postgresql
Version information
This version is compatible with:
- Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
- Puppet >= 7.0.0 < 9.0.0
- , , , , , , , ,
Tasks:
- sql
Start using this module
Add this module to your Puppetfile:
mod 'puppetlabs-postgresql', '9.0.0'Learn more about managing modules with a PuppetfileDocumentation
postgresql
Table of Contents
- Module Description - What does the module do?
- Setup - The basics of getting started with postgresql module
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
- Tests
- Contributors - List of module contributors
Module description
The postgresql module allows you to manage PostgreSQL databases with Puppet.
PostgreSQL is a high-performance, free, open-source relational database server. The postgresql module allows you to manage packages, services, databases, users, and common security settings in PostgreSQL.
Setup
What postgresql affects
- Package, service, and configuration files for PostgreSQL
- Listened-to ports
- IP and mask (optional)
Getting started with postgresql
To configure a basic default PostgreSQL server, declare the postgresql::server class.
class { 'postgresql::server':
}
Usage
Configure a server
For default settings, declare the postgresql::server class as above. To customize PostgreSQL server settings, specify the parameters you want to change:
class { 'postgresql::server':
ip_mask_deny_postgres_user => '0.0.0.0/32',
ip_mask_allow_all_users => '0.0.0.0/0',
ipv4acls => ['hostssl all johndoe 192.168.0.0/24 cert'],
postgres_password => 'TPSrep0rt!',
}
After configuration, test your settings from the command line:
psql -h localhost -U postgres
psql -h my.postgres.server -U
If you get an error message from these commands, your permission settings restrict access from the location you're trying to connect from. Depending on whether you want to allow connections from that location, you might need to adjust your permissions.
For more details about server configuration parameters, consult the PostgreSQL Runtime Configuration documentation.
Create a database
You can set up a variety of PostgreSQL databases with the postgresql::server::db defined type. For instance, to set up a database for PuppetDB:
class { 'postgresql::server':
}
postgresql::server::db { 'mydatabasename':
user => 'mydatabaseuser',
password => postgresql::postgresql_password('mydatabaseuser', 'mypassword'),
}
Manage users, roles, and permissions
To manage users, roles, and permissions:
class { 'postgresql::server':
}
postgresql::server::role { 'marmot':
password_hash => postgresql::postgresql_password('marmot', 'mypasswd'),
}
postgresql::server::database_grant { 'test1':
privilege => 'ALL',
db => 'test1',
role => 'marmot',
}
postgresql::server::table_grant { 'my_table of test2':
privilege => 'ALL',
table => 'my_table',
db => 'test2',
role => 'marmot',
}
This example grants all privileges on the test1 database and on the my_table table of the test2 database to the specified user or group. After the values are added into the PuppetDB config file, this database would be ready for use.
Manage ownership of DB objects
To change the ownership of all objects within a database using REASSIGN OWNED:
postgresql::server::reassign_owned_by { 'new owner is meerkat':
db => 'test_db',
old_role => 'marmot',
new_role => 'meerkat',
}
This would run the PostgreSQL statement 'REASSIGN OWNED' to update to ownership of all tables, sequences, functions and views currently owned by the role 'marmot' to be owned by the role 'meerkat' instead.
This applies to objects within the nominated database, 'test_db' only.
For Postgresql >= 9.3, the ownership of the database is also updated.
Manage default permissions (PostgreSQL >= 9.6)
To change default permissions for newly created objects using ALTER DEFAULT PRIVILEGES:
postgresql::server::default_privileges { 'marmot access to new tables on test_db':
db => 'test_db',
role => 'marmot',
privilege => 'ALL',
object_type => 'TABLES',
}
Override defaults
The postgresql::globals class allows you to configure the main settings for this module globally, so that other classes and defined resources can use them. By itself, it does nothing.
For example, to overwrite the default locale and encoding for all classes, use the following:
class { 'postgresql::globals':
encoding => 'UTF-8',
locale => 'en_US.UTF-8',
}
class { 'postgresql::server':
}
To use a specific version of the PostgreSQL package:
class { 'postgresql::globals':
manage_package_repo => true,
version => '9.2',
}
class { 'postgresql::server':
}
Manage remote users, roles, and permissions
Remote SQL objects are managed using the same Puppet resources as local SQL objects, along with a connect_settings hash. This provides control over how Puppet connects to the remote Postgres instances and which version is used for generating SQL commands.
The connect_settings hash can contain environment variables to control Postgres client connections, such as 'PGHOST', 'PGPORT', 'PGPASSWORD', and 'PGSSLKEY'. See the PostgreSQL Environment Variables documentation for a complete list of variables.
Additionally, you can specify the target database version with the special value of 'DBVERSION'. If the connect_settings hash is omitted or empty, then Puppet connects to the local PostgreSQL instance.
You can provide a connect_settings hash for each of the Puppet resources, or you can set a default connect_settings hash in postgresql::globals. Configuring connect_settings per resource allows SQL objects to be created on multiple databases by multiple users.
$connection_settings_super2 = {
'PGUSER' => 'super2',
'PGPASSWORD' => 'foobar2',
'PGHOST' => '127.0.0.1',
'PGPORT' => '5432',
'PGDATABASE' => 'postgres',
}
include postgresql::server
# Connect with no special settings, i.e domain sockets, user postgres
postgresql::server::role { 'super2':
password_hash => 'foobar2',
superuser => true,
connect_settings => {},
}
# Now using this new user connect via TCP
postgresql::server::database { 'db1':
connect_settings => $connection_settings_super2,
require => Postgresql::Server::Role['super2'],
}
Create an access rule for pg_hba.conf
To create an access rule for pg_hba.conf:
postgresql::server::pg_hba_rule { 'allow application network to access app database':
description => 'Open up PostgreSQL for access from 200.1.2.0/24',
type => 'host',
database => 'app',
user => 'app',
address => '200.1.2.0/24',
auth_method => 'md5',
}
This would create a ruleset in pg_hba.conf similar to:
# Rule Name: allow application network to access app database
# Description: Open up PostgreSQL for access from 200.1.2.0/24
# Order: 150
host app app 200.1.2.0/24 md5
By default, pg_hba_rule requires that you include postgresql::server. However, you can override that behavior by setting target and postgresql_version when declaring your rule. That might look like the following:
postgresql::server::pg_hba_rule { 'allow application network to access app database':
description => 'Open up postgresql for access from 200.1.2.0/24',
type => 'host',
database => 'app',
user => 'app',
address => '200.1.2.0/24',
auth_method => 'md5',
target => '/path/to/pg_hba.conf',
postgresql_version => '9.4',
}
Create user name maps for pg_ident.conf
To create a user name map for the pg_ident.conf:
postgresql::server::pg_ident_rule { 'Map the SSL certificate of the backup server as a replication user':
map_name => 'sslrepli',
system_username => 'repli1.example.com',
database_username => 'replication',
}
This would create a user name map in pg_ident.conf similar to:
#Rule Name: Map the SSL certificate of the backup server as a replication user
#Description: none
#Order: 150
sslrepli repli1.example.com replication
Create recovery configuration
To create the recovery configuration file (recovery.conf):
postgresql::server::recovery { 'Create a recovery.conf file with the following defined parameters':
restore_command => 'cp /mnt/server/archivedir/%f %p',
archive_cleanup_command => undef,
recovery_end_command => undef,
recovery_target_name => 'daily backup 2015-01-26',
recovery_target_time => '2015-02-08 22:39:00 EST',
recovery_target_xid => undef,
recovery_target_inclusive => true,
recovery_target => 'immediate',
recovery_target_timeline => 'latest',
pause_at_recovery_target => true,
standby_mode => 'on',
primary_conninfo => 'host=localhost port=5432',
primary_slot_name => undef,
trigger_file => undef,
recovery_min_apply_delay => 0,
}
The above creates this recovery.conf config file:
restore_command = 'cp /mnt/server/archivedir/%f %p'
recovery_target_name = 'daily backup 2015-01-26'
recovery_target_time = '2015-02-08 22:39:00 EST'
recovery_target_inclusive = true
recovery_target = 'immediate'
recovery_target_timeline = 'latest'
pause_at_recovery_target = true
standby_mode = 'on'
primary_conninfo = 'host=localhost port=5432'
recovery_min_apply_delay = 0
Only the specified parameters are recognized in the template. The recovery.conf is only created if at least one parameter is set and manage_recovery_conf is set to true.
Validate connectivity
To validate client connections to a remote PostgreSQL database before starting dependent tasks, use the postgresql_conn_validator resource. You can use this on any node where the PostgreSQL client software is installed. It is often chained to other tasks such as starting an application server or performing a database migration.
Example usage:
postgresql_conn_validator { 'validate my postgres connection':
host => 'my.postgres.host',
db_username => 'mydbuser',
db_password => 'mydbpassword',
db_name => 'mydbname',
psql_path => '/usr/bin/psql',
}
-> exec { 'rake db:migrate':
cwd => '/opt/myrubyapp',
}
Backups
This example demonstrates how to configure PostgreSQL backups with "pg_dump". This sets up a daily cron job to perform a full backup. Each backup will create a new directory. A cleanup job will automatically remove backups that are older than 15 days.
class { 'postgresql::server':
backup_enable => true,
backup_provider => 'pg_dump',
backup_options => {
db_user => 'backupuser',
db_password => 'secret',
manage_user => true,
rotate => 15,
},
...
}
It is possible to set parameter $ensure to absent in order to remove the backup job, user/role, backup script and password file. However, the actual backup files and directories will remain untouched.
Reference
For information on the classes and types, see the REFERENCE.md
Limitations
Works with versions of PostgreSQL on supported OSes.
For an extensive list of supported operating systems, see metadata.json
Apt module support
While this module supports both 1.x and 2.x versions of the 'puppetlabs-apt' module, it does not support 'puppetlabs-apt' 2.0.0 or 2.0.1.
PostGIS support
PostGIS is currently considered an unsupported feature, as it doesn't work on all platforms correctly.
All versions of RHEL/CentOS with manage_selinux => false
If you have SELinux enabled and you are not using the selinux module to manage SELinux (this is the default configuration) you will need to label any custom ports you use with the postgresql_port_t context. The postgresql service will not start until this is done. To label a port use the semanage command as follows:
semanage port -a -t postgresql_port_t -p tcp $customport
Development
Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad hardware, software, and deployment configurations that Puppet is intended to serve. We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. For more information, see our module contribution guide.
Tests
There are two types of tests distributed with this module. Unit tests with rspec-puppet and system tests using rspec-system.
For unit testing, make sure you have:
- rake
- bundler
Install the necessary gems:
bundle install --path=vendor
And then run the unit tests:
bundle exec rake spec
The unit tests are run in Travis-CI as well. If you want to see the results of your own tests, register the service hook through Travis-CI via the accounts section for your GitHub clone of this project.
To run the system tests, make sure you also have:
- Vagrant > 1.2.x
- VirtualBox > 4.2.10
Then run the tests using:
bundle exec rspec spec/acceptance
To run the tests on different operating systems, see the sets available in .nodeset.yml and run the specific set with the following syntax:
RSPEC_SET=debian-607-x64 bundle exec rspec spec/acceptance
Contributors
View the full list of contributors on Github.
Reference
Table of Contents
Classes
Public Classes
postgresql::client: Installs PostgreSQL client software. Set the following parameters if you have a custom version you would like to install.postgresql::globals: Class for setting cross-class global overrides.postgresql::lib::devel: This class installs postgresql development libraries.postgresql::lib::docs: Installs PostgreSQL bindings for Postgres-Docs. Set the following parameters if you have a custom version you would like to install.postgresql::lib::java: This class installs the postgresql jdbc connector.postgresql::lib::perl: This class installs the perl libs for postgresql.postgresql::lib::python: This class installs the python libs for postgresql.postgresql::server: This installs a PostgreSQL serverpostgresql::server::contrib: Install the contrib postgresql packaging.postgresql::server::plperl: This class installs the PL/Perl procedural language for postgresql.postgresql::server::plpython: This class installs the PL/Python procedural language for postgresql.postgresql::server::postgis: Install the postgis postgresql packaging.
Private Classes
postgresql::backup::pg_dump: "Provider" for pg_dump backuppostgresql::dnfmodule: Manage the DNF modulepostgresql::paramspostgresql::repopostgresql::repo::apt_postgresql_orgpostgresql::repo::yum_postgresql_orgpostgresql::server::configpostgresql::server::initdbpostgresql::server::installpostgresql::server::late_initdb: Manage the default encoding when database initialization is managed by the packagepostgresql::server::passwdpostgresql::server::reloadpostgresql::server::service
Defined types
Public Defined types
postgresql::server::config_entry: Manage a postgresql.conf entry.postgresql::server::database: Define for creating a database.postgresql::server::database_grant: Manage a database grant.postgresql::server::db: Define for conveniently creating a role, database and assigning the correctpermissions.postgresql::server::default_privileges: Manage a database defaults privileges. Only works with PostgreSQL version 9.6 and above.postgresql::server::extension: Activate an extension on a postgresql database.postgresql::server::grant: Define for granting permissions to roles.postgresql::server::grant_role: Define for granting membership to a role.postgresql::server::instance::config: lint:ignore:140chars lint:endignore:140charspostgresql::server::instance::initdb: lint:ignore:140chars lint:endignore:140charspostgresql::server::instance::late_initdb: Manage the default encoding when database initialization is managed by the packagepostgresql::server::instance::passwd: lint:ignore:140chars lint:endignore:140charspostgresql::server::instance::reloadpostgresql::server::instance::service: lint:ignore:140chars lint:endignore:140charspostgresql::server::pg_hba_rule: This resource manages an individual rule that applies to the file defined in target.postgresql::server::pg_ident_rule: This resource manages an individual rule that applies to the file defined in target.postgresql::server::reassign_owned_by: Define for reassigning the ownership of objects within a database.postgresql::server::recovery: This resource manages the parameters that applies to the recovery.conf template.postgresql::server::role: Define for creating a database role.postgresql::server::schema: Create a new schema.postgresql::server::table_grant: This resource wraps the grant resource to manage table grants specifically.postgresql::server::tablespace: This module creates tablespace.postgresql::validate_db_connection: This type validates that a successful postgres connection.
Private Defined types
postgresql::server::instance::systemd: This define handles systemd drop-in files for the postgres main instance (default) or additional instances
Resource types
postgresql_conf: This type allows puppet to manage postgresql.conf parameters.postgresql_conn_validator: Verify if a connection can be successfully establishedpostgresql_psql: An arbitrary tag for your own reference; the name of the message.postgresql_replication_slot: Manages Postgresql replication slots.
Functions
Public Functions
postgresql::default: This function pull default values from theparamsclass orglobalsclass if the value is not present inparams.postgresql::postgresql_escape: This function escapes a string using Dollar Quoting using a randomly generated tag if required.postgresql::postgresql_password: This function returns the postgresql password hash from the clear text username / passwordpostgresql::prepend_sql_password: This function exists for usage of a role password that is a deferred functionpostgresql_escape: DEPRECATED. Use the namespaced functionpostgresql::postgresql_escapeinstead.postgresql_password: DEPRECATED. Use the namespaced functionpostgresql::postgresql_passwordinstead.
Private Functions
postgresql::postgresql_acls_to_resources_hash: This internal function translates the ipv(4|6)acls format into a resource suitable for create_resources.
Data types
Postgresql::Pg_hba_rule: type for all parameters in the postgresql::server::hba_rule defined resourcePostgresql::Pg_hba_rule_address: Supported address typesPostgresql::Pg_hba_rule_type: enum for all different types for the pg_hba_confPostgresql::Pg_hba_rules: validates a hash of entries for postgresql::server::pg_hab_conf
Tasks
sql: Allows you to execute arbitary SQL
Classes
postgresql::client
Installs PostgreSQL client software. Set the following parameters if you have a custom version you would like to install.
- Note Make sure to add any necessary yum or apt repositories if specifying a custom version.
Parameters
The following parameters are available in the postgresql::client class:
file_ensure
Data type: Enum['file', 'absent']
Ensure the connection validation script is present
Default value: 'file'
validcon_script_path
Data type: Stdlib::Absolutepath
Optional. Absolute path for the postgresql connection validation script.
Default value: $postgresql::params::validcon_script_path
package_name
Data type: String[1]
Sets the name of the PostgreSQL client package.
Default value: $postgresql::params::client_package_name
package_ensure
Data type: Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]
Ensure the client package is installed
Default value: 'present'
postgresql::globals
Class for setting cross-class global overrides.
- Note Most server-specific defaults should be overridden in the postgresql::server class. This class should be used only if you are using a non-standard OS, or if you are changing elements that can only be changed here, such as version or manage_package_repo.
Parameters
The following parameters are available in the postgresql::globals class:
client_package_nameserver_package_namecontrib_package_namedevel_package_namejava_package_namedocs_package_nameperl_package_nameplperl_package_nameplpython_package_namepython_package_namepostgis_package_nameservice_nameservice_providerservice_statusdefault_databasevalidcon_script_pathinitdb_pathcreatedb_pathpsql_pathpg_hba_conf_pathpg_ident_conf_pathpostgresql_conf_pathpostgresql_conf_moderecovery_conf_pathdefault_connect_settingspg_hba_conf_defaultsdatadirconfdirbindirxlogdirlogdirlog_line_prefixusergroupversionpostgis_versionrepo_proxyrepo_baseurlyum_repo_commonurlneeds_initdbencodinglocaledata_checksumstimezonemanage_pg_hba_confmanage_pg_ident_confmanage_recovery_confmanage_postgresql_conf_permsmanage_selinuxmanage_datadirmanage_logdirmanage_xlogdirmanage_package_repomanage_dnf_modulemodule_workdir
client_package_name
Data type: Optional[String[1]]
Overrides the default PostgreSQL client package name.
Default value: undef
server_package_name
Data type: Optional[String[1]]
Overrides the default PostgreSQL server package name.
Default value: undef
contrib_package_name
Data type: Optional[String[1]]
Overrides the default PostgreSQL contrib package name.
Default value: undef
devel_package_name
Data type: Optional[String[1]]
Overrides the default PostgreSQL devel package name.
Default value: undef
java_package_name
Data type: Optional[String[1]]
Overrides the default PostgreSQL java package name.
Default value: undef
docs_package_name
Data type: Optional[String[1]]
Overrides the default PostgreSQL docs package name.
Default value: undef
perl_package_name
Data type: Optional[String[1]]
Overrides the default PostgreSQL Perl package name.
Default value: undef
plperl_package_name
Data type: Optional[String[1]]
Overrides the default PostgreSQL PL/Perl package name.
Default value: undef
plpython_package_name
Data type: Optional[String[1]]
Overrides the default PostgreSQL PL/Python package name.
Default value: undef
python_package_name
Data type: Optional[String[1]]
Overrides the default PostgreSQL Python package name.
Default value: undef
postgis_package_name
Data type: Optional[String[1]]
Overrides the default PostgreSQL PostGIS package name.
Default value: undef
service_name
Data type: Optional[String[1]]
Overrides the default PostgreSQL service name.
Default value: undef
service_provider
Data type: Optional[String[1]]
Overrides the default PostgreSQL service provider.
Default value: undef
service_status
Data type: Optional[String[1]]
Overrides the default status check command for your PostgreSQL service.
Default value: undef
default_database
Data type: Optional[String[1]]
Specifies the name of the default database to connect with.
Default value: undef
validcon_script_path
Data type: Optional[String[1]]
Scipt path for the connection validation check.
Default value: undef
initdb_path
Data type: Optional[Variant[String[1], Stdlib::Absolutepath]]
Path to the initdb command.
Default value: undef
createdb_path
Data type: Optional[Variant[String[1], Stdlib::Absolutepath]]
Deprecated. Path to the createdb command.
Default value: undef
psql_path
Data type: Optional[Variant[String[1], Stdlib::Absolutepath]]
Sets the path to the psql command.
Default value: undef
pg_hba_conf_path
Data type: Optional[Variant[String[1], Stdlib::Absolutepath]]
Specifies the path to your pg_hba.conf file.
Default value: undef
pg_ident_conf_path
Data type: Optional[Variant[String[1], Stdlib::Absolutepath]]
Specifies the path to your pg_ident.conf file.
Default value: undef
postgresql_conf_path
Data type: Optional[Variant[String[1], Stdlib::Absolutepath]]
Sets the path to your postgresql.conf file.
Default value: undef
postgresql_conf_mode
Data type: Optional[Stdlib::Filemode]
Sets the mode of your postgresql.conf file. Only relevant if manage_postgresql_conf_perms is true.
Default value: undef
recovery_conf_path
Data type: Optional[Variant[String[1], Stdlib::Absolutepath]]
Path to your recovery.conf file.
Default value: undef
default_connect_settings
Data type: Hash
Default connection settings.
Default value: {}
pg_hba_conf_defaults
Data type: Optional[Boolean]
Disables the defaults supplied with the module for pg_hba.conf if set to false.
Default value: undef
datadir
Data type: Optional[String[1]]
Overrides the default PostgreSQL data directory for the target platform. Changing the datadir after installation causes the server to come to a full stop before making the change. For Red Hat systems, the data directory must be labeled appropriately for SELinux. On Ubuntu, you must explicitly set needs_initdb = true to allow Puppet to initialize the database in the new datadir (needs_initdb defaults to true on other systems). Warning! If datadir is changed from the default, Puppet does not manage purging of the original data directory, which causes it to fail if the data directory is changed back to the original
Default value: undef
confdir
Data type: Optional[String[1]]
Overrides the default PostgreSQL configuration directory for the target platform.
Default value: undef
bindir
Data type: Optional[String[1]]
Overrides the default PostgreSQL binaries directory for the target platform.
Default value: undef
xlogdir
Data type: Optional[String[1]]
Overrides the default PostgreSQL xlog directory.
Default value: undef
logdir
Data type: Optional[String[1]]
Overrides the default PostgreSQL log directory.
Default value: undef
log_line_prefix
Data type: Optional[String[1]]
Overrides the default PostgreSQL log prefix.
Default value: undef
user
Data type: Optional[String[1]]
Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system.
Default value: undef
group
Data type: Optional[String[1]]
Overrides the default postgres user group to be used for related files in the file system.
Default value: undef
version
Data type: Optional[String[1]]
The version of PostgreSQL to install and manage.
Default value: undef
postgis_version
Data type: Optional[String[1]]
Defines the version of PostGIS to install, if you install PostGIS.
Default value: undef
repo_proxy
Data type: Optional[String[1]]
Sets the proxy option for the official PostgreSQL yum-repositories only.
Default value: undef
repo_baseurl
Data type: Optional[String[1]]
Sets the baseurl for the PostgreSQL repository. Useful if you host your own mirror of the repository.
Default value: undef
yum_repo_commonurl
Data type: Optional[String[1]]
Sets the url for the PostgreSQL common Yum repository. Useful if you host your own mirror of the YUM repository.
Default value: undef
needs_initdb
Data type: Optional[Boolean]
Explicitly calls the initdb operation after the server package is installed and before the PostgreSQL service is started.
Default value: undef
encoding
Data type: Optional[String[1]]
Sets the default encoding for all databases created with this module. On certain operating systems, this is also used during the template1 initialization, so it becomes a default outside of the module as well.
Default value: undef
locale
Data type: Optional[String[1]]
Sets the default database locale for all databases created with this module. On certain operating systems, this is also used during the template1 initialization, so it becomes a default outside of the module as well. On Debian, you'll need to ensure that the 'locales-all' package is installed for full functionality of PostgreSQL.
Default value: undef
data_checksums
Data type: Optional[String[1]]
Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. Warning: This option is used during initialization by initdb, and cannot be changed later.
Default value: undef
timezone
Data type: Optional[String[1]]
Sets the default timezone of the postgresql server. The postgresql built-in default is taking the systems timezone information.
Default value: undef
manage_pg_hba_conf
Data type: Optional[Boolean]
Allow Puppet to manage the pg_hba.conf file.
Default value: undef
manage_pg_ident_conf
Data type: Optional[Boolean]
Allow Puppet to manage the pg_ident.conf file.
Default value: undef
manage_recovery_conf
Data type: Optional[Boolean]
Allow Puppet to manage the recovery.conf file.
Default value: undef
manage_postgresql_conf_perms
Data type: Optional[Boolean]
Whether to manage the postgresql conf file permissions. This means owner, group and mode. Contents are not managed but should be managed through postgresql::server::config_entry.
Default value: undef
manage_selinux
Data type: Optional[Boolean]
Allows Puppet to manage the appropriate configuration file for selinux.
Default value: undef
manage_datadir
Data type: Optional[Boolean]
Set to false if you have file{ $datadir: } already defined
Default value: undef
manage_logdir
Data type: Optional[Boolean]
Set to false if you have file{ $logdir: } already defined
Default value: undef
manage_xlogdir
Data type: Optional[Boolean]
Set to false if you have file{ $xlogdir: } already defined
Default value: undef
manage_package_repo
Data type: Optional[Boolean]
Sets up official PostgreSQL repositories on your host if set to true.
Default value: undef
manage_dnf_module
Data type: Boolean
Manage the DNF module. This only makes sense on distributions that use DNF package manager, such as EL8 or Fedora. It also requires Puppet 5.5.20+ or Puppet 6.15.0+ since they ship the dnfmodule provider.
Default value: false
module_workdir
Data type: Optional[String[1]]
Specifies working directory under which the psql command should be executed. May need to specify if '/tmp' is on volume mounted with noexec option.
Default value: undef
postgresql::lib::devel
This class installs postgresql development libraries.
Parameters
The following parameters are available in the postgresql::lib::devel class:
package_name
Data type: String
Override devel package name
Default value: $postgresql::params::devel_package_name
package_ensure
Data type: Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]
Ensure the development libraries are installed
Default value: 'present'
link_pg_config
Data type: Boolean
If the bin directory used by the PostgreSQL page is not /usr/bin or /usr/local/bin, symlinks pg_config from the package's bin dir into usr/bin (not applicable to Debian systems). Set to false to disable this behavior.
Default value: $postgresql::params::link_pg_config
postgresql::lib::docs
Installs PostgreSQL bindings for Postgres-Docs. Set the following parameters if you have a custom version you would like to install.
- Note Make sure to add any necessary yum or apt repositories if specifying a custom version.
Parameters
The following parameters are available in the postgresql::lib::docs class:
package_name
Data type: String
Specifies the name of the PostgreSQL docs package.
Default value: $postgresql::params::docs_package_name
package_ensure
Data type: Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]
Whether the PostgreSQL docs package resource should be present.
Default value: 'present'
postgresql::lib::java
This class installs the postgresql jdbc connector.
- Note Make sure to add any necessary yum or apt repositories if specifying a custom version.
Parameters
The following parameters are available in the postgresql::lib::java class:
package_name
Data type: String
Specifies the name of the PostgreSQL java package.
Default value: $postgresql::params::java_package_name
package_ensure
Data type: Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]
Specifies whether the package is present.
Default value: 'present'
postgresql::lib::perl
This class installs the perl libs for postgresql.
Parameters
The following parameters are available in the postgresql::lib::perl class:
package_name
Data type: String
Specifies the name of the PostgreSQL perl package to install.
Default value: $postgresql::params::perl_package_name
package_ensure
Data type: Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]
Ensure the perl libs for postgresql are installed.
Default value: 'present'
postgresql::lib::python
This class installs the python libs for postgresql.
Parameters
The following parameters are available in the postgresql::lib::python class:
package_name
Data type: String[1]
The name of the PostgreSQL Python package.
Default value: $postgresql::params::python_package_name
package_ensure
Data type: Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]
Ensure the python libs for postgresql are installed.
Default value: 'present'
postgresql::server
This installs a PostgreSQL server
Parameters
The following parameters are available in the postgresql::server class:
postgres_passwordpackage_namepackage_ensureplperl_package_nameplpython_package_nameservice_ensureservice_enableservice_manageservice_nameservice_restart_on_changeservice_providerservice_reloadservice_statusdefault_databasedefault_connect_settingslisten_addressesportip_mask_deny_postgres_userip_mask_allow_all_usersipv4aclsipv6aclsinitdb_pathcreatedb_pathpsql_pathpg_hba_conf_pathpg_ident_conf_pathpostgresql_conf_pathpostgresql_conf_moderecovery_conf_pathdatadirxlogdirlogdirlog_line_prefixpg_hba_conf_defaultsusergroupneeds_initdbencodinglocaledata_checksumstimezonemanage_pg_hba_confmanage_pg_ident_confmanage_recovery_confmanage_postgresql_conf_permsmanage_selinuxmodule_workdirmanage_datadirmanage_logdirmanage_xlogdirpassword_encryptionrolesconfig_entriespg_hba_rulesbackup_enablebackup_optionsbackup_providerversionextra_systemd_config
postgres_password
Data type: Optional[Variant[String[1], Sensitive[String[1]], Integer]]
Sets the password for the postgres user to your specified value. By default, this setting uses the superuser account in the Postgres database, with a user called postgres and no password.
Default value: undef
package_name
Data type: String[1]
Specifies the name of the package to use for installing the server software.
Default value: $postgresql::params::server_package_name
package_ensure
Data type: Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]
Passes a value through to the package resource when creating the server instance.
Default value: $postgresql::params::package_ensure
plperl_package_name
Data type: Optional[String[1]]
Sets the default package name for the PL/Perl extension.
Default value: $postgresql::params::plperl_package_name
plpython_package_name
Data type: Optional[String[1]]
Sets the default package name for the PL/Python extension.
Default value: $postgresql::params::plpython_package_name
service_ensure
Data type: Variant[Enum['running', 'stopped'], Boolean]
Ensure service is installed
Default value: $postgresql::params::service_ensure
service_enable
Data type: Boolean
Enable the PostgreSQL service
Default value: $postgresql::params::service_enable
service_manage
Data type: Boolean
Defines whether or not Puppet should manage the service.
Default value: $postgresql::params::service_manage
service_name
Data type: String[1]
Overrides the default PostgreSQL service name.
Default value: $postgresql::params::service_name
service_restart_on_change
Data type: Boolean
Overrides the default behavior to restart your PostgreSQL service when a config entry has been changed that requires a service restart to become active.
Default value: $postgresql::params::service_restart_on_change
service_provider
Data type: Optional[String[1]]
Overrides the default PostgreSQL service provider.
Default value: $postgresql::params::service_provider
service_reload
Data type: String[1]
Overrides the default reload command for your PostgreSQL service.
Default value: $postgresql::params::service_reload
service_status
Data type: Optional[String[1]]
Overrides the default status check command for your PostgreSQL service.
Default value: $postgresql::params::service_status
default_database
Data type: String[1]
Specifies the name of the default database to connect with. On most systems this is 'postgres'.
Default value: $postgresql::params::default_database
default_connect_settings
Data type: Hash
Specifies a hash of environment variables used when connecting to a remote server. Becomes the default for other defined types, such as postgresql::server::role.
Default value: $postgresql::globals::default_connect_settings
listen_addresses
Data type: Optional[String[1]]
Address list on which the PostgreSQL service will listen
Default value: $postgresql::params::listen_addresses
port
Data type: Variant[String[1], Stdlib::Port, Integer]
Specifies the port for the PostgreSQL server to listen on. Note: The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, changing the port causes the server to come to a full stop before being able to make the change. Default value: 5432. Meaning the Postgres server listens on TCP port 5432.
Default value: $postgresql::params::port
ip_mask_deny_postgres_user
Data type: String[1]
Specifies the IP mask from which remote connections should be denied for the postgres superuser. Default value: '0.0.0.0/0', which denies any remote connection.
Default value: $postgresql::params::ip_mask_deny_postgres_user
ip_mask_allow_all_users
Data type: String[1]
Overrides PostgreSQL defaults for remote connections. By default, PostgreSQL does not allow database user accounts to connect via TCP from remote machines. If you'd like to allow this, you can override this setting. Set to '0.0.0.0/0' to allow database users to connect from any remote machine, or '192.168.0.0/1' to allow connections from any machine on your local '192.168' subnet. Default value: '127.0.0.1/32'.
Default value: $postgresql::params::ip_mask_allow_all_users
ipv4acls
Data type: Array[String[1]]
Lists strings for access control for connection method, users, databases, IPv4 addresses;
Default value: $postgresql::params::ipv4acls
ipv6acls
Data type: Array[String[1]]
Lists strings for access control for connection method, users, databases, IPv6 addresses.
Default value: $postgresql::params::ipv6acls
initdb_path
Data type: Variant[String[1], Stdlib::Absolutepath]
Specifies the path to the initdb command.
Default value: $postgresql::params::initdb_path
createdb_path
Data type: Optional[Variant[String[1], Stdlib::Absolutepath]]
Deprecated. Specifies the path to the createdb command.
Default value: $postgresql::params::createdb_path
psql_path
Data type: Variant[String[1], Stdlib::Absolutepath]
Specifies the path to the psql command.
Default value: $postgresql::params::psql_path
pg_hba_conf_path
Data type: Variant[String[1], Stdlib::Absolutepath]
Specifies the path to your pg_hba.conf file.
Default value: $postgresql::params::pg_hba_conf_path
pg_ident_conf_path
Data type: Variant[String[1], Stdlib::Absolutepath]
Specifies the path to your pg_ident.conf file.
Default value: $postgresql::params::pg_ident_conf_path
postgresql_conf_path
Data type: Variant[String[1], Stdlib::Absolutepath]
Specifies the path to your postgresql.conf file.
Default value: $postgresql::params::postgresql_conf_path
postgresql_conf_mode
Data type: Optional[Stdlib::Filemode]
Sets the mode of your postgresql.conf file. Only relevant if manage_postgresql_conf_perms is true.
Default value: $postgresql::params::postgresql_conf_mode
recovery_conf_path
Data type: Variant[String[1], Stdlib::Absolutepath]
Specifies the path to your recovery.conf file.
Default value: $postgresql::params::recovery_conf_path
datadir
Data type: String[1]
PostgreSQL data directory
Default value: $postgresql::params::datadir
xlogdir
Data type: Optional[String[1]]
PostgreSQL xlog directory
Default value: $postgresql::params::xlogdir
logdir
Data type: Optional[String[1]]
PostgreSQL log directory
Default value: $postgresql::params::logdir
log_line_prefix
Data type: Optional[String[1]]
PostgreSQL log line prefix
Default value: $postgresql::params::log_line_prefix
pg_hba_conf_defaults
Data type: Boolean
If false, disables the defaults supplied with the module for pg_hba.conf. This is useful if you disagree with the defaults and wish to override them yourself. Be sure that your changes of course align with the rest of the module, as some access is required to perform basic psql operations for example.
Default value: $postgresql::params::pg_hba_conf_defaults
user
Data type: String[1]
Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system.
Default value: $postgresql::params::user
group
Data type: String[1]
Overrides the default postgres user group to be used for related files in the file system.
Default value: $postgresql::params::group
needs_initdb
Data type: Boolean
Explicitly calls the initdb operation after server package is installed, and before the PostgreSQL service is started.
Default value: $postgresql::params::needs_initdb
encoding
Data type: Optional[String[1]]
Sets the default encoding for all databases created with this module. On certain operating systems this is also used during the template1 initialization, so it becomes a default outside of the module as well.
Default value: $postgresql::params::encoding
locale
Data type: Optional[String[1]]
Sets the default database locale for all databases created with this module. On certain operating systems this is used during the template1 initialization as well, so it becomes a default outside of the module.
Default value: $postgresql::params::locale
data_checksums
Data type: Optional[String[1]]
Boolean. Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. Warning: This option is used during initialization by initdb, and cannot be changed later. If set, checksums are calculated for all objects, in all databases.
Default value: $postgresql::params::data_checksums
timezone
Data type: Optional[String[1]]
Set timezone for the PostgreSQL instance
Default value: $postgresql::params::timezone
manage_pg_hba_conf
Data type: Boolean
Boolean. Whether to manage the pg_hba.conf.
Default value: $postgresql::params::manage_pg_hba_conf
manage_pg_ident_conf
Data type: Boolean
Boolean. Overwrites the pg_ident.conf file.
Default value: $postgresql::params::manage_pg_ident_conf
manage_recovery_conf
Data type: Boolean
Boolean. Specifies whether or not manage the recovery.conf.
Default value: $postgresql::params::manage_recovery_conf
manage_postgresql_conf_perms
Data type: Boolean
Whether to manage the postgresql conf file permissions. This means owner, group and mode. Contents are not managed but should be managed through postgresql::server::config_entry.
Default value: $postgresql::params::manage_postgresql_conf_perms
manage_selinux
Data type: Boolean
Specifies whether or not manage the conf file for selinux.
Default value: $postgresql::params::manage_selinux
module_workdir
Data type: String[1]
Working directory for the PostgreSQL module
Default value: $postgresql::params::module_workdir
manage_datadir
Data type: Boolean
Set to false if you have file{ $datadir: } already defined
Default value: $postgresql::params::manage_datadir
manage_logdir
Data type: Boolean
Set to false if you have file{ $logdir: } already defined
Default value: $postgresql::params::manage_logdir
manage_xlogdir
Data type: Boolean
Set to false if you have file{ $xlogdir: } already defined
Default value: $postgresql::params::manage_xlogdir
password_encryption
Data type: Optional[String]
Specify the type of encryption set for the password.
Default value: $postgresql::params::password_encryption
roles
Data type: Hash[String, Hash]
Specifies a hash from which to generate postgresql::server::role resources.
Default value: {}
config_entries
Data type: Hash[String, Any]
Specifies a hash from which to generate postgresql::server::config_entry resources.
Default value: {}
pg_hba_rules
Data type: Postgresql::Pg_hba_rules
Specifies a hash from which to generate postgresql::server::pg_hba_rule resources.
Default value: {}
backup_enable
Data type: Boolean
Whether a backup job should be enabled.
Default value: $postgresql::params::backup_enable
backup_options
Data type: Hash
A hash of options that should be passed through to the backup provider.
Default value: {}
backup_provider
Data type: Enum['pg_dump']
Specifies the backup provider to use.
Default value: $postgresql::params::backup_provider
version
Data type: Optional[String[1]]
Deprecated. Use postgresql::globals instead. Sets PostgreSQL version
Default value: undef
extra_systemd_config
Data type: Optional[String]
Adds extra config to systemd config file, can for instance be used to add extra openfiles. This can be a multi line string
Default value: $postgresql::params::extra_systemd_config
postgresql::server::contrib
Install the contrib postgresql packaging.
Parameters
The following parameters are available in the postgresql::server::contrib class:
package_name
Data type: Optional[String[1]]
The name of the PostgreSQL contrib package.
Default value: $postgresql::params::contrib_package_name
package_ensure
Data type: Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]
Ensure the contrib package is installed.
Default value: 'present'
postgresql::server::plperl
This class installs the PL/Perl procedural language for postgresql.
Parameters
The following parameters are available in the postgresql::server::plperl class:
package_ensure
Data type: Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]
The ensure parameter passed on to PostgreSQL PL/Perl package resource.
Default value: 'present'
package_name
Data type: Optional[String[1]]
The name of the PostgreSQL PL/Perl package.
Default value: $postgresql::server::plperl_package_name
postgresql::server::plpython
This class installs the PL/Python procedural language for postgresql.
Parameters
The following parameters are available in the postgresql::server::plpython class:
package_ensure
Data type: Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]
Specifies whether the package is present.
Default value: 'present'
package_name
Data type: Optional[String[1]]
Specifies the name of the postgresql PL/Python package.
Default value: $postgresql::server::plpython_package_name
postgresql::server::postgis
Install the postgis postgresql packaging.
Parameters
The following parameters are available in the postgresql::server::postgis class:
package_name
Data type: String
Sets the package name.
Default value: $postgresql::params::postgis_package_name
package_ensure
Data type: Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]
Specifies if the package is present or not.
Default value: 'present'
Defined types
postgresql::server::config_entry
Manage a postgresql.conf entry.
Parameters
The following parameters are available in the postgresql::server::config_entry defined type:
ensure
Data type: Enum['present', 'absent']
Removes an entry if set to 'absent'.
Default value: 'present'
value
Data type: Optional[Variant[String[1], Integer]]
Defines the value for the setting.
Default value: undef
path
Data type: Variant[Boolean, String[1]]
Path for postgresql.conf
Default value: false
postgresql::server::database
Define for creating a database.
Parameters
The following parameters are available in the postgresql::server::database defined type:
comment
Data type: Optional[String[1]]
Sets a comment on the database.
Default value: undef
dbname
Data type: String[1]
Sets the name of the database.
Default value: $title
owner
Data type: Optional[String[1]]
Sets name of the database owner.
Default value: undef
tablespace
Data type: Optional[String[1]]
Sets tablespace for where to create this database.
Default value: undef
template
Data type: String[1]
Specifies the name of the template database from which to build this database. Default value: 'template0'.
Default value: 'template0'
encoding
Data type: Optional[String[1]]
Overrides the character set during creation of the database.
Default value: $postgresql::server::encoding
locale
Data type: Optional[String[1]]
Overrides the locale during creation of the database.
Default value: $postgresql::server::locale
istemplate
Data type: Boolean
Defines the database as a template if set to true.
Default value: false
connect_settings
Data type: Hash
Specifies a hash of environment variables used when connecting to a remote server.
Default value: $postgresql::server::default_connect_settings
postgresql::server::database_grant
Manage a database grant.
Parameters
The following parameters are available in the postgresql::server::database_grant defined type:
privilege
Data type: Enum['ALL', 'CREATE', 'CONNECT', 'TEMPORARY', 'TEMP', 'all', 'create', 'connect', 'temporary', 'temp']
Specifies comma-separated list of privileges to grant. Valid options: 'ALL', 'CREATE', 'CONNECT', 'TEMPORARY', 'TEMP'.
db
Data type: String[1]
Specifies the database to which you are granting access.
role
Data type: String[1]
Specifies the role or user whom you are granting access to.
ensure
Data type: Optional[Enum['present', 'absent']]
Specifies whether to grant or revoke the privilege. Revoke or 'absent' works only in PostgreSQL version 9.1.24 or later.
Default value: undef
psql_db
Data type: Optional[String[1]]
Defines the database to execute the grant against. This should not ordinarily be changed from the default
Default value: undef
psql_user
Data type: Optional[String[1]]
Specifies the OS user for running psql. Default value: The default user for the module, usually 'postgres'.
Default value: undef
connect_settings
Data type: Optional[Hash]
Specifies a hash of environment variables used when connecting to a remote server.
Default value: undef
postgresql::server::db
Define for conveniently creating a role, database and assigning the correctpermissions.
Parameters
The following parameters are available in the postgresql::server::db defined type:
user
Data type: String[1]
User to assign access to the database upon creation (will be created if not defined elsewhere). Mandatory.
password
Data type: Optional[Variant[String, Sensitive[String]]]
Sets the password for the created user (if a user is created).
Default value: undef
comment
Data type: Optional[String[1]]
Defines a comment to be stored about the database using the PostgreSQL COMMENT command.
Default value: undef
dbname
Data type: String[1]
Sets the name of the database to be created.
Default value: $title
encoding
Data type: Optional[String[1]]
Overrides the character set during creation of the database.
Default value: $postgresql::server::encoding
locale
Data type: Optional[String[1]]
Overrides the locale during creation of the database.
Default value: $postgresql::server::locale
grant
Data type: Variant[String[1], Array[String[1]]]
Specifies the permissions to grant during creation. Default value: 'ALL'.
Default value: 'ALL'
tablespace
Data type: Optional[String[1]]
Defines the name of the tablespace to allocate the created database to.
Default value: undef
template
Data type: String[1]
Specifies the name of the template database from which to build this database. Defaults value: template0.
Default value: 'template0'
istemplate
Data type: Boolean
Specifies that the database is a template, if set to true.
Default value: false
owner
Data type: Optional[String[1]]
Sets a user as the owner of the database.
Default value: undef
postgresql::server::default_privileges
Manage a database defaults privileges. Only works with PostgreSQL version 9.6 and above.
Parameters
The following parameters are available in the postgresql::server::default_privileges defined type:
target_roleensureroledbobject_typeprivilegeschemapsql_dbpsql_userpsql_pathportconnect_settingsgroup
target_role
Data type: Optional[String]
Target role whose created objects will receive the default privileges. Defaults to the current user.
Default value: undef
ensure
Data type: Enum['present', 'absent']
Specifies whether to grant or revoke the privilege.
Default value: 'present'
role
Data type: String
Specifies the role or user whom you are granting access to.
db
Data type: String
Specifies the database to which you are granting access.
object_type
Data type:
Pattern[
/(?i:^FUNCTIONS$)/,
/(?i:^ROUTINES$)/,
/(?i:^SEQUENCES$)/,
/(?i:^TABLES$)/,
/(?i:^TYPES$)/,
/(?i:^SCHEMAS$)/ # lint:ignore:trailing_comma
]
Specify target object type: 'FUNCTIONS', 'ROUTINES', 'SEQUENCES', 'TABLES', 'TYPES'.
privilege
Data type: String
Specifies comma-separated list of privileges to grant. Valid options: depends on object type.
schema
Data type: String
Target schema. Defaults to 'public'. Can be set to '' to apply to all schemas.
Default value: 'public'
psql_db
Data type: String
Defines the database to execute the grant against. This should not ordinarily be changed from the default.
Default value: $postgresql::server::default_database
psql_user
Data type: String
Specifies the OS user for running psql. Default value: The default user for the module, usually 'postgres'.
Default value: $postgresql::server::user
psql_path
Data type: Variant[String[1], Stdlib::Absolutepath]
Specifies the OS user for running psql. Default value: The default user for the module, usually 'postgres'.
Default value: $postgresql::server::psql_path
port
Data type: Variant[String[1], Stdlib::Port, Integer]
Specifies the port to access the server. Default value: The default user for the module, usually '5432'.
Default value: $postgresql::server::port
connect_settings
Data type: Hash
Specifies a hash of environment variables used when connecting to a remote server.
Default value: $postgresql::server::default_connect_settings
group
Data type: String
Specifies the user group to which the privileges will be granted.
Default value: $postgresql::server::group
postgresql::server::extension
Activate an extension on a postgresql database.
Parameters
The following parameters are available in the postgresql::server::extension defined type:
databaseextensionschemaversionensurepackage_namepackage_ensureportconnect_settingsdatabase_resource_name
database
Data type: String[1]
Specifies the database on which to activate the extension.
extension
Data type: String[1]
Specifies the extension to activate. If left blank, uses the name of the resource.
Default value: $name
schema
Data type: Optional[String[1]]
Specifies the schema on which to activate the extension.
Default value: undef
version
Data type: Optional[String[1]]
Specifies the version of the extension which the database uses. When an extension package is updated, this does not automatically change the effective version in each database. This needs be updated using the PostgreSQL-specific SQL ALTER EXTENSION... version may be set to latest, in which case the SQL ALTER EXTENSION "extension" UPDATE is applied to this database (only). version may be set to a specific version, in which case the extension is updated using ALTER EXTENSION "extension" UPDATE TO 'version' eg. If extension is set to postgis and version is set to 2.3.3, this will apply the SQL ALTER EXTENSION "postgis" UPDATE TO '2.3.3' to this database only. version may be omitted, in which case no ALTER EXTENSION... SQL is applied, and the version will be left unchanged.
Default value: undef
ensure
Data type: Enum['present', 'absent']
Specifies whether to activate or deactivate the extension. Valid options: 'present' or 'absent'.
Default value: 'present'
package_name
Data type: Optional[String[1]]
Specifies a package to install prior to activating the extension.
Default value: undef
package_ensure
Data type: Optional[Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]]
Overrides default package deletion behavior. By default, the package specified with package_name is installed when the extension is activated and removed when the extension is deactivated. To override this behavior, set the ensure value for the package.
Default value: undef
port
Data type: Optional[Variant[String[1], Stdlib::Port, Integer]]
Port to use when connecting.
Default value: undef
connect_settings
Data type: Hash
Specifies a hash of environment variables used when connecting to a remote server.
Default value: postgresql::default('default_connect_settings')
database_resource_name
Data type: String[1]
Specifies the resource name of the DB being managed. Defaults to the parameter $database, if left blank.
Default value: $database
postgresql::server::grant
Define for granting permissions to roles.
Parameters
The following parameters are available in the postgresql::server::grant defined type:
roledbprivilegeobject_typeobject_nameobject_argumentspsql_dbpsql_userportonlyif_existsconnect_settingsensuregrouppsql_path
role
Data type: String
Specifies the role or user whom you are granting access to.
db
Data type: String
Specifies the database to which you are granting access.
privilege
Data type: String
Specifies the privilege to grant. Valid options: 'ALL', 'ALL PRIVILEGES' or 'object_type' dependent string.
Default value: ''
object_type
Data type:
Pattern[#/(?i:^COLUMN$)/,
/(?i:^ALL SEQUENCES IN SCHEMA$)/,
/(?i:^ALL TABLES IN SCHEMA$)/,
/(?i:^DATABASE$)/,
#/(?i:^FOREIGN DATA WRAPPER$)/,
#/(?i:^FOREIGN SERVER$)/,
/(?i:^FUNCTION$)/,
/(?i:^LANGUAGE$)/,
#/(?i:^PROCEDURAL LANGUAGE$)/,
/(?i:^TABLE$)/,
#/(?i:^TABLESPACE$)/,
/(?i:^SCHEMA$)/,
/(?i:^SEQUENCE$)/ # lint:ignore:trailing_comma
#/(?i:^VIEW$)/
]
Specifies the type of object to which you are granting privileges. Valid options: 'DATABASE', 'SCHEMA', 'SEQUENCE', 'ALL SEQUENCES IN SCHEMA', 'TABLE' or 'ALL TABLES IN SCHEMA'.
Default value: 'database'
object_name
Data type: Optional[Variant[Array[String,2,2],String[1]]]
Specifies name of object_type to which to grant access, can be either a string or a two element array. String: 'object_name' Array: ['schema_name', 'object_name']
Default value: undef
object_arguments
Data type: Array[String[1],0]
Specifies any arguments to be passed alongisde the access grant.
Default value: []
psql_db
Data type: String
Specifies the database to execute the grant against. This should not ordinarily be changed from the default
Default value: $postgresql::server::default_database
psql_user
Data type: String
Sets the OS user to run psql.
Default value: $postgresql::server::user
port
Data type: Variant[String[1], Stdlib::Port, Integer]
Port to use when connecting.
Default value: $postgresql::server::port
onlyif_exists
Data type: Boolean
Create grant only if doesn't exist
Default value: false
connect_settings
Data type: Hash
Specifies a hash of environment variables used when connecting to a remote server.
Default value: $postgresql::server::default_connect_settings
ensure
Data type: Enum['present', 'absent']
Specifies whether to grant or revoke the privilege. Default is to grant the privilege. Valid values: 'present', 'absent'.
Default value: 'present'
group
Data type: String
Sets the OS group to run psql
Default value: $postgresql::server::group
psql_path
Data type: Variant[String[1], Stdlib::Absolutepath]
Sets the path to psql command
Default value: $postgresql::server::psql_path
postgresql::server::grant_role
Define for granting membership to a role.
Parameters
The following parameters are available in the postgresql::server::grant_role defined type:
group
Data type: String[1]
Specifies the group role to which you are assigning a role.
role
Data type: String[1]
Specifies the role you want to assign to a group. If left blank, uses the name of the resource.
Default value: $name
ensure
Data type: Enum['present', 'absent']
Specifies whether to grant or revoke the membership. Valid options: 'present' or 'absent'.
Default value: 'present'
psql_db
Data type: String[1]
Specifies the database to execute the grant against. This should not ordinarily be changed from the default
Default value: $postgresql::server::default_database
psql_user
Data type: String[1]
Sets the OS user to run psql.
Default value: $postgresql::server::user
port
Data type: Variant[String[1], Stdlib::Port, Integer]
Port to use when connecting.
Default value: $postgresql::server::port
connect_settings
Data type: Hash
Specifies a hash of environment variables used when connecting to a remote server.
Default value: $postgresql::server::default_connect_settings
postgresql::server::instance::config
lint:ignore:140chars lint:endignore:140chars
Parameters
The following parameters are available in the postgresql::server::instance::config defined type:
ip_mask_deny_postgres_userip_mask_allow_all_userslisten_addressesportipv4aclsipv6aclspg_hba_conf_pathpg_ident_conf_pathpostgresql_conf_pathpostgresql_conf_moderecovery_conf_pathpg_hba_conf_defaultsusergroupversionmanage_pg_hba_confmanage_pg_ident_confmanage_recovery_confmanage_postgresql_conf_permsdatadirlogdirservice_nameservice_enablelog_line_prefixtimezonepassword_encryptionextra_systemd_config
ip_mask_deny_postgres_user
Data type: String[1]
Specifies the IP mask from which remote connections should be denied for the postgres superuser. Default value: '0.0.0.0/0', which denies any remote connection.
Default value: $postgresql::server::ip_mask_deny_postgres_user
ip_mask_allow_all_users
Data type: String[1]
Overrides PostgreSQL defaults for remote connections. By default, PostgreSQL does not allow database user accounts to connect via TCP from remote machines. If you'd like to allow this, you can override this setting. Set to '0.0.0.0/0' to allow database users to connect from any remote machine, or '192.168.0.0/1' to allow connections from any machine on your local '192.168' subnet. Default value: '127.0.0.1/32'.
Default value: $postgresql::server::ip_mask_allow_all_users
listen_addresses
Data type: Optional[String[1]]
Address list on which the PostgreSQL service will listen
Default value: $postgresql::server::listen_addresses
port
Data type: Variant[String[1], Stdlib::Port, Integer]
Specifies the port for the PostgreSQL server to listen on. Note: The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, changing the port causes the server to come to a full stop before being able to make the change. Default value: 5432. Meaning the Postgres server listens on TCP port 5432.
Default value: $postgresql::server::port
ipv4acls
Data type: Array[String[1]]
Lists strings for access control for connection method, users, databases, IPv4 addresses.
Default value: $postgresql::server::ipv4acls
ipv6acls
Data type: Array[String[1]]
Lists strings for access control for connection method, users, databases, IPv6 addresses.
Default value: $postgresql::server::ipv6acls
pg_hba_conf_path
Data type: Variant[String[1], Stdlib::Absolutepath]
Specifies the path to your pg_hba.conf file.
Default value: $postgresql::server::pg_hba_conf_path
pg_ident_conf_path
Data type: Variant[String[1], Stdlib::Absolutepath]
Specifies the path to your pg_ident.conf file.
Default value: $postgresql::server::pg_ident_conf_path
postgresql_conf_path
Data type: Variant[String[1], Stdlib::Absolutepath]
Specifies the path to your postgresql.conf file.
Default value: $postgresql::server::postgresql_conf_path
postgresql_conf_mode
Data type: Optional[Stdlib::Filemode]
Sets the mode of your postgresql.conf file. Only relevant if manage_postgresql_conf_perms is true.
Default value: $postgresql::server::postgresql_conf_mode
recovery_conf_path
Data type: Variant[String[1], Stdlib::Absolutepath]
Specifies the path to your recovery.conf file.
Default value: $postgresql::server::recovery_conf_path
pg_hba_conf_defaults
Data type: Boolean
If false, disables the defaults supplied with the module for pg_hba.conf. This is useful if you disagree with the defaults and wish to override them yourself. Be sure that your changes of course align with the rest of the module, as some access is required to perform basic psql operations for example.
Default value: $postgresql::server::pg_hba_conf_defaults
user
Data type: String[1]
Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system.
Default value: $postgresql::server::user
group
Data type: String[1]
Overrides the default postgres user group to be used for related files in the file system.
Default value: $postgresql::server::group
version
Data type: Optional[String[1]]
Sets PostgreSQL version
Default value: $postgresql::server::_version
manage_pg_hba_conf
Data type: Boolean
Boolean. Whether to manage the pg_hba.conf.
Default value: $postgresql::server::manage_pg_hba_conf
manage_pg_ident_conf
Data type: Boolean
Boolean. Overwrites the pg_ident.conf file.
Default value: $postgresql::server::manage_pg_ident_conf
manage_recovery_conf
Data type: Boolean
Boolean. Specifies whether or not manage the recovery.conf.
Default value: $postgresql::server::manage_recovery_conf
manage_postgresql_conf_perms
Data type: Boolean
Whether to manage the postgresql conf file permissions. This means owner, group and mode. Contents are not managed but should be managed through postgresql::server::config_entry.
Default value: $postgresql::server::manage_postgresql_conf_perms
datadir
Data type: String[1]
PostgreSQL data directory
Default value: $postgresql::server::datadir
logdir
Data type: Optional[String[1]]
PostgreSQL log directory
Default value: $postgresql::server::logdir
service_name
Data type: String[1]
Overrides the default PostgreSQL service name.
Default value: $postgresql::server::service_name
service_enable
Data type: Boolean
Enable the PostgreSQL service
Default value: $postgresql::server::service_enable
log_line_prefix
Data type: Optional[String[1]]
PostgreSQL log line prefix
Default value: $postgresql::server::log_line_prefix
timezone
Data type: Optional[String[1]]
Set timezone for the PostgreSQL instance
Default value: $postgresql::server::timezone
password_encryption
Data type: Optional[String]
Specify the type of encryption set for the password.
Default value: $postgresql::server::password_encryption
extra_systemd_config
Data type: Optional[String]
Adds extra config to systemd config file, can for instance be used to add extra openfiles. This can be a multi line string
Default value: $postgresql::server::extra_systemd_config
postgresql::server::instance::initdb
lint:ignore:140chars lint:endignore:140chars
Parameters
The following parameters are available in the postgresql::server::instance::initdb defined type:
needs_initdbinitdb_pathdatadirxlogdirlogdirmanage_datadirmanage_logdirmanage_xlogdirencodinglocaledata_checksumsusergroupmodule_workdir
needs_initdb
Data type: Boolean
Explicitly calls the initdb operation after server package is installed and before the PostgreSQL service is started.
Default value: $postgresql::server::needs_initdb
initdb_path
Data type: Variant[String[1], Stdlib::Absolutepath]
Specifies the path to the initdb command.
Default value: $postgresql::server::initdb_path
datadir
Data type: String[1]
PostgreSQL data directory
Default value: $postgresql::server::datadir
xlogdir
Data type: Optional[String[1]]
PostgreSQL xlog directory
Default value: $postgresql::server::xlogdir
logdir
Data type: Optional[String[1]]
PostgreSQL log directory
Default value: $postgresql::server::logdir
manage_datadir
Data type: Boolean
Set to false if you have file{ $datadir: } already defined
Default value: $postgresql::server::manage_datadir
manage_logdir
Data type: Boolean
Set to false if you have file{ $logdir: } already defined
Default value: $postgresql::server::manage_logdir
manage_xlogdir
Data type: Boolean
Set to false if you have file{ $xlogdir: } already defined
Default value: $postgresql::server::manage_xlogdir
encoding
Data type: Optional[String[1]]
Sets the default encoding for all databases created with this module. On certain operating systems this is also used during the template1 initialization, so it becomes a default outside of the module as well.
Default value: $postgresql::server::encoding
locale
Data type: Optional[String[1]]
Sets the default database locale for all databases created with this module. On certain operating systems this is used during the template1 initialization as well, so it becomes a default outside of the module.
Default value: $postgresql::server::locale
data_checksums
Data type: Optional[Boolean]
Boolean. Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. Warning: This option is used during initialization by initdb, and cannot be changed later. If set, checksums are calculated for all objects, in all databases.
Default value: $postgresql::server::data_checksums
user
Data type: String[1]
Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system.
Default value: $postgresql::server::user
group
Data type: String[1]
Overrides the default postgres user group to be used for related files in the file system.
Default value: $postgresql::server::group
module_workdir
Data type: String[1]
Working directory for the PostgreSQL module
Default value: $postgresql::server::module_workdir
postgresql::server::instance::late_initdb
lint:ignore:140chars lint:endignore:140chars
Parameters
The following parameters are available in the postgresql::server::instance::late_initdb defined type:
encoding
Data type: Optional[String[1]]
Sets the default encoding for all databases created with this module. On certain operating systems this is also used during the template1 initialization, so it becomes a default outside of the module as well.
Default value: $postgresql::server::encoding
user
Data type: String[1]
Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system.
Default value: $postgresql::server::user
group
Data type: String[1]
Overrides the default postgres user group to be used for related files in the file system.
Default value: $postgresql::server::group
psql_path
Data type: Variant[String[1], Stdlib::Absolutepath]
Specifies the path to the psql command.
Default value: $postgresql::server::psql_path
port
Data type: Variant[String[1], Stdlib::Port, Integer]
Specifies the port for the PostgreSQL server to listen on. Note: The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, changing the port causes the server to come to a full stop before being able to make the change.
Default value: $postgresql::server::port
module_workdir
Data type: String[1]
Working directory for the PostgreSQL module
Default value: $postgresql::server::module_workdir
postgresql::server::instance::passwd
lint:ignore:140chars lint:endignore:140chars
Parameters
The following parameters are available in the postgresql::server::instance::passwd defined type:
user
Data type: String[1]
Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system.
Default value: $postgresql::server::user
group
Data type: String[1]
Overrides the default postgres user group to be used for related files in the file system. Default value: 5432. Meaning the Postgres server listens on TCP port 5432.
Default value: $postgresql::server::group
psql_path
Data type: Variant[String[1], Stdlib::Absolutepath]
Specifies the path to the psql command.
Default value: $postgresql::server::psql_path
port
Data type: Variant[String[1], Stdlib::Port, Integer]
Specifies the port for the PostgreSQL server to listen on. Note: The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, changing the port causes the server to come to a full stop before being able to make the change.
Default value: $postgresql::server::port
database
Data type: String[1]
Specifies the name of the database to connect with. On most systems this is 'postgres'.
Default value: $postgresql::server::default_database
module_workdir
Data type: String[1]
Working directory for the PostgreSQL module
Default value: $postgresql::server::module_workdir
postgres_password
Data type: Optional[Variant[String[1], Sensitive[String[1]], Integer]]
Sets the password for the postgres user to your specified value. By default, this setting uses the superuser account in the Postgres database, with a user called postgres and no password.
Default value: $postgresql::server::postgres_password
postgresql::server::instance::reload
The postgresql::server::instance::reload class.
Parameters
The following parameters are available in the postgresql::server::instance::reload defined type:
service_reload
Data type: String[1]
Overrides the default reload command for your PostgreSQL service.
Default value: $postgresql::server::service_reload
service_status
Data type: String[1]
Overrides the default status check command for your PostgreSQL service.
Default value: $postgresql::server::service_status
postgresql::server::instance::service
lint:ignore:140chars lint:endignore:140chars
Parameters
The following parameters are available in the postgresql::server::instance::service defined type:
service_ensureservice_enableservice_manageservice_nameservice_providerservice_statususerportdefault_databasepsql_pathconnect_settings
service_ensure
Data type: Variant[Enum['running', 'stopped'], Boolean]
Ensure service is installed
Default value: $postgresql::server::service_ensure
service_enable
Data type: Boolean
Enable the PostgreSQL service
Default value: $postgresql::server::service_enable
service_manage
Data type: Boolean
Defines whether or not Puppet should manage the service.
Default value: $postgresql::server::service_manage
service_name
Data type: String[1]
Overrides the default PostgreSQL service name.
Default value: $postgresql::server::service_name
service_provider
Data type: Optional[String[1]]
Overrides the default PostgreSQL service provider.
Default value: $postgresql::server::service_provider
service_status
Data type: String[1]
Overrides the default status check command for your PostgreSQL service.
Default value: $postgresql::server::service_status
user
Data type: String[1]
Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system.
Default value: $postgresql::server::user
port
Data type: Variant[String[1], Stdlib::Port, Integer]
Specifies the port for the PostgreSQL server to listen on. Note: The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, changing the port causes the server to come to a full stop before being able to make the change. Default value: 5432. Meaning the Postgres server listens on TCP port 5432.
Default value: $postgresql::server::port
default_database
What are tasks?
Modules can contain tasks that take action outside of a desired state managed by Puppet. It’s perfect for troubleshooting or deploying one-off changes, distributing scripts to run across your infrastructure, or automating changes that need to happen in a particular order as part of an application deployment.
Tasks in this module release
Change log
All notable changes to this project will be documented in this file. The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
v9.0.0 (2023-04-21)
Changed
- (CONT-792) - Add Puppet 8/Drop Puppet 6 #1414 (jordanbreen28)
v8.3.0 (2023-04-21)
Added
- convert ERB templates to EPP #1399 (SimonHoenscheid)
- (CONT-361) Syntax update #1397 (LukasAud)
- Add multi instance support, refactoring reload.pp (6/x) #1392 (SimonHoenscheid)
- Add multi instance support, refactoring password.pp (5/x) #1391 (SimonHoenscheid)
- Add multi instance support, refactoring late_initdb.pp (3/x) #1384 (SimonHoenscheid)
- Add multi instance support, refactoring initdb.pp (2/x) #1383 (SimonHoenscheid)
- Add multi instance support, refactoring config.pp (1/x) #1382 (SimonHoenscheid)
- pg_hba_rule: Validate userinput in postgresql::server #1376 (bastelfreak)
- pg_hba_rule: Move
typedatatype to own type #1375 (bastelfreak) - pg_hba_rule does not properly verify address parameter #1372 (tuxmea)
Fixed
- Ubuntu 14/16/17: Drop code leftovers #1388 (bastelfreak)
- remove debian 8 and 9 corpses #1387 (SimonHoenscheid)
- Archlinux client and server package names were swapped around #1381 (tobixen)
- apt::source: configure repo only for current architecture #1380 (bastelfreak)
- pdksync - (CONT-189) Remove support for RedHat6 / OracleLinux6 / Scientific6 #1371 (david22swan)
- pdksync - (CONT-130) - Dropping Support for Debian 9 #1368 (jordanbreen28)
- (maint) Codebase Hardening #1366 (david22swan)
- Fix table grant with schema #1315 (vaol)
v8.2.1 (2022-08-24)
Fixed
- Fix puppet-strings documentation #1363 (ekohl)
- (GH-1360) Reverting REFERENCE.md changes #1361 (pmcmaw)
- Only require password when used #1356 (arjenz)
v8.2.0 (2022-08-23)
Added
- pdksync - (GH-cat-11) Certify Support for Ubuntu 22.04 #1355 (david22swan)
- (MODULES-11251) Add support for backup provider "pg_dump" #1319 (fraenki)
Fixed
v8.1.0 (2022-07-21)
Added
- Fix service status detection on Debian-based OSes #1349 (arjenz)
- (FM-8971) allow deferred function for role pwd #1347 (tvpartytonight)
- Set version for Fedora 36 #1345 (lweller)
- Add Red Hat Enterprise Linux 9 support #1303 (ekohl)
Fixed
- (GH-1352) - Updating postgresql service version on SLES #1353 (pmcmaw)
- Respect $service_status on Red Hat-based distros #1351 (ekohl)
- Add version for Ubuntu 22.04 #1350 (arjenz)
- README.md: correct postgresql_conn_validator example #1332 (bastelfreak)
- pdksync - (GH-iac-334) Remove Support for Ubuntu 14.04/16.04 #1331 (david22swan)
- Remove unused variable in reload.pp #1327 (ekohl)
- Use systemctl reload on EL 7 and higher #1326 (ekohl)
v8.0.0 (2022-03-03)
Changed
Added
- add default version for Fedora 35 #1317 (jflorian)
- add scram-sha-256 support #1313 (fe80)
- add support for Ubuntu Hirsute and Impish #1312 (nicholascioli)
- Allow systemd to mask postgresql service file #1310 (kim-sondrup)
- Make ::contrib a noop on OSes without a contrib package #1309 (carlosduelo)
- pdksync - (IAC-1753) - Add Support for AlmaLinux 8 #1308 (david22swan)
- MODULES-11201: add service_name for Ubuntu 18.04 and later #1306 (moritz-makandra)
- pdksync - (IAC-1751) - Add Support for Rocky 8 #1305 (david22swan)
- Default privileges support schemas #1300 (fish-face)
- Support target_role in default_privileges #1297 (fish-face)
Fixed
- pdksync - (IAC-1787) Remove Support for CentOS 6 #1324 (david22swan)
- Fix python package name in RHEL/CentOS 8 #1316 (kajinamit)
- Drop further code for Debian 6 and Ubuntu 10 #1307 (ekohl)
v7.5.0 (2021-09-28)
Added
Fixed
- (IAC-1598) - Remove Support for Debian 8 #1302 (david22swan)
- Inline file contents in the catalog #1299 (ekohl)
- Fix changing default encoding #1296 (smortex)
v7.4.1 (2021-08-25)
Fixed
v7.4.0 (2021-08-24)
Added
- pdksync - (IAC-1709) - Add Support for Debian 11 #1288 (david22swan)
Fixed
v7.3.0 (2021-08-03)
Added
- MODULES-11049 - Implement default privileges changes #1267 (mtancoigne)
Fixed
- Do not add version component to repo definition #1282 (weastur)
- (MODULES-8700) Autorequire the service in postgresql_psql #1276 (ekohl)
v7.2.0 (2021-05-24)
Added
- (MODULES-11069) add default version for fedora 34 #1272 (lweller)
- MODULES-11047 - Allow managing rights for PUBLIC role #1266 (mtancoigne)
v7.1.0 (2021-04-12)
Added
v7.0.3 (2021-04-12)
v7.0.2 (2021-03-15)
Fixed
- (MODULES-10957) Override the set_sensitive_parameters method #1258 (sheenaajay)
v7.0.1 (2021-03-08)
Fixed
v7.0.0 (2021-03-04)
Changed
- pdksync - (MAINT) Remove SLES 11 support #1247 (sanfrancrisko)
- pdksync - (MAINT) Remove RHEL 5 family support #1246 (sanfrancrisko)
- pdksync - Remove Puppet 5 from testing and bump minimal version to 6.0.0 #1238 (carabasdaniel)
Added
v6.10.2 (2021-02-22)
Fixed
v6.10.1 (2021-02-09)
Fixed
v6.10.0 (2021-02-08)
Added
- Set default PostgreSQL version for FreeBSD #1227 (olevole)
- Clean up globals logic to support CentOS 8 stream #1225 (ekohl)
Fixed
- (bug) fix systemd daemon-reload order when updating service files #1230 (sheenaajay)
- Fix postgresql::sql task when password is not set #1226 (smortex)
v6.9.0 (2021-01-18)
Added
- pdksync - (feat) - Add support for puppet 7 #1215 (daianamezdrea)
- Manage postgresql_conf_path file permissions #1199 (ekohl)
Fixed
- (maint) updated defaults for rhel7 policycoreutils #1212 (sheenaajay)
- (IAC-1189) - Fix for SLES 15 SP 1 and later #1209 (david22swan)
- Change - Use systemd drop-in directory for unit overrides #1201 (blackknight36)
v6.8.0 (2020-09-28)
Added
- add hostgssenc type to pg_hba rules #1195 (osijan)
- Allow removal of config_entries via main class #1187 (ekohl)
Fixed
v6.7.0 (2020-08-28)
Added
- pdksync - (IAC-973) - Update travis/appveyor to run on new default branch
main#1182 (david22swan)
Fixed
v6.6.0 (2020-06-02)
Added
- (IAC-746) - Add ubuntu 20.04 support #1172 (david22swan)
Fixed
- Fix custom port in extension #1165 (Vampouille)
v6.5.0 (2020-05-13)
Added
- service_ensure => true is now an allowed value (aliased to running) #1167 (binford2k)
- Finish conversion of
postgresql\_acls\_to\_resources\_hashfunction #1163 (alexjfisher) - Finish conversion of
postgresql\_escapefunction #1162 (alexjfisher) - Finish conversion of
postgresql\_passwordfunction #1161 (alexjfisher) - Allow usage of grant and role when not managing postgresql::server #1159 (tuxmea)
- Add version configs for SLES 12 SP 3 to 5 #1158 (XnS)
- Add extra parameter "extra_systemd_config" #1156 (veninga)
Fixed
- (MODULES-10610) Use correct lower bound for concat version #1160 (ghoneycutt)
v6.4.0 (2020-03-17)
Added
- Add Fedora 31 compatibility #1141 (blackknight36)
- feat: enable different database resource name in extension #1136 (jfroche)
- pdksync - (FM-8581) - Debian 10 added to travis and provision file refactored #1130 (david22swan)
- Puppet 4 functions #1129 (binford2k)
Fixed
- Fix incorrectly quoted GRANT cmd on functions #1150 (olifre)
- Correct versioncmp logic in config.pp #1137 (boydtom)
- Treat $version as an integer for comparison, defaults to string #1135 (boydtom)
- fix missing systemd override config for EL8 (CentOS and RHEL) #1131 (david-barbion)
v6.3.0 (2019-12-18)
Added
- Add support for granting privileges on functions #1118 (crispygoth)
- (FM-8679) - Support added for CentOS 8 #1117 (david22swan)
- MODULES-10041 - allow define password_encryption for version above 10 #1111 (k2patel)
Fixed
- Remove duplicate REFERENCE.md file with strange unicode character at end of filename #1108 (nudgegoonies)
v6.2.0 (2019-09-12)
Added
- FM-8408 - add support on Debian10 #1103 (lionce)
- Fix/directory defined twice #1089 (arcenik)
- Adding SLES 15 #1087 (msurato)
- (FM-7500) conversion to use litmus #1081 (tphoney)
Fixed
- Allow usage of PUBLIC role #1134 (Vampouille)
- (MODULES-9658) - custom ports are not labeled correctly #1099 (blackknight36)
- Fix: When assigning a tablespace to a database, no equal sign is needed in the query #1098 (biertie)
- Grant all tables in schema fixup #1096 (georgehansper)
- (MODULES-9219) - puppetlabs-postgresql : catalog compilation fails when the service command is not installed #1093 (blackknight36)
v6.1.0 (2019-06-04)
Added
v6.0.0 (2019-05-14)
Changed
- pdksync - (MODULES-8444) - Raise lower Puppet bound #1070 (david22swan)
- (maint) remove inconsistent extra variable #1044 (binford2k)
Added
- Add Fedora 30 compatibility #1067 (blackknight36)
- Include EL8 version for config checks #1060 (ehelms)
Fixed
- Support current version of puppetlabs/apt. #1073 (pillarsdotnet)
- change username/group/datadir defaults for FreeBSD #1063 (olevole)
5.12.1 (2019-02-14)
Fixed
- (FM-7811) - Use postgresql 9.4 for SLES 11 sp4 #1057 (david22swan)
- (MODULES-8553) Further cleanup for package tag issues #1055 (HelenCampbell)
5.12.0 (2019-02-01)
Added
Fixed
- (MODULES-8553) Fix dependency on apt by explicitly using 'puppetlabs-postgresql' as tag #1052 (HelenCampbell)
- (MODULES-8352) Don't use empty encoding string on initdb #1043 (binford2k)
- pdksync - (FM-7655) Fix rubygems-update for ruby \< 2.3 #1042 (tphoney)
5.11.0 (2018-11-21)
Added
Fixed
- Strip quotes from role names #1034 (jstuart)
- Ignore .psqlrc so output is clean and doesn't break Puppet #1021 (flaviogurgel)
- Change initdb option '--xlogdir' to '-X' for PG10 compatibility #976 (fcanovai)
5.10.0 (2018-09-27)
Added
5.9.0 (2018-09-06)
Added
5.8.0 (2018-08-06)
Added
- metadata.json: bump allowed version of puppetlabs-apt to 6.0.0 #1012 (mateusz-gozdek-sociomantic)
5.7.0 (2018-07-19)
Added
- (MODULES-7479) Update postgresql to support Ubuntu 18.04 #1005 (david22swan)
- (MODULES-6542) - Adding SLES 11 & 12 to metadata #1001 (pmcmaw)
Fixed
- (MODULES-7479) Ensure net-tools is installed when testing on Ubuntu 18.04 #1006 (david22swan)
- (MODULES-7460) - Updating grant table to include INSERT privileges #1004 (pmcmaw)
- Fix packages choice for ubuntu 17.10 #1000 (fflorens)
5.6.0 (2018-06-20)
Changed
Added
- Add compatibility for Fedora 28 #994 (jflorian)
- (MODULES-5994) Add debian 9 #992 (hunner)
- Adding default Postgresql version for Ubuntu 18.04 #981 (lutaylor)
Fixed
5.5.0 (2018-04-06)
Added
5.4.0 (2018-03-22)
Added
- (MODULES-6330) PDK convert 1.4.1 #961 (pmcmaw)
- Parameter
ensureonpostgresql::server::grantandpostgresql::server::database\_grant#891 (georgehansper)
Fixed
- Documentation error,
reassign\_owned\_byuses\*\_rolenot\*\_owner. #958 (computermouth)
5.3.0
Summary
Implements rubocop changes within the module, alongside other smaller changes.
Added
- ensure=>absent added to postgresql::server:role.
- Support added for Fedora 27.
- scram-sha-256 added as a valid ph_hba_rule auth method.
- 9.6 settings inherited for later PgSQL versions on FreeBSD.
- A require has been added for puppet.
Changed
- Changes made to avoid the useless loading of files by augeas.
- Modulesync changes.
- psql_path defaulted to postgresql::server::psql_path.
- Rubocop changes have been made.
Removed
- Debian 9 support deprecated.
Supported Release 5.2.1
Summary
Bug fix for issue introduced in 5.2.0
Fixed
- issue where the module was attempting to install extensions before a database was available. (SERVER-2003)
Supported Release 5.2.0
Summary
Adds several new features including some work around OS support. Also includes a couple of fixes to tests and the removal of unsupported Ubuntu versions.
Added
- Added default postgresql version of Ubuntu 17.4 version to the globals.pp file.
- Fedora 26 provides postgresql-server version 9.6 by default - Added support to manifests/globals.pp to avoid puppet failures on Fedora 26 nodes.
- Use postgresql 9.6 for the newest SLES and openSUSE releases.
- Enhanced --data-checksums on initdb.
- Added support for Debian version 9.
- Added a
versionparameter.
Changed
- Replaced validate_re calls with puppet datatype
Patternand is_array calls with puppet datatypeArray. - Installation method for apt in the spec_helper_acceptance, this is a temporary workaround due to issues with module installation.
Fixed
- Updated spec tests to remove deprecation warnings.
- Docs formatting.
- Pass default_connect_settings to validate service (MODULES-4682)
- Rocket Alignment for Lint.
- Fixed changes in error messages in tests (MODULES-5378)
Removed
- Removed unsupported Ubuntu versions 10.04 and 12.04 (MODULES-5501)
- Removed unsupported Debian version 6.
- Removed numeric order override.
Supported Release 5.1.0
Summary
This release includes Japanese translations for internationalization, Puppet 5 support, implementation of defined type postgresql::server::reassign_owned_by.
Features
- Updating translations for readmes/README_ja_JP.md
- add defined type postgresql::server::reassign_owned_by
- Allow order parameter to be string value
- prep for puppet 5 (MODULES-5144)
- add data_checksums option to initdb
- parameter ensure of custom resource postgresql_replication_slot is not documented (MODULES-2989)
Bug Fixes
- Adding a space for header formatting
- use https for apt.postgresql.org repo
- msync puppet 5 and ruby 2.4 (MODULES-5197)
- Only run test on postgresql >= 9.0 (FM-6240)
- Fix Ruby 2.4 deprecation in postgresql_acls_to_resources_hash
Supported Release 5.0.0
Summary
This major release dropped support for Puppet 3 and PostgreSQL 8.x, added Puppet 4 data types, and deprecated the validate_db_connection type.
Added
locales/directory, .pot file, and i18nconfig.yaml. (FM-6116)update_passwordparameter to toggle password management per role.- Puppet 4 type validation.
- new
postgresql_conn_validatorcustom type and deprecatedvalidate_db_connection. (MODULES-1394)
Changed
- default postgis versions in postgresql::globals to use newer versions.
- puppetlabs-concat and puppetlabs-apt dependencies to use latest versions. (MODULES-4906, MODULES-4947)
- default value for
log_line_prefixtoundef. listen_addressesdefault value to 'localhost'. Allows for it to be set independently of a class declaration.- use of stdlib validate_* functions. They have been removed in favor of Puppet 4 type validation.
- lower Puppet dependency in metadata to 4.7.0. (MODULES-4826)
Fixed
- deprecated apt::source parameters(
key,key_source, &include_src). - default SUSE parameters. (MODULES-4598)
- use of force parameter on concat resources.
Supported Release 4.9.0
Summary
This release adds several types and, among other bugs, fixes an issue with the yum URL.
Features
- Modifying ownership of databases and schemas now available (MODULES-3247)
- Use
module_workdirto specify a custom directory in which to execute psql commands grant_roleandgranttypes added!- Support for parallel unit testing (parallel_tests)
- Override download/installation repo URL with
repo_baseurl - Set your timezone with
timezone - Grant privileges on LANGUAGEs
- Added support for Debian Stretch and Ubuntu Yakkety Yak
Bugfixes
- Usernames and passwords are now converted to strings before password hash is created
- Specify default database name if it is not the username
- Update to yum repo
- Schema name conflicts fix
Supported Release 4.8.0
Summary
This release primarily fixes an issue with postgresql_conf values of ipaddresses being considered floats and not getting quoted.
Features
- Add
default_connect_settingsparameter topostgresql::server - Running under strict variables is now supported
- Add timestamps into logs by default
Bugfixes
- Obscure password in postgresql_psql type
- Fix ip address quoting in postgresql_conf type
- Fix handling of systemd service on Ubuntu
- Mark log_min_duration_statement setting as requiring a service restart
- Add fixes for Fedora 23, Fedora 24, FreeBSD, OpenBSD
- Fix environment handling to avoid "Overriding environment setting" message
- Work around PUP-6385, using empty arrays instead of undef when specifying resource relationships
- README editorial pass
- Reduce whitespace in templates
- Update build/test infrastructure
Supported Release 4.7.1
Summary
This release contains some bugfixes and documentation updates.
Bugfixes
- (MODULES-3024) Quote database objects when creating databases.
- Properly escape case where password ends with '$'.
- Fixes password change when postgres is configure to non-standard port.
- Unpins concat dependency to be able to use concat 2.x.
- Workaround to fix installing on Amazon Linux.
- Fixes proper defaulting of
$service_providerparameter. - Fixes postgres server init script naming on Amazon Linux.
- Fixes service reload parameter on Arch Linux.
- Adds missing onlyif_function to sequence grant code.
- Fixes to the markdown of the README.
Supported Release 4.7.0
Summary
A release with a considerable amount of new features, including remote db support and several platform support updates. Various bugfixes including several to address warnings and a sizable README update.
Features
- Remote DB support - Connection-settings allows a hash of options that can be used when connecting to a remote DB.
- Debian 8 support.
- Updated systemd-override to support fedora and CentOS paths.
- Adds the ability to define the extension name separately from the title of the resource, which allows you to add the extension to more than one database.
- Added parameter to disable automatic service restarts on config changes.
- Ubuntu 15.10 compatibility.
- OpenBSD version is now 9.4.
- Added .gitattributes to maintain line endings for .sh and .rb files.
- Adds default postgis version for 9.5.
- Allows float postgresql_conf values.
- Schedule apt update after install of repo.
Bugfixes
- Fixed systemd-override for RedHat systems with unmanaged Yum repos.
- Removed inherits postgresql::params.
- Multi-node tests are now not ran by default.
- Change apt::pin to apt_postgresql_org to prevent error message.
- Removed syntax error near UTF8.
- Removal of extra blanks and backslashes in README.
- Double quotes now used around database name to prevent syntax error.
- Removes ruby 1.8.7 and puppet 2.7 from travis-ci jobs.
- Fixed paths to work on Amazon Linux.
- Fixed quotes around locale options.
- Huge README update.
- Update to use current msync configs.
- Fixes postgresql::server acceptance test descriptions.
Supported Release 4.6.1
###Summary
Small release for support of newer PE versions. This increments the version of PE in the metadata.json file.
2015-09-01 - Supported Release 4.6.0
Summary
This release adds a proxy feature for yum, Postgis improvements, and decoupling pg_hba_rule from postgresql::server.
Features
- Support setting a proxy for yum operations
- Allow for undefined PostGIS version
- Decouple pg_hba_rule from postgresql::server
Bugfixes
- Fix postgis default package name on RedHat
2015-07-27 - Supported Release 4.5.0
Summary
This release adds sequence grants, some postgresql 9.4 fixes, and onlyif to
the psql resource.
Features
- Add
onlyifparameter topostgresql_psql - Add unsupported compatibility with Ubuntu 15.04
- Add unsupported compatibility with SLES 11/12 and OpenSuSE 13.2
- Add
postgresql::server::grant::onlyif_existsattribute - Add
postgresql::server::table_grant::onlyif_existsattribute - Add granting permissions on sequences
Bugfixes
- Added docs for
postgresql::server::grant - Fix
pg_hba_conf_defaults => falseto not disable ipv4/ipv6 acls - Fix 9.4 for
postgresql::server::pg_hba_rule
2015-07-07 - Supported Release 4.4.2
Summary
This release fixes a bug introduced in 4.4.0.
Bugfixes
- Fixes
withenvexecution under Puppet 2.7. (MODULES-2185)
2015-07-01 - Supported Release 4.4.1
Summary
This release fixes RHEL 7 & Fedora with manage_package_repo switched on.
Bugfixes
- Ensure manage_package_repo variable is in scope for systemd-override file for RHEL7
2015-06-30 - Supported Release 4.4.0
Summary
This release has several new features, bugfixes, and test improvements.
Features
- Adds a resource to manage recovery.conf.
- Adds a parameter that allows the specification of a validate connection script in
postgresql::client. - Adds support for plpython package management.
- Adds support for postgresql-docs management.
- Adds ability to make
postgresql::server::schematitles unique. (MODULES-2049) - Updates puppetlabs-apt module dependency to support version 2.1.0.
Bugfixes
- Fix
postgresql_psqlparameter ordering to work on OpenBSD with Future Parser - Fix setting postgres role password (MODULES-1869)
- Fix execution command with puppet <3.4 (MODULES-1923)
- Fix Puppet.newtype deprecation warning (MODULES-2007)
- Fix systemd override for manage_repo package versions
- Fix Copy snakeoil certificate and key instead of symlinking
Test Improvements
- Allows setting BEAKER and BEAKER_RSPEC versions via environment variables.
- Enables Unit testing on Travis CI with Puppet 4.
- Cleans up spec_helper_acceptance.rb to use new puppet_install_helper gem.
2015-03-24 - Supported Release 4.3.0
Summary
This release fixes compatibility with Puppet 4 and removes opportunities for local users to view the postgresql password. It also adds a new custom resource to aid in managing replication.
Features
- Add
postgresql::server::logdirparameter to manage the logdir - Add
environmentparameter topostgresql_psql - Add
postgresql_replication_slotcustom resource
Bugfixes
- Fix for Puppet 4
- Don't print postgresql_psql password in command
- Allow
postgresql::validate_db_connectionfor more than one host+port+database combo - Fix service command on Debian 8 and up
- Fix
postgresql::server::extensionto work with custom user/group/port - Fix
postgresql::server::initdbto work with custom user/group/port - Fix changing template1 encoding
- Fix default
postgresql::server::grant::object_namevalue - Fix idempotency of granting all tables in schema with
puppet::server::grant - Fix lint warnings
- Fix apt key to use 40 character key and bump puppetlabs-apt to >= 1.8.0 < 2.0.0
##2015-03-10 - Supported Release 4.2.0 ###Summary
This release has several new features including support for server extensions, improved grant support, and a number of bugfixes.
####Features
- Changes to support OpenBSD
- Add
service_reloadparameter topostgresql::server - Add
commentparameter topostgresql::server::database(MODULES-1153) - Add
postgresql::server::extensiondefined type - Add postgresql versions for utopic and jessie
- Update
postgresql::server::grantto support 'GRANT SCHEMA' and 'ALL TABLES IN SCHEMA'
####Bugfixes
- Lint cleanup
- Remove outdated upgrade info from README
- Use correct TCP port when checking password
- Create role before database
- Fix template1 encoding on Debian
- Require server package before user permissions
- Fix
service_statusdefault for FreeBSD to allow PostgreSQL to start the first run - Fix invalid US-ASCII byte sequence in
postgresql::server::grantcomments - Reverted to default behavior for Debian systems as
pg_configshould not be overwritten (MODULES-1485)
##2014-11-04 - Supported Release 4.1.0 ###Summary
This release adds the ability to change the PGDATA directory, and also includes documentation and test updates, future parser support, and a few other new features.
####Features
- Future parser support
- Documentation updates
- Test updates
- Add a link from
/etc/sysconfig/pgsql/postgresql-${version}to/etc/sysconfig/pgsql/postgresqlto support init scripts from the postgresql.org repo - Add support for changing the PGDATA directory
- Set default versions for Fedora 21 and FreeBSD
##2014-09-03 - Supported Release 4.0.0 ###Summary
This release removes the uninstall ability from the module, removes the firewall management, overhauls all of the acceptance testing, as well as adds better support for SuSE and Fedora.
###Backwards Incompatible changes.
- Uninstall code removal.
- Firewall management for Postgres.
- Set manage_pg_ident_conf to true.
####Uninstallation removal
We rely heavily on the ability to uninstall and reinstall postgres throughout our testing code, testing features like "can I move from the distribution packages to the upstream packages through the module" and over time we've learnt that the uninstall code simply doesn't work a lot of the time. It leaves traces of postgres behind or fails to remove certain packages on Ubuntu, and generally causes bits to be left on your system that you didn't expect.
When we then reinstall things fail because it's not a true clean slate, and this causes us enormous problems during test. We've spent weeks and months working on these tests and they simply don't hold up well across the full range of PE platforms.
Due to all these problems we've decided to take a stance on uninstalling in general. We feel that in 2014 it's completely reasonable and normal to have a good provisioning pipeline combined with your configuration management and the "correct" way to uninstall a fully installed service like postgresql is to simply reprovision the server without it in the first place. As a general rule this is how I personally like to work and I think is a good practice.
####I'm not OK with this!
We understand that there are environments and situations in which it's not easy to do that. What if you accidently deployed Postgres on 100,000 nodes? In the future we're going to take a look at building some example 'profiles' to be found under examples/ within this module that can uninstall postgres on popular platforms. These can be modified and used in your specific case to uninstall postgresql. They will be much more brute force and reliant on deleting entire directories and require you to do more work up front in specifying where things are installed but we think it'll prove to be a much cleaner mechanism for this kind of thing rather than trying to weave it into the main module logic itself.
####Features
- Removal of uninstall.
- Removal of firewall management.
- Tests ported to rspec3.
- Acceptance tests rewritten.
- Add a defined type for creating database schemas.
- Add a pg_ident_rule defined type.
- Set manage_pg_ident_conf to true.
- Manage pg_ident.conf by default.
- Improve selinux support for tablespace.
- Remove deprecation warnings.
- Support changing PGDATA on RedHat.
- Add SLES 11 support.
####Bugfixes
- Link pg_config binary into /usr/bin.
- Fix fedora support by using systemd.
- Initdb should create xlogdir if set.
- Use a regular expression to match the major OS version on Ubuntu.
##2014-07-31 - Supported Release 3.4.2 ###Summary
This release fixes recent Fedora versions.
####Features ####Bugfixes
- Fix Fedora.
##2014-07-15 - Supported Release 3.4.1 ###Summary
This release merely updates metadata.json so the module can be uninstalled and upgraded via the puppet module command.
##2014-04-14 - Supported Release 3.4.0 ###Summary
This feature rolls up several important features, the biggest being PostGIS
handling and allowing port to be set on postgresql::server in order to
change the port that Postgres listens on. We've added support for RHEL7
and Ubuntu 14.04, as well as allowing you to manage the service via
service_ensure finally.
####Features
- Added
perl_package_namefor installing bindings. - Added
service_ensurefor allowing control of services. - Added
postgis_versionand postgis class for installing postgis. - Added
portfor selecting the port Postgres runs on. - Add support for RHEL7 and Ubuntu 14.04.
- Add
default_dbto postgresql::server::database. - Widen the selection of unquoted parameters in postgresql_conf{}
- Require the service within postgresql::server::reload for RHEL7.
- Add
inheritto postgresql::server::role.
####Bugfixes
##2014-03-04 - Supported Release 3.3.3 ###Summary
This is a supported release. This release removes a testing symlink that can cause trouble on systems where /var is on a seperate filesystem from the modulepath.
####Features ####Bugfixes ####Known Bugs
- SLES is not supported.
##2014-03-04 - Supported Release 3.3.2 ###Summary This is a supported release. It fixes a problem with updating passwords on postgresql.org distributed versions of PostgreSQL.
####Bugfixes
- Correct psql path when setting password on custom versions.
- Documentation updates
- Test updates
####Known Bugs
- SLES is not supported.
##2014-02-12 - Version 3.3.1 ####Bugfix:
- Allow dynamic rubygems host
##2014-01-28 - Version 3.3.0
###Summary
This release rolls up a bunch of bugfixes our users have found and fixed for us over the last few months. This improves things for 9.1 users, and makes this module usable on FreeBSD.
This release is dedicated to 'bma', who's suffering with Puppet 3.4.1 issues thanks to Puppet::Util::SUIDManager.run_and_capture.
####Features
- Add lc_ config entry settings
- Can pass template at database creation.
- Add FreeBSD support.
- Add support for customer
xlogdirparameter. - Switch tests from rspec-system to beaker. (This isn't really a feature)
####Bugfixes
- Properly fix the deprecated Puppet::Util::SUIDManager.run_and_capture errors.
- Fix NOREPLICATION option for Postgres 9.1
- Wrong parameter name: manage_pg_conf -> manage_pg_hba_conf
- Add $postgresql::server::client_package_name, referred to by install.pp
- Add missing service_provider/service_name descriptions in ::globals.
- Fix several smaller typos/issues throughout.
- Exec['postgresql_initdb'] needs to be done after $datadir exists
- Prevent defined resources from floating in the catalog.
- Fix granting all privileges on a table.
- Add some missing privileges.
- Remove deprecated and unused concat::fragment parameters.
##2013-11-05 - Version 3.2.0
###Summary
Add's support for Ubuntu 13.10 (and 14.04) as well as x, y, z.
####Features
- Add versions for Ubuntu 13.10 and 14.04.
- Use default_database in validate_db_connection instead of a hardcoded 'postgres'
- Add globals/params layering for default_database.
- Allow specification of default database name.
####Bugs
- Fixes to the README.
##2013-10-25 - Version 3.1.0
###Summary
This is a minor feature and bug fix release.
Firstly, the postgresql_psql type now includes a new parameter search_path which is equivalent to using set search_path which allows you to change the default schema search path.
The default version of Fedora 17 has now been added, so that Fedora 17 users can enjoy the module.
And finally we've extended the capabilities of the defined type postgresql::validate_db_connection so that now it can handle retrying and sleeping between retries. This feature has been monopolized to fix a bug we were seeing with startup race conditions, but it can also be used by remote systems to 'wait' for PostgreSQL to start before their Puppet run continues.
####Features
- Defined $default_version for Fedora 17 (Bret Comnes)
- add search_path attribute to postgresql_psql resource (Jeremy Kitchen)
- (GH-198) Add wait and retry capability to validate_db_connection (Ken Barber)
####Bugs
- enabling defined postgres user password without resetting on every puppet run (jonoterc)
- periods are valid in configuration variables also (Jeremy Kitchen)
- Add zero length string to join() function (Jarl Stefansson)
- add require of install to reload class (cdenneen)
- (GH-198) Fix race condition on postgresql startup (Ken Barber)
- Remove concat::setup for include in preparation for the next concat release (Ken Barber)
##2013-10-14 - Version 3.0.0
Final release of 3.0, enjoy!
##2013-10-14 - Version 3.0.0-rc3
###Summary
Add a parameter to unmanage pg_hba.conf to fix a regression from 2.5, as well as allowing owner to be passed into x.
####Features
manage_pg_hba_confparameter added to control pg_hba.conf management.ownerparameter added to server::db.
##2013-10-09 - Version 3.0.0-rc2
###Summary
A few bugfixes have been found since -rc1.
####Fixes
- Special case for $datadir on Amazon
- Fix documentation about username/password for the postgresql_hash function
##2013-10-01 - Version 3.0.0-rc1
###Summary
Version 3 was a major rewrite to fix some internal dependency issues, and to make the new Public API more clear. As a consequence a lot of things have changed for version 3 and older revisions that we will try to outline here.
(NOTE: The format of this CHANGELOG differs to normal in an attempt to explain the scope of changes)
- Server specific objects now moved under
postgresql::server::namespace:
To restructure server specific elements under the postgresql::server::
namespaces the following objects were renamed as such:
postgresql::database -> postgresql::server::database
postgresql::database_grant -> postgresql::server::database_grant
postgresql::db -> postgresql::server::db
postgresql::grant -> postgresql::server::grant
postgresql::pg_hba_rule -> postgresql::server::pg_hba_rule
postgresql::plperl -> postgresql::server::plperl
postgresql::contrib -> postgresql::server::contrib
postgresql::role -> postgresql::server::role
postgresql::table_grant -> postgresql::server::table_grant
postgresql::tablespace -> postgresql::server::tablespace
- New
postgresql::server::config_entryresource for managing configuration:
Previously we used the file_line resource to modify postgresql.conf. This
new revision now adds a new resource named postgresql::server::config_entry
for managing this file. For example:
postgresql::server::config_entry { 'check_function_bodies':
value => 'off',
}
If you were using file_line for this purpose, you should change to this new
methodology.
postgresql_puppet_extras.confhas been removed:
Now that we have a methodology for managing postgresql.conf, and due to
concerns over the file management methodology using an exec { 'touch ...': }
as a way to create an empty file the existing postgresql_puppet_extras.conf
file is no longer managed by this module.
If you wish to recreate this methodology yourself, use this pattern:
class { 'postgresql::server': }
$extras = "/tmp/include.conf"
file { $extras:
content => 'max_connections = 123',
notify => Class['postgresql::server::service'],
}->
postgresql::server::config_entry { 'include':
value => $extras,
}
- All uses of the parameter
charsetchanged toencoding:
Since PostgreSQL uses the terminology encoding not charset the parameter
has been made consisent across all classes and resources.
- The
postgresqlbase class is no longer how you set globals:
The old global override pattern was less then optimal so it has been fixed,
however we decided to demark this properly by specifying these overrides in
the class postgresql::global. Consult the documentation for this class now
to see what options are available.
Also, some parameter elements have been moved between this and the
postgresql::server class where it made sense.
config_hashparameter collapsed for thepostgresql::serverclass:
Because the config_hash was really passing data through to what was in
effect an internal class (postgresql::config). And since we don't want this
kind of internal exposure the parameters were collapsed up into the
postgresql::server class directly.
- Lots of changes to 'private' or 'undocumented' classes:
If you were using these before, these have changed names. You should only use what is documented in this README.md, and if you don't have what you need you should raise a patch to add that feature to a public API. All internal classes now have a comment at the top indicating them as private to make sure the message is clear that they are not supported as Public API.
pg_hba_conf_defaultsparameter included to turn off default pg_hba rules:
The defaults should be good enough for most cases (if not raise a bug) but if you simply need an escape hatch, this setting will turn off the defaults. If you want to do this, it may affect the rest of the module so make sure you replace the rules with something that continues operation.
postgresql::database_userhas now been removed:
Use postgresql::server::role instead.
postgresql::psqlresource has now been removed:
Use postgresql_psql instead. In the future we may recreate this as a wrapper
to add extra capability, but it will not match the old behaviour.
postgresql_default_versionfact has now been removed:
It didn't make sense to have this logic in a fact any more, the logic has been
moved into postgresql::params.
ripienaar/concatis no longer used, instead we usepuppetlabs/concat:
The older concat module is now deprecated and moved into the
puppetlabs/concat namespace. Functionality is more or less identical, but
you may need to intervene during the installing of this package - as both use
the same concat namespace.
##2013-09-09 Release 2.5.0
###Summary
The focus of this release is primarily to capture the fixes done to the types and providers to make sure refreshonly works properly and to set the stage for the large scale refactoring work of 3.0.0.
####Features
####Bugfixes
- Use boolean for refreshonly.
- Fix postgresql::plperl documentation.
- Add two missing parameters to config::beforeservice
- Style fixes
##2013-08-01 Release 2.4.1
###Summary
This minor bugfix release solves an idempotency issue when using plain text passwords for the password_hash parameter for the postgresql::role defined type. Without this, users would continually see resource changes everytime your run Puppet.
####Bugfixes
- Alter role call not idempotent with cleartext passwords (Ken Barber)
##2013-07-19 Release 2.4.0
###Summary
This updates adds the ability to change permissions on tables, create template
databases from normal databases, manage PL-Perl's postgres package, and
disable the management of pg_hba.conf.
####Features
- Add
postgresql::table_grantdefined resource - Add
postgresql::plperlclass - Add
manage_pg_hba_confparameter to thepostgresql::configclass - Add
istemplateparameter to thepostgresql::databasedefine
####Bugfixes
- Update
postgresql::roleclass to be able to update roles when modified instead of only on creation. - Update tests
- Fix documentation of
postgresql::database_grant
##2.3.0
This feature release includes the following changes:
- Add a new parameter
ownerto thedatabasetype. This can be used to grant ownership of a new database to a specific user. (Bruno Harbulot) - Add support for operating systems other than Debian/RedHat, as long as the user supplies custom values for all of the required paths, package names, etc. (Chris Price)
- Improved integration testing (Ken Barber)
##2.2.1
This release fixes a bug whereby one of our shell commands (psql) were not ran from a globally accessible directory. This was causing permission denied errors when the command attempted to change user without changing directory.
Users of previous versions might have seen this error:
Error: Error executing SQL; psql returned 256: 'could not change directory to "/root"
This patch should correct that.
Detail Changes
- Set /tmp as default CWD for postgresql_psql
##2.2.0
This feature release introduces a number of new features and bug fixes.
First of all it includes a new class named postgresql::python which provides you with a convenient way of install the python Postgresql client libraries.
class { 'postgresql::python':
}
You are now able to use postgresql::database_user without having to specify a password_hash, useful for different authentication mechanisms that do not need passwords (ie. cert, local etc.).
We've also provided a lot more advanced custom parameters now for greater control of your Postgresql installation. Consult the class documentation for PuppetDB in the README.
This release in particular has largely been contributed by the community members below, a big thanks to one and all.
Detailed Changes
- Add support for psycopg installation (Flaper Fesp and Dan Prince)
- Added default PostgreSQL version for Ubuntu 13.04 (Kamil Szymanski)
- Add ability to create users without a password (Bruno Harbulot)
- Three Puppet 2.6 fixes (Dominic Cleal)
- Add explicit call to concat::setup when creating concat file (Dominic Cleal)
- Fix readme typo (Jordi Boggiano)
- Update postgres_default_version for Ubuntu (Kamil Szymanski)
- Allow to set connection for noew role (Kamil Szymanski)
- Fix pg_hba_rule for postgres local access (Kamil Szymanski)
- Fix versions for travis-ci (Ken Barber)
- Add replication support (Jordi Boggiano)
- Cleaned up and added unit tests (Ken Barber)
- Generalization to provide more flexability in postgresql configuration (Karel Brezina)
- Create dependent directory for sudoers so tests work on Centos 5 (Ken Barber)
- Allow SQL commands to be run against a specific DB (Carlos Villela)
- Drop trailing comma to support Puppet 2.6 (Michael Arnold)
##2.1.1
This release provides a bug fix for RHEL 5 and Centos 5 systems, or specifically systems using PostgreSQL 8.1 or older. On those systems one would have received the error:
Error: Could not start Service[postgresqld]: Execution of ‘/sbin/service postgresql start’ returned 1:
And the postgresql log entry:
FATAL: unrecognized configuration parameter "include"
This bug is due to a new feature we had added in 2.1.0, whereby the include directive in postgresql.conf was not compatible. As a work-around we have added checks in our code to make sure systems running PostgreSQL 8.1 or older do not have this directive added.
Detailed Changes
2013-01-21 - Ken Barber ken@bob.sh
- Only install
includedirective and included file on PostgreSQL >= 8.2 - Add system tests for Centos 5
##2.1.0
This release is primarily a feature release, introducing some new helpful constructs to the module.
For starters, we've added the line include 'postgresql_conf_extras.conf' by default so extra parameters not managed by the module can be added by other tooling or by Puppet itself. This provides a useful escape-hatch for managing settings that are not currently managed by the module today.
We've added a new defined resource for managing your tablespace, so you can now create new tablespaces using the syntax:
postgresql::tablespace { 'dbspace':
location => '/srv/dbspace',
}
We've added a locale parameter to the postgresql class, to provide a default. Also the parameter has been added to the postgresql::database and postgresql::db defined resources for changing the locale per database:
postgresql::db { 'mydatabase':
user => 'myuser',
password => 'mypassword',
encoding => 'UTF8',
locale => 'en_NG',
}
There is a new class for installing the necessary packages to provide the PostgreSQL JDBC client jars:
class { 'postgresql::java': }
And we have a brand new defined resource for managing fine-grained rule sets within your pg_hba.conf access lists:
postgresql::pg_hba { 'Open up postgresql for access from 200.1.2.0/24':
type => 'host',
database => 'app',
user => 'app',
address => '200.1.2.0/24',
auth_method => 'md5',
}
Finally, we've also added Travis-CI support and unit tests to help us iterate faster with tests to reduce regression. The current URL for these tests is here: https://travis-ci.org/puppetlabs/puppet-postgresql. Instructions on how to run the unit tests available are provided in the README for the module.
A big thanks to all those listed below who made this feature release possible :-).
Detailed Changes
2013-01-18 - Simão Fontes simaofontes@gmail.com & Flaper Fesp flaper87@gmail.com
- Remove trailing commas from params.pp property definition for Puppet 2.6.0 compatibility
2013-01-18 - Lauren Rother lauren.rother@puppetlabs.com
- Updated README.md to conform with best practices template
2013-01-09 - Adrien Thebo git@somethingsinistral.net
- Update postgresql_default_version to 9.1 for Debian 7.0
2013-01-28 - Karel Brezina karel.brezina@gmail.com
- Add support for tablespaces
2013-01-16 - Chris Price chris@puppetlabs.com & Karel Brezina karel.brezina@gmail.com
- Provide support for an 'include' config file 'postgresql_conf_extras.conf' that users can modify manually or outside of the module.
2013-01-31 - jv jeff@jeffvier.com
- Fix typo in README.pp for postgresql::db example
2013-02-03 - Ken Barber ken@bob.sh
- Add unit tests and travis-ci support
2013-02-02 - Ken Barber ken@bob.sh
- Add locale parameter support to the 'postgresql' class
2013-01-21 - Michael Arnold github@razorsedge.org
- Add a class for install the packages containing the PostgreSQL JDBC jar
2013-02-06 - fhrbek filip.hbrek@gmail.com
- Coding style fixes to reduce warnings in puppet-lint and Geppetto
2013-02-10 - Ken Barber ken@bob.sh
- Provide new defined resource for managing pg_hba.conf
2013-02-11 - Ken Barber ken@bob.sh
- Fix bug with reload of Postgresql on Redhat/Centos
2013-02-15 - Erik Dalén dalen@spotify.com
- Fix more style issues to reduce warnings in puppet-lint and Geppetto
2013-02-15 - Erik Dalén dalen@spotify.com
- Fix case whereby we were modifying a hash after creation
##2.0.1
Minor bugfix release.
2013-01-16 - Chris Price chris@puppetlabs.com
- Fix revoke command in database.pp to support postgres 8.1 (43ded42)
2013-01-15 - Jordi Boggiano j.boggiano@seld.be
- Add support for ubuntu 12.10 status (3504405)
##2.0.0
Many thanks to the following people who contributed patches to this release:
- Adrien Thebo
- Albert Koch
- Andreas Ntaflos
- Brett Porter
- Chris Price
- dharwood
- Etienne Pelletier
- Florin Broasca
- Henrik
- Hunter Haugen
- Jari Bakken
- Jordi Boggiano
- Ken Barber
- nzakaria
- Richard Arends
- Spenser Gilliland
- stormcrow
- William Van Hevelingen
Notable features:
-
Add support for versions of postgres other than the system default version (which varies depending on OS distro). This includes optional support for automatically managing the package repo for the "official" postgres yum/apt repos. (Major thanks to Etienne Pelletier epelletier@maestrodev.com and Ken Barber ken@bob.sh for their tireless efforts and patience on this feature set!) For example usage see
tests/official-postgresql-repos.pp. -
Add some support for Debian Wheezy and Ubuntu Quantal
-
Add new
postgres_psqltype with a Ruby provider, to replace the old exec-basedpsqltype. This gives us much more flexibility around executing SQL statements and controlling their logging / reports output. -
Major refactor of the "spec" tests--which are actually more like acceptance tests. We now support testing against multiple OS distros via vagrant, and the framework is in place to allow us to very easily add more distros. Currently testing against Cent6 and Ubuntu 10.04.
-
Fixed a bug that was preventing multiple databases from being owned by the same user (9adcd182f820101f5e4891b9f2ff6278dfad495c - Etienne Pelletier epelletier@maestrodev.com)
-
Add support for ACLs for finer-grained control of user/interface access (b8389d19ad78b4fb66024897097b4ed7db241930 - dharwood harwoodd@cat.pdx.edu)
-
Many other bug fixes and improvements!
##1.0.0
2012-09-17 - Version 0.3.0 released
2012-09-14 - Chris Price chris@puppetlabs.com
- Add a type for validating a postgres connection (ce4a049)
2012-08-25 - Jari Bakken jari.bakken@gmail.com
- Remove trailing commas. (e6af5e5)
2012-08-16 - Version 0.2.0 released
* This Changelog was automatically generated by github_changelog_generator
Dependencies
- puppetlabs/stdlib (>= 4.13.1 < 9.0.0)
- puppetlabs/apt (>= 2.0.0 < 10.0.0)
- puppet/systemd (>= 4.0.1 < 5.0.0)
- puppetlabs/concat (>= 4.1.0 < 9.0.0)
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Quality checks
We run a couple of automated scans to help you assess a module’s quality. Each module is given a score based on how well the author has formatted their code and documentation and select modules are also checked for malware using VirusTotal.
Please note, the information below is for guidance only and neither of these methods should be considered an endorsement by Puppet.
Malware scan results
The malware detection service on Puppet Forge is an automated process that identifies known malware in module releases before they’re published. It is not intended to replace your own virus scanning solution.
Learn more about malware scans- Module name:
- puppetlabs-postgresql
- Module version:
- 9.0.0
- Scan initiated:
- April 21st 2023, 3:47:48
- Detections:
- 0 / 59
- Scan stats:
- 59 undetected
- 0 harmless
- 0 failures
- 0 timeouts
- 0 malicious
- 0 suspicious
- 15 unsupported
- Scan report:
- View the detailed scan report