postgres

Manage postgres roles and databases through puppet

Project URL RSS Feed Report issues

Module Stats

9,954 downloads

9,954 latest version

4.6 quality score

Version information

released Jan 22nd 2015

This version is compatible with:

Start using this module

Installation method

Add this module to your Puppetfile:

mod 'stschulte-postgres', '1.0.0'

Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add stschulte-postgres

Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install stschulte-postgres --version 1.0.0

Tags: postgresql, postgres

Documentation

stschulte/postgres — version 1.0.0 Jan 22nd 2015

Puppet PostgreSQL Module

Why another PostgreSQL module?

There are a bunch of available postgres modules on forge.puppetlabs.com and I encourage you to look into these, because they let you install postgres really easily. However these modules tend to be complex in order to be shareable among different users with different usecases.

In contrast to other modules this postgres module does not aim to deliver puppet classes that you can use right away, it does merely give you new puppet types and providers to manage postgres databases and roles that you can then use in your own puppet classes.

New facts

(currently none)

New functions

postgresql_password

The postgresql_password function generates a crypted representation of a clear text password. You have to provide two values: The username which password you want to generate and the clear text password. The result can be used as a password parameter to the pg_role type because this one will expect the password to be already encrypted:

pg_role { "postgres",
  ensure => present,
  password => postgresql_password('postgres', 'secr3t')
}

New custom types

Requirements

To be able to use the following types the postgres user has to be able to access the database without password. This means you'll probably want to have the following line in your pg_hba.conf

# TYPE    DATABASE    USER        ADDRESS    METHOD
local     all         postgres               ident
...

pg_database

The pg_database lets you describe a PostgreSQL database as a puppet resource, so you can easily make sure that a certain database exists.

Let's say you write your own puppetdb::database class and inside that class you want to make sure that a database called puppetdb exists:

class puppetdb::database {
  pg_database { 'puppetdb':
    ensure   => present,
    owner    => 'puppetdb',
    encoding => 'UTF8',
  }
}

If you want to be more explicit about encoding:

pg_database { 'puppetdb':
  ensure   => present,
  owner    => 'puppetdb',
  encoding => 'UTF8',
  collate  => 'en_US.UTF-8',
  ctype    => 'en_US.UTF-8',
}

Please note that puppet will check the owner, encoding, collate and ctype property of existing databases, but it will only raise an error when these values are different from the desired values. So they are only taken into account when creating a new database - puppet will not change the encodig of a database once it is created.

HINT: If you manage the owner with a pg_role resource, puppet will automatically add a dependency between the role and the database so the role will be created first.

pg_role

The pg_role type can be used to describe a PostgreSQL role as a puppet resource. This way you can easily ensure that a certain user exists or that a certain user has a specific password. Let's go back to the puppetdb example and make sure that a proper user account exists:

pg_role { 'puppetdb':
  ensure     => present,
  password   => 'md559faa421729e846dd800dce59943bfc0',
  superuser  => false,
  createdb   => false,
  createrole => false,
  inherit    => true,
  login      => true
}

Types in this module release

pg_database

The pg_database resource type describes a PostgreSQL database and can be used to ensure the existance of a certain database.

Example:

    pg_database { 'puppetdb':
      ensure   => present,
      owner    => 'puppetdb',
      encoding => 'UTF8'
      locale   => 'en_US.UTF-8',
      collate  => 'en_US.UTF-8',
      ctype    => 'en_US.UTF-8',
    }

Parameters
ensure
name	The name of the database instance.
provider

Properties
collate	Specifies the LC_COLLATE setting to be used in this database.
ctype	Specifies the LC_CTYPE setting to be used in this database.
encoding	Specifies the character encoding scheme to be used in this database, like `UTF8`
owner	The owner of the database. The owner has to a database role that already exists.

Providers
psql

pg_role

Manages a PostgreSQL role as a puppet resource

Parameters
ensure
name	The name of the role
provider

Properties
createdb	If set to `true`, the role being defined will be allowed to create new databases. Specifying `false` will deny the new role the ability to create databases.
createrole	If set to `true`, the new role will be permitted to create new roles (that is, execute CREATE ROLE). The role will also be able to alter and drop other roles.
inherit	If set to `true`, the new role inherits the privileges of roles it is a member of.
login	If set to `true`, the role will be allowed to log in. A role having the LOGIN attribute can be thought of as a user. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word.
password	The hashed password of the database user
superuser	If set to `true`, the new role will be a superuser, who can override all access restrictions within the database. Superuser status is dangerous and should be used only when really needed.

Providers
psql

Modules

Discover

Contribute

Resources

About Forge

Getting Started

postgres

Version information

This version is compatible with:

Start using this module

Documentation

Puppet PostgreSQL Module

Why another PostgreSQL module?

New facts

New functions

postgresql_password

New custom types

Requirements

pg_database

pg_role

Types in this module release

pg_database

pg_role