postgresql
Version information
This version is compatible with:
- Puppet Enterprise 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >= 4.7.0 < 5.0.0
- , , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'memoussati-postgresql', '4.9.8'
Learn more about managing modules with a PuppetfileDocumentation
postgresql
Table of Contents
- Module Description - What does the module do?
- Setup - The basics of getting started with postgresql module
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
- Tests
- Contributors - List of module contributors
Module description
The postgresql module allows you to manage PostgreSQL databases with Puppet.
PostgreSQL is a high-performance, free, open-source relational database server. The postgresql module allows you to manage packages, services, databases, users, and common security settings in PostgreSQL.
Setup
What postgresql affects
- Package, service, and configuration files for PostgreSQL
- Listened-to ports
- IP and mask (optional)
Getting started with postgresql
To configure a basic default PostgreSQL server, declare the postgresql::server
class.
class { 'postgresql::server':
}
Usage
Configure a server
For default settings, declare the postgresql::server
class as above. To customize PostgreSQL server settings, specify the parameters you want to change:
class { 'postgresql::server':
ip_mask_deny_postgres_user => '0.0.0.0/32',
ip_mask_allow_all_users => '0.0.0.0/0',
ipv4acls => ['hostssl all johndoe 192.168.0.0/24 cert'],
postgres_password => 'TPSrep0rt!',
}
After configuration, test your settings from the command line:
psql -h localhost -U postgres
psql -h my.postgres.server -U
If you get an error message from these commands, your permission settings restrict access from the location you're trying to connect from. Depending on whether you want to allow connections from that location, you might need to adjust your permissions.
For more details about server configuration parameters, consult the PostgreSQL Runtime Configuration documentation.
Create a database
You can set up a variety of PostgreSQL databases with the postgresql::server::db
defined type. For instance, to set up a database for PuppetDB:
class { 'postgresql::server':
}
postgresql::server::db { 'mydatabasename':
user => 'mydatabaseuser',
password => postgresql_password('mydatabaseuser', 'mypassword'),
}
Manage users, roles, and permissions
To manage users, roles, and permissions:
class { 'postgresql::server':
}
postgresql::server::role { 'marmot':
password_hash => postgresql_password('marmot', 'mypasswd'),
}
postgresql::server::database_grant { 'test1':
privilege => 'ALL',
db => 'test1',
role => 'marmot',
}
postgresql::server::table_grant { 'my_table of test2':
privilege => 'ALL',
table => 'my_table',
db => 'test2',
role => 'marmot',
}
This example grants all privileges on the test1 database and on the my_table
table of the test2 database to the specified user or group. After the values are added into the PuppetDB config file, this database would be ready for use.
Override defaults
The postgresql::globals
class allows you to configure the main settings for this module globally, so that other classes and defined resources can use them. By itself, it does nothing.
For example, to overwrite the default locale
and encoding
for all classes, use the following:
class { 'postgresql::globals':
encoding => 'UTF-8',
locale => 'en_US.UTF-8',
}
class { 'postgresql::server':
}
To use a specific version of the PostgreSQL package:
class { 'postgresql::globals':
manage_package_repo => true,
version => '9.2',
}
class { 'postgresql::server':
}
Manage remote users, roles, and permissions
Remote SQL objects are managed using the same Puppet resources as local SQL objects, along with a connect_settings
hash. This provides control over how Puppet connects to the remote Postgres instances and which version is used for generating SQL commands.
The connect_settings
hash can contain environment variables to control Postgres client connections, such as 'PGHOST', 'PGPORT', 'PGPASSWORD', and 'PGSSLKEY'. See the PostgreSQL Environment Variables documentation for a complete list of variables.
Additionally, you can specify the target database version with the special value of 'DBVERSION'. If the connect_settings
hash is omitted or empty, then Puppet connects to the local PostgreSQL instance.
You can provide a connect_settings
hash for each of the Puppet resources, or you can set a default connect_settings
hash in postgresql::globals
. Configuring connect_settings
per resource allows SQL objects to be created on multiple databases by multiple users.
$connection_settings_super2 = {
'PGUSER' => 'super2',
'PGPASSWORD' => 'foobar2',
'PGHOST' => '127.0.0.1',
'PGPORT' => '5432',
'PGDATABASE' => 'postgres',
}
include postgresql::server
# Connect with no special settings, i.e domain sockets, user postgres
postgresql::server::role { 'super2':
password_hash => 'foobar2',
superuser => true,
connect_settings => {},
}
# Now using this new user connect via TCP
postgresql::server::database { 'db1':
connect_settings => $connection_settings_super2,
require => Postgresql::Server::Role['super2'],
}
Create an access rule for pg_hba.conf
To create an access rule for pg_hba.conf
:
postgresql::server::pg_hba_rule { 'allow application network to access app database':
description => 'Open up PostgreSQL for access from 200.1.2.0/24',
type => 'host',
database => 'app',
user => 'app',
address => '200.1.2.0/24',
auth_method => 'md5',
}
This would create a ruleset in pg_hba.conf
similar to:
# Rule Name: allow application network to access app database
# Description: Open up PostgreSQL for access from 200.1.2.0/24
# Order: 150
host app app 200.1.2.0/24 md5
By default, pg_hba_rule
requires that you include postgresql::server
. However, you can override that behavior by setting target and postgresql_version when declaring your rule. That might look like the following:
postgresql::server::pg_hba_rule { 'allow application network to access app database':
description => 'Open up postgresql for access from 200.1.2.0/24',
type => 'host',
database => 'app',
user => 'app',
address => '200.1.2.0/24',
auth_method => 'md5',
target => '/path/to/pg_hba.conf',
postgresql_version => '9.4',
}
Create user name maps for pg_ident.conf
To create a user name map for the pg_ident.conf:
postgresql::server::pg_ident_rule { 'Map the SSL certificate of the backup server as a replication user':
map_name => 'sslrepli',
system_username => 'repli1.example.com',
database_username => 'replication',
}
This would create a user name map in pg_ident.conf
similar to:
#Rule Name: Map the SSL certificate of the backup server as a replication user
#Description: none
#Order: 150
sslrepli repli1.example.com replication
Create recovery configuration
To create the recovery configuration file (recovery.conf
):
postgresql::server::recovery { 'Create a recovery.conf file with the following defined parameters':
restore_command => 'cp /mnt/server/archivedir/%f %p',
archive_cleanup_command => undef,
recovery_end_command => undef,
recovery_target_name => 'daily backup 2015-01-26',
recovery_target_time => '2015-02-08 22:39:00 EST',
recovery_target_xid => undef,
recovery_target_inclusive => true,
recovery_target => 'immediate',
recovery_target_timeline => 'latest',
pause_at_recovery_target => true,
standby_mode => 'on',
primary_conninfo => 'host=localhost port=5432',
primary_slot_name => undef,
trigger_file => undef,
recovery_min_apply_delay => 0,
}
The above creates this recovery.conf
config file:
restore_command = 'cp /mnt/server/archivedir/%f %p'
recovery_target_name = 'daily backup 2015-01-26'
recovery_target_time = '2015-02-08 22:39:00 EST'
recovery_target_inclusive = true
recovery_target = 'immediate'
recovery_target_timeline = 'latest'
pause_at_recovery_target = true
standby_mode = 'on'
primary_conninfo = 'host=localhost port=5432'
recovery_min_apply_delay = 0
Only the specified parameters are recognized in the template. The recovery.conf
is only be created if at least one parameter is set and manage_recovery_conf is set to true.
Validate connectivity
To validate client connections to a remote PostgreSQL database before starting dependent tasks, use the postgresql_conn_validator
resource. You can use this on any node where the PostgreSQL client software is installed. It is often chained to other tasks such as starting an application server or performing a database migration.
Example usage:
postgresql_conn_validator { 'validate my postgres connection':
host => 'my.postgres.host',
db_username => 'mydbuser',
db_password => 'mydbpassword',
db_name => 'mydbname',
}->
exec { 'rake db:migrate':
cwd => '/opt/myrubyapp',
}
Reference
The postgresql module comes with many options for configuring the server. While you are unlikely to use all of the settings below, they provide a decent amount of control over your security settings.
Classes:
- postgresql::client
- postgresql::globals
- postgresql::lib::devel
- postgresql::lib::java
- postgresql::lib::perl
- postgresql::lib::python
- postgresql::server
- postgresql::server::plperl
- postgresql::server::contrib
- postgresql::server::postgis
Defined Types:
- postgresql::server::config_entry
- postgresql::server::database
- postgresql::server::database_grant
- postgresql::server::db
- postgresql::server::extension
- postgresql::server::grant
- postgresql::server::grant_role
- postgresql::server::pg_hba_rule
- postgresql::server::pg_ident_rule
- postgresql::server::recovery
- postgresql::server::role
- postgresql::server::schema
- postgresql::server::table_grant
- postgresql::server::tablespace
Types:
Functions:
Classes
postgresql::client
Installs PostgreSQL client software. Set the following parameters if you have a custom version you would like to install.
Note: Make sure to add any necessary yum or apt repositories if specifying a custom version.
package_ensure
Whether the PostgreSQL client package resource should be present.
Valid values: 'present', 'absent'.
Default value: 'present'.
package_name
Sets the name of the PostgreSQL client package.
Default value: 'file'.
postgresql::lib::docs
Installs PostgreSQL bindings for Postgres-Docs. Set the following parameters if you have a custom version you would like to install.
Note: Make sure to add any necessary yum or apt repositories if specifying a custom version.
package_name
Specifies the name of the PostgreSQL docs package.
package_ensure
Whether the PostgreSQL docs package resource should be present.
Valid values: 'present', 'absent'.
Default value: 'present'.
postgresql::globals
Note: Most server-specific defaults should be overridden in the postgresql::server
class. This class should be used only if you are using a non-standard OS, or if you are changing elements that can only be changed here, such as version
or manage_package_repo
.
bindir
Overrides the default PostgreSQL binaries directory for the target platform.
Default value: OS dependent.
client_package_name
Overrides the default PostgreSQL client package name.
Default value: OS dependent.
confdir
Overrides the default PostgreSQL configuration directory for the target platform.
Default value: OS dependent.
contrib_package_name
Overrides the default PostgreSQL contrib package name.
Default value: OS dependent.
createdb_path
Deprecated. Path to the createdb
command.
Default value: '${bindir}/createdb'.
datadir
Overrides the default PostgreSQL data directory for the target platform.
Default value: OS dependent.
Note: Changing the datadir after installation causes the server to come to a full stop before making the change. For Red Hat systems, the data directory must be labeled appropriately for SELinux. On Ubuntu, you must explicitly set needs_initdb = true
to allow Puppet to initialize the database in the new datadir (needs_initdb
defaults to true on other systems).
Warning: If datadir is changed from the default, Puppet does not manage purging of the original data directory, which causes it to fail if the data directory is changed back to the original.
default_database
Specifies the name of the default database to connect with.
Default value: 'postgres' (for most systems).
devel_package_name
Overrides the default PostgreSQL devel package name.
Default value: OS dependent.
docs_package_name
Optional.
Overrides the default PostgreSQL docs package name.
Default value: OS dependent.
encoding
Sets the default encoding for all databases created with this module. On certain operating systems, this is also used during the template1
initialization, so it becomes a default outside of the module as well.
Default value: Dependent on the operating system's default encoding.
group
Overrides the default postgres user group to be used for related files in the file system.
Default value: 'postgres'.
initdb_path
Path to the initdb
command.
java_package_name
Overrides the default PostgreSQL java package name.
Default value: OS dependent.
locale
Sets the default database locale for all databases created with this module. On certain operating systems, this is also used during the template1
initialization, so it becomes a default outside of the module as well.
Default value: undef
, which is effectively 'C'.
On Debian, you'll need to ensure that the 'locales-all' package is installed for full functionality of PostgreSQL.
timezone
Sets the default timezone of the postgresql server. The postgresql built-in default is taking the systems timezone information.
logdir
Overrides the default PostgreSQL log directory.
Default value: initdb's default path.
manage_package_repo
Sets up official PostgreSQL repositories on your host if set to true
.
Default value: false
.
module_workdir
Specifies working directory under which the psql command should be executed. May need to specify if '/tmp' is on volume mounted with noexec option.
Default value: '/tmp'.
needs_initdb
Explicitly calls the initdb operation after the server package is installed and before the PostgreSQL service is started.
Default value: OS dependent.
perl_package_name
Overrides the default PostgreSQL Perl package name.
Default value: OS dependent.
pg_hba_conf_defaults
Disables the defaults supplied with the module for pg_hba.conf
if set to false
. This is useful if you want to override the defaults. Be sure that your changes align with the rest of the module, as some access is required to perform some operations, such as basic psql
operations.
Default value: The globals value set in postgresql::globals::manage_pg_hba_conf
which defaults to true
.
pg_hba_conf_path
Specifies the path to your pg_hba.conf
file.
Default value: '${confdir}/pg_hba.conf'.
pg_ident_conf_path
Specifies the path to your pg_ident.conf
file.
Default value: '${confdir}/pg_ident.conf'.
plperl_package_name
Overrides the default PostgreSQL PL/Perl package name.
Default value: OS dependent.
plpython_package_name
Overrides the default PostgreSQL PL/Python package name.
Default value: OS dependent.
postgis_version
Defines the version of PostGIS to install, if you install PostGIS.
Default value: The lowest available with the version of PostgreSQL to be installed.
postgresql_conf_path
Sets the path to your postgresql.conf
file.
Default value: '${confdir}/postgresql.conf'.
psql_path
Sets the path to the psql
command.
python_package_name
Overrides the default PostgreSQL Python package name.
Default value: OS dependent.
recovery_conf_path
Path to your recovery.conf
file.
repo_proxy
Sets the proxy option for the official PostgreSQL yum-repositories only. This is useful if your server is behind a corporate firewall and needs to use proxy servers for outside connectivity.
Debian is currently not supported.
repo_baseurl
Sets the baseurl for the PostgreSQL repository. Useful if you host your own mirror of the repository.
Default value: The official PostgreSQL repository.
server_package_name
Overrides the default PostgreSQL server package name.
Default value: OS dependent.
service_name
Overrides the default PostgreSQL service name.
Default value: OS dependent.
service_provider
Overrides the default PostgreSQL service provider.
Default value: OS dependent.
service_status
Overrides the default status check command for your PostgreSQL service.
Default value: OS dependent.
user
Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system.
Default value: 'postgres'.
version
The version of PostgreSQL to install and manage.
Default value: OS system default.
xlogdir
Overrides the default PostgreSQL xlog directory.
Default value: initdb's default path.
####postgresql::lib::devel
Installs the packages containing the development libraries for PostgreSQL and symlinks pg_config
into /usr/bin
(if not in /usr/bin
or /usr/local/bin
).
link_pg_config
If the bin directory used by the PostgreSQL page is not /usr/bin
or /usr/local/bin
, symlinks pg_config
from the package's bin dir into usr/bin
(not applicable to Debian systems). Set to false
to disable this behavior.
Valid values: true
, false
.
Default value: true
.
package_ensure
Overrides the 'ensure' parameter during package installation.
Default value: 'present'.
package_name
Overrides the default package name for the distribution you are installing to.
Default value: 'postgresql-devel' or 'postgresql-devel' depending on your distro.
postgresql::lib::java
Installs PostgreSQL bindings for Java (JDBC). Set the following parameters if you have a custom version you would like to install.
Note: Make sure to add any necessary yum or apt repositories if specifying a custom version.
package_ensure
Specifies whether the package is present.
Valid values: 'present', 'absent'.
Default value: 'present'.
package_name
Specifies the name of the PostgreSQL java package.
postgresql::lib::perl
Installs the PostgreSQL Perl libraries.
package_ensure
Specifies whether the package is present.
Valid values: 'present', 'absent'.
Default value: 'present'.
package_name
Specifies the name of the PostgreSQL perl package to install.
postgresql::server::plpython
Installs the PL/Python procedural language for PostgreSQL.
package_name
Specifies the name of the postgresql PL/Python package.
package_ensure
Specifies whether the package is present.
Valid values: 'present', 'absent'.
Default value: 'present'.
postgresql::lib::python
Installs PostgreSQL Python libraries.
package_ensure
Specifies whether the package is present.
Valid values: 'present', 'absent'.
Default value: 'present'.
package_name
The name of the PostgreSQL Python package.
postgresql::server
createdb_path
Deprecated. Specifies the path to the createdb
command.
Default value: '${bindir}/createdb'.
default_database
Specifies the name of the default database to connect with. On most systems this is 'postgres'.
default_connect_settings
Specifies a hash of environment variables used when connecting to a remote server. Becomes the default for other defined-types. i.e. postgresql::server::role
encoding
Sets the default encoding for all databases created with this module. On certain operating systems this is also used during the template1
initialization, so it becomes a default outside of the module as well.
Default value: undef
.
group
Overrides the default postgres user group to be used for related files in the file system.
Default value: OS dependent default.
initdb_path
Specifies the path to the initdb
command.
Default value: '${bindir}/initdb'.
ipv4acls
Lists strings for access control for connection method, users, databases, IPv4 addresses;
see PostgreSQL documentation on pg_hba.conf
for information.
ipv6acls
Lists strings for access control for connection method, users, databases, IPv6 addresses.
see PostgreSQL documentation on pg_hba.conf
for information.
ip_mask_allow_all_users
Overrides PostgreSQL defaults for remote connections. By default, PostgreSQL does not allow database user accounts to connect via TCP from remote machines. If you'd like to allow this, you can override this setting.
Set to '0.0.0.0/0' to allow database users to connect from any remote machine, or '192.168.0.0/1' to allow connections from any machine on your local '192.168' subnet.
Default value: '127.0.0.1/32'.
ip_mask_deny_postgres_user
Specifies the IP mask from which remote connections should be denied for the postgres superuser.
Default value: '0.0.0.0/0', which denies any remote connection.
locale
Sets the default database locale for all databases created with this module. On certain operating systems this is used during the template1
initialization as well, so it becomes a default outside of the module.
Default value: undef
, which is effectively 'C'.
On Debian, you must ensure that the 'locales-all' package is installed for full functionality of PostgreSQL.
manage_pg_hba_conf
Whether to manage the pg_hba.conf
.
If set to true
, Puppet overwrites this file.
If set to false
, Puppet does not modify the file.
Valid values: true
, false
.
Default value: true
manage_pg_ident_conf
Overwrites the pg_ident.conf file.
If set to true
, Puppet overwrites the file.
If set to false
, Puppet does not modify the file.
Valid values: true
, false
.
Default value: true
.
manage_recovery_conf
Specifies whether or not manage the recovery.conf
.
If set to true
, Puppet overwrites this file.
Valid values: true
, false
.
Default value: false
.
needs_initdb
Explicitly calls the initdb
operation after server package is installed, and before the PostgreSQL service is started.
Default value: OS dependent.
package_ensure
Passes a value through to the package
resource when creating the server instance.
Default value: undef
.
package_name
Specifies the name of the package to use for installing the server software.
Default value: OS dependent.
pg_hba_conf_defaults
If false
, disables the defaults supplied with the module for pg_hba.conf
. This is useful if you disagree with the defaults and wish to override them yourself. Be sure that your changes of course align with the rest of the module, as some access is required to perform basic psql
operations for example.
pg_hba_conf_path
Specifies the path to your pg_hba.conf
file.
pg_ident_conf_path
Specifies the path to your pg_ident.conf
file.
Default value: '${confdir}/pg_ident.conf'.
plperl_package_name
Sets the default package name for the PL/Perl extension.
Default value: OS dependent.
plpython_package_name
Sets the default package name for the PL/Python extension.
Default value: OS dependent.
port
Specifies the port for the PostgreSQL server to listen on. Note: The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, changing the port causes the server to come to a full stop before being able to make the change.
Default value: 5432. Meaning the Postgres server listens on TCP port 5432.
postgres_password
Sets the password for the postgres user to your specified value. By default, this setting uses the superuser account in the Postgres database, with a user called postgres
and no password.
Default value: undef
.
postgresql_conf_path
Specifies the path to your postgresql.conf
file.
Default value: '${confdir}/postgresql.conf'.
psql_path
Specifies the path to the psql
command.
Default value: OS dependent.
service_manage
Defines whether or not Puppet should manage the service.
Default value: true
.
service_name
Overrides the default PostgreSQL service name.
Default value: OS dependent.
service_provider
Overrides the default PostgreSQL service provider.
Default value: undef
.
service_reload
Overrides the default reload command for your PostgreSQL service.
Default value: OS dependent.
service_restart_on_change
Overrides the default behavior to restart your PostgreSQL service when a config entry has been changed that requires a service restart to become active.
Default value: true
.
service_status
Overrides the default status check command for your PostgreSQL service.
Default value: OS dependent.
user
Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system.
Default value: 'postgres'.
postgresql::server::contrib
Installs the PostgreSQL contrib package.
package_ensure
Sets the ensure parameter passed on to PostgreSQL contrib package resource.
package_name
The name of the PostgreSQL contrib package.
postgresql::server::plperl
Installs the PL/Perl procedural language for postgresql.
package_ensure
The ensure parameter passed on to PostgreSQL PL/Perl package resource.
package_name
The name of the PostgreSQL PL/Perl package.
postgresql::server::postgis
Installs the PostgreSQL postgis packages.
Defined Types
postgresql::server::config_entry
Modifies your postgresql.conf
configuration file.
Each resource maps to a line inside the file, for example:
postgresql::server::config_entry { 'check_function_bodies':
value => 'off',
}
ensure
Removes an entry if set to 'absent'.
Valid values: 'present', 'absent'.
Default value: 'present'.
value
Defines the value for the setting.
postgresql::server::db
Creates a local database, user, and assigns necessary permissions.
comment
Defines a comment to be stored about the database using the PostgreSQL COMMENT command.
connect_settings
Specifies a hash of environment variables used when connecting to a remote server.
Default value: Connects to the local Postgres instance.
dbname
Sets the name of the database to be created.
Default value: the namevar.
encoding
Overrides the character set during creation of the database.
Default value: The default defined during installation.
grant
Specifies the permissions to grant during creation.
Default value: 'ALL'.
istemplate
Specifies that the database is a template, if set to true
.
Default value: false
.
locale
Overrides the locale during creation of the database.
Default value: The default defined during installation.
owner
Sets a user as the owner of the database.
Default value: '$user' variable set in postgresql::server
or postgresql::globals
.
password
Required Sets the password for the created user.
tablespace
Defines the name of the tablespace to allocate the created database to.
Default value: PostgreSQL default.
template
Specifies the name of the template database from which to build this database.
Defaults value: template0
.
user
User to create and assign access to the database upon creation. Mandatory.
postgresql::server::database
Creates a database with no users and no permissions.
dbname
Sets the name of the database.
Defaults value: The namevar.
encoding
Overrides the character set during creation of the database.
Default value: The default defined during installation.
istemplate
Defines the database as a template if set to true
.
Default value: false
.
locale
Overrides the locale during creation of the database.
Default value: The default defined during installation.
owner
Sets name of the database owner.
Default value: The '$user' variable set in postgresql::server
or postgresql::globals
.
tablespace
Sets tablespace for where to create this database.
Default value: The default defined during installation.
template
Specifies the name of the template database from which to build this database.
Default value: 'template0'.
postgresql::server::database_grant
Manages grant-based access privileges for users, wrapping the postgresql::server::database_grant
for database specific permissions. Consult the PostgreSQL documentation for grant
for more information.
connect_settings
Specifies a hash of environment variables used when connecting to a remote server.
Default value: Connects to the local Postgres instance.
db
Specifies the database to which you are granting access.
privilege
Specifies comma-separated list of privileges to grant.
Valid options: 'ALL', 'CREATE', 'CONNECT', 'TEMPORARY', 'TEMP'.
psql_db
Defines the database to execute the grant against.
This should not ordinarily be changed from the default
Default value: 'postgres'.
psql_user
Specifies the OS user for running psql
.
Default value: The default user for the module, usually 'postgres'.
role
Specifies the role or user whom you are granting access to.
postgresql::server::extension
Manages a PostgreSQL extension.
database
Specifies the database on which to activate the extension.
ensure
Specifies whether to activate or deactivate the extension.
Valid options: 'present' or 'absent'.
extension
Specifies the extension to activate. If left blank, uses the name of the resource.
package_name
Specifies a package to install prior to activating the extension.
package_ensure
Overrides default package deletion behavior.
By default, the package specified with package_name
is installed when the extension is activated and removed when the extension is deactivated. To override this behavior, set the ensure
value for the package.
postgresql::server::grant
Manages grant-based access privileges for roles. See PostgreSQL documentation for grant
for more information.
db
Specifies the database to which you are granting access.
object_type
Specifies the type of object to which you are granting privileges.
Valid options: 'DATABASE', 'SCHEMA', 'SEQUENCE', 'ALL SEQUENCES IN SCHEMA', 'TABLE' or 'ALL TABLES IN SCHEMA'.
object_name
Specifies name of object_type
to which to grant access.
port
Port to use when connecting.
Default value: undef
, which generally defaults to port 5432 depending on your PostgreSQL packaging.
privilege
Specifies the privilege to grant.
Valid options: 'ALL', 'ALL PRIVILEGES' or 'object_type' dependent string.
psql_db
Specifies the database to execute the grant against.
This should not ordinarily be changed from the default
Default value: 'postgres'.
psql_user
Sets the OS user to run psql
.
Default value: the default user for the module, usually 'postgres'.
role
Specifies the role or user whom you are granting access to.
postgresql::server::grant_role
Allows you to assign a role to a (group) role. See PostgreSQL documentation for Role Membership
for more information.
group
Specifies the group role to which you are assigning a role.
role
Specifies the role you want to assign to a group. If left blank, uses the name of the resource.
ensure
Specifies whether to grant or revoke the membership.
Valid options: 'present' or 'absent'.
Default value: 'present'.
port
Port to use when connecting.
Default value: undef
, which generally defaults to port 5432 depending on your PostgreSQL packaging.
psql_db
Specifies the database to execute the grant against.
This should not ordinarily be changed from the default
Default value: 'postgres'.
psql_user
Sets the OS user to run psql
.
Default value: the default user for the module, usually postgres
.
connect_settings
Specifies a hash of environment variables used when connecting to a remote server.
Default value: Connects to the local Postgres instance.
postgresql::server::pg_hba_rule
Allows you to create an access rule for pg_hba.conf
. For more details see the usage example and the PostgreSQL documentation.
address
Sets a CIDR based address for this rule matching when the type is not 'local'.
auth_method
Provides the method that is used for authentication for the connection that this rule matches. Described further in the PostgreSQL pg_hba.conf
documentation.
auth_option
For certain auth_method
settings there are extra options that can be passed. Consult the PostgreSQL pg_hba.conf
documentation for further details.
database
Sets a comma-separated list of databases that this rule matches.
description
Defines a longer description for this rule, if required. This description is placed in the comments above the rule in pg_hba.conf
.
Default value: 'none'.
Specifies a way to uniquely identify this resource, but functionally does nothing.
order
Sets an order for placing the rule in pg_hba.conf
.
Default value: 150.
postgresql_version
Manages pg_hba.conf
without managing the entire PostgreSQL instance.
Default value: the version set in postgresql::server
.
target
Provides the target for the rule, and is generally an internal only property.
Use with caution.
type
Sets the type of rule.
Valid options: 'local', 'host', 'hostssl' or 'hostnossl'.
user
Sets a comma-separated list of users that this rule matches.
postgresql::server::pg_ident_rule
Allows you to create user name maps for pg_ident.conf
. For more details see the usage example above and the PostgreSQL documentation.
database_username
Specifies the user name of the database user. The system_username
is mapped to this user name.
description
Sets a longer description for this rule if required. This description is placed in the comments above the rule in pg_ident.conf
.
Default value: 'none'.
map_name
Sets the name of the user map that is used to refer to this mapping in pg_hba.conf
.
order
Defines an order for placing the mapping in pg_ident.conf
.
Default value: 150.
system_username
Specifies the operating system user name (the user name used to connect to the database).
target
Provides the target for the rule and is generally an internal only property.
Use with caution.
postgresql::server::recovery
Allows you to create the content for recovery.conf
. For more details see the usage example and the PostgreSQL documentation.
Every parameter value is a string set in the template except recovery_target_inclusive
, pause_at_recovery_target
, standby_mode
and recovery_min_apply_delay
.
A detailed description of all listed parameters can be found in the PostgreSQL documentation.
The parameters are grouped into these three sections:
Archive Recovery Parameters
restore_command
archive_cleanup_command
recovery_end_command
Recovery Target Settings
recovery_target_name
recovery_target_time
recovery_target_xid
recovery_target_inclusive
recovery_target
recovery_target_timeline
pause_at_recovery_target
Standby Server Settings
standby_mode
: Can be specified with the string ('on'/'off'), or by using a Boolean value (true
/false
).primary_conninfo
primary_slot_name
trigger_file
recovery_min_apply_delay
target
Provides the target for the rule, and is generally an internal only property.
Use with caution.
postgresql::server::role
Creates a role or user in PostgreSQL.
connection_limit
Specifies how many concurrent connections the role can make.
Default value: '-1', meaning no limit.
connect_settings
Specifies a hash of environment variables used when connecting to a remote server.
Default value: Connects to the local Postgres instance.
createdb
Specifies whether to grant the ability to create new databases with this role.
Default value: false
.
createrole
Specifies whether to grant the ability to create new roles with this role.
Default value: false
.
inherit
Specifies whether to grant inherit capability for the new role.
Default value: true
.
login
Specifies whether to grant login capability for the new role.
Default value: true
.
password_hash
Sets the hash to use during password creation. If the password is not already pre-encrypted in a format that PostgreSQL supports, use the postgresql_password
function to provide an MD5 hash here, for example:
update_password
If set to true, updates the password on changes. Set this to false to not modify the role's password after creation.
postgresql::server::role { 'myusername':
password_hash => postgresql_password('myusername', 'mypassword'),
}
replication
Provides provides replication capabilities for this role if set to true
.
Default value: false
.
superuser
Specifies whether to grant super user capability for the new role.
Default value: false
.
username
Defines the username of the role to create.
Default value: the namevar.
postgresql::server::schema
Creates a schema.
connect_settings
Specifies a hash of environment variables used when connecting to a remote server.
Default value: Connects to the local Postgres instance.
db
Required.
Sets the name of the database in which to create this schema.
owner
Sets the default owner of the schema.
schema
Sets the name of the schema.
Default value: the namevar.
postgresql::server::table_grant
Manages grant-based access privileges for users. Consult the PostgreSQL documentation for grant
for more information.
connect_settings
Specifies a hash of environment variables used when connecting to a remote server.
Default value: Connects to the local Postgres instance.
db
Specifies which database the table is in.
privilege
Specifies comma-separated list of privileges to grant. Valid options: 'ALL', 'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER'.
psql_db
Specifies the database to execute the grant against.
This should not ordinarily be changed from the default.
Default value: 'postgres'.
psql_user
Specifies the OS user for running psql
.
Default value: The default user for the module, usually 'postgres'.
role
Specifies the role or user to whom you are granting access.
table
Specifies the table to which you are granting access.
postgresql::server::tablespace
Creates a tablespace. If necessary, also creates the location and assigns the same permissions as the PostgreSQL server.
connect_settings
Specifies a hash of environment variables used when connecting to a remote server.
Default value: Connects to the local Postgres instance.
location
Specifies the path to locate this tablespace.
owner
Specifies the default owner of the tablespace.
spcname
Specifies the name of the tablespace.
Default value: the namevar.
Types
postgresql_psql
Enables Puppet to run psql statements.
command
Required.
Specifies the SQL command to execute via psql.
cwd
Specifies the working directory under which the psql command should be executed.
Default value: '/tmp'.
db
Specifies the name of the database to execute the SQL command against.
environment
Specifies any additional environment variables you want to set for a SQL command. Multiple environment variables should be specified as an array.
name
Sets an arbitrary tag for your own reference; the name of the message. This is the namevar.
onlyif
Sets an optional SQL command to execute prior to the main command. This is generally intended to be used for idempotency, to check for the existence of an object in the database to determine whether or not the main SQL command needs to be executed at all.
port
Specifies the port of the database server to execute the SQL command against.
psql_group
Specifies the system user group account under which the psql command should be executed.
Default value: 'postgres'.
psql_path
Specifies the path to psql executable.
Default value: 'psql'.
psql_user
Specifies the system user account under which the psql command should be executed.
Default value: 'postgres'.
refreshonly
Specifies whether to execute the SQL only if there is a notify or subscribe event.
Valid values: true
, false
.
Default value: false
.
search_path
Defines the schema search path to use when executing the SQL command.
unless
The inverse of onlyif
.
postgresql_conf
Allows Puppet to manage postgresql.conf
parameters.
name
Specifies the PostgreSQL parameter name to manage.
This is the namevar.
target
Specifies the path to postgresql.conf
.
Default value: '/etc/postgresql.conf'.
value
Specifies the value to set for this parameter.
postgresql_replication_slot
Allows you to create and destroy replication slots to register warm standby replication on a PostgreSQL master server.
name
Specifies the name of the slot to create. Must be a valid replication slot name.
This is the namevar.
postgresql_conn_validator
Validate the connection to a local or remote PostgreSQL database using this type.
connect_settings
Specifies a hash of environment variables used when connecting to a remote server. This is an alternative to providing individual parameters (host
, etc). If provided, the individual parameters take precedence.
Default value: {}
db_name
Specifies the name of the database you wish to test.
Default value: ''
db_password
Specifies the password to connect with. Can be left blank if .pgpass
is being used, otherwise not recommended.
Default value: ''
db_username
Specifies the username to connect with.
Default value: ''
When using a Unix socket and ident auth, this is the user you are running as.
command
This is the command run against the target database to verify connectivity.
Default value: 'SELECT 1'
host
Sets the hostname of the database you wish to test.
Default value: '', which generally uses the designated local Unix socket.
If the host is remote you must provide a username.
port
Defines the port to use when connecting.
Default value: ''
run_as
Specifies the user to run the psql
command as. This is important when trying to connect to a database locally using Unix sockets and ident
authentication. Not needed for remote testing.
sleep
Sets the number of seconds to sleep for before trying again after a failure.
tries
Sets the number of attempts after failure before giving up and failing the resource.
Functions
postgresql_password
Generates a PostgreSQL encrypted password, use postgresql_password
. Call it from the command line and then copy and paste the encrypted password into your manifest:
puppet apply --execute 'notify { 'test': message => postgresql_password('username', 'password') }'
Alternatively, you can call this from your production manifests, but the manifests will then contain a clear text version of your passwords.
postgresql_acls_to_resources_hash(acl_array, id, order_offset)
This internal function converts a list of pg_hba.conf
based ACLs (passed in as an array of strings) to a format compatible with the postgresql::pg_hba_rule
resource.
This function should only be used internally by the module.
Limitations
Works with versions of PostgreSQL from 8.1 through 9.5.
Currently, the postgresql module is tested on the following operating systems:
- Debian 6.x, 7.x, 8.x.
- CentOS 5.x, 6.x, and 7.x.
- Ubuntu 10.04 and 12.04, 14.04.
Other systems might be compatible, but are not being actively tested.
Apt module support
While this module supports both 1.x and 2.x versions of the 'puppetlabs-apt' module, it does not support 'puppetlabs-apt' 2.0.0 or 2.0.1.
PostGIS support
PostGIS is currently considered an unsupported feature, as it doesn't work on all platforms correctly.
All versions of RHEL/CentOS
If you have SELinux enabled you must add any custom ports you use to the postgresql_port_t
context. You can do this as follows:
semanage port -a -t postgresql_port_t -p tcp $customport
Development
Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad hardware, software, and deployment configurations that Puppet is intended to serve. We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. For more information, see our module contribution guide.
Tests
There are two types of tests distributed with this module. Unit tests with rspec-puppet
and system tests using rspec-system
.
For unit testing, make sure you have:
- rake
- bundler
Install the necessary gems:
bundle install --path=vendor
And then run the unit tests:
bundle exec rake spec
The unit tests are run in Travis-CI as well. If you want to see the results of your own tests, register the service hook through Travis-CI via the accounts section for your GitHub clone of this project.
To run the system tests, make sure you also have:
- Vagrant > 1.2.x
- VirtualBox > 4.2.10
Then run the tests using:
bundle exec rspec spec/acceptance
To run the tests on different operating systems, see the sets available in .nodeset.yml
and run the specific set with the following syntax:
RSPEC_SET=debian-607-x64 bundle exec rspec spec/acceptance
Contributors
View the full list of contributors on Github.
Supported Release 4.9.0
Summary
This release adds several types and, among other bugs, fixes an issue with the yum URL.
Features
- Modifying ownership of databases and schemas now available (MODULES-3247)
- Use
module_workdir
to specify a custom directory in which to execute psql commands grant_role
andgrant
types added!- Support for parallel unit testing (parallel_tests)
- Override download/installation repo URL with
repo_baseurl
- Set your timezone with
timezone
- Grant privileges on LANGUAGEs
- Added support for Debian Stretch and Ubuntu Yakkety Yak
Bugfixes
- Usernames and passwords are now converted to strings before password hash is created
- Specify default database name if it is not the username
- Update to yum repo
- Schema name conflicts fix
Supported Release 4.8.0
Summary
This release primarily fixes an issue with postgresql_conf
values of ipaddresses being considered floats and not getting quoted.
Features
- Add
default_connect_settings
parameter topostgresql::server
- Running under strict variables is now supported
- Add timestamps into logs by default
Bugfixes
- Obscure password in postgresql_psql type
- Fix ip address quoting in postgresql_conf type
- Fix handling of systemd service on Ubuntu
- Mark log_min_duration_statement setting as requiring a service restart
- Add fixes for Fedora 23, Fedora 24, FreeBSD, OpenBSD
- Fix environment handling to avoid "Overriding environment setting" message
- Work around PUP-6385, using empty arrays instead of undef when specifying resource relationships
- README editorial pass
- Reduce whitespace in templates
- Update build/test infrastructure
Supported Release 4.7.1
Summary
This release contains some bugfixes and documentation updates.
Bugfixes
- (MODULES-3024) Quote database objects when creating databases.
- Properly escape case where password ends with '$'.
- Fixes password change when postgres is configure to non-standard port.
- Unpins concat dependency to be able to use concat 2.x.
- Workaround to fix installing on Amazon Linux.
- Fixes proper defaulting of
$service_provider
parameter. - Fixes postgres server init script naming on Amazon Linux.
- Fixes service reload parameter on Arch Linux.
- Adds missing onlyif_function to sequence grant code.
- Fixes to the markdown of the README.
Supported Release 4.7.0
Summary
A release with a considerable amount of new features, including remote db support and several platform support updates. Various bugfixes including several to address warnings and a sizable README update.
Features
- Remote DB support - Connection-settings allows a hash of options that can be used when connecting to a remote DB.
- Debian 8 support.
- Updated systemd-override to support fedora and CentOS paths.
- Adds the ability to define the extension name separately from the title of the resource, which allows you to add the extension to more than one database.
- Added parameter to disable automatic service restarts on config changes.
- Ubuntu 15.10 compatibility.
- OpenBSD version is now 9.4.
- Added .gitattributes to maintain line endings for .sh and .rb files.
- Adds default postgis version for 9.5.
- Allows float postgresql_conf values.
- Schedule apt update after install of repo.
Bugfixes
- Fixed systemd-override for RedHat systems with unmanaged Yum repos.
- Removed inherits postgresql::params.
- Multi-node tests are now not ran by default.
- Change apt::pin to apt_postgresql_org to prevent error message.
- Removed syntax error near UTF8.
- Removal of extra blanks and backslashes in README.
- Double quotes now used around database name to prevent syntax error.
- Removes ruby 1.8.7 and puppet 2.7 from travis-ci jobs.
- Fixed paths to work on Amazon Linux.
- Fixed quotes around locale options.
- Huge README update.
- Update to use current msync configs.
- Fixes postgresql::server acceptance test descriptions.
Supported Release 4.6.1
###Summary
Small release for support of newer PE versions. This increments the version of PE in the metadata.json file.
2015-09-01 - Supported Release 4.6.0
Summary
This release adds a proxy feature for yum, Postgis improvements, and decoupling pg_hba_rule from postgresql::server.
Features
- Support setting a proxy for yum operations
- Allow for undefined PostGIS version
- Decouple pg_hba_rule from postgresql::server
Bugfixes
- Fix postgis default package name on RedHat
2015-07-27 - Supported Release 4.5.0
Summary
This release adds sequence grants, some postgresql 9.4 fixes, and onlyif
to
the psql resource.
Features
- Add
onlyif
parameter topostgresql_psql
- Add unsupported compatibility with Ubuntu 15.04
- Add unsupported compatibility with SLES 11/12 and OpenSuSE 13.2
- Add
postgresql::server::grant::onlyif_exists
attribute - Add
postgresql::server::table_grant::onlyif_exists
attribute - Add granting permissions on sequences
Bugfixes
- Added docs for
postgresql::server::grant
- Fix
pg_hba_conf_defaults => false
to not disable ipv4/ipv6 acls - Fix 9.4 for
postgresql::server::pg_hba_rule
2015-07-07 - Supported Release 4.4.2
Summary
This release fixes a bug introduced in 4.4.0.
Bugfixes
- Fixes
withenv
execution under Puppet 2.7. (MODULES-2185)
2015-07-01 - Supported Release 4.4.1
Summary
This release fixes RHEL 7 & Fedora with manage_package_repo switched on.
Bugfixes
- Ensure manage_package_repo variable is in scope for systemd-override file for RHEL7
2015-06-30 - Supported Release 4.4.0
Summary
This release has several new features, bugfixes, and test improvements.
Features
- Adds a resource to manage recovery.conf.
- Adds a parameter that allows the specification of a validate connection script in
postgresql::client
. - Adds support for plpython package management.
- Adds support for postgresql-docs management.
- Adds ability to make
postgresql::server::schema
titles unique. (MODULES-2049) - Updates puppetlabs-apt module dependency to support version 2.1.0.
Bugfixes
- Fix
postgresql_psql
parameter ordering to work on OpenBSD with Future Parser - Fix setting postgres role password (MODULES-1869)
- Fix execution command with puppet <3.4 (MODULES-1923)
- Fix Puppet.newtype deprecation warning (MODULES-2007)
- Fix systemd override for manage_repo package versions
- Fix Copy snakeoil certificate and key instead of symlinking
Test Improvements
- Allows setting BEAKER and BEAKER_RSPEC versions via environment variables.
- Enables Unit testing on Travis CI with Puppet 4.
- Cleans up spec_helper_acceptance.rb to use new puppet_install_helper gem.
2015-03-24 - Supported Release 4.3.0
Summary
This release fixes compatibility with Puppet 4 and removes opportunities for local users to view the postgresql password. It also adds a new custom resource to aid in managing replication.
Features
- Add
postgresql::server::logdir
parameter to manage the logdir - Add
environment
parameter topostgresql_psql
- Add
postgresql_replication_slot
custom resource
Bugfixes
- Fix for Puppet 4
- Don't print postgresql_psql password in command
- Allow
postgresql::validate_db_connection
for more than one host+port+database combo - Fix service command on Debian 8 and up
- Fix
postgresql::server::extension
to work with custom user/group/port - Fix
postgresql::server::initdb
to work with custom user/group/port - Fix changing template1 encoding
- Fix default
postgresql::server::grant::object_name
value - Fix idempotency of granting all tables in schema with
puppet::server::grant
- Fix lint warnings
- Fix apt key to use 40 character key and bump puppetlabs-apt to >= 1.8.0 < 2.0.0
##2015-03-10 - Supported Release 4.2.0 ###Summary
This release has several new features including support for server extensions, improved grant support, and a number of bugfixes.
####Features
- Changes to support OpenBSD
- Add
service_reload
parameter topostgresql::server
- Add
comment
parameter topostgresql::server::database
(MODULES-1153) - Add
postgresql::server::extension
defined type - Add postgresql versions for utopic and jessie
- Update
postgresql::server::grant
to support 'GRANT SCHEMA' and 'ALL TABLES IN SCHEMA'
####Bugfixes
- Lint cleanup
- Remove outdated upgrade info from README
- Use correct TCP port when checking password
- Create role before database
- Fix template1 encoding on Debian
- Require server package before user permissions
- Fix
service_status
default for FreeBSD to allow PostgreSQL to start the first run - Fix invalid US-ASCII byte sequence in
postgresql::server::grant
comments - Reverted to default behavior for Debian systems as
pg_config
should not be overwritten (MODULES-1485)
##2014-11-04 - Supported Release 4.1.0 ###Summary
This release adds the ability to change the PGDATA directory, and also includes documentation and test updates, future parser support, and a few other new features.
####Features
- Future parser support
- Documentation updates
- Test updates
- Add a link from
/etc/sysconfig/pgsql/postgresql-${version}
to/etc/sysconfig/pgsql/postgresql
to support init scripts from the postgresql.org repo - Add support for changing the PGDATA directory
- Set default versions for Fedora 21 and FreeBSD
##2014-09-03 - Supported Release 4.0.0 ###Summary
This release removes the uninstall ability from the module, removes the firewall management, overhauls all of the acceptance testing, as well as adds better support for SuSE and Fedora.
###Backwards Incompatible changes.
- Uninstall code removal.
- Firewall management for Postgres.
- Set manage_pg_ident_conf to true.
####Uninstallation removal
We rely heavily on the ability to uninstall and reinstall postgres throughout our testing code, testing features like "can I move from the distribution packages to the upstream packages through the module" and over time we've learnt that the uninstall code simply doesn't work a lot of the time. It leaves traces of postgres behind or fails to remove certain packages on Ubuntu, and generally causes bits to be left on your system that you didn't expect.
When we then reinstall things fail because it's not a true clean slate, and this causes us enormous problems during test. We've spent weeks and months working on these tests and they simply don't hold up well across the full range of PE platforms.
Due to all these problems we've decided to take a stance on uninstalling in general. We feel that in 2014 it's completely reasonable and normal to have a good provisioning pipeline combined with your configuration management and the "correct" way to uninstall a fully installed service like postgresql is to simply reprovision the server without it in the first place. As a general rule this is how I personally like to work and I think is a good practice.
####I'm not OK with this!
We understand that there are environments and situations in which it's not easy to do that. What if you accidently deployed Postgres on 100,000 nodes? In the future we're going to take a look at building some example 'profiles' to be found under examples/ within this module that can uninstall postgres on popular platforms. These can be modified and used in your specific case to uninstall postgresql. They will be much more brute force and reliant on deleting entire directories and require you to do more work up front in specifying where things are installed but we think it'll prove to be a much cleaner mechanism for this kind of thing rather than trying to weave it into the main module logic itself.
####Features
- Removal of uninstall.
- Removal of firewall management.
- Tests ported to rspec3.
- Acceptance tests rewritten.
- Add a defined type for creating database schemas.
- Add a pg_ident_rule defined type.
- Set manage_pg_ident_conf to true.
- Manage pg_ident.conf by default.
- Improve selinux support for tablespace.
- Remove deprecation warnings.
- Support changing PGDATA on RedHat.
- Add SLES 11 support.
####Bugfixes
- Link pg_config binary into /usr/bin.
- Fix fedora support by using systemd.
- Initdb should create xlogdir if set.
- Use a regular expression to match the major OS version on Ubuntu.
##2014-07-31 - Supported Release 3.4.2 ###Summary
This release fixes recent Fedora versions.
####Features ####Bugfixes
- Fix Fedora.
##2014-07-15 - Supported Release 3.4.1 ###Summary
This release merely updates metadata.json so the module can be uninstalled and upgraded via the puppet module command.
##2014-04-14 - Supported Release 3.4.0 ###Summary
This feature rolls up several important features, the biggest being PostGIS
handling and allowing port
to be set on postgresql::server in order to
change the port that Postgres listens on. We've added support for RHEL7
and Ubuntu 14.04, as well as allowing you to manage the service via
service_ensure
finally.
####Features
- Added
perl_package_name
for installing bindings. - Added
service_ensure
for allowing control of services. - Added
postgis_version
and postgis class for installing postgis. - Added
port
for selecting the port Postgres runs on. - Add support for RHEL7 and Ubuntu 14.04.
- Add
default_db
to postgresql::server::database. - Widen the selection of unquoted parameters in postgresql_conf{}
- Require the service within postgresql::server::reload for RHEL7.
- Add
inherit
to postgresql::server::role.
####Bugfixes
##2014-03-04 - Supported Release 3.3.3 ###Summary
This is a supported release. This release removes a testing symlink that can cause trouble on systems where /var is on a seperate filesystem from the modulepath.
####Features ####Bugfixes ####Known Bugs
- SLES is not supported.
##2014-03-04 - Supported Release 3.3.2 ###Summary This is a supported release. It fixes a problem with updating passwords on postgresql.org distributed versions of PostgreSQL.
####Bugfixes
- Correct psql path when setting password on custom versions.
- Documentation updates
- Test updates
####Known Bugs
- SLES is not supported.
##2014-02-12 - Version 3.3.1 ####Bugfix:
- Allow dynamic rubygems host
##2014-01-28 - Version 3.3.0
###Summary
This release rolls up a bunch of bugfixes our users have found and fixed for us over the last few months. This improves things for 9.1 users, and makes this module usable on FreeBSD.
This release is dedicated to 'bma', who's suffering with Puppet 3.4.1 issues thanks to Puppet::Util::SUIDManager.run_and_capture.
####Features
- Add lc_ config entry settings
- Can pass template at database creation.
- Add FreeBSD support.
- Add support for customer
xlogdir
parameter. - Switch tests from rspec-system to beaker. (This isn't really a feature)
####Bugfixes
- Properly fix the deprecated Puppet::Util::SUIDManager.run_and_capture errors.
- Fix NOREPLICATION option for Postgres 9.1
- Wrong parameter name: manage_pg_conf -> manage_pg_hba_conf
- Add $postgresql::server::client_package_name, referred to by install.pp
- Add missing service_provider/service_name descriptions in ::globals.
- Fix several smaller typos/issues throughout.
- Exec['postgresql_initdb'] needs to be done after $datadir exists
- Prevent defined resources from floating in the catalog.
- Fix granting all privileges on a table.
- Add some missing privileges.
- Remove deprecated and unused concat::fragment parameters.
##2013-11-05 - Version 3.2.0
###Summary
Add's support for Ubuntu 13.10 (and 14.04) as well as x, y, z.
####Features
- Add versions for Ubuntu 13.10 and 14.04.
- Use default_database in validate_db_connection instead of a hardcoded 'postgres'
- Add globals/params layering for default_database.
- Allow specification of default database name.
####Bugs
- Fixes to the README.
##2013-10-25 - Version 3.1.0
###Summary
This is a minor feature and bug fix release.
Firstly, the postgresql_psql type now includes a new parameter search_path
which is equivalent to using set search_path
which allows you to change the default schema search path.
The default version of Fedora 17 has now been added, so that Fedora 17 users can enjoy the module.
And finally we've extended the capabilities of the defined type postgresql::validate_db_connection so that now it can handle retrying and sleeping between retries. This feature has been monopolized to fix a bug we were seeing with startup race conditions, but it can also be used by remote systems to 'wait' for PostgreSQL to start before their Puppet run continues.
####Features
- Defined $default_version for Fedora 17 (Bret Comnes)
- add search_path attribute to postgresql_psql resource (Jeremy Kitchen)
- (GH-198) Add wait and retry capability to validate_db_connection (Ken Barber)
####Bugs
- enabling defined postgres user password without resetting on every puppet run (jonoterc)
- periods are valid in configuration variables also (Jeremy Kitchen)
- Add zero length string to join() function (Jarl Stefansson)
- add require of install to reload class (cdenneen)
- (GH-198) Fix race condition on postgresql startup (Ken Barber)
- Remove concat::setup for include in preparation for the next concat release (Ken Barber)
##2013-10-14 - Version 3.0.0
Final release of 3.0, enjoy!
##2013-10-14 - Version 3.0.0-rc3
###Summary
Add a parameter to unmanage pg_hba.conf to fix a regression from 2.5, as well as allowing owner to be passed into x.
####Features
manage_pg_hba_conf
parameter added to control pg_hba.conf management.owner
parameter added to server::db.
##2013-10-09 - Version 3.0.0-rc2
###Summary
A few bugfixes have been found since -rc1.
####Fixes
- Special case for $datadir on Amazon
- Fix documentation about username/password for the postgresql_hash function
##2013-10-01 - Version 3.0.0-rc1
###Summary
Version 3 was a major rewrite to fix some internal dependency issues, and to make the new Public API more clear. As a consequence a lot of things have changed for version 3 and older revisions that we will try to outline here.
(NOTE: The format of this CHANGELOG differs to normal in an attempt to explain the scope of changes)
- Server specific objects now moved under
postgresql::server::
namespace:
To restructure server specific elements under the postgresql::server::
namespaces the following objects were renamed as such:
postgresql::database
-> postgresql::server::database
postgresql::database_grant
-> postgresql::server::database_grant
postgresql::db
-> postgresql::server::db
postgresql::grant
-> postgresql::server::grant
postgresql::pg_hba_rule
-> postgresql::server::pg_hba_rule
postgresql::plperl
-> postgresql::server::plperl
postgresql::contrib
-> postgresql::server::contrib
postgresql::role
-> postgresql::server::role
postgresql::table_grant
-> postgresql::server::table_grant
postgresql::tablespace
-> postgresql::server::tablespace
- New
postgresql::server::config_entry
resource for managing configuration:
Previously we used the file_line
resource to modify postgresql.conf
. This
new revision now adds a new resource named postgresql::server::config_entry
for managing this file. For example:
postgresql::server::config_entry { 'check_function_bodies':
value => 'off',
}
If you were using file_line
for this purpose, you should change to this new
methodology.
postgresql_puppet_extras.conf
has been removed:
Now that we have a methodology for managing postgresql.conf
, and due to
concerns over the file management methodology using an exec { 'touch ...': }
as a way to create an empty file the existing postgresql_puppet_extras.conf
file is no longer managed by this module.
If you wish to recreate this methodology yourself, use this pattern:
class { 'postgresql::server': }
$extras = "/tmp/include.conf"
file { $extras:
content => 'max_connections = 123',
notify => Class['postgresql::server::service'],
}->
postgresql::server::config_entry { 'include':
value => $extras,
}
- All uses of the parameter
charset
changed toencoding
:
Since PostgreSQL uses the terminology encoding
not charset
the parameter
has been made consisent across all classes and resources.
- The
postgresql
base class is no longer how you set globals:
The old global override pattern was less then optimal so it has been fixed,
however we decided to demark this properly by specifying these overrides in
the class postgresql::global
. Consult the documentation for this class now
to see what options are available.
Also, some parameter elements have been moved between this and the
postgresql::server
class where it made sense.
config_hash
parameter collapsed for thepostgresql::server
class:
Because the config_hash
was really passing data through to what was in
effect an internal class (postgresql::config
). And since we don't want this
kind of internal exposure the parameters were collapsed up into the
postgresql::server
class directly.
- Lots of changes to 'private' or 'undocumented' classes:
If you were using these before, these have changed names. You should only use what is documented in this README.md, and if you don't have what you need you should raise a patch to add that feature to a public API. All internal classes now have a comment at the top indicating them as private to make sure the message is clear that they are not supported as Public API.
pg_hba_conf_defaults
parameter included to turn off default pg_hba rules:
The defaults should be good enough for most cases (if not raise a bug) but if you simply need an escape hatch, this setting will turn off the defaults. If you want to do this, it may affect the rest of the module so make sure you replace the rules with something that continues operation.
postgresql::database_user
has now been removed:
Use postgresql::server::role
instead.
postgresql::psql
resource has now been removed:
Use postgresql_psql
instead. In the future we may recreate this as a wrapper
to add extra capability, but it will not match the old behaviour.
postgresql_default_version
fact has now been removed:
It didn't make sense to have this logic in a fact any more, the logic has been
moved into postgresql::params
.
ripienaar/concat
is no longer used, instead we usepuppetlabs/concat
:
The older concat module is now deprecated and moved into the
puppetlabs/concat
namespace. Functionality is more or less identical, but
you may need to intervene during the installing of this package - as both use
the same concat
namespace.
##2013-09-09 Release 2.5.0
###Summary
The focus of this release is primarily to capture the fixes done to the types and providers to make sure refreshonly works properly and to set the stage for the large scale refactoring work of 3.0.0.
####Features
####Bugfixes
- Use boolean for refreshonly.
- Fix postgresql::plperl documentation.
- Add two missing parameters to config::beforeservice
- Style fixes
##2013-08-01 Release 2.4.1
###Summary
This minor bugfix release solves an idempotency issue when using plain text passwords for the password_hash parameter for the postgresql::role defined type. Without this, users would continually see resource changes everytime your run Puppet.
####Bugfixes
- Alter role call not idempotent with cleartext passwords (Ken Barber)
##2013-07-19 Release 2.4.0
###Summary
This updates adds the ability to change permissions on tables, create template
databases from normal databases, manage PL-Perl's postgres package, and
disable the management of pg_hba.conf
.
####Features
- Add
postgresql::table_grant
defined resource - Add
postgresql::plperl
class - Add
manage_pg_hba_conf
parameter to thepostgresql::config
class - Add
istemplate
parameter to thepostgresql::database
define
####Bugfixes
- Update
postgresql::role
class to be able to update roles when modified instead of only on creation. - Update tests
- Fix documentation of
postgresql::database_grant
##2.3.0
This feature release includes the following changes:
- Add a new parameter
owner
to thedatabase
type. This can be used to grant ownership of a new database to a specific user. (Bruno Harbulot) - Add support for operating systems other than Debian/RedHat, as long as the user supplies custom values for all of the required paths, package names, etc. (Chris Price)
- Improved integration testing (Ken Barber)
##2.2.1
This release fixes a bug whereby one of our shell commands (psql) were not ran from a globally accessible directory. This was causing permission denied errors when the command attempted to change user without changing directory.
Users of previous versions might have seen this error:
Error: Error executing SQL; psql returned 256: 'could not change directory to "/root"
This patch should correct that.
Detail Changes
- Set /tmp as default CWD for postgresql_psql
##2.2.0
This feature release introduces a number of new features and bug fixes.
First of all it includes a new class named postgresql::python
which provides you with a convenient way of install the python Postgresql client libraries.
class { 'postgresql::python':
}
You are now able to use postgresql::database_user
without having to specify a password_hash, useful for different authentication mechanisms that do not need passwords (ie. cert, local etc.).
We've also provided a lot more advanced custom parameters now for greater control of your Postgresql installation. Consult the class documentation for PuppetDB in the README.
This release in particular has largely been contributed by the community members below, a big thanks to one and all.
Detailed Changes
- Add support for psycopg installation (Flaper Fesp and Dan Prince)
- Added default PostgreSQL version for Ubuntu 13.04 (Kamil Szymanski)
- Add ability to create users without a password (Bruno Harbulot)
- Three Puppet 2.6 fixes (Dominic Cleal)
- Add explicit call to concat::setup when creating concat file (Dominic Cleal)
- Fix readme typo (Jordi Boggiano)
- Update postgres_default_version for Ubuntu (Kamil Szymanski)
- Allow to set connection for noew role (Kamil Szymanski)
- Fix pg_hba_rule for postgres local access (Kamil Szymanski)
- Fix versions for travis-ci (Ken Barber)
- Add replication support (Jordi Boggiano)
- Cleaned up and added unit tests (Ken Barber)
- Generalization to provide more flexability in postgresql configuration (Karel Brezina)
- Create dependent directory for sudoers so tests work on Centos 5 (Ken Barber)
- Allow SQL commands to be run against a specific DB (Carlos Villela)
- Drop trailing comma to support Puppet 2.6 (Michael Arnold)
##2.1.1
This release provides a bug fix for RHEL 5 and Centos 5 systems, or specifically systems using PostgreSQL 8.1 or older. On those systems one would have received the error:
Error: Could not start Service[postgresqld]: Execution of ‘/sbin/service postgresql start’ returned 1:
And the postgresql log entry:
FATAL: unrecognized configuration parameter "include"
This bug is due to a new feature we had added in 2.1.0, whereby the include
directive in postgresql.conf
was not compatible. As a work-around we have added checks in our code to make sure systems running PostgreSQL 8.1 or older do not have this directive added.
Detailed Changes
2013-01-21 - Ken Barber ken@bob.sh
- Only install
include
directive and included file on PostgreSQL >= 8.2 - Add system tests for Centos 5
##2.1.0
This release is primarily a feature release, introducing some new helpful constructs to the module.
For starters, we've added the line include 'postgresql_conf_extras.conf'
by default so extra parameters not managed by the module can be added by other tooling or by Puppet itself. This provides a useful escape-hatch for managing settings that are not currently managed by the module today.
We've added a new defined resource for managing your tablespace, so you can now create new tablespaces using the syntax:
postgresql::tablespace { 'dbspace':
location => '/srv/dbspace',
}
We've added a locale parameter to the postgresql
class, to provide a default. Also the parameter has been added to the postgresql::database
and postgresql::db
defined resources for changing the locale per database:
postgresql::db { 'mydatabase':
user => 'myuser',
password => 'mypassword',
encoding => 'UTF8',
locale => 'en_NG',
}
There is a new class for installing the necessary packages to provide the PostgreSQL JDBC client jars:
class { 'postgresql::java': }
And we have a brand new defined resource for managing fine-grained rule sets within your pg_hba.conf access lists:
postgresql::pg_hba { 'Open up postgresql for access from 200.1.2.0/24':
type => 'host',
database => 'app',
user => 'app',
address => '200.1.2.0/24',
auth_method => 'md5',
}
Finally, we've also added Travis-CI support and unit tests to help us iterate faster with tests to reduce regression. The current URL for these tests is here: https://travis-ci.org/puppetlabs/puppet-postgresql. Instructions on how to run the unit tests available are provided in the README for the module.
A big thanks to all those listed below who made this feature release possible :-).
Detailed Changes
2013-01-18 - Simão Fontes simaofontes@gmail.com & Flaper Fesp flaper87@gmail.com
- Remove trailing commas from params.pp property definition for Puppet 2.6.0 compatibility
2013-01-18 - Lauren Rother lauren.rother@puppetlabs.com
- Updated README.md to conform with best practices template
2013-01-09 - Adrien Thebo git@somethingsinistral.net
- Update postgresql_default_version to 9.1 for Debian 7.0
2013-01-28 - Karel Brezina karel.brezina@gmail.com
- Add support for tablespaces
2013-01-16 - Chris Price chris@puppetlabs.com & Karel Brezina karel.brezina@gmail.com
- Provide support for an 'include' config file 'postgresql_conf_extras.conf' that users can modify manually or outside of the module.
2013-01-31 - jv jeff@jeffvier.com
- Fix typo in README.pp for postgresql::db example
2013-02-03 - Ken Barber ken@bob.sh
- Add unit tests and travis-ci support
2013-02-02 - Ken Barber ken@bob.sh
- Add locale parameter support to the 'postgresql' class
2013-01-21 - Michael Arnold github@razorsedge.org
- Add a class for install the packages containing the PostgreSQL JDBC jar
2013-02-06 - fhrbek filip.hbrek@gmail.com
- Coding style fixes to reduce warnings in puppet-lint and Geppetto
2013-02-10 - Ken Barber ken@bob.sh
- Provide new defined resource for managing pg_hba.conf
2013-02-11 - Ken Barber ken@bob.sh
- Fix bug with reload of Postgresql on Redhat/Centos
2013-02-15 - Erik Dalén dalen@spotify.com
- Fix more style issues to reduce warnings in puppet-lint and Geppetto
2013-02-15 - Erik Dalén dalen@spotify.com
- Fix case whereby we were modifying a hash after creation
##2.0.1
Minor bugfix release.
2013-01-16 - Chris Price chris@puppetlabs.com
- Fix revoke command in database.pp to support postgres 8.1 (43ded42)
2013-01-15 - Jordi Boggiano j.boggiano@seld.be
- Add support for ubuntu 12.10 status (3504405)
##2.0.0
Many thanks to the following people who contributed patches to this release:
- Adrien Thebo
- Albert Koch
- Andreas Ntaflos
- Brett Porter
- Chris Price
- dharwood
- Etienne Pelletier
- Florin Broasca
- Henrik
- Hunter Haugen
- Jari Bakken
- Jordi Boggiano
- Ken Barber
- nzakaria
- Richard Arends
- Spenser Gilliland
- stormcrow
- William Van Hevelingen
Notable features:
-
Add support for versions of postgres other than the system default version (which varies depending on OS distro). This includes optional support for automatically managing the package repo for the "official" postgres yum/apt repos. (Major thanks to Etienne Pelletier epelletier@maestrodev.com and Ken Barber ken@bob.sh for their tireless efforts and patience on this feature set!) For example usage see
tests/official-postgresql-repos.pp
. -
Add some support for Debian Wheezy and Ubuntu Quantal
-
Add new
postgres_psql
type with a Ruby provider, to replace the old exec-basedpsql
type. This gives us much more flexibility around executing SQL statements and controlling their logging / reports output. -
Major refactor of the "spec" tests--which are actually more like acceptance tests. We now support testing against multiple OS distros via vagrant, and the framework is in place to allow us to very easily add more distros. Currently testing against Cent6 and Ubuntu 10.04.
-
Fixed a bug that was preventing multiple databases from being owned by the same user (9adcd182f820101f5e4891b9f2ff6278dfad495c - Etienne Pelletier epelletier@maestrodev.com)
-
Add support for ACLs for finer-grained control of user/interface access (b8389d19ad78b4fb66024897097b4ed7db241930 - dharwood harwoodd@cat.pdx.edu)
-
Many other bug fixes and improvements!
##1.0.0
2012-09-17 - Version 0.3.0 released
2012-09-14 - Chris Price chris@puppetlabs.com
- Add a type for validating a postgres connection (ce4a049)
2012-08-25 - Jari Bakken jari.bakken@gmail.com
- Remove trailing commas. (e6af5e5)
2012-08-16 - Version 0.2.0 released
Dependencies
- puppetlabs/stdlib (>= 4.13.1 < 5.0.0)
- puppetlabs/apt (>= 2.0.0 < 5.0.0)
- puppetlabs/concat (>= 1.1.0 < 5.0.0)
Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.