Skip to content

Commit dbb63aa

Browse files
sheenaajaysheenaajay
authored
Merge pull request #1199 from ekohl/manage-postgresql-config
Manage postgresql_conf_path file permissions
2 parents 37062e6 + 171a1be commit dbb63aa

File tree

5 files changed

+196
-168
lines changed

5 files changed

+196
-168
lines changed

manifests/globals.pp

Lines changed: 58 additions & 51 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@
3030
# @param pg_hba_conf_path Specifies the path to your pg_hba.conf file.
3131
# @param pg_ident_conf_path Specifies the path to your pg_ident.conf file.
3232
# @param postgresql_conf_path Sets the path to your postgresql.conf file.
33+
# @param postgresql_conf_mode Sets the mode of your postgresql.conf file. Only relevant if manage_postgresql_conf_perms is true.
3334
# @param recovery_conf_path Path to your recovery.conf file.
3435
# @param default_connect_settings Default connection settings.
3536
#
@@ -75,6 +76,10 @@
7576
# @param manage_pg_hba_conf Allow Puppet to manage the pg_hba.conf file.
7677
# @param manage_pg_ident_conf Allow Puppet to manage the pg_ident.conf file.
7778
# @param manage_recovery_conf Allow Puppet to manage the recovery.conf file.
79+
# @param manage_postgresql_conf_perms
80+
# Whether to manage the postgresql conf file permissions. This means owner,
81+
# group and mode. Contents are not managed but should be managed through
82+
# postgresql::server::config_entry.
7883
#
7984
# @param manage_datadir Set to false if you have file{ $datadir: } already defined
8085
# @param manage_logdir Set to false if you have file{ $logdir: } already defined
@@ -85,68 +90,70 @@
8590
#
8691
#
8792
class postgresql::globals (
88-
$client_package_name = undef,
89-
$server_package_name = undef,
90-
$contrib_package_name = undef,
91-
$devel_package_name = undef,
92-
$java_package_name = undef,
93-
$docs_package_name = undef,
94-
$perl_package_name = undef,
95-
$plperl_package_name = undef,
96-
$plpython_package_name = undef,
97-
$python_package_name = undef,
98-
$postgis_package_name = undef,
93+
$client_package_name = undef,
94+
$server_package_name = undef,
95+
$contrib_package_name = undef,
96+
$devel_package_name = undef,
97+
$java_package_name = undef,
98+
$docs_package_name = undef,
99+
$perl_package_name = undef,
100+
$plperl_package_name = undef,
101+
$plpython_package_name = undef,
102+
$python_package_name = undef,
103+
$postgis_package_name = undef,
99104

100-
$service_name = undef,
101-
$service_provider = undef,
102-
$service_status = undef,
103-
$default_database = undef,
105+
$service_name = undef,
106+
$service_provider = undef,
107+
$service_status = undef,
108+
$default_database = undef,
104109

105-
$validcon_script_path = undef,
110+
$validcon_script_path = undef,
106111

107-
$initdb_path = undef,
108-
$createdb_path = undef,
109-
$psql_path = undef,
110-
$pg_hba_conf_path = undef,
111-
$pg_ident_conf_path = undef,
112-
$postgresql_conf_path = undef,
113-
$recovery_conf_path = undef,
114-
$default_connect_settings = {},
112+
$initdb_path = undef,
113+
$createdb_path = undef,
114+
$psql_path = undef,
115+
$pg_hba_conf_path = undef,
116+
$pg_ident_conf_path = undef,
117+
$postgresql_conf_path = undef,
118+
Optional[Stdlib::Filemode] $postgresql_conf_mode = undef,
119+
$recovery_conf_path = undef,
120+
$default_connect_settings = {},
115121

116-
$pg_hba_conf_defaults = undef,
122+
$pg_hba_conf_defaults = undef,
117123

118-
$datadir = undef,
119-
$confdir = undef,
120-
$bindir = undef,
121-
$xlogdir = undef,
122-
$logdir = undef,
123-
$log_line_prefix = undef,
124-
$manage_datadir = undef,
125-
$manage_logdir = undef,
126-
$manage_xlogdir = undef,
124+
$datadir = undef,
125+
$confdir = undef,
126+
$bindir = undef,
127+
$xlogdir = undef,
128+
$logdir = undef,
129+
$log_line_prefix = undef,
130+
$manage_datadir = undef,
131+
$manage_logdir = undef,
132+
$manage_xlogdir = undef,
127133

128-
$user = undef,
129-
$group = undef,
134+
$user = undef,
135+
$group = undef,
130136

131-
$version = undef,
132-
$postgis_version = undef,
133-
$repo_proxy = undef,
134-
$repo_baseurl = undef,
137+
$version = undef,
138+
$postgis_version = undef,
139+
$repo_proxy = undef,
140+
$repo_baseurl = undef,
135141

136-
$needs_initdb = undef,
142+
$needs_initdb = undef,
137143

138-
$encoding = undef,
139-
$locale = undef,
140-
$data_checksums = undef,
141-
$timezone = undef,
144+
$encoding = undef,
145+
$locale = undef,
146+
$data_checksums = undef,
147+
$timezone = undef,
142148

143-
$manage_pg_hba_conf = undef,
144-
$manage_pg_ident_conf = undef,
145-
$manage_recovery_conf = undef,
146-
$manage_selinux = undef,
149+
$manage_pg_hba_conf = undef,
150+
$manage_pg_ident_conf = undef,
151+
$manage_recovery_conf = undef,
152+
$manage_postgresql_conf_perms = undef,
153+
$manage_selinux = undef,
147154

148-
$manage_package_repo = undef,
149-
$module_workdir = undef,
155+
$manage_package_repo = undef,
156+
$module_workdir = undef,
150157
) {
151158
# We are determining this here, because it is needed by the package repo
152159
# class.

manifests/params.pp

Lines changed: 32 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -1,34 +1,35 @@
11
# @api private
22
class postgresql::params inherits postgresql::globals {
3-
$version = $postgresql::globals::globals_version
4-
$postgis_version = $postgresql::globals::globals_postgis_version
5-
$listen_addresses = undef
6-
$port = 5432
7-
$log_line_prefix = undef
8-
$ip_mask_deny_postgres_user = '0.0.0.0/0'
9-
$ip_mask_allow_all_users = '127.0.0.1/32'
10-
$ipv4acls = []
11-
$ipv6acls = []
12-
$encoding = $postgresql::globals::encoding
13-
$locale = $postgresql::globals::locale
14-
$data_checksums = $postgresql::globals::data_checksums
15-
$timezone = $postgresql::globals::timezone
16-
$service_ensure = 'running'
17-
$service_enable = true
18-
$service_manage = true
19-
$service_restart_on_change = true
20-
$service_provider = $postgresql::globals::service_provider
21-
$manage_pg_hba_conf = pick($manage_pg_hba_conf, true)
22-
$manage_pg_ident_conf = pick($manage_pg_ident_conf, true)
23-
$manage_recovery_conf = pick($manage_recovery_conf, false)
24-
$manage_selinux = pick($manage_selinux, false)
25-
$package_ensure = 'present'
26-
$module_workdir = pick($module_workdir,'/tmp')
27-
$password_encryption = undef
28-
$extra_systemd_config = ''
29-
$manage_datadir = true
30-
$manage_logdir = true
31-
$manage_xlogdir = true
3+
$version = $postgresql::globals::globals_version
4+
$postgis_version = $postgresql::globals::globals_postgis_version
5+
$listen_addresses = undef
6+
$port = 5432
7+
$log_line_prefix = undef
8+
$ip_mask_deny_postgres_user = '0.0.0.0/0'
9+
$ip_mask_allow_all_users = '127.0.0.1/32'
10+
$ipv4acls = []
11+
$ipv6acls = []
12+
$encoding = $postgresql::globals::encoding
13+
$locale = $postgresql::globals::locale
14+
$data_checksums = $postgresql::globals::data_checksums
15+
$timezone = $postgresql::globals::timezone
16+
$service_ensure = 'running'
17+
$service_enable = true
18+
$service_manage = true
19+
$service_restart_on_change = true
20+
$service_provider = $postgresql::globals::service_provider
21+
$manage_pg_hba_conf = pick($manage_pg_hba_conf, true)
22+
$manage_pg_ident_conf = pick($manage_pg_ident_conf, true)
23+
$manage_recovery_conf = pick($manage_recovery_conf, false)
24+
$manage_postgresql_conf_perms = pick($manage_postgresql_conf_perms, true)
25+
$manage_selinux = pick($manage_selinux, false)
26+
$package_ensure = 'present'
27+
$module_workdir = pick($module_workdir,'/tmp')
28+
$password_encryption = undef
29+
$extra_systemd_config = ''
30+
$manage_datadir = true
31+
$manage_logdir = true
32+
$manage_xlogdir = true
3233

3334
# Amazon Linux's OS Family is 'Linux', operating system 'Amazon'.
3435
case $facts['os']['family'] {
@@ -78,6 +79,7 @@
7879
default => pick($datadir, "/var/lib/pgsql/${version}/data"),
7980
}
8081
$confdir = pick($confdir, $datadir)
82+
$postgresql_conf_mode = pick($postgresql_conf_mode, '0600')
8183
}
8284

8385
case $facts['os']['name'] {
@@ -212,6 +214,7 @@
212214
}
213215
$service_reload = "service ${service_name} reload"
214216
$psql_path = pick($psql_path, '/usr/bin/psql')
217+
$postgresql_conf_mode = pick($postgresql_conf_mode, '0644')
215218
}
216219

217220
'Gentoo': {

manifests/server.pp

Lines changed: 69 additions & 62 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@
3838
# @param pg_hba_conf_path Specifies the path to your pg_hba.conf file.
3939
# @param pg_ident_conf_path Specifies the path to your pg_ident.conf file.
4040
# @param postgresql_conf_path Specifies the path to your postgresql.conf file.
41+
# @param postgresql_conf_mode Sets the mode of your postgresql.conf file. Only relevant if manage_postgresql_conf_perms is true.
4142
# @param recovery_conf_path Specifies the path to your recovery.conf file.
4243
#
4344
# @param datadir PostgreSQL data directory
@@ -63,6 +64,10 @@
6364
# @param manage_pg_hba_conf Boolean. Whether to manage the pg_hba.conf.
6465
# @param manage_pg_ident_conf Boolean. Overwrites the pg_ident.conf file.
6566
# @param manage_recovery_conf Boolean. Specifies whether or not manage the recovery.conf.
67+
# @param manage_postgresql_conf_perms
68+
# Whether to manage the postgresql conf file permissions. This means owner,
69+
# group and mode. Contents are not managed but should be managed through
70+
# postgresql::server::config_entry.
6671
# @param module_workdir Working directory for the PostgreSQL module
6772
#
6873
# @param manage_datadir Set to false if you have file{ $datadir: } already defined
@@ -78,68 +83,70 @@
7883
# @param extra_systemd_config Adds extra config to systemd config file, can for instance be used to add extra openfiles. This can be a multi line string
7984
#
8085
class postgresql::server (
81-
$postgres_password = undef,
82-
83-
$package_name = $postgresql::params::server_package_name,
84-
$package_ensure = $postgresql::params::package_ensure,
85-
86-
$plperl_package_name = $postgresql::params::plperl_package_name,
87-
$plpython_package_name = $postgresql::params::plpython_package_name,
88-
89-
$service_ensure = $postgresql::params::service_ensure,
90-
$service_enable = $postgresql::params::service_enable,
91-
$service_manage = $postgresql::params::service_manage,
92-
$service_name = $postgresql::params::service_name,
93-
$service_restart_on_change = $postgresql::params::service_restart_on_change,
94-
$service_provider = $postgresql::params::service_provider,
95-
$service_reload = $postgresql::params::service_reload,
96-
$service_status = $postgresql::params::service_status,
97-
$default_database = $postgresql::params::default_database,
98-
$default_connect_settings = $postgresql::globals::default_connect_settings,
99-
$listen_addresses = $postgresql::params::listen_addresses,
100-
$port = $postgresql::params::port,
101-
$ip_mask_deny_postgres_user = $postgresql::params::ip_mask_deny_postgres_user,
102-
$ip_mask_allow_all_users = $postgresql::params::ip_mask_allow_all_users,
103-
Array[String[1]] $ipv4acls = $postgresql::params::ipv4acls,
104-
Array[String[1]] $ipv6acls = $postgresql::params::ipv6acls,
105-
106-
$initdb_path = $postgresql::params::initdb_path,
107-
$createdb_path = $postgresql::params::createdb_path,
108-
$psql_path = $postgresql::params::psql_path,
109-
$pg_hba_conf_path = $postgresql::params::pg_hba_conf_path,
110-
$pg_ident_conf_path = $postgresql::params::pg_ident_conf_path,
111-
$postgresql_conf_path = $postgresql::params::postgresql_conf_path,
112-
$recovery_conf_path = $postgresql::params::recovery_conf_path,
113-
114-
$datadir = $postgresql::params::datadir,
115-
$xlogdir = $postgresql::params::xlogdir,
116-
$logdir = $postgresql::params::logdir,
117-
118-
$log_line_prefix = $postgresql::params::log_line_prefix,
119-
120-
$pg_hba_conf_defaults = $postgresql::params::pg_hba_conf_defaults,
121-
122-
$user = $postgresql::params::user,
123-
$group = $postgresql::params::group,
124-
125-
$needs_initdb = $postgresql::params::needs_initdb,
126-
127-
$encoding = $postgresql::params::encoding,
128-
$locale = $postgresql::params::locale,
129-
$data_checksums = $postgresql::params::data_checksums,
130-
$timezone = $postgresql::params::timezone,
131-
132-
$manage_pg_hba_conf = $postgresql::params::manage_pg_hba_conf,
133-
$manage_pg_ident_conf = $postgresql::params::manage_pg_ident_conf,
134-
$manage_recovery_conf = $postgresql::params::manage_recovery_conf,
135-
Boolean $manage_selinux = $postgresql::params::manage_selinux,
136-
$module_workdir = $postgresql::params::module_workdir,
137-
138-
$manage_datadir = $postgresql::params::manage_datadir,
139-
$manage_logdir = $postgresql::params::manage_logdir,
140-
$manage_xlogdir = $postgresql::params::manage_xlogdir,
141-
$password_encryption = $postgresql::params::password_encryption,
142-
$extra_systemd_config = $postgresql::params::extra_systemd_config,
86+
$postgres_password = undef,
87+
88+
$package_name = $postgresql::params::server_package_name,
89+
$package_ensure = $postgresql::params::package_ensure,
90+
91+
$plperl_package_name = $postgresql::params::plperl_package_name,
92+
$plpython_package_name = $postgresql::params::plpython_package_name,
93+
94+
$service_ensure = $postgresql::params::service_ensure,
95+
$service_enable = $postgresql::params::service_enable,
96+
$service_manage = $postgresql::params::service_manage,
97+
$service_name = $postgresql::params::service_name,
98+
$service_restart_on_change = $postgresql::params::service_restart_on_change,
99+
$service_provider = $postgresql::params::service_provider,
100+
$service_reload = $postgresql::params::service_reload,
101+
$service_status = $postgresql::params::service_status,
102+
$default_database = $postgresql::params::default_database,
103+
$default_connect_settings = $postgresql::globals::default_connect_settings,
104+
$listen_addresses = $postgresql::params::listen_addresses,
105+
$port = $postgresql::params::port,
106+
$ip_mask_deny_postgres_user = $postgresql::params::ip_mask_deny_postgres_user,
107+
$ip_mask_allow_all_users = $postgresql::params::ip_mask_allow_all_users,
108+
Array[String[1]] $ipv4acls = $postgresql::params::ipv4acls,
109+
Array[String[1]] $ipv6acls = $postgresql::params::ipv6acls,
110+
111+
$initdb_path = $postgresql::params::initdb_path,
112+
$createdb_path = $postgresql::params::createdb_path,
113+
$psql_path = $postgresql::params::psql_path,
114+
$pg_hba_conf_path = $postgresql::params::pg_hba_conf_path,
115+
$pg_ident_conf_path = $postgresql::params::pg_ident_conf_path,
116+
$postgresql_conf_path = $postgresql::params::postgresql_conf_path,
117+
Optional[Stdlib::Filemode] $postgresql_conf_mode = $postgresql::params::postgresql_conf_mode,
118+
$recovery_conf_path = $postgresql::params::recovery_conf_path,
119+
120+
$datadir = $postgresql::params::datadir,
121+
$xlogdir = $postgresql::params::xlogdir,
122+
$logdir = $postgresql::params::logdir,
123+
124+
$log_line_prefix = $postgresql::params::log_line_prefix,
125+
126+
$pg_hba_conf_defaults = $postgresql::params::pg_hba_conf_defaults,
127+
128+
$user = $postgresql::params::user,
129+
$group = $postgresql::params::group,
130+
131+
$needs_initdb = $postgresql::params::needs_initdb,
132+
133+
$encoding = $postgresql::params::encoding,
134+
$locale = $postgresql::params::locale,
135+
$data_checksums = $postgresql::params::data_checksums,
136+
$timezone = $postgresql::params::timezone,
137+
138+
$manage_pg_hba_conf = $postgresql::params::manage_pg_hba_conf,
139+
$manage_pg_ident_conf = $postgresql::params::manage_pg_ident_conf,
140+
$manage_recovery_conf = $postgresql::params::manage_recovery_conf,
141+
Boolean $manage_postgresql_conf_perms = $postgresql::params::manage_postgresql_conf_perms,
142+
Boolean $manage_selinux = $postgresql::params::manage_selinux,
143+
$module_workdir = $postgresql::params::module_workdir,
144+
145+
$manage_datadir = $postgresql::params::manage_datadir,
146+
$manage_logdir = $postgresql::params::manage_logdir,
147+
$manage_xlogdir = $postgresql::params::manage_xlogdir,
148+
$password_encryption = $postgresql::params::password_encryption,
149+
$extra_systemd_config = $postgresql::params::extra_systemd_config,
143150

144151
Hash[String, Hash] $roles = {},
145152
Hash[String, Any] $config_entries = {},

0 commit comments

Comments
 (0)