Added support for multiple databases/users

2025-04-15 17:20:25 +00:00 · 2014-07-27 22:04:57 -04:00 · 2014-07-27 22:04:57 -04:00 · 06693c0dcf
commit 06693c0dcf
parent d91417979d
3 changed files with 79 additions and 32 deletions
--- a/pillar.example
+++ b/pillar.example
@ -1,13 +1,36 @@
-#
-# Sample pillar entry to make sure that 
-# PG 9.3 is installed instead of the default
-# 9.1 referenced in this formula
-#
 postgres:
-  lookup:
-    pkg: postgresql-9.3
-    pg_hba: '/etc/postgresql/9.3/main/pg_hba.conf'
-  db:
-    name: mydb
-    user: mydb
  pg_hba.conf: salt://postgres/pg_hba.conf
+
+  lookup:
+    pkg: 'postgresql-9.3'
+    pg_hba: '/etc/postgresql/9.3/main/pg_hba.conf'
+
+  users:
+    localUser:
+      password: '98ruj923h4rf'
+      createdb: False
+
+    remoteUser:
+      password: '98ruj923h4rf'
+      createdb: False
+
+  # This section cover this ACL management of the pg_hba.conf file.
+  # <type>, <database>, <user>, [host], <method>
+  acls:
+    - ['local', 'db1', 'localUser']
+    - ['host', 'db2', '123.123.0.0/24', 'remoteUser']
+
+  databases:
+    db1:
+      owner: 'localUser'
+      user: 'localUser'
+      template: 'template0'
+      lc_ctype: 'C.UTF-8'
+      lc_collate: 'C.UTF-8'
+
+    db2:
+      owner: 'localUser'
+      user: 'remoteUser'
+      template: 'template0'
+      lc_ctype: 'C.UTF-8'
+      lc_collate: 'C.UTF-8'
--- a/postgres/init.sls
+++ b/postgres/init.sls
@ -1,15 +1,18 @@
 {% from "postgres/map.jinja" import postgres with context %}

 postgresql:
+
  pkg:
    - installed
    - name: {{ postgres.pkg }}
+
  service:
    - running
    - enable: true
    - name: {{ postgres.service }}
    - require:
      - pkg: {{ postgres.pkg }}
+
      
 postgresql-server-dev-9.3:
  pkg.installed
@ -35,25 +38,35 @@ pg_hba.conf:
      - service: postgresql
 {% endif %}

-{% if 'db' in pillar.get('postgres', {}) %}
-postgres-app-user:
+{% if 'users' in pillar.get('postgres', {}) %}
+{% for name, user in salt['pillar.get']('postgres:users').items()  %}
+postgres-user-{{ name }}:
  postgres_user.present:
-    - name: {{ salt['pillar.get']('postgres:db:user', 'myuser') }}
-    - createdb: {{ salt['pillar.get']('postgres:db:createdb', False) }}
-    - password: {{ salt['pillar.get']('postgres:db:password', 'mypass') }}
+    - name: {{ name }}
+    - createdb: {{ salt['pillar.get']('postgres:users:' + name + ':createdb', False) }}
+    - password: {{ salt['pillar.get']('postgres:users:' + name + ':password', 'changethis') }}
    - runas: postgres
    - require:
      - service: {{ postgres.service }}
-
-postgres-app-db:
-  postgres_database.present:
-    - name: {{ salt['pillar.get']('postgres:db:name', 'mydb') }}
-    - encoding: UTF8
-    - lc_ctype: en_US.UTF8
-    - lc_collate: en_US.UTF8
-    - template: template0
-    - owner: {{ salt['pillar.get']('postgres:db:user', 'myuser') }}
-    - runas: postgres
-    - require:
-        - postgres_user: postgres-app-user
+{% endfor%}
+{% endif %}
+
+{% if 'databases' in pillar.get('postgres', {}) %}
+{% for name, db in salt['pillar.get']('postgres:databases').items()  %}
+postgres-db-{{ name }}:
+  postgres_database.present:
+    - name: {{ name }}
+    - encoding: {{ salt['pillar.get']('postgres:databases:'+ name +':encoding', 'UTF8') }}
+    - lc_ctype: {{ salt['pillar.get']('postgres:databases:'+ name +':lc_ctype', 'en_US.UTF8') }}
+    - lc_collate: {{ salt['pillar.get']('postgres:databases:'+ name +':lc_collate', 'en_US.UTF8') }}
+    - template: {{ salt['pillar.get']('postgres:databases:'+ name +':template', 'template0') }}
+    {% if salt['pillar.get']('postgres:databases:'+ name +':owner') %}
+    - owner: {{ salt['pillar.get']('postgres:databases:'+ name +':owner') }}
+    {% endif %}
+    - runas: {{ salt['pillar.get']('postgres:databases:'+ name +':runas', 'postgres') }}
+    {% if salt['pillar.get']('postgres:databases:'+ name +':user') %}
+    - require:
+        - postgres_user: postgres-user-{{ salt['pillar.get']('postgres:databases:'+ name +':user') }}
+    {% endif %}
+{% endfor%}
 {% endif %}
--- a/postgres/pg_hba.conf
+++ b/postgres/pg_hba.conf
@ -1,6 +1,17 @@
-# TYPE  DATABASE        USER            ADDRESS                 METHOD
-
-local  {{ pillar['postgres']['db']['name'] }}        {{ pillar['postgres']['db']['user'] }}                               md5
+# This section is managed by SaltStack, DO NOT EDIT
+#
+# SALTSTACK
+# TYPE		DATABASE	USER		ADDRESS		METHOD
+{% if 'acls' in pillar.get('postgres', {}) %}
+{% for acl in salt['pillar.get']('postgres:acls') %}
+{% if acl[0] == 'local' %}
+{{ acl[0] }}	{{ acl[1] }}	{{ acl[2] }}	{{ acl[3] if acl|length > 3 else 'md5' }}
+{% else %}
+{{ acl[0] }}	{{ acl[1] }}	{{ acl[2] }}	{{ acl[3] }}	{{ acl[4] if acl|length > 4 else 'md5' }}
+{% endif %}
+{% endfor %}
+{% endif %}
+# /SALTSTACK

 # DO NOT DISABLE!
 # If you change this first entry you will need to make sure that the
@ -17,4 +28,4 @@ local   all             all                                     trust
 # IPv4 local connections:
 host    all             all             127.0.0.1/32            trust
 # IPv6 local connections:
-host    all             all             ::1/128                 trust
+host    all             all             ::1/128                 trust