saltstack-formulas/postgres-formula
1
0
Fork 0
mirror of https://github.com/saltstack-formulas/postgres-formula.git synced 2025-04-17 10:10:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Convert hard-coded postgres user and group to variables, enforce ownership of conf dir, don't create pg_hba.conf unless initdb has succeeded

Browse source
This commit is contained in:
Tim Goodaire 2016-05-20 12:12:40 -05:00
parent aba8414809
commit e36478bcd6
2 changed files with 11 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
postgres/defaults.yaml
View file

@ -20,3 +20,5 @@ postgres:
pg_hba.conf: salt://postgres/pg_hba.conf pg_hba.conf: salt://postgres/pg_hba.conf
commands: commands:
initdb: service postgresql initdb initdb: service postgresql initdb
postgres_user: postgres
postgres_group: postgres

15
postgres/init.sls
View file

@ -7,6 +7,8 @@ include:
{{ postgres.conf_dir }}: {{ postgres.conf_dir }}:
file.directory: file.directory:
- user: {{ postgres.postgres_user }}
- group: {{ postgres.postgres_group }}
- makedirs: True - makedirs: True
install-postgresql: install-postgresql:
@ -71,11 +73,12 @@ pg_hba.conf:
- name: {{ postgres.conf_dir }}/pg_hba.conf - name: {{ postgres.conf_dir }}/pg_hba.conf
- source: {{ postgres['pg_hba.conf'] }} - source: {{ postgres['pg_hba.conf'] }}
- template: jinja - template: jinja
- user: postgres - user: {{ postgres.postgres_user }}
- group: postgres - group: {{ postgres.postgres_group }}
- mode: 644 - mode: 644
- require: - require:
- pkg: install-postgresql - pkg: install-postgresql
- onlyif: test -f {{ postgres.conf_dir }}/postgresql.conf
- watch_in: - watch_in:
- service: run-postgresql - service: run-postgresql
@ -90,14 +93,14 @@ postgres-user-{{ name }}:
- inherit: {{ user.get('inherit', True) }} - inherit: {{ user.get('inherit', True) }}
- replication: {{ user.get('replication', False) }} - replication: {{ user.get('replication', False) }}
- password: {{ user.get('password', 'changethis') }} - password: {{ user.get('password', 'changethis') }}
- user: {{ user.get('runas', 'postgres') }} - user: {{ user.get('runas', postgres.postgres_user) }}
- superuser: {{ user.get('superuser', False) }} - superuser: {{ user.get('superuser', False) }}
- require: - require:
- service: run-postgresql - service: run-postgresql
{% else %} {% else %}
postgres_user.absent: postgres_user.absent:
- name: {{ name }} - name: {{ name }}
- user: {{ user.get('runas', 'postgres') }} - user: {{ user.get('runas', postgres.postgres_user) }}
- require: - require:
- service: run-postgresql - service: run-postgresql
{% endif %} {% endif %}
@ -114,7 +117,7 @@ postgres-db-{{ name }}:
{% if db.get('owner') %} {% if db.get('owner') %}
- owner: {{ db.get('owner') }} - owner: {{ db.get('owner') }}
{% endif %} {% endif %}
- user: {{ db.get('runas', 'postgres') }} - user: {{ db.get('runas', postgres.postgres_user) }}
- require: - require:
- service: run-postgresql - service: run-postgresql
{% if db.get('user') %} {% if db.get('user') %}
@ -140,7 +143,7 @@ postgres-schema-{{ schema }}-for-db-{{ name }}:
postgres-ext-{{ ext }}-for-db-{{ name }}: postgres-ext-{{ ext }}-for-db-{{ name }}:
postgres_extension.present: postgres_extension.present:
- name: {{ ext }} - name: {{ ext }}
- user: {{ db.get('runas', 'postgres') }} - user: {{ db.get('runas', postgres.postgres_user) }}
- maintenance_db: {{ name }} - maintenance_db: {{ name }}
{% if ext_args is not none %} {% if ext_args is not none %}
{% for arg, value in ext_args.items() %} {% for arg, value in ext_args.items() %}