From 4d6a50faa70533caaa9ea6e66844e5a7fd5dfb66 Mon Sep 17 00:00:00 2001
From: Eric Lippmann <eric.lippmann@netways.de>
Date: Wed, 29 May 2013 17:39:49 +0200
Subject: [PATCH] Vagrant: Add automated provisioning PostgreSQL

refs #4215
---
 .../modules/pgsql/manifests/init.pp           | 45 +++++++++++
 .../modules/pgsql/templates/pg_hba.conf.erb   | 76 +++++++++++++++++++
 2 files changed, 121 insertions(+)
 create mode 100644 .vagrant-puppet/modules/pgsql/manifests/init.pp
 create mode 100644 .vagrant-puppet/modules/pgsql/templates/pg_hba.conf.erb

diff --git a/.vagrant-puppet/modules/pgsql/manifests/init.pp b/.vagrant-puppet/modules/pgsql/manifests/init.pp
new file mode 100644
index 000000000..18434a71a
--- /dev/null
+++ b/.vagrant-puppet/modules/pgsql/manifests/init.pp
@@ -0,0 +1,45 @@
+# Class: pgsql
+#
+#   This class installs the postgresql server and client software.
+#   Further it configures pg_hba.conf to trus the local icinga user.
+#
+# Parameters:
+#
+# Actions:
+#
+# Requires:
+#
+# Sample Usage:
+#
+#   include pgsql
+#
+class pgsql {
+
+  Exec { path => '/sbin:/bin:/usr/bin' }
+
+  package {
+    'postgresql':
+      ensure => installed;
+    'postgresql-server':
+      ensure => installed;
+  }
+
+  exec { 'initdb':
+    creates => '/var/lib/pgsql/data/pg_xlog',
+    command => 'service postgresql initdb',
+    require => Package['postgresql-server']
+  }
+
+  service { 'postgresql':
+    ensure  => running,
+    require => [Package['postgresql-server'], Exec['initdb']]
+  }
+
+  file { '/var/lib/pgsql/data/pg_hba.conf':
+    content => template('pgsql/pg_hba.conf.erb'),
+    owner   => 'root',
+    group   => 'root',
+    require => [Package['postgresql-server'], Exec['initdb']],
+    notify  => Service['postgresql']
+  }
+}
diff --git a/.vagrant-puppet/modules/pgsql/templates/pg_hba.conf.erb b/.vagrant-puppet/modules/pgsql/templates/pg_hba.conf.erb
new file mode 100644
index 000000000..4b70fd76f
--- /dev/null
+++ b/.vagrant-puppet/modules/pgsql/templates/pg_hba.conf.erb
@@ -0,0 +1,76 @@
+# PostgreSQL Client Authentication Configuration File
+# ===================================================
+#
+# Refer to the "Client Authentication" section in the
+# PostgreSQL documentation for a complete description
+# of this file.  A short synopsis follows.
+#
+# This file controls: which hosts are allowed to connect, how clients
+# are authenticated, which PostgreSQL user names they can use, which
+# databases they can access.  Records take one of these forms:
+#
+# local      DATABASE  USER  METHOD  [OPTIONS]
+# host       DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTIONS]
+# hostssl    DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTIONS]
+# hostnossl  DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTIONS]
+#
+# (The uppercase items must be replaced by actual values.)
+#
+# The first field is the connection type: "local" is a Unix-domain socket,
+# "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl" is an
+# SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP socket.
+#
+# DATABASE can be "all", "sameuser", "samerole", a database name, or
+# a comma-separated list thereof.
+#
+# USER can be "all", a user name, a group name prefixed with "+", or
+# a comma-separated list thereof.  In both the DATABASE and USER fields
+# you can also write a file name prefixed with "@" to include names from
+# a separate file.
+#
+# CIDR-ADDRESS specifies the set of hosts the record matches.
+# It is made up of an IP address and a CIDR mask that is an integer
+# (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies
+# the number of significant bits in the mask.  Alternatively, you can write
+# an IP address and netmask in separate columns to specify the set of hosts.
+#
+# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi", "krb5",
+# "ident", "pam", "ldap" or "cert".  Note that "password" sends passwords
+# in clear text; "md5" is preferred since it sends encrypted passwords.
+#
+# OPTIONS are a set of options for the authentication in the format
+# NAME=VALUE. The available options depend on the different authentication
+# methods - refer to the "Client Authentication" section in the documentation
+# for a list of which options are available for which authentication methods.
+#
+# Database and user names containing spaces, commas, quotes and other special
+# characters must be quoted. Quoting one of the keywords "all", "sameuser" or
+# "samerole" makes the name lose its special character, and just match a
+# database or username with that name.
+#
+# This file is read on server startup and when the postmaster receives
+# a SIGHUP signal.  If you edit the file on a running system, you have
+# to SIGHUP the postmaster for the changes to take effect.  You can use
+# "pg_ctl reload" to do that.
+
+# Put your actual configuration here
+# ----------------------------------
+#
+# If you want to allow non-local connections, you need to add more
+# "host" records. In that case you will also need to make PostgreSQL listen
+# on a non-local interface via the listen_addresses configuration parameter,
+# or via the -i or -h command line switches.
+#
+
+
+
+# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
+
+# icinga
+local   icinga      icinga                            trust
+# "local" is for Unix domain socket connections only
+local   all         all                               ident
+# IPv4 local connections:
+host    all         all         127.0.0.1/32          ident
+# IPv6 local connections:
+host    all         all         ::1/128               ident