Puppet Class: postgresql::server::passwd
- Defined in:
- manifests/server/passwd.pp
Overview
PRIVATE CLASS: do not call directly
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
# File 'manifests/server/passwd.pp', line 2
class postgresql::server::passwd {
$postgres_password = $postgresql::server::postgres_password
$user = $postgresql::server::user
$group = $postgresql::server::group
$psql_path = $postgresql::server::psql_path
$port = $postgresql::server::port
$database = $postgresql::server::default_database
$module_workdir = $postgresql::server::module_workdir
# psql will default to connecting as $user if you don't specify name
$_datbase_user_same = $database == $user
$_dboption = $_datbase_user_same ? {
false => " --dbname ${database}",
default => ''
}
if ($postgres_password != undef) {
# NOTE: this password-setting logic relies on the pg_hba.conf being
# configured to allow the postgres system user to connect via psql
# without specifying a password ('ident' or 'trust' security). This is
# the default for pg_hba.conf.
$escaped = postgresql_escape($postgres_password)
exec { 'set_postgres_postgrespw':
# This command works w/no password because we run it as postgres system
# user
command => "${psql_path}${_dboption} -c \"ALTER ROLE \\\"${user}\\\" PASSWORD \${NEWPASSWD_ESCAPED}\"",
user => $user,
group => $group,
logoutput => true,
cwd => $module_workdir,
environment => [
"PGPASSWORD=${postgres_password}",
"PGPORT=${port}",
"NEWPASSWD_ESCAPED=${escaped}",
],
# With this command we're passing -h to force TCP authentication, which
# does require a password. We specify the password via the PGPASSWORD
# environment variable. If the password is correct (current), this
# command will exit with an exit code of 0, which will prevent the main
# command from running.
unless => "${psql_path} -h localhost -p ${port} -c 'select 1' > /dev/null",
path => '/usr/bin:/usr/local/bin:/bin',
}
}
}
|