postgres: # Set True to configure upstream postgresql.org repository for YUM or APT use_upstream_repo: False # Version to install from upstream repository version: '9.3' # These are Debian/Ubuntu specific package names pkg: 'postgresql-9.3' pkg_client: 'postgresql-client-9.3' # Additional packages to install with PostgreSQL server, # this should be in a list format pkgs_extra: - postgresql-contrib - postgresql-plpython # Append the lines under this item to your postgresql.conf file. # Pay attention to indent exactly with 4 spaces for all lines. postgresconf: | listen_addresses = '*' # listen on all interfaces # Backup extension for postgresql.conf file, defaults to ``.bak``. # Set to False to stop creation of backup on postgresql.conf changes. {%- if 'status.time' in salt.keys() %} postgresconf_backup: ".backup@{{ salt['status.time']('%y-%m-%d_%H:%M:%S') }}" {%- endif %} # Path to the `pg_hba.conf` file Jinja template on Salt Fileserver pg_hba.conf: salt://postgres/templates/pg_hba.conf.j2 # This section covers ACL management in the ``pg_hba.conf`` file. # acls list controls: which hosts are allowed to connect, how clients # are authenticated, which PostgreSQL user names they can use, which # databases they can access. Records take one of these forms: # #acls: # - ['local', 'DATABASE', 'USER', 'METHOD'] # - ['host', 'DATABASE', 'USER', 'ADDRESS', 'METHOD'] # - ['hostssl', 'DATABASE', 'USER', 'ADDRESS', 'METHOD'] # - ['hostnossl', 'DATABASE', 'USER', 'ADDRESS', 'METHOD'] # # The uppercase items must be replaced by actual values. # METHOD could be omitted, 'md5' will be appended by default. # # If ``acls`` item value is empty ('', [], null), then the contents of # ``pg_hba.conf`` file will not be touched at all. acls: - ['local', 'db1', 'localUser'] - ['host', 'db2', 'remoteUser', '192.168.33.0/24'] # PostgreSQL service name service: postgresql {%- if grains['init'] == 'unknown' %} # If Salt is unable to detect init system running in the scope of state run, # probably we are trying to bake a container/VM image with PostgreSQL. # Use ``bake_image`` setting to control how PostgreSQL will be started: if set # to ``True`` the raw ``pg_ctl`` will be utilized instead of packaged init # script, job or unit run with Salt ``service`` state. bake_image: True {%- endif %} # Create/remove users, tablespaces, databases, schema and extensions. # Each of these dictionaries contains PostgreSQL entities which # mapped to the ``postgres_*`` Salt states with arguments. See the Salt # documentation to get all supported argument for a particular state. # # Format is the following: # #: # NAME: # ensure: # 'present' is the default # ARGUMENT: VALUE # ... # # where 'NAME' is the state name, 'ARGUMENT' is the kwarg name, and # 'VALUE' is kwarg value. # # For example, the Pillar: # #users: # testUser: # password: test # # will render such state: # #postgres_user-testUser: # postgres_user.present: # - name: testUser # - password: test users: localUser: ensure: present password: '98ruj923h4rf' createdb: False createroles: False createuser: False inherit: True replication: False remoteUser: ensure: present password: '98ruj923h4rf' createdb: False createroles: False createuser: False inherit: True replication: False absentUser: ensure: absent # tablespaces to be created tablespaces: my_space: directory: /srv/my_tablespace owner: localUser # databases to be created databases: db1: owner: 'localUser' template: 'template0' lc_ctype: 'en_US.UTF-8' lc_collate: 'en_US.UTF-8' db2: owner: 'remoteUser' template: 'template0' lc_ctype: 'en_US.UTF-8' lc_collate: 'en_US.UTF-8' tablespace: 'my_space' # optional schemas to enable on database schemas: uuid_ossp: dbname: db1 owner: localUser # optional extensions to install in schema extensions: uuid-ossp: schema: uuid_ossp maintenance_db: db1 #postgis: {} # vim: ft=yaml ts=2 sts=2 sw=2 et