diff --git a/README.rst b/README.rst index bd90d90..f28a0b1 100644 --- a/README.rst +++ b/README.rst @@ -17,12 +17,12 @@ Available states ------------ Installs and configures both PostgreSQL server and client with creation of various DB objects in -the cluster. +the cluster. This state applies to both Linux and MacOS. ``postgres.client`` ------------------- -Installs the PostgreSQL client binaries and libraries. +Installs the PostgreSQL client binaries and libraries on Linux. ``postgres.manage`` ------------------- @@ -33,18 +33,18 @@ See ``pillar.example`` file for details. ``postgres.python`` ------------------- -Installs the PostgreSQL adapter for Python. +Installs the PostgreSQL adapter for Python on Linux. ``postgres.server`` ------------------- -Installs the PostgreSQL server package, prepares the DB cluster and starts the server using +Installs the PostgreSQL server package on Linux, prepares the DB cluster and starts the server using packaged init script, job or unit. ``postgres.server.image`` ------------------------- -Installs the PostgreSQL server package, prepares the DB cluster and starts the server by issuing +Installs the PostgreSQL server package on Linux, prepares the DB cluster and starts the server by issuing raw ``pg_ctl`` command. The ``postgres:bake_image`` Pillar toggles this behaviour. For example: .. code:: yaml @@ -77,12 +77,15 @@ The state relies on the ``postgres:use_upstream_repo`` Pillar value which could * ``True`` (default): adds the upstream repository to install packages from * ``False``: makes sure that the repository configuration is absent +* ``'postgresapp'`` (MacOS) uses upstream PostgresApp package repository. +* ``'homebrew'`` (MacOS) uses Homebrew postgres The ``postgres:version`` Pillar controls which version of the PostgreSQL packages should be -installed from the upstream repository. Defaults to ``9.5``. +installed from the upstream Linux repository. Defaults to ``9.5``. Testing ======= +The postgres state was tested on MacOS (El Capitan 10.11.6) Testing is done with the ``kitchen-salt``. diff --git a/pillar.example b/pillar.example index 37029ce..fe29f4d 100644 --- a/pillar.example +++ b/pillar.example @@ -1,19 +1,34 @@ postgres: - # Set True to configure upstream postgresql.org repository for YUM or APT + # UPSTREAM REPO + # Set True to configure upstream postgresql.org repository for YUM/APT/ZYPP use_upstream_repo: False - # Version to install from upstream repository - version: '9.3' + # Version to install from upstream repository (if upstream_repo: True) + version: '9.6' - # These are Debian/Ubuntu specific package names - pkg: 'postgresql-9.3' - pkg_client: 'postgresql-client-9.3' + ### MACOS + # Set to 'postgresapp' OR 'homebrew' for MacOS + #use_upstream_repo: 'postgresapp' + #use_upstream_repo: 'homebrew' - # Additional packages to install with PostgreSQL server, - # this should be in a list format + # PACKAGE + # These pillars are typically never required. + # pkg: 'postgresql' + # pkg_client: 'postgresql-client' + # service: postgresql pkgs_extra: - postgresql-contrib - postgresql-plpython + #'Alternatives system' priority incremental. 0 disables feature. + linux: + altpriority: 30 + + # macos limits + limits: + soft: 64000 + hard: 64000 + + # POSTGRES # Append the lines under this item to your postgresql.conf file. # Pay attention to indent exactly with 4 spaces for all lines. postgresconf: | @@ -39,18 +54,20 @@ postgres: # If ``acls`` item value is empty ('', [], null), then the contents of # ``pg_hba.conf`` file will not be touched at all. acls: + - ['local', 'db0', 'connuser', 'peer map=users_as_appuser'] - ['local', 'db1', 'localUser'] - ['host', 'db2', 'remoteUser', '192.168.33.0/24'] + identity_map: + - ['users_as_appuser', 'jdoe', 'connuser'] + - ['users_as_appuser', 'jsmith', 'connuser'] + # Backup extension for configuration files, defaults to ``.bak``. # Set ``False`` to stop creation of backups when config files change. {%- if salt['status.time']|default(none) is callable %} config_backup: ".backup@{{ salt['status.time']('%y-%m-%d_%H:%M:%S') }}" {%- endif %} - # PostgreSQL service name - service: postgresql - {%- if grains['init'] == 'unknown' %} # If Salt is unable to detect init system running in the scope of state run, diff --git a/postgres/client.sls b/postgres/client.sls index c51ca11..473f3c6 100644 --- a/postgres/client.sls +++ b/postgres/client.sls @@ -7,41 +7,34 @@ {%- endif %} {%- endfor %} -{%- if postgres.use_upstream_repo %} - +{%- if postgres.use_upstream_repo == true %} include: - postgres.upstream - {%- endif %} # Install PostgreSQL client and libraries - postgresql-client-libs: pkg.installed: - pkgs: {{ pkgs }} -{%- if postgres.use_upstream_repo %} +{%- if postgres.use_upstream_repo == true %} - refresh: True - require: - pkgrepo: postgresql-repo {%- endif %} -{%- if 'bin_dir' in postgres %} - -# Make client binaries available in $PATH - - {%- for bin in postgres.client_bins %} - - {%- set path = salt['file.join'](postgres.bin_dir, bin) %} +# Alternatives system. Make client binaries available in $PATH +{%- if 'bin_dir' in postgres and postgres.linux.altpriority %} + {%- for bin in postgres.client_bins %} + {%- set path = salt['file.join'](postgres.bin_dir, bin) %} {{ bin }}: alternatives.install: - link: {{ salt['file.join']('/usr/bin', bin) }} - path: {{ path }} - - priority: 30 + - priority: {{ postgres.linux.altpriority }} - onlyif: test -f {{ path }} - require: - pkg: postgresql-client-libs - {%- endfor %} - + {%- endfor %} {%- endif %} diff --git a/postgres/codenamemap.yaml b/postgres/codenamemap.yaml index 909ccde..f5ea154 100644 --- a/postgres/codenamemap.yaml +++ b/postgres/codenamemap.yaml @@ -16,7 +16,7 @@ #} {# use upstream version if configured #} - {% if repo.use_upstream_repo %} + {% if repo.use_upstream_repo == true %} {% set version = repo.version %} {% endif %} @@ -49,7 +49,7 @@ #} {# use upstream version if configured #} - {% if repo.use_upstream_repo %} + {% if repo.use_upstream_repo == true %} {% set version = repo.version %} {% endif %} diff --git a/postgres/defaults.yaml b/postgres/defaults.yaml index 50f9acc..aff9607 100644 --- a/postgres/defaults.yaml +++ b/postgres/defaults.yaml @@ -7,8 +7,10 @@ postgres: pkgs_extra: [] pkg_client: postgresql-client pkg_dev: postgresql-devel - pkg_libpq_dev: postgresql-libs - python: python-psycopg2 + pkg_libpq_dev: libpq-dev + pkg_libs: postgresql-libs + pkg_python: python-psycopg2 + userhomes: /home user: postgres group: postgres @@ -16,11 +18,26 @@ postgres: command: initdb --pgdata=/var/lib/pgsql/data test: test -f /var/lib/pgsql/data/PG_VERSION user: postgres - env: {} + env: [] conf_dir: /var/lib/pgsql/data postgresconf: "" + macos: + archive: postgres.dmg + tmpdir: /tmp/postgrestmp + postgresapp: + #See: https://github.com/PostgresApp/PostgresApp/releases/ + url: https://github.com/PostgresApp/PostgresApp/releases/download/v2.1.1/Postgres-2.1.1.dmg + sum: sha256=ac0656b522a58fd337931313f09509c09610c4a6078fe0b8e469e69af1e1750b + homebrew: + url: + sum: + dl: + opts: -s -L + interval: 60 + retries: 2 + pg_hba.conf: salt://postgres/templates/pg_hba.conf.j2 acls: # "local" is for Unix domain socket connections only @@ -30,6 +47,9 @@ postgres: # IPv6 local connections: - ['host', 'all', 'all', '::1/128', 'md5'] + pg_ident.conf: salt://postgres/templates/pg_ident.conf.j2 + identity_map: [] + config_backup: '.bak' service: postgresql @@ -41,3 +61,7 @@ postgres: databases: {} schemas: {} extensions: {} + + linux: + #Alternatives system are disabled by a 'altpriority=0' pillar. + altpriority: diff --git a/postgres/dev.sls b/postgres/dev.sls index 451d478..c9f330b 100644 --- a/postgres/dev.sls +++ b/postgres/dev.sls @@ -1,13 +1,59 @@ {% from "postgres/map.jinja" import postgres with context %} -{% if postgres.pkg_dev %} +{% if grains.os not in ('Windows', 'MacOS',) %} + + {% if postgres.pkg_dev %} install-postgres-dev-package: pkg.installed: - name: {{ postgres.pkg_dev }} -{% endif %} + {% endif %} -{% if postgres.pkg_libpq_dev %} + {% if postgres.pkg_libpq_dev %} install-postgres-libpq-dev: pkg.installed: - name: {{ postgres.pkg_libpq_dev }} + {% endif %} + +{% endif %} + + +{% if grains.os == 'MacOS' %} + + # Darwin maxfiles limits + {% if postgres.limits.soft or postgres.limits.hard %} + +postgres_maxfiles_limits_conf: + file.managed: + - name: /Library/LaunchDaemons/limit.maxfiles.plist + - source: salt://postgres/templates/limit.maxfiles.plist + - context: + soft_limit: {{ postgres.limits.soft or postgres.limits.hard }} + hard_limit: {{ postgres.limits.hard or postgres.limits.soft }} + - group: {{ postgres.group }} + {% endif %} + + {% if postgres.use_upstream_repo == 'postgresapp' %} + # Shortcut for PostgresApp +postgres-desktop-shortcut-clean: + file.absent: + - name: '{{ postgres.userhomes }}/{{ postgres.user }}/Desktop/Postgres ({{ postgres.use_upstream_repo }})' + - require_in: + - file: postgres-desktop-shortcut-add + +postgres-desktop-shortcut-add: + file.managed: + - name: /tmp/mac_shortcut.sh + - source: salt://postgres/templates/mac_shortcut.sh + - mode: 755 + - template: jinja + - context: + user: {{ postgres.user }} + homes: {{ postgres.userhomes }} + cmd.run: + - name: '/tmp/mac_shortcut.sh "Postgres ({{ postgres.use_upstream_repo }})"' + - runas: {{ postgres.user }} + - require: + - file: postgres-desktop-shortcut-add + {% endif %} + {% endif %} diff --git a/postgres/init.sls b/postgres/init.sls index 0409e62..a28a0ed 100644 --- a/postgres/init.sls +++ b/postgres/init.sls @@ -1,4 +1,9 @@ + include: +{% if grains.os == 'MacOS' %} + - postgres.macos +{% else %} - postgres.server - postgres.client - postgres.manage +{% endif %} diff --git a/postgres/macos/init.sls b/postgres/macos/init.sls new file mode 100644 index 0000000..ed332ad --- /dev/null +++ b/postgres/macos/init.sls @@ -0,0 +1,10 @@ +{% from "postgres/map.jinja" import postgres with context %} + +include: +{% if postgres.use_upstream_repo == 'postgresapp' %} + - postgres.macos.postgresapp +{% elif postgres.use_upstream_repo == 'homebrew' %} + - postgres.server + - postgres.client +{% endif %} + - postgres.dev diff --git a/postgres/macos/postgresapp.sls b/postgres/macos/postgresapp.sls new file mode 100644 index 0000000..cb4cd4f --- /dev/null +++ b/postgres/macos/postgresapp.sls @@ -0,0 +1,64 @@ +{% from "postgres/map.jinja" import postgres as pg with context %} + +# Cleanup first +pg-remove-prev-archive: + file.absent: + - name: '{{ pg.macos.tmpdir }}/{{ pg.macos.archive }}' + - require_in: + - pg-extract-dirs + +pg-extract-dirs: + file.directory: + - names: + - '{{ pg.macos.tmpdir }}' + - makedirs: True + - clean: True + - require_in: + - pg-download-archive + +pg-download-archive: + pkg.installed: + - name: curl + cmd.run: + - name: curl {{ pg.macos.dl.opts }} -o '{{ pg.macos.tmpdir }}/{{ pg.macos.archive }}' {{ pg.macos.postgresapp.url }} + {% if grains['saltversioninfo'] >= [2017, 7, 0] %} + - retry: + attempts: {{ pg.macos.dl.retries }} + interval: {{ pg.macos.dl.interval }} + {% endif %} + + {%- if pg.macos.postgresapp.sum %} +pg-check-archive-hash: + module.run: + - name: file.check_hash + - path: '{{ pg.macos.tmpdir }}/{{ pg.macos.archive }}' + - file_hash: {{ pg.macos.postgresapp.sum }} + - onchanges: + - cmd: pg-download-archive + - require_in: + - archive: pg-package-install + {%- endif %} + +pg-package-install: + macpackage.installed: + - name: '{{ pg.macos.tmpdir }}/{{ pg.macos.archive }}' + - store: True + - dmg: True + - app: True + - force: True + - allow_untrusted: True + - onchanges: + - cmd: pg-download-archive + - require_in: + - file: pg-package-install + - file: pg-remove-archive + file.append: + - name: {{ pg.userhomes }}/{{ pg.user }}/.bash_profile + - text: 'export PATH=$PATH:/Applications/Postgres.app/Contents/Versions/latest/bin' + +pg-remove-archive: + file.absent: + - name: '{{ pg.macos.tmpdir }}' + - onchanges: + - macpackage: pg-package-install + diff --git a/postgres/macros.jinja b/postgres/macros.jinja index 3732df6..4eedddb 100644 --- a/postgres/macros.jinja +++ b/postgres/macros.jinja @@ -23,6 +23,8 @@ {{ state }}-{{ name }}: {{ state }}.{{ ensure|default('present') }}: {{- format_kwargs(kwarg) }} + - onchanges: + - test: postgres-reload-modules {%- endmacro %} diff --git a/postgres/manage.sls b/postgres/manage.sls index ab8c703..20a7309 100644 --- a/postgres/manage.sls +++ b/postgres/manage.sls @@ -18,7 +18,7 @@ include: # Ensure that Salt is able to use postgres modules postgres-reload-modules: - test.nop: + test.succeed_with_changes: - reload_modules: True # User states @@ -26,8 +26,6 @@ postgres-reload-modules: {%- for name, user in postgres.users|dictsort() %} {{ format_state(name, 'postgres_user', user) }} - - require: - - test: postgres-reload-modules {%- endfor %} @@ -36,9 +34,8 @@ postgres-reload-modules: {%- for name, tblspace in postgres.tablespaces|dictsort() %} {{ format_state(name, 'postgres_tablespace', tblspace) }} - - require: - - test: postgres-reload-modules {%- if 'owner' in tblspace %} + - require: - postgres_user: postgres_user-{{ tblspace.owner }} {%- endif %} @@ -49,8 +46,9 @@ postgres-reload-modules: {%- for name, db in postgres.databases|dictsort() %} {{ format_state(name, 'postgres_database', db) }} + {%- if 'owner' in db or 'tablespace' in db %} - require: - - test: postgres-reload-modules + {%- endif %} {%- if 'owner' in db %} - postgres_user: postgres_user-{{ db.owner }} {%- endif %} @@ -65,9 +63,8 @@ postgres-reload-modules: {%- for name, schema in postgres.schemas|dictsort() %} {{ format_state(name, 'postgres_schema', schema) }} - - require: - - test: postgres-reload-modules {%- if 'owner' in schema %} + - require: - postgres_user: postgres_user-{{ schema.owner }} {%- endif %} @@ -78,8 +75,9 @@ postgres-reload-modules: {%- for name, extension in postgres.extensions|dictsort() %} {{ format_state(name, 'postgres_extension', extension) }} + {%- if 'maintenance_db' in extension or 'schema' in extension %} - require: - - test: postgres-reload-modules + {%- endif %} {%- if 'maintenance_db' in extension %} - postgres_database: postgres_database-{{ extension.maintenance_db }} {%- endif %} diff --git a/postgres/osfamilymap.yaml b/postgres/osfamilymap.yaml index 00c5e2a..6785a75 100644 --- a/postgres/osfamilymap.yaml +++ b/postgres/osfamilymap.yaml @@ -17,7 +17,6 @@ Debian: file: /etc/apt/sources.list.d/pgdg.list pkg_repo_keyid: ACCC4CF8 pkg_dev: postgresql-server-dev-all - pkg_libpq_dev: libpq-dev FreeBSD: user: pgsql @@ -29,16 +28,21 @@ RedHat: pkg_repo: name: pgdg{{ release }} humanname: PostgreSQL {{ repo.version }} $releasever - $basearch - baseurl: 'https://download.postgresql.org/pub/repos/yum/{{ repo.version }}/redhat/rhel-$releasever-$basearch' gpgcheck: 1 gpgkey: 'https://download.postgresql.org/pub/repos/yum/RPM-GPG-KEY-PGDG-{{ release }}' + {% if grains.os == 'Fedora' %} + baseurl: 'https://download.postgresql.org/pub/repos/yum/{{ repo.version }}/fedora/fedora-$releasever-$basearch' + {% else %} + baseurl: 'https://download.postgresql.org/pub/repos/yum/{{ repo.version }}/redhat/rhel-$releasever-$basearch' + {% endif %} -{% if repo.use_upstream_repo %} - +{% if repo.use_upstream_repo == true %} {% set data_dir = '/var/lib/pgsql/' ~ repo.version ~ '/data' %} pkg: postgresql{{ release }}-server pkg_client: postgresql{{ release }} + pkg_libs: postgresql{{ release }}-libs + pkg_dev: postgresql{{ release }}-devel conf_dir: /var/lib/pgsql/{{ repo.version }}/data service: postgresql-{{ repo.version }} @@ -46,7 +50,11 @@ RedHat: command: initdb --pgdata='{{ data_dir }}' test: test -f '{{ data_dir }}/PG_VERSION' - # Directory containing PostgreSQL client executables + # Alternatives system + linux: + altpriority: 30 + + # directory containing PostgreSQL client executables bin_dir: /usr/pgsql-{{ repo.version }}/bin client_bins: - clusterdb @@ -89,11 +97,87 @@ RedHat: pkg_client: postgresql {% endif %} + pkg_libpq_dev: libpqxx-devel Suse: + pkg_repo: + name: pgdg-sles-{{ release }} + humanname: PostgreSQL {{ repo.version }} $releasever - $basearch + #Using sles-12 upstream repo for opensuse + baseurl: 'https://download.postgresql.org/pub/repos/zypp/{{ repo.version }}/suse/sles-12-$basearch' + key_url: 'https://download.postgresql.org/pub/repos/zypp/{{ repo.version }}/suse/sles-12-$basearch/repodata/repomd.xml.key' + gpgcheck: 1 + gpgautoimport: True + +{% if repo.use_upstream_repo == true %} + {% set lib_dir = '/var/lib/pgsql/' ~ repo.version ~ '/data' %} + + pkg: postgresql{{ release }}-server + pkg_client: postgresql{{ release }} + pkg_dev: postgresql{{ release }}-devel + pkg_libs: postgresql{{ release }}-libs + conf_dir: {{ lib_dir }} + service: postgresql-{{ repo.version }} + + prepare_cluster: + command: /usr/pgsql-{{ repo.version }}/bin/initdb --pgdata='{{ lib_dir }}' + test: test -f '{{ lib_dir }}/PG_VERSION' + + # Alternatives system + linux: + altpriority: 30 + + # directory containing PostgreSQL client executables + bin_dir: /usr/pgsql-{{ repo.version }}/bin + client_bins: + - pg_archivecleanup + - pg_config + - pg_isready + - pg_receivexlog + - pg_rewind + - pg_test_fsync + - pg_test_timing + - pg_upgrade + - pg_xlogdump + - pgbench + server_bins: + - initdb + - pg_controldata + - pg_ctl + - pg_resetxlog + - postgres + - postgresql{{ release }}-check-db-dir + - postgresql{{ release }}-setup + - postmaster + +{% else %} + pkg: postgresql-server pkg_client: postgresql - pkg_libpq_dev: postgresql +{% endif %} + pkg_libpq_dev: libqpxx + +{%- if grains.os == 'MacOS' %} +## jinja check avoids rendering noise/failure on Linux +MacOS: + {%- if repo.use_upstream_repo == 'homebrew' %} + service: homebrew.mxcl.postgresql + {%- elif repo.use_upstream_repo == 'postgresapp' %} + service: com.postgresapp.Postgres2 + {%- endif %} + pkg: postgresql + pkg_client: + pkg_libpq_dev: + userhomes: /Users + user: {{ repo.user }} + group: {{ repo.group }} + conf_dir: /Users/{{ repo.user }}/Library/AppSupport/postgres_{{ repo.use_upstream_repo }} + prepare_cluster: + command: initdb -D /Users/{{ repo.user }}/Library/AppSupport/postgres_{{ repo.use_upstream_repo }} + test: test -f /Users/{{ repo.user }}/Library/AppSupport/postgres_{{ repo.use_upstream_repo }}/PG_VERSION + user: {{ repo.user }} + group: {{ repo.group }} +{%- endif %} # vim: ft=sls diff --git a/postgres/python.sls b/postgres/python.sls index a35d721..a206bfc 100644 --- a/postgres/python.sls +++ b/postgres/python.sls @@ -2,4 +2,4 @@ postgresql-python: pkg.installed: - - name: {{ postgres.python}} + - name: {{ postgres.pkg_python}} diff --git a/postgres/repo.yaml b/postgres/repo.yaml index e37eec7..1d87463 100644 --- a/postgres/repo.yaml +++ b/postgres/repo.yaml @@ -8,4 +8,12 @@ use_upstream_repo: {{ salt['pillar.get']('postgres:use_upstream_repo', version: {{ salt['pillar.get']('postgres:version', defaults.postgres.version) }} +#Early lookup for system user on MacOS +{% if grains.os == 'MacOS' %} + {% set sysuser = salt['pillar.get']('postgres.user') or salt['cmd.run']("stat -f '%Su' /dev/console") %} + {% set sysgroup = salt['pillar.get']('postgres.group') or salt['cmd.run']("stat -f '%Sg' /dev/console") %} +user: {{ sysuser }} +group: {{ sysgroup }} +{% endif %} + # vim: ft=sls diff --git a/postgres/server/init.sls b/postgres/server/init.sls index 5610e65..6e2b23b 100644 --- a/postgres/server/init.sls +++ b/postgres/server/init.sls @@ -4,50 +4,55 @@ {%- if postgres.bake_image %} {%- do includes.append('postgres.server.image') %} {%- endif %} -{%- if postgres.use_upstream_repo -%} +{%- if postgres.use_upstream_repo == true -%} {%- do includes.append('postgres.upstream') %} {%- endif %} {%- if includes -%} - include: {{ includes|yaml(false)|indent(2) }} - {%- endif %} {%- set pkgs = [postgres.pkg] + postgres.pkgs_extra %} - # Install, configure and start PostgreSQL server - postgresql-server: pkg.installed: - pkgs: {{ pkgs }} -{%- if postgres.use_upstream_repo %} +{%- if postgres.use_upstream_repo == true %} - refresh: True - require: - pkgrepo: postgresql-repo {%- endif %} + {%- if grains.os == 'MacOS' %} + #Register as Launchd LaunchAgent for system users + - require_in: + - file: postgresql-server + file.managed: + - name: /Library/LaunchAgents/{{ postgres.service }}.plist + - source: /usr/local/opt/postgres/{{ postgres.service }}.plist + - group: wheel + - require_in: + - service: postgresql-running + {%- else %} -{%- if 'bin_dir' in postgres %} - -# Make server binaries available in $PATH - - {%- for bin in postgres.server_bins %} - - {%- set path = salt['file.join'](postgres.bin_dir, bin) %} +# Alternatives system. Make server binaries available in $PATH + {%- if 'bin_dir' in postgres and postgres.linux.altpriority %} + {%- for bin in postgres.server_bins %} + {%- set path = salt['file.join'](postgres.bin_dir, bin) %} {{ bin }}: alternatives.install: - link: {{ salt['file.join']('/usr/bin', bin) }} - path: {{ path }} - - priority: 30 + - priority: {{ postgres.linux.altpriority }} - onlyif: test -f {{ path }} - require: - pkg: postgresql-server - require_in: - cmd: postgresql-cluster-prepared - {%- endfor %} + {%- endfor %} + {%- endif %} {%- endif %} @@ -56,7 +61,7 @@ postgresql-cluster-prepared: - name: {{ postgres.prepare_cluster.command }} - cwd: / - runas: {{ postgres.prepare_cluster.user }} - - env: {{ postgres.prepare_cluster.env|default({}) }} + - env: {{ postgres.prepare_cluster.env }} - unless: - {{ postgres.prepare_cluster.test }} - require: @@ -67,6 +72,12 @@ postgresql-config-dir: - name: {{ postgres.conf_dir }} - user: {{ postgres.user }} - group: {{ postgres.group }} + - dir_mode: 775 + - force: True + - file_mode: 644 + - recurse: + - user + - group - makedirs: True - require: - cmd: postgresql-cluster-prepared @@ -118,6 +129,33 @@ postgresql-pg_hba: - require: - file: postgresql-config-dir +{%- set pg_ident_path = salt['file.join'](postgres.conf_dir, 'pg_ident.conf') %} + +postgresql-pg_ident: + file.managed: + - name: {{ pg_ident_path }} + - user: {{ postgres.user }} + - group: {{ postgres.group }} + - mode: 600 +{%- if postgres.identity_map %} + - source: {{ postgres['pg_ident.conf'] }} + - template: jinja + - defaults: + mappings: {{ postgres.identity_map }} + {%- if postgres.config_backup %} + # Create the empty file before managing to overcome the limitation of check_cmd + - onlyif: test -f {{ pg_ident_path }} || touch {{ pg_ident_path }} + # Make a local backup before the file modification + - check_cmd: >- + salt-call --local file.copy + {{ pg_ident_path }} {{ pg_ident_path ~ postgres.config_backup }} remove_existing=true + {%- endif %} +{%- else %} + - replace: False +{%- endif %} + - require: + - file: postgresql-config-dir + {%- for name, tblspace in postgres.tablespaces|dictsort() %} postgresql-tablespace-dir-{{ name }}: @@ -138,13 +176,15 @@ postgresql-tablespace-dir-{{ name }}: {%- if not postgres.bake_image %} # Start PostgreSQL server using OS init - postgresql-running: service.running: - name: {{ postgres.service }} - enable: True + {% if grains.os not in ('MacOS',) %} - reload: True + {% endif %} - watch: - file: postgresql-pg_hba + - file: postgresql-pg_ident {%- endif %} diff --git a/postgres/templates/limit.maxfiles.plist b/postgres/templates/limit.maxfiles.plist new file mode 100644 index 0000000..1b16b1b --- /dev/null +++ b/postgres/templates/limit.maxfiles.plist @@ -0,0 +1,21 @@ + + + + + Label + limit.maxfiles + ProgramArguments + + /bin/launchctl + limit + maxfiles + {{ soft_limit }} + {{ hard_limit }} + + RunAtLoad + + ServiceIPC + + + diff --git a/postgres/templates/mac_shortcut.sh b/postgres/templates/mac_shortcut.sh new file mode 100755 index 0000000..4f560bf --- /dev/null +++ b/postgres/templates/mac_shortcut.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +shortcutName='${1}' +app="postgres.app" +Source="/Applications/$app" +Destination="{{ homes }}/{{ user }}/Desktop/${shortcutName}" +/usr/bin/osascript -e "tell application \"Finder\" to make alias file to POSIX file \"$Source\" at POSIX file \"$Destination\"" + diff --git a/postgres/templates/pg_ident.conf.j2 b/postgres/templates/pg_ident.conf.j2 new file mode 100644 index 0000000..1d4696b --- /dev/null +++ b/postgres/templates/pg_ident.conf.j2 @@ -0,0 +1,51 @@ +###################################################################### +# ATTENTION! Managed by SaltStack. # +# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN! # +###################################################################### +# +# PostgreSQL User Name Maps +# ========================= +# +# Refer to the PostgreSQL documentation, chapter "Client +# Authentication" for a complete description. A short synopsis +# follows. +# +# This file controls PostgreSQL user name mapping. It maps external +# user names to their corresponding PostgreSQL user names. Records +# are of the form: +# +# MAPNAME SYSTEM-USERNAME PG-USERNAME +# +# (The uppercase quantities must be replaced by actual values.) +# +# MAPNAME is the (otherwise freely chosen) map name that was used in +# pg_hba.conf. SYSTEM-USERNAME is the detected user name of the +# client. PG-USERNAME is the requested PostgreSQL user name. The +# existence of a record specifies that SYSTEM-USERNAME may connect as +# PG-USERNAME. +# +# If SYSTEM-USERNAME starts with a slash (/), it will be treated as a +# regular expression. Optionally this can contain a capture (a +# parenthesized subexpression). The substring matching the capture +# will be substituted for \1 (backslash-one) if present in +# PG-USERNAME. +# +# Multiple maps may be specified in this file and used by pg_hba.conf. +# +# No map names are defined in the default configuration. If all +# system user names and PostgreSQL user names are the same, you don't +# need anything in this file. +# +# This file is read on server startup and when the postmaster receives +# a SIGHUP signal. If you edit the file on a running system, you have +# to SIGHUP the postmaster for the changes to take effect. You can +# use "pg_ctl reload" to do that. + +# Put your actual configuration here +# ---------------------------------- + +# MAPNAME SYSTEM-USERNAME PG-USERNAME + +{%- for mapping in mappings %} +{{ '{0:<15} {1:<22} {2}'.format(mapping) -}} +{% endfor %} diff --git a/postgres/upstream.sls b/postgres/upstream.sls index 6c3956f..cf92872 100644 --- a/postgres/upstream.sls +++ b/postgres/upstream.sls @@ -3,7 +3,7 @@ {%- if 'pkg_repo' in postgres -%} - {%- if postgres.use_upstream_repo -%} + {%- if postgres.use_upstream_repo == true -%} # Add upstream repository for your distro postgresql-repo: @@ -25,9 +25,11 @@ postgresql-repo: {%- else -%} # Notify that we don't manage this distro + {% if grains.os not in ('Windows', 'MacOS',) %} postgresql-repo: test.show_notification: - text: | PostgreSQL does not provide package repository for {{ grains['osfinger'] }} + {% endif %} {%- endif %}