|
8 | 8 | * [Getting started with postgresql](#getting-started-with-postgresql) |
9 | 9 | 3. [Usage - Configuration options and additional functionality](#usage) |
10 | 10 | * [Configure a server](#configure-a-server) |
| 11 | + * [Configure an instance](#configure-an-instance) |
11 | 12 | * [Create a database](#create-a-database) |
12 | 13 | * [Manage users, roles, and permissions](#manage-users-roles-and-permissions) |
13 | 14 | * [Manage ownership of DB objects](#manage-ownership-of-db-objects) |
@@ -72,6 +73,184 @@ If you get an error message from these commands, your permission settings restri |
72 | 73 |
|
73 | 74 | For more details about server configuration parameters, consult the [PostgreSQL Runtime Configuration documentation](http://www.postgresql.org/docs/current/static/runtime-config.html). |
74 | 75 |
|
| 76 | +### Configure an instance |
| 77 | + |
| 78 | +This module supports managing multiple instances (the default instance is referred to as 'main' and managed via including the server.pp class) |
| 79 | + |
| 80 | +**NOTE:** This feature is currently tested on Centos 8 Streams/RHEL8 with DNF Modules enabled. Different Linux plattforms and/or the Postgresql.org |
| 81 | +packages distribute different Systemd service files or use wrapper scripts with Systemd to start Postgres. Additional adjustmentments are needed to get this working on these plattforms. |
| 82 | + |
| 83 | +#### Working Plattforms |
| 84 | + |
| 85 | +* Centos 8 Streams |
| 86 | +* RHEL 8 |
| 87 | + |
| 88 | +#### Background and example |
| 89 | + |
| 90 | +creating a new instance has the following advantages: |
| 91 | +* files are owned by the postgres user |
| 92 | +* instance is running under a different user, if the instance is hacked, the hacker has no access to the file system |
| 93 | +* the instance user can be an LDAP user, higher security because of central login monitoring, password policies, password rotation policies |
| 94 | +* main instance can be disabled |
| 95 | + |
| 96 | + |
| 97 | +Here is a profile which can be used to create instaces |
| 98 | + |
| 99 | +```puppet |
| 100 | +class profiles::postgres ( |
| 101 | + Hash $instances = {}, |
| 102 | + String $postgresql_version = '13', |
| 103 | +) { |
| 104 | + class { 'postgresql::globals': |
| 105 | + encoding => 'UTF-8', |
| 106 | + locale => 'en_US.UTF-8', |
| 107 | + manage_package_repo => false, |
| 108 | + manage_dnf_module => true, |
| 109 | + needs_initdb => true, |
| 110 | + version => $postgresql_version, |
| 111 | + } |
| 112 | + include postgresql::server |
| 113 | +
|
| 114 | + $instances.each |String $instance, Hash $instance_settings| { |
| 115 | + postgresql::server_instance { $instance: |
| 116 | + * => $instance_settings, |
| 117 | + } |
| 118 | + } |
| 119 | +} |
| 120 | +``` |
| 121 | + |
| 122 | +And here is data to create an instance called test1: |
| 123 | + |
| 124 | +```yaml |
| 125 | +# stop default main instance |
| 126 | +postgresql::server::service_ensure: "stopped" |
| 127 | +postgresql::server::service_enable: false |
| 128 | + |
| 129 | +#define an instance |
| 130 | +profiles::postgres::instances: |
| 131 | + test1: |
| 132 | + instance_user: "ins_test1" |
| 133 | + instance_group: "ins_test1" |
| 134 | + instance_directories: |
| 135 | + "/opt/pgsql": |
| 136 | + ensure: directory |
| 137 | + "/opt/pgsql/backup": |
| 138 | + ensure: directory |
| 139 | + "/opt/pgsql/data": |
| 140 | + ensure: directory |
| 141 | + "/opt/pgsql/data/13": |
| 142 | + ensure: directory |
| 143 | + "/opt/pgsql/data/home": |
| 144 | + ensure: directory |
| 145 | + "/opt/pgsql/wal": |
| 146 | + ensure: directory |
| 147 | + "/opt/pgsql/log": |
| 148 | + ensure: directory |
| 149 | + "/opt/pgsql/log/13": |
| 150 | + ensure: directory |
| 151 | + "/opt/pgsql/log/13/test1": |
| 152 | + ensure: directory |
| 153 | + config_settings: |
| 154 | + pg_hba_conf_path: "/opt/pgsql/data/13/test1/pg_hba.conf" |
| 155 | + postgresql_conf_path: "/opt/pgsql/data/13/test1/postgresql.conf" |
| 156 | + pg_ident_conf_path: "/opt/pgsql/data/13/test1/pg_ident.conf" |
| 157 | + datadir: "/opt/pgsql/data/13/test1" |
| 158 | + service_name: "postgresql@13-test1" |
| 159 | + port: 5433 |
| 160 | + pg_hba_conf_defaults: false |
| 161 | + service_settings: |
| 162 | + service_name: "postgresql@13-test1" |
| 163 | + service_status: "systemctl status postgresql@13-test1.service" |
| 164 | + service_ensure: "running" |
| 165 | + service_enable: true |
| 166 | + initdb_settings: |
| 167 | + auth_local: "peer" |
| 168 | + auth_host: "md5" |
| 169 | + needs_initdb: true |
| 170 | + datadir: "/opt/pgsql/data/13/test1" |
| 171 | + encoding: "UTF-8" |
| 172 | + lc_messages: "en_US.UTF8" |
| 173 | + locale: "en_US.UTF8" |
| 174 | + data_checksums: false |
| 175 | + group: "postgres" |
| 176 | + user: "postgres" |
| 177 | + username: "ins_test1" |
| 178 | + config_entries: |
| 179 | + authentication_timeout: |
| 180 | + value: "1min" |
| 181 | + comment: "a test" |
| 182 | + log_statement_stats: |
| 183 | + value: "off" |
| 184 | + autovacuum_vacuum_scale_factor: |
| 185 | + value: 0.3 |
| 186 | + databases: |
| 187 | + testdb1: |
| 188 | + encoding: "UTF8" |
| 189 | + locale: "en_US.UTF8" |
| 190 | + owner: "dba_test1" |
| 191 | + testdb2: |
| 192 | + encoding: "UTF8" |
| 193 | + locale: "en_US.UTF8" |
| 194 | + owner: "dba_test1" |
| 195 | + roles: |
| 196 | + "ins_test1": |
| 197 | + superuser: true |
| 198 | + login: true |
| 199 | + "dba_test1": |
| 200 | + createdb: true |
| 201 | + login: true |
| 202 | + "app_test1": |
| 203 | + login: true |
| 204 | + "rep_test1": |
| 205 | + replication: true |
| 206 | + login: true |
| 207 | + "rou_test1": |
| 208 | + login: true |
| 209 | + pg_hba_rules: |
| 210 | + "local all INSTANCE user": |
| 211 | + type: "local" |
| 212 | + database: "all" |
| 213 | + user: "ins_test1" |
| 214 | + auth_method: "peer" |
| 215 | + order: 1 |
| 216 | + "local all DB user": |
| 217 | + type: "local" |
| 218 | + database: "all" |
| 219 | + user: "dba_test1" |
| 220 | + auth_method: "peer" |
| 221 | + order: 2 |
| 222 | + "local all APP user": |
| 223 | + type: "local" |
| 224 | + database: "all" |
| 225 | + user: "app_test1" |
| 226 | + auth_method: "peer" |
| 227 | + order: 3 |
| 228 | + "local all READONLY user": |
| 229 | + type: "local" |
| 230 | + database: "all" |
| 231 | + user: "rou_test1" |
| 232 | + auth_method: "peer" |
| 233 | + order: 4 |
| 234 | + "remote all INSTANCE user PGADMIN server": |
| 235 | + type: "host" |
| 236 | + database: "all" |
| 237 | + user: "ins_test1" |
| 238 | + address: "192.168.22.131/32" |
| 239 | + auth_method: "md5" |
| 240 | + order: 5 |
| 241 | + "local replication INSTANCE user": |
| 242 | + type: "local" |
| 243 | + database: "replication" |
| 244 | + user: "ins_test1" |
| 245 | + auth_method: "peer" |
| 246 | + order: 6 |
| 247 | + "local replication REPLICATION user": |
| 248 | + type: "local" |
| 249 | + database: "replication" |
| 250 | + user: "rep_test1" |
| 251 | + auth_method: "peer" |
| 252 | + order: 7 |
| 253 | +``` |
75 | 254 | ### Create a database |
76 | 255 |
|
77 | 256 | You can set up a variety of PostgreSQL databases with the `postgresql::server::db` defined type. For instance, to set up a database for PuppetDB: |
@@ -359,7 +538,7 @@ For information on the classes and types, see the [REFERENCE.md](https://github. |
359 | 538 |
|
360 | 539 | ## Limitations |
361 | 540 |
|
362 | | -Works with versions of PostgreSQL on supported OSes. |
| 541 | +Works with versions of PostgreSQL on supported OSes. |
363 | 542 |
|
364 | 543 | For an extensive list of supported operating systems, see [metadata.json](https://github.com/puppetlabs/puppetlabs-postgresql/blob/main/metadata.json) |
365 | 544 |
|
|
0 commit comments