Me again! I have a recipe that looks like: class postgresql { file { pg_hba_conf: name => "/var/lib/pgsql/data/pg_hba.conf", source => "puppet://puppetmaster/files/workstations/common/var/lib/pgsql/data/pg_hba.conf", owner => postgres, group => postgres, mode => 600, subscribe => [ Package[postgresql] ], } package { "postgresql" : ensure => present } service { postgres: name => postgresql, ensure => stopped, subscribe => [ File[pg_hba_conf], Package[postgresql] ], enable => false, hasrestart => true, pattern => postgres } } The problem is, on a CentOS box, postgres must be run with the distro-supplied pg_hba.conf for the init process to work properly. Thereafter, pg_hba.conf can be replaced appropriately. At this point, I''m thinking I need to use something like an exec with unless and notify to somehow determine that postgres has only just been installed, boot it with the init mode, then shut it down, replace the config file and boot it again. I''m also thinking that that can''t be the best way to handle this, can it? Suggestions on the back of a bit appreciated. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Duncan Hill schrieb:> The problem is, on a CentOS box, postgres must be run with the > distro-supplied pg_hba.conf for the init process to work properly. > Thereafter, pg_hba.conf can be replaced appropriately. At this point, > I''m thinking I need to use something like an exec with unless and > notify to somehow determine that postgres has only just been > installed, boot it with the init mode, then shut it down, replace the > config file and boot it again. I''m also thinking that that can''t be > the best way to handle this, can it?Hello Duncan, what we''re actually doing is generating a custom pg_hba with the following defaults: -- SNIP -- host all all 127.0.0.1 255.255.255.255 md5 local all postgres ident sameuser local all all md5 -- SNIP -- where we then add the other required lines below. This way the (init-)scripts still work as expected, because "postgres" is allowed to connect as ususal and everbody else needs a password. If your users need to access the database as "postgres" consider the following: they don''t - they just need a user with superuser privilege. Just write a short scriptlet that can create the user in postgresql and add that to your puppet reciepe (that''s what we did...) Hope that helps. Regards, Andreas -- Solvention Egermannstr. 6-8 53359 Rheinbach Tel: +49 2226 158179-0 Fax: +49 2226 158179-9 http://www.solvention.de mailto:info@solvention.de
Massimo Mongardini
2008-Apr-07 20:28 UTC
[Puppet Users] Re: CentOS, Postgres init and puppet
Duncan Hill wrote:> Me again! > > I have a recipe that looks like: > class postgresql { > file { pg_hba_conf: > name => "/var/lib/pgsql/data/pg_hba.conf", > source => > "puppet://puppetmaster/files/workstations/common/var/lib/pgsql/data/pg_hba.conf", > owner => postgres, > group => postgres, > mode => 600, > subscribe => [ Package[postgresql] ], > } > package { "postgresql" : ensure => present } > service { postgres: > name => postgresql, > ensure => stopped, > subscribe => [ File[pg_hba_conf], Package[postgresql] ], > enable => false, > hasrestart => true, > pattern => postgres > } > } > > The problem is, on a CentOS box, postgres must be run with the > distro-supplied pg_hba.conf for the init process to work properly. > Thereafter, pg_hba.conf can be replaced appropriately. At this point, > I''m thinking I need to use something like an exec with unless and > notify to somehow determine that postgres has only just been > installed, boot it with the init mode, then shut it down, replace the > config file and boot it again. I''m also thinking that that can''t be > the best way to handle this, can it? > > Suggestions on the back of a bit appreciated. > > > >Hi, what we do to solve this is something like this: service { "postgresql": hasstatus => true, ensure => running, enable => true, subscribe => [ File["$pg_home/data/pg_hba.conf"], File["$pg_home/data/postgresql.conf"], File["$pg_home/data/pg_ident.conf"], File["/etc/sysconfig/pgsql/postgresql"] ], } # Ensure the service has been started once before copying the files across exec {"Initialize postgres": command => "/sbin/service postgresql start", require => Package["postgresql-server"], before => [ File["$pg_home/data/pg_hba.conf"], File["$pg_home/data/postgresql.conf"], File["$pg_home/data/pg_ident.conf"] ] } file { "$pg_home/data/pg_hba.conf": owner => postgres, group => postgres, mode => 600, source => "puppet://puppet/conf/common/pg_hba.conf", ; "$pg_home/data/postgresql.conf": owner => postgres, group => postgres, mode => 600, source => "puppet://puppet/conf/common/postgresql.conf", ; "$pg_home/data/pg_ident.conf": owner => postgres, group => postgres, mode => 600, source => "puppet://puppet/conf/common/pg_ident.conf", ; } Regards, Massimo --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Maybe Matching Threads
- [PATCH server] add ipv6 postgres trust
- [PATCH server] update installer exec items to single_exec where applicable
- postgres 7 - CentOS 4.4
- [PATCH server] update postgres for ipv6 support, or db:migrate will fail
- Need help with postgresql authentication set up