jid ON rosterusers USING btree (server_host, username, jid);
|
||||
CREATE INDEX i_rosteru_sh_username ON rosterusers USING btree (server_host, username);
|
||||
CREATE INDEX i_rosteru_sh_jid ON rosterusers USING btree (server_host, jid);
|
||||
|
||||
|
||||
CREATE TABLE rostergroups (
|
||||
username text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
jid text NOT NULL,
|
||||
grp text NOT NULL
|
||||
);
|
||||
|
||||
CREATE INDEX i_rosterg_sh_user_jid ON rostergroups USING btree (server_host, username, jid);
|
||||
|
||||
CREATE TABLE sr_group (
|
||||
name text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
opts text NOT NULL,
|
||||
created_at TIMESTAMP NOT NULL DEFAULT now(),
|
||||
PRIMARY KEY (server_host, name)
|
||||
);
|
||||
|
||||
CREATE TABLE sr_user (
|
||||
jid text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
grp text NOT NULL,
|
||||
created_at TIMESTAMP NOT NULL DEFAULT now(),
|
||||
PRIMARY KEY (server_host, jid, grp)
|
||||
);
|
||||
|
||||
CREATE INDEX i_sr_user_sh_jid ON sr_user USING btree (server_host, jid);
|
||||
CREATE INDEX i_sr_user_sh_grp ON sr_user USING btree (server_host, grp);
|
||||
|
||||
CREATE TABLE spool (
|
||||
username text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
xml text NOT NULL,
|
||||
seq SERIAL,
|
||||
created_at TIMESTAMP NOT NULL DEFAULT now()
|
||||
);
|
||||
|
||||
CREATE INDEX i_spool_sh_username ON spool USING btree (server_host, username);
|
||||
|
||||
CREATE TABLE archive (
|
||||
username text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
timestamp BIGINT NOT NULL,
|
||||
peer text NOT NULL,
|
||||
bare_peer text NOT NULL,
|
||||
xml text NOT NULL,
|
||||
txt text,
|
||||
id SERIAL,
|
||||
kind text,
|
||||
nick text,
|
||||
created_at TIMESTAMP NOT NULL DEFAULT now()
|
||||
);
|
||||
|
||||
CREATE INDEX i_archive_sh_username_timestamp ON archive USING btree (server_host, username, timestamp);
|
||||
CREATE INDEX i_archive_sh_username_peer ON archive USING btree (server_host, username, peer);
|
||||
CREATE INDEX i_archive_sh_username_bare_peer ON archive USING btree (server_host, username, bare_peer);
|
||||
CREATE INDEX i_archive_sh_timestamp ON archive USING btree (server_host, timestamp);
|
||||
|
||||
CREATE TABLE archive_prefs (
|
||||
username text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
def text NOT NULL,
|
||||
always text NOT NULL,
|
||||
never text NOT NULL,
|
||||
created_at TIMESTAMP NOT NULL DEFAULT now(),
|
||||
PRIMARY KEY (server_host, username)
|
||||
);
|
||||
|
||||
CREATE TABLE vcard (
|
||||
username text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
vcard text NOT NULL,
|
||||
created_at TIMESTAMP NOT NULL DEFAULT now(),
|
||||
PRIMARY KEY (server_host, username)
|
||||
);
|
||||
|
||||
CREATE TABLE vcard_search (
|
||||
username text NOT NULL,
|
||||
lusername text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
fn text NOT NULL,
|
||||
lfn text NOT NULL,
|
||||
family text NOT NULL,
|
||||
lfamily text NOT NULL,
|
||||
given text NOT NULL,
|
||||
lgiven text NOT NULL,
|
||||
middle text NOT NULL,
|
||||
lmiddle text NOT NULL,
|
||||
nickname text NOT NULL,
|
||||
lnickname text NOT NULL,
|
||||
bday text NOT NULL,
|
||||
lbday text NOT NULL,
|
||||
ctry text NOT NULL,
|
||||
lctry text NOT NULL,
|
||||
locality text NOT NULL,
|
||||
llocality text NOT NULL,
|
||||
email text NOT NULL,
|
||||
lemail text NOT NULL,
|
||||
orgname text NOT NULL,
|
||||
lorgname text NOT NULL,
|
||||
orgunit text NOT NULL,
|
||||
lorgunit text NOT NULL,
|
||||
PRIMARY KEY (server_host, username)
|
||||
);
|
||||
|
||||
CREATE INDEX i_vcard_search_sh_lfn ON vcard_search(server_host, lfn);
|
||||
CREATE INDEX i_vcard_search_sh_lfamily ON vcard_search(server_host, lfamily);
|
||||
CREATE INDEX i_vcard_search_sh_lgiven ON vcard_search(server_host, lgiven);
|
||||
CREATE INDEX i_vcard_search_sh_lmiddle ON vcard_search(server_host, lmiddle);
|
||||
CREATE INDEX i_vcard_search_sh_lnickname ON vcard_search(server_host, lnickname);
|
||||
CREATE INDEX i_vcard_search_sh_lbday ON vcard_search(server_host, lbday);
|
||||
CREATE INDEX i_vcard_search_sh_lctry ON vcard_search(server_host, lctry);
|
||||
CREATE INDEX i_vcard_search_sh_llocality ON vcard_search(server_host, llocality);
|
||||
CREATE INDEX i_vcard_search_sh_lemail ON vcard_search(server_host, lemail);
|
||||
CREATE INDEX i_vcard_search_sh_lorgname ON vcard_search(server_host, lorgname);
|
||||
CREATE INDEX i_vcard_search_sh_lorgunit ON vcard_search(server_host, lorgunit);
|
||||
|
||||
CREATE TABLE privacy_default_list (
|
||||
username text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
name text NOT NULL,
|
||||
PRIMARY KEY (server_host, username)
|
||||
);
|
||||
|
||||
CREATE TABLE privacy_list (
|
||||
username text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
name text NOT NULL,
|
||||
id SERIAL UNIQUE,
|
||||
created_at TIMESTAMP NOT NULL DEFAULT now()
|
||||
);
|
||||
|
||||
CREATE INDEX i_privacy_list_sh_username ON privacy_list USING btree (server_host, username);
|
||||
CREATE UNIQUE INDEX i_privacy_list_sh_username_name ON privacy_list USING btree (server_host, username, name);
|
||||
|
||||
CREATE TABLE privacy_list_data (
|
||||
id bigint REFERENCES privacy_list(id) ON DELETE CASCADE,
|
||||
t character(1) NOT NULL,
|
||||
value text NOT NULL,
|
||||
action character(1) NOT NULL,
|
||||
ord NUMERIC NOT NULL,
|
||||
match_all boolean NOT NULL,
|
||||
match_iq boolean NOT NULL,
|
||||
match_message boolean NOT NULL,
|
||||
match_presence_in boolean NOT NULL,
|
||||
match_presence_out boolean NOT NULL
|
||||
);
|
||||
|
||||
CREATE INDEX i_privacy_list_data_id ON privacy_list_data USING btree (id);
|
||||
|
||||
CREATE TABLE private_storage (
|
||||
username text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
namespace text NOT NULL,
|
||||
data text NOT NULL,
|
||||
created_at TIMESTAMP NOT NULL DEFAULT now(),
|
||||
PRIMARY KEY (server_host, username, namespace)
|
||||
);
|
||||
|
||||
CREATE INDEX i_private_storage_sh_username ON private_storage USING btree (server_host, username);
|
||||
|
||||
|
||||
CREATE TABLE roster_version (
|
||||
username text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
version text NOT NULL,
|
||||
PRIMARY KEY (server_host, username)
|
||||
);
|
||||
|
||||
-- To update from 0.9.8:
|
||||
-- CREATE SEQUENCE spool_seq_seq;
|
||||
-- ALTER TABLE spool ADD COLUMN seq integer;
|
||||
-- ALTER TABLE spool ALTER COLUMN seq SET DEFAULT nextval('spool_seq_seq');
|
||||
-- UPDATE spool SET seq = DEFAULT;
|
||||
-- ALTER TABLE spool ALTER COLUMN seq SET NOT NULL;
|
||||
|
||||
-- To update from 1.x:
|
||||
-- ALTER TABLE rosterusers ADD COLUMN askmessage text;
|
||||
-- UPDATE rosterusers SET askmessage = '';
|
||||
-- ALTER TABLE rosterusers ALTER COLUMN askmessage SET NOT NULL;
|
||||
|
||||
CREATE TABLE pubsub_node (
|
||||
host text NOT NULL,
|
||||
node text NOT NULL,
|
||||
parent text NOT NULL DEFAULT '',
|
||||
plugin text NOT NULL,
|
||||
nodeid SERIAL UNIQUE
|
||||
);
|
||||
CREATE INDEX i_pubsub_node_parent ON pubsub_node USING btree (parent);
|
||||
CREATE UNIQUE INDEX i_pubsub_node_tuple ON pubsub_node USING btree (host, node);
|
||||
|
||||
CREATE TABLE pubsub_node_option (
|
||||
nodeid bigint REFERENCES pubsub_node(nodeid) ON DELETE CASCADE,
|
||||
name text NOT NULL,
|
||||
val text NOT NULL
|
||||
);
|
||||
CREATE INDEX i_pubsub_node_option_nodeid ON pubsub_node_option USING btree (nodeid);
|
||||
|
||||
CREATE TABLE pubsub_node_owner (
|
||||
nodeid bigint REFERENCES pubsub_node(nodeid) ON DELETE CASCADE,
|
||||
owner text NOT NULL
|
||||
);
|
||||
CREATE INDEX i_pubsub_node_owner_nodeid ON pubsub_node_owner USING btree (nodeid);
|
||||
|
||||
CREATE TABLE pubsub_state (
|
||||
nodeid bigint REFERENCES pubsub_node(nodeid) ON DELETE CASCADE,
|
||||
jid text NOT NULL,
|
||||
affiliation character(1),
|
||||
subscriptions text NOT NULL DEFAULT '',
|
||||
stateid SERIAL UNIQUE
|
||||
);
|
||||
CREATE INDEX i_pubsub_state_jid ON pubsub_state USING btree (jid);
|
||||
CREATE UNIQUE INDEX i_pubsub_state_tuple ON pubsub_state USING btree (nodeid, jid);
|
||||
|
||||
CREATE TABLE pubsub_item (
|
||||
nodeid bigint REFERENCES pubsub_node(nodeid) ON DELETE CASCADE,
|
||||
itemid text NOT NULL,
|
||||
publisher text NOT NULL,
|
||||
creation varchar(32) NOT NULL,
|
||||
modification varchar(32) NOT NULL,
|
||||
payload text NOT NULL DEFAULT ''
|
||||
);
|
||||
CREATE INDEX i_pubsub_item_itemid ON pubsub_item USING btree (itemid);
|
||||
CREATE UNIQUE INDEX i_pubsub_item_tuple ON pubsub_item USING btree (nodeid, itemid);
|
||||
|
||||
CREATE TABLE pubsub_subscription_opt (
|
||||
subid text NOT NULL,
|
||||
opt_name varchar(32),
|
||||
opt_value text NOT NULL
|
||||
);
|
||||
CREATE UNIQUE INDEX i_pubsub_subscription_opt ON pubsub_subscription_opt USING btree (subid, opt_name);
|
||||
|
||||
CREATE TABLE muc_room (
|
||||
name text NOT NULL,
|
||||
host text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
opts text NOT NULL,
|
||||
created_at TIMESTAMP NOT NULL DEFAULT now()
|
||||
);
|
||||
|
||||
CREATE UNIQUE INDEX i_muc_room_name_host ON muc_room USING btree (name, host);
|
||||
|
||||
CREATE TABLE muc_registered (
|
||||
jid text NOT NULL,
|
||||
host text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
nick text NOT NULL,
|
||||
created_at TIMESTAMP NOT NULL DEFAULT now()
|
||||
);
|
||||
|
||||
CREATE INDEX i_muc_registered_nick ON muc_registered USING btree (nick);
|
||||
CREATE UNIQUE INDEX i_muc_registered_jid_host ON muc_registered USING btree (jid, host);
|
||||
|
||||
CREATE TABLE muc_online_room (
|
||||
name text NOT NULL,
|
||||
host text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
node text NOT NULL,
|
||||
pid text NOT NULL
|
||||
);
|
||||
|
||||
CREATE UNIQUE INDEX i_muc_online_room_name_host ON muc_online_room USING btree (name, host);
|
||||
|
||||
CREATE TABLE muc_online_users (
|
||||
username text NOT NULL,
|
||||
server text NOT NULL,
|
||||
resource text NOT NULL,
|
||||
name text NOT NULL,
|
||||
host text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
node text NOT NULL
|
||||
);
|
||||
|
||||
CREATE UNIQUE INDEX i_muc_online_users ON muc_online_users USING btree (username, server, resource, name, host);
|
||||
CREATE INDEX i_muc_online_users_us ON muc_online_users USING btree (username, server);
|
||||
|
||||
CREATE TABLE muc_room_subscribers (
|
||||
room text NOT NULL,
|
||||
host text NOT NULL,
|
||||
jid text NOT NULL,
|
||||
nick text NOT NULL,
|
||||
nodes text NOT NULL,
|
||||
created_at TIMESTAMP NOT NULL DEFAULT now()
|
||||
);
|
||||
|
||||
CREATE INDEX i_muc_room_subscribers_host_jid ON muc_room_subscribers USING btree (host, jid);
|
||||
CREATE UNIQUE INDEX i_muc_room_subscribers_host_room_jid ON muc_room_subscribers USING btree (host, room, jid);
|
||||
|
||||
CREATE TABLE motd (
|
||||
username text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
xml text,
|
||||
created_at TIMESTAMP NOT NULL DEFAULT now(),
|
||||
PRIMARY KEY (server_host, username)
|
||||
);
|
||||
|
||||
CREATE TABLE caps_features (
|
||||
node text NOT NULL,
|
||||
subnode text NOT NULL,
|
||||
feature text,
|
||||
created_at TIMESTAMP NOT NULL DEFAULT now()
|
||||
);
|
||||
|
||||
CREATE INDEX i_caps_features_node_subnode ON caps_features USING btree (node, subnode);
|
||||
|
||||
CREATE TABLE sm (
|
||||
usec bigint NOT NULL,
|
||||
pid text NOT NULL,
|
||||
node text NOT NULL,
|
||||
username text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
resource text NOT NULL,
|
||||
priority text NOT NULL,
|
||||
info text NOT NULL,
|
||||
PRIMARY KEY (usec, pid)
|
||||
);
|
||||
|
||||
CREATE INDEX i_sm_node ON sm USING btree (node);
|
||||
CREATE INDEX i_sm_sh_username ON sm USING btree (server_host, username);
|
||||
|
||||
CREATE TABLE oauth_token (
|
||||
token text NOT NULL,
|
||||
jid text NOT NULL,
|
||||
scope text NOT NULL,
|
||||
expire bigint NOT NULL
|
||||
);
|
||||
|
||||
CREATE UNIQUE INDEX i_oauth_token_token ON oauth_token USING btree (token);
|
||||
|
||||
CREATE TABLE route (
|
||||
domain text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
node text NOT NULL,
|
||||
pid text NOT NULL,
|
||||
local_hint text NOT NULL
|
||||
);
|
||||
|
||||
CREATE UNIQUE INDEX i_route ON route USING btree (domain, server_host, node, pid);
|
||||
CREATE INDEX i_route_domain ON route USING btree (domain);
|
||||
|
||||
CREATE TABLE bosh (
|
||||
sid text NOT NULL,
|
||||
node text NOT NULL,
|
||||
pid text NOT NULL
|
||||
);
|
||||
|
||||
CREATE UNIQUE INDEX i_bosh_sid ON bosh USING btree (sid);
|
||||
|
||||
CREATE TABLE proxy65 (
|
||||
sid text NOT NULL,
|
||||
pid_t text NOT NULL,
|
||||
pid_i text NOT NULL,
|
||||
node_t text NOT NULL,
|
||||
node_i text NOT NULL,
|
||||
jid_i text NOT NULL
|
||||
);
|
||||
|
||||
CREATE UNIQUE INDEX i_proxy65_sid ON proxy65 USING btree (sid);
|
||||
CREATE INDEX i_proxy65_jid ON proxy65 USING btree (jid_i);
|
||||
|
||||
CREATE TABLE push_session (
|
||||
username text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
timestamp bigint NOT NULL,
|
||||
service text NOT NULL,
|
||||
node text NOT NULL,
|
||||
xml text NOT NULL,
|
||||
PRIMARY KEY (server_host, username, timestamp)
|
||||
);
|
||||
|
||||
CREATE UNIQUE INDEX i_push_session_susn ON push_session USING btree (server_host, username, service, node);
|
||||
|
||||
CREATE TABLE mix_channel (
|
||||
channel text NOT NULL,
|
||||
service text NOT NULL,
|
||||
username text NOT NULL,
|
||||
domain text NOT NULL,
|
||||
jid text NOT NULL,
|
||||
hidden boolean NOT NULL,
|
||||
hmac_key text NOT NULL,
|
||||
created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
|
||||
);
|
||||
|
||||
CREATE UNIQUE INDEX i_mix_channel ON mix_channel (channel, service);
|
||||
CREATE INDEX i_mix_channel_serv ON mix_channel (service);
|
||||
|
||||
CREATE TABLE mix_participant (
|
||||
channel text NOT NULL,
|
||||
service text NOT NULL,
|
||||
username text NOT NULL,
|
||||
domain text NOT NULL,
|
||||
jid text NOT NULL,
|
||||
id text NOT NULL,
|
||||
nick text NOT NULL,
|
||||
created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
|
||||
);
|
||||
|
||||
CREATE UNIQUE INDEX i_mix_participant ON mix_participant (channel, service, username, domain);
|
||||
CREATE INDEX i_mix_participant_chan_serv ON mix_participant (channel, service);
|
||||
|
||||
CREATE TABLE mix_subscription (
|
||||
channel text NOT NULL,
|
||||
service text NOT NULL,
|
||||
username text NOT NULL,
|
||||
domain text NOT NULL,
|
||||
node text NOT NULL,
|
||||
jid text NOT NULL
|
||||
);
|
||||
|
||||
CREATE UNIQUE INDEX i_mix_subscription ON mix_subscription (channel, service, username, domain, node);
|
||||
CREATE INDEX i_mix_subscription_chan_serv_ud ON mix_subscription (channel, service, username, domain);
|
||||
CREATE INDEX i_mix_subscription_chan_serv_node ON mix_subscription (channel, service, node);
|
||||
CREATE INDEX i_mix_subscription_chan_serv ON mix_subscription (channel, service);
|
||||
|
||||
CREATE TABLE mix_pam (
|
||||
username text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
channel text NOT NULL,
|
||||
service text NOT NULL,
|
||||
id text NOT NULL,
|
||||
created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
|
||||
);
|
||||
|
||||
CREATE UNIQUE INDEX i_mix_pam ON mix_pam (username, server_host, channel, service);
|
||||
CREATE INDEX i_mix_pam_us ON mix_pam (username, server_host);
|
||||
|
||||
CREATE TABLE mqtt_pub (
|
||||
username text NOT NULL,
|
||||
server_host text NOT NULL,
|
||||
resource text NOT NULL,
|
||||
topic text NOT NULL,
|
||||
qos smallint NOT NULL,
|
||||
payload bytea NOT NULL,
|
||||
payload_format smallint NOT NULL,
|
||||
content_type text NOT NULL,
|
||||
response_topic text NOT NULL,
|
||||
correlation_data bytea NOT NULL,
|
||||
user_properties bytea NOT NULL,
|
||||
expiry bigint NOT NULL
|
||||
);
|
||||
|
||||
CREATE UNIQUE INDEX i_mqtt_topic_server ON mqtt_pub (topic, server_host);
|
|
@ -0,0 +1,24 @@
|
|||
name 'kosmos-ejabberd'
|
||||
maintainer 'Kosmos'
|
||||
maintainer_email 'ops@5apps.com'
|
||||
license 'All Rights Reserved'
|
||||
description 'Installs/Configures kosmos-ejabberd'
|
||||
long_description 'Installs/Configures kosmos-ejabberd'
|
||||
version '0.1.0'
|
||||
chef_version '>= 12.14' if respond_to?(:chef_version)
|
||||
|
||||
# The `issues_url` points to the location where issues for this cookbook are
|
||||
# tracked. A `View Issues` link will be displayed on this cookbook's page when
|
||||
# uploaded to a Supermarket.
|
||||
#
|
||||
# issues_url 'https://github.com/<insert_org_here>/kosmos-ejabberd/issues'
|
||||
|
||||
# The `source_url` points to the development repository for this cookbook. A
|
||||
# `View Source` link will be displayed on this cookbook's page when uploaded to
|
||||
# a Supermarket.
|
||||
#
|
||||
# source_url 'https://github.com/<insert_org_here>/kosmos-ejabberd'
|
||||
|
||||
depends "kosmos-postgresql"
|
||||
depends "kosmos-base"
|
||||
depends "backup"
|
|
@ -0,0 +1,16 @@
|
|||
#
|
||||
# Cookbook:: kosmos-ejabberd
|
||||
# Recipe:: backup
|
||||
#
|
||||
# Copyright:: 2019, Kosmos, All Rights Reserved.
|
||||
#
|
||||
|
||||
unless node.chef_environment == "development"
|
||||
# backup the data dir and the config files
|
||||
node.override["backup"]["archives"]["ejabberd"] = ["/opt/ejabberd", "/var/www/xmpp.kosmos.org"]
|
||||
unless node["backup"]["postgresql"]["databases"].include? "ejabberd"
|
||||
node.override["backup"]["postgresql"]["databases"] =
|
||||
node["backup"]["postgresql"]["databases"].to_a << "ejabberd"
|
||||
end
|
||||
include_recipe "backup"
|
||||
end
|
|
@ -0,0 +1,82 @@
|
|||
#
|
||||
# Cookbook:: kosmos-ejabberd
|
||||
# Recipe:: default
|
||||
#
|
||||
# Copyright:: 2019, Kosmos, All Rights Reserved.
|
||||
#
|
||||
|
||||
include_recipe "kosmos-postgresql"
|
||||
|
||||
cookbook_file "#{Chef::Config[:file_cache_path]}/pg.new.sql" do
|
||||
source "pg.new.sql"
|
||||
mode "0664"
|
||||
end
|
||||
|
||||
ejabberd_version = node["kosmos-ejabberd"]["version"]
|
||||
package_checksum = node["kosmos-ejabberd"]["checksum"]
|
||||
package_path = "#{Chef::Config['file_cache_path']}/ejabberd_#{ejabberd_version}-0_amd64.deb"
|
||||
|
||||
remote_file package_path do
|
||||
source "https://www.process-one.net/downloads/downloads-action.php?file=/ejabberd/#{ejabberd_version}/ejabberd_#{ejabberd_version}-0_amd64.deb"
|
||||
checksum package_checksum
|
||||
notifies :install, "dpkg_package[ejabberd]", :immediately
|
||||
end
|
||||
|
||||
dpkg_package "ejabberd" do
|
||||
source package_path
|
||||
action :nothing
|
||||
notifies :create, "file[/lib/systemd/system/ejabberd.service]", :immediately
|
||||
end
|
||||
|
||||
postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
|
||||
ejabberd_user_password = postgresql_data_bag_item['ejabberd_user_password']
|
||||
|
||||
postgresql_database 'ejabberd' do
|
||||
action :create
|
||||
notifies :run, "execute[create db schema]", :delayed
|
||||
end
|
||||
|
||||
postgresql_user 'ejabberd' do
|
||||
password ejabberd_user_password
|
||||
database 'ejabberd'
|
||||
action [:create]
|
||||
end
|
||||
|
||||
execute "create db schema" do
|
||||
user "ejabberd"
|
||||
command "psql ejabberd < #{Chef::Config[:file_cache_path]}/pg.new.sql"
|
||||
action :nothing
|
||||
end
|
||||
|
||||
template "/opt/ejabberd/conf/ejabberd.yml" do
|
||||
source "ejabberd.yml.erb"
|
||||
mode 0640
|
||||
sensitive true
|
||||
variables pgsql_password: ejabberd_user_password
|
||||
notifies :run, "execute[ejabberdctl reload_config]", :delayed
|
||||
end
|
||||
|
||||
execute "ejabberdctl reload_config" do
|
||||
command "/opt/ejabberd-#{ejabberd_version}/bin/ejabberdctl reload_config"
|
||||
action :nothing
|
||||
end
|
||||
|
||||
file "/etc/init.d/ejabberd" do
|
||||
action :delete
|
||||
end
|
||||
|
||||
# Copy the systemd service file
|
||||
file "/lib/systemd/system/ejabberd.service" do
|
||||
content lazy { IO.read("/opt/ejabberd-#{ejabberd_version}/bin/ejabberd.service") }
|
||||
action :nothing
|
||||
notifies :run, "execute[systemctl daemon-reload]", :immediately
|
||||
end
|
||||
|
||||
execute "systemctl daemon-reload" do
|
||||
command "systemctl daemon-reload"
|
||||
action :nothing
|
||||
end
|
||||
|
||||
service "ejabberd" do
|
||||
action [:enable, :start]
|
||||
end
|
|
@ -0,0 +1,50 @@
|
|||
#
|
||||
# Cookbook:: kosmos-ejabberd
|
||||
# Recipe:: letsencrypt
|
||||
#
|
||||
# Copyright:: 2019, Kosmos, All Rights Reserved.
|
||||
#
|
||||
|
||||
include_recipe "kosmos-base::letsencrypt"
|
||||
|
||||
domain = "kosmos.org"
|
||||
domain_and_subdomains = [domain, "chat.#{domain}" "xmpp.#{domain}"]
|
||||
|
||||
ejabberd_post_hook = <<-EOF
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -e
|
||||
|
||||
# Copy the ejabberd certificate and restart the server if it has been renewed
|
||||
# This is necessary because the ejabberd user doesn't have access to the
|
||||
# letsencrypt live folder
|
||||
for domain in $RENEWED_DOMAINS; do
|
||||
case $domain in
|
||||
# Do not copy over when renewing other kosmos.org domains
|
||||
#{domain})
|
||||
cat "${RENEWED_LINEAGE}/privkey.pem" "${RENEWED_LINEAGE}/fullchain.pem" > /opt/ejabberd/conf/#{domain}.pem
|
||||
chown ejabberd:ejabberd /opt/ejabberd/conf/#{domain}.pem
|
||||
chmod 600 /opt/ejabberd/conf/#{domain}.pem
|
||||
/opt/ejabberd-#{node["kosmos-ejabberd"]["version"]}/bin/ejabberdctl reload_config
|
||||
;;
|
||||
esac
|
||||
done
|
||||
EOF
|
||||
|
||||
file "/etc/letsencrypt/renewal-hooks/post/ejabberd" do
|
||||
content ejabberd_post_hook
|
||||
mode 0755
|
||||
owner "root"
|
||||
group "root"
|
||||
end
|
||||
|
||||
domain_and_subdomains_switch = domain_and_subdomains.map { |d| "-d #{d}" }.join(" ")
|
||||
|
||||
# Generate a Let's Encrypt cert (only if no cert has been generated before).
|
||||
# The systemd timer will take care of renewing
|
||||
execute "letsencrypt cert for kosmos xmpp" do
|
||||
command "/usr/bin/certbot certonly --manual --preferred-challenges dns --manual-public-ip-logging-ok --agree-tos --manual-auth-hook \"/root/gandi_dns_certbot_hook.sh auth\" --manual-cleanup-hook \"/root/gandi_dns_certbot_hook.sh cleanup\" --deploy-hook \"/etc/letsencrypt/renewal-hooks/post/ejabberd\" --email ops@#{domain} #{domain_and_subdomains_switch} -n"
|
||||
not_if do
|
||||
File.exist?("/opt/ejabberd/conf/#{domain}.pem")
|
||||
end
|
||||
end
|
|
@ -0,0 +1,277 @@
|
|||
loglevel: 4
|
||||
|
||||
log_rotate_size: 10485760
|
||||
log_rotate_date: ""
|
||||
log_rotate_count: 1
|
||||
|
||||
log_rate_limit: 100
|
||||
|
||||
hosts:
|
||||
- "kosmos.org"
|
||||
|
||||
<% if File.exist?("/opt/ejabberd/conf/kosmos.org.pem") -%>
|
||||
certfiles:
|
||||
- "/opt/ejabberd/conf/kosmos.org.pem"
|
||||
<% end -%>
|
||||
|
||||
ca_file: "/opt/ejabberd/conf/cacert.pem"
|
||||
|
||||
define_macro:
|
||||
'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH"
|
||||
'TLS_OPTIONS':
|
||||
- "no_sslv3"
|
||||
- "cipher_server_preference"
|
||||
- "no_compression"
|
||||
'DH_FILE': "/opt/ejabberd/conf/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048
|
||||
|
||||
c2s_dhfile: 'DH_FILE'
|
||||
s2s_dhfile: 'DH_FILE'
|
||||
c2s_ciphers: 'TLS_CIPHERS'
|
||||
s2s_ciphers: 'TLS_CIPHERS'
|
||||
c2s_protocol_options: 'TLS_OPTIONS'
|
||||
s2s_protocol_options: 'TLS_OPTIONS'
|
||||
|
||||
listen:
|
||||
-
|
||||
port: 5222
|
||||
ip: "::"
|
||||
module: ejabberd_c2s
|
||||
starttls: true
|
||||
max_stanza_size: 65536
|
||||
shaper: c2s_shaper
|
||||
access: c2s
|
||||
-
|
||||
port: 5223
|
||||
ip: "::"
|
||||
module: ejabberd_c2s
|
||||
tls: true
|
||||
max_stanza_size: 65536
|
||||
shaper: c2s_shaper
|
||||
access: c2s
|
||||
-
|
||||
port: 5269
|
||||
ip: "::"
|
||||
module: ejabberd_s2s_in
|
||||
max_stanza_size: 131072
|
||||
shaper: s2s_shaper
|
||||
-
|
||||
port: 5280
|
||||
ip: "::"
|
||||
module: ejabberd_http
|
||||
request_handlers:
|
||||
"/ws": ejabberd_http_ws
|
||||
"/bosh": mod_bosh
|
||||
"/api": mod_http_api
|
||||
tls: true
|
||||
## "/pub/archive": mod_http_fileserver
|
||||
web_admin: true
|
||||
## register: true
|
||||
captcha: false
|
||||
-
|
||||
port: 5443
|
||||
module: ejabberd_http
|
||||
request_handlers:
|
||||
"upload": mod_http_upload
|
||||
<% if File.exist?("/opt/ejabberd/conf/kosmos.org.pem") -%>
|
||||
tls: true
|
||||
certfiles:
|
||||
- "/opt/ejabberd/conf/kosmos.org.pem"
|
||||
<% end -%>
|
||||
custom_headers:
|
||||
"Access-Control-Allow-Origin": "*"
|
||||
"Access-Control-Allow-Methods": "OPTIONS, HEAD, GET, PUT"
|
||||
"Access-Control-Allow-Headers": "Authorization"
|
||||
"Access-Control-Allow-Credentials": "true"
|
||||
|
||||
s2s_use_starttls: optional
|
||||
|
||||
auth_password_format: scram
|
||||
auth_method: sql
|
||||
|
||||
default_db: sql
|
||||
|
||||
sql_type: pgsql
|
||||
sql_server: "localhost"
|
||||
sql_database: "ejabberd"
|
||||
sql_username: "ejabberd"
|
||||
sql_password: "<%= @pgsql_password %>"
|
||||
new_sql_schema: true
|
||||
|
||||
shaper:
|
||||
normal: 1000
|
||||
fast: 50000
|
||||
|
||||
max_fsm_queue: 10000
|
||||
|
||||
acl:
|
||||
admin:
|
||||
user:
|
||||
- "greg@5apps.com"
|
||||
- "sebastian@5apps.com"
|
||||
- "garret@5apps.com"
|
||||
- "raucao@kosmos.org"
|
||||
- "greg@kosmos.org"
|
||||
- "galfert@kosmos.org"
|
||||
|
||||
local:
|
||||
user_regexp: ""
|
||||
|
||||
loopback:
|
||||
ip:
|
||||
- "127.0.0.0/8"
|
||||
- "::1/128"
|
||||
- "::FFFF:127.0.0.1/128"
|
||||
|
||||
shaper_rules:
|
||||
max_user_sessions: 10
|
||||
max_user_offline_messages:
|
||||
- 5000: admin
|
||||
- 100
|
||||
c2s_shaper:
|
||||
- none: admin
|
||||
- normal
|
||||
s2s_shaper: fast
|
||||
|
||||
access_rules:
|
||||
local:
|
||||
- allow: local
|
||||
c2s:
|
||||
- deny: blocked
|
||||
- allow
|
||||
announce:
|
||||
- allow: admin
|
||||
configure:
|
||||
- allow: admin
|
||||
muc_create:
|
||||
- allow: admin
|
||||
- allow: local
|
||||
pubsub_createnode:
|
||||
- allow: local
|
||||
register:
|
||||
- allow
|
||||
trusted_network:
|
||||
- allow: loopback
|
||||
|
||||
api_permissions:
|
||||
"console commands":
|
||||
from:
|
||||
- ejabberd_ctl
|
||||
who: all
|
||||
what: "*"
|
||||
"admin access":
|
||||
who:
|
||||
- access:
|
||||
- allow:
|
||||
- acl: loopback
|
||||
- acl: admin
|
||||
- oauth:
|
||||
- scope: "ejabberd:admin"
|
||||
- access:
|
||||
- allow:
|
||||
- acl: loopback
|
||||
- acl: admin
|
||||
what:
|
||||
- "*"
|
||||
- "!stop"
|
||||
- "!start"
|
||||
"public commands":
|
||||
who:
|
||||
- ip: "127.0.0.1/8"
|
||||
what:
|
||||
- "status"
|
||||
- "connected_users_number"
|
||||
|
||||
language: "en"
|
||||
|
||||
modules:
|
||||
mod_adhoc: {}
|
||||
mod_admin_extra: {}
|
||||
mod_announce: # recommends mod_adhoc
|
||||
access: announce
|
||||
mod_blocking: {} # requires mod_privacy
|
||||
mod_caps: {}
|
||||
mod_carboncopy: {}
|
||||
mod_client_state: {}
|
||||
mod_configure: {} # requires mod_adhoc
|
||||
mod_disco:
|
||||
server_info:
|
||||
-
|
||||
modules: all
|
||||
name: "abuse-addresses"
|
||||
urls: ["mailto:abuse@kosmos.org"]
|
||||
mod_bosh: {}
|
||||
mod_http_upload:
|
||||
docroot: "/var/www/xmpp.@HOST@/uploads/"
|
||||
put_url: "https://xmpp.@HOST@:5443/upload"
|
||||
thumbnail: false # otherwise needs the identify command from ImageMagick installed
|
||||
mod_last: {}
|
||||
mod_mam:
|
||||
default: always
|
||||
request_activates_archiving: true
|
||||
mod_muc:
|
||||
access:
|
||||
- allow
|
||||
access_admin:
|
||||
- allow: admin
|
||||
|
||||
access_create: muc_create
|
||||
access_persistent: muc_create
|
||||
default_room_options:
|
||||
mam: true
|
||||
mod_muc_admin: {}
|
||||
mod_offline:
|
||||
access_max_user_messages: max_user_offline_messages
|
||||
mod_ping: {}
|
||||
mod_privacy: {}
|
||||
mod_private: {}
|
||||
mod_proxy65: {}
|
||||
mod_pubsub:
|
||||
access_createnode: pubsub_createnode
|
||||
ignore_pep_from_offline: false
|
||||
last_item_cache: false
|
||||
max_items_node: 10
|
||||
plugins:
|
||||
- "flat"
|
||||
- "pep" # pep requires mod_caps
|
||||
mod_push: {}
|
||||
mod_push_keepalive: {}
|
||||
mod_register:
|
||||
welcome_message:
|
||||
subject: "Welcome!"
|
||||
body: |-
|
||||
Hi.
|
||||
Welcome to this XMPP server.
|
||||
ip_access: trusted_network
|
||||
access: register
|
||||
mod_roster:
|
||||
versioning: true
|
||||
store_current_id: true
|
||||
mod_shared_roster: {}
|
||||
mod_vcard:
|
||||
search: false
|
||||
mod_vcard_xupdate: {}
|
||||
mod_avatar: {}
|
||||
mod_version: {}
|
||||
mod_stream_mgmt: {}
|
||||
mod_s2s_dialback: {}
|
||||
mod_http_api: {}
|
||||
|
||||
append_host_config:
|
||||
"kosmos.org":
|
||||
modules:
|
||||
mod_muc:
|
||||
host: "chat.kosmos.org"
|
||||
access:
|
||||
- allow
|
||||
access_admin:
|
||||
- allow: admin
|
||||
access_create: muc_create
|
||||
access_persistent: muc_create
|
||||
default_room_options:
|
||||
mam: true
|
||||
|
||||
allow_contrib_modules: true
|
||||
|
||||
### Local Variables:
|
||||
### mode: yaml
|
||||
### End:
|
||||
### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker:
|
|
@ -0,0 +1,23 @@
|
|||
require 'serverspec'
|
||||
|
||||
# Required by serverspec
|
||||
set :backend, :exec
|
||||
|
||||
describe 'ejabberd' do
|
||||
describe package('ejabberd') do
|
||||
it { should be_installed }
|
||||
end
|
||||
|
||||
it 'is listening on port 5222 (client-to-server)' do
|
||||
expect(port(5222)).to be_listening
|
||||
end
|
||||
|
||||
it 'is listening on port 5269 (server-to-server)' do
|
||||
expect(port(5269)).to be_listening
|
||||
end
|
||||
|
||||
it 'runs the ejabberd service' do
|
||||
expect(service('ejabberd')).to be_running
|
||||
expect(service('ejabberd')).to be_enabled
|
||||
end
|
||||
end
|
|
@ -0,0 +1,22 @@
|
|||
.vagrant
|
||||
*~
|
||||
*#
|
||||
.#*
|
||||
\#*#
|
||||
.*.sw[a-z]
|
||||
*.un~
|
||||
|
||||
# Bundler
|
||||
Gemfile.lock
|
||||
gems.locked
|
||||
bin/*
|
||||
.bundle/*
|
||||
|
||||
# test kitchen
|
||||
.kitchen/
|
||||
.kitchen.local.yml
|
||||
|
||||
# Chef
|
||||
Berksfile.lock
|
||||
.zero-knife.rb
|
||||
Policyfile.lock.json
|
|
@ -0,0 +1,4 @@
|
|||
# frozen_string_literal: true
|
||||
source 'https://supermarket.chef.io'
|
||||
|
||||
metadata
|
|
@ -0,0 +1,11 @@
|
|||
# kosmos-postgresql CHANGELOG
|
||||
|
||||
This file is used to list changes made in each version of the kosmos-postgresql cookbook.
|
||||
|
||||
# 0.1.0
|
||||
|
||||
Initial release.
|
||||
|
||||
- change 0
|
||||
- change 1
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
Copyright 2019 Kosmos
|
||||
|
||||
All rights reserved, do not redistribute.
|
|
@ -0,0 +1,4 @@
|
|||
# kosmos-postgresql
|
||||
|
||||
TODO: Enter the cookbook description here.
|
||||
|
|
@ -0,0 +1,104 @@
|
|||
# Put files/directories that should be ignored in this file when uploading
|
||||
# to a chef-server or supermarket.
|
||||
# Lines that start with '# ' are comments.
|
||||
|
||||
# OS generated files #
|
||||
######################
|
||||
.DS_Store
|
||||
Icon?
|
||||
nohup.out
|
||||
ehthumbs.db
|
||||
Thumbs.db
|
||||
|
||||
# SASS #
|
||||
########
|
||||
.sass-cache
|
||||
|
||||
# EDITORS #
|
||||
###########
|
||||
\#*
|
||||
.#*
|
||||
*~
|
||||
*.sw[a-z]
|
||||
*.bak
|
||||
REVISION
|
||||
TAGS*
|
||||
tmtags
|
||||
*_flymake.*
|
||||
*_flymake
|
||||
*.tmproj
|
||||
.project
|
||||
.settings
|
||||
mkmf.log
|
||||
|
||||
## COMPILED ##
|
||||
##############
|
||||
a.out
|
||||
*.o
|
||||
*.pyc
|
||||
*.so
|
||||
*.com
|
||||
*.class
|
||||
*.dll
|
||||
*.exe
|
||||
*/rdoc/
|
||||
|
||||
# Testing #
|
||||
###########
|
||||
.watchr
|
||||
.rspec
|
||||
spec/*
|
||||
spec/fixtures/*
|
||||
test/*
|
||||
features/*
|
||||
examples/*
|
||||
Guardfile
|
||||
Procfile
|
||||
.kitchen*
|
||||
kitchen.yml*
|
||||
.rubocop.yml
|
||||
spec/*
|
||||
Rakefile
|
||||
.travis.yml
|
||||
.foodcritic
|
||||
.codeclimate.yml
|
||||
|
||||
# SCM #
|
||||
#######
|
||||
.git
|
||||
*/.git
|
||||
.gitignore
|
||||
.gitmodules
|
||||
.gitconfig
|
||||
.gitattributes
|
||||
.svn
|
||||
*/.bzr/*
|
||||
*/.hg/*
|
||||
*/.svn/*
|
||||
|
||||
# Berkshelf #
|
||||
#############
|
||||
Berksfile
|
||||
Berksfile.lock
|
||||
cookbooks/*
|
||||
tmp
|
||||
|
||||
# Bundler #
|
||||
###########
|
||||
vendor/*
|
||||
|
||||
# Policyfile #
|
||||
##############
|
||||
Policyfile.rb
|
||||
Policyfile.lock.json
|
||||
|
||||
# Cookbooks #
|
||||
#############
|
||||
CONTRIBUTING*
|
||||
CHANGELOG*
|
||||
TESTING*
|
||||
|
||||
# Vagrant #
|
||||
###########
|
||||
.vagrant
|
||||
Vagrantfile
|
|
@ -0,0 +1,22 @@
|
|||
name 'kosmos-postgresql'
|
||||
maintainer 'Kosmos'
|
||||
maintainer_email 'ops@5apps.com'
|
||||
license 'All Rights Reserved'
|
||||
description 'Installs/Configures kosmos-postgresql'
|
||||
long_description 'Installs/Configures kosmos-postgresql'
|
||||
version '0.1.0'
|
||||
chef_version '>= 12.14' if respond_to?(:chef_version)
|
||||
|
||||
# The `issues_url` points to the location where issues for this cookbook are
|
||||
# tracked. A `View Issues` link will be displayed on this cookbook's page when
|
||||
# uploaded to a Supermarket.
|
||||
#
|
||||
# issues_url 'https://github.com/<insert_org_here>/kosmos-postgresql/issues'
|
||||
|
||||
# The `source_url` points to the development repository for this cookbook. A
|
||||
# `View Source` link will be displayed on this cookbook's page when uploaded to
|
||||
# a Supermarket.
|
||||
#
|
||||
# source_url 'https://github.com/<insert_org_here>/kosmos-postgresql'
|
||||
|
||||
depends "postgresql", ">= 7.0.0"
|
|
@ -0,0 +1,29 @@
|
|||
#
|
||||
# Cookbook:: kosmos-postgresql
|
||||
# Recipe:: default
|
||||
#
|
||||
# Copyright:: 2019, Kosmos, All Rights Reserved.
|
||||
|
||||
node.override['build-essential']['compile_time'] = true
|
||||
include_recipe 'build-essential::default'
|
||||
|
||||
package("libpq-dev") { action :nothing }.run_action(:install)
|
||||
|
||||
chef_gem 'pg' do
|
||||
compile_time true
|
||||
end
|
||||
|
||||
postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
|
||||
|
||||
postgresql_server_install "main" do
|
||||
version "10"
|
||||
setup_repo false
|
||||
password postgresql_data_bag_item['server_password']
|
||||
action :install
|
||||
end
|
||||
|
||||
postgresql_client_install "main" do
|
||||
version "10"
|
||||
setup_repo false
|
||||
action :install
|
||||
end
|
Loading…
Reference in New Issue
It seems like this should be set to "open", according to the linked issue, no?
Fixed in
ce4a4bf