From 06693c0dcf250d65c9ae564b0a5a0428357921f9 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 27 Jul 2014 22:04:57 -0400 Subject: [PATCH] Added support for multiple databases/users --- pillar.example | 45 +++++++++++++++++++++++++++++++----------- postgres/init.sls | 47 ++++++++++++++++++++++++++++---------------- postgres/pg_hba.conf | 19 ++++++++++++++---- 3 files changed, 79 insertions(+), 32 deletions(-) diff --git a/pillar.example b/pillar.example index 973f0f5..6eee62a 100644 --- a/pillar.example +++ b/pillar.example @@ -1,13 +1,36 @@ -# -# Sample pillar entry to make sure that -# PG 9.3 is installed instead of the default -# 9.1 referenced in this formula -# postgres: - lookup: - pkg: postgresql-9.3 - pg_hba: '/etc/postgresql/9.3/main/pg_hba.conf' - db: - name: mydb - user: mydb pg_hba.conf: salt://postgres/pg_hba.conf + + lookup: + pkg: 'postgresql-9.3' + pg_hba: '/etc/postgresql/9.3/main/pg_hba.conf' + + users: + localUser: + password: '98ruj923h4rf' + createdb: False + + remoteUser: + password: '98ruj923h4rf' + createdb: False + + # This section cover this ACL management of the pg_hba.conf file. + # , , , [host], + acls: + - ['local', 'db1', 'localUser'] + - ['host', 'db2', '123.123.0.0/24', 'remoteUser'] + + databases: + db1: + owner: 'localUser' + user: 'localUser' + template: 'template0' + lc_ctype: 'C.UTF-8' + lc_collate: 'C.UTF-8' + + db2: + owner: 'localUser' + user: 'remoteUser' + template: 'template0' + lc_ctype: 'C.UTF-8' + lc_collate: 'C.UTF-8' diff --git a/postgres/init.sls b/postgres/init.sls index a505787..6ba093c 100644 --- a/postgres/init.sls +++ b/postgres/init.sls @@ -1,15 +1,18 @@ {% from "postgres/map.jinja" import postgres with context %} postgresql: + pkg: - installed - name: {{ postgres.pkg }} + service: - running - enable: true - name: {{ postgres.service }} - require: - pkg: {{ postgres.pkg }} + postgresql-server-dev-9.3: pkg.installed @@ -35,25 +38,35 @@ pg_hba.conf: - service: postgresql {% endif %} -{% if 'db' in pillar.get('postgres', {}) %} -postgres-app-user: +{% if 'users' in pillar.get('postgres', {}) %} +{% for name, user in salt['pillar.get']('postgres:users').items() %} +postgres-user-{{ name }}: postgres_user.present: - - name: {{ salt['pillar.get']('postgres:db:user', 'myuser') }} - - createdb: {{ salt['pillar.get']('postgres:db:createdb', False) }} - - password: {{ salt['pillar.get']('postgres:db:password', 'mypass') }} + - name: {{ name }} + - createdb: {{ salt['pillar.get']('postgres:users:' + name + ':createdb', False) }} + - password: {{ salt['pillar.get']('postgres:users:' + name + ':password', 'changethis') }} - runas: postgres - require: - service: {{ postgres.service }} - -postgres-app-db: - postgres_database.present: - - name: {{ salt['pillar.get']('postgres:db:name', 'mydb') }} - - encoding: UTF8 - - lc_ctype: en_US.UTF8 - - lc_collate: en_US.UTF8 - - template: template0 - - owner: {{ salt['pillar.get']('postgres:db:user', 'myuser') }} - - runas: postgres - - require: - - postgres_user: postgres-app-user +{% endfor%} +{% endif %} + +{% if 'databases' in pillar.get('postgres', {}) %} +{% for name, db in salt['pillar.get']('postgres:databases').items() %} +postgres-db-{{ name }}: + postgres_database.present: + - name: {{ name }} + - encoding: {{ salt['pillar.get']('postgres:databases:'+ name +':encoding', 'UTF8') }} + - lc_ctype: {{ salt['pillar.get']('postgres:databases:'+ name +':lc_ctype', 'en_US.UTF8') }} + - lc_collate: {{ salt['pillar.get']('postgres:databases:'+ name +':lc_collate', 'en_US.UTF8') }} + - template: {{ salt['pillar.get']('postgres:databases:'+ name +':template', 'template0') }} + {% if salt['pillar.get']('postgres:databases:'+ name +':owner') %} + - owner: {{ salt['pillar.get']('postgres:databases:'+ name +':owner') }} + {% endif %} + - runas: {{ salt['pillar.get']('postgres:databases:'+ name +':runas', 'postgres') }} + {% if salt['pillar.get']('postgres:databases:'+ name +':user') %} + - require: + - postgres_user: postgres-user-{{ salt['pillar.get']('postgres:databases:'+ name +':user') }} + {% endif %} +{% endfor%} {% endif %} diff --git a/postgres/pg_hba.conf b/postgres/pg_hba.conf index 14d22f3..26734e7 100644 --- a/postgres/pg_hba.conf +++ b/postgres/pg_hba.conf @@ -1,6 +1,17 @@ -# TYPE DATABASE USER ADDRESS METHOD - -local {{ pillar['postgres']['db']['name'] }} {{ pillar['postgres']['db']['user'] }} md5 +# This section is managed by SaltStack, DO NOT EDIT +# +# SALTSTACK +# TYPE DATABASE USER ADDRESS METHOD +{% if 'acls' in pillar.get('postgres', {}) %} +{% for acl in salt['pillar.get']('postgres:acls') %} +{% if acl[0] == 'local' %} +{{ acl[0] }} {{ acl[1] }} {{ acl[2] }} {{ acl[3] if acl|length > 3 else 'md5' }} +{% else %} +{{ acl[0] }} {{ acl[1] }} {{ acl[2] }} {{ acl[3] }} {{ acl[4] if acl|length > 4 else 'md5' }} +{% endif %} +{% endfor %} +{% endif %} +# /SALTSTACK # DO NOT DISABLE! # If you change this first entry you will need to make sure that the @@ -17,4 +28,4 @@ local all all trust # IPv4 local connections: host all all 127.0.0.1/32 trust # IPv6 local connections: -host all all ::1/128 trust \ No newline at end of file +host all all ::1/128 trust