-
Notifications
You must be signed in to change notification settings - Fork 282
/
Copy pathpillar.example
204 lines (181 loc) · 5.9 KB
/
pillar.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
# Port to use for the cluster -- can be used to provide a non-standard port
# NOTE: If already set in the minion config, that value takes priority
postgres.port: '5432'
postgres:
# UPSTREAM REPO
# Set true to configure upstream postgresql.org repository for YUM/APT/ZYPP
use_upstream_repo: false
# Version to install from upstream repository (if upstream_repo: true)
version: '13'
# Set true to add a file in /etc/profile.d adding the bin dir in $PATH
# as packages from upstream put them somewhere like /usr/pgsql-10/bin
add_profile: false
# If automatic package installation fails, use `fromrepo` to specify the
# upstream repo to install packages from [#133, #185] (if upstream_repo: true)
fromrepo: 'jessie-pgdg'
### MACOS
# Set to 'postgresapp' OR 'homebrew' for MacOS
# use_upstream_repo: 'postgresapp'
# use_upstream_repo: 'homebrew'
# PACKAGE
# These pillars are typically never required.
# pkg: 'postgresql'
# pkg_client: 'postgresql-client'
# service:
# name: 'postgresql'
# flags: -w -s -m fast
# sysrc: true
pkgs_extra:
{%- if grains.os_family not in ('FreeBSD',) %}
- postgresql-contrib
{%- endif %}
- postgresql-plpython
# CLUSTER
# The default `encoding` is derived from the `locale` so not recommended
# to provide a value for it unless necessary
cluster:
locale: en_US.UTF-8
# encoding: UTF8
# 'Alternatives system' priority incremental. 0 disables feature.
linux:
altpriority: 30
# macos limits
limits:
soft: 64000
hard: 128000
# POSTGRES
# Append the lines under this item to your postgresql.conf file.
# Pay attention to indent exactly with 4 spaces for all lines.
postgresconf: |-
listen_addresses = '*' # listen on all interfaces
# Path to the `pg_hba.conf` file Jinja template on Salt Fileserver
pg_hba.conf: salt://postgres/templates/pg_hba.conf.j2
# This section covers ACL management in the ``pg_hba.conf`` file.
# acls list controls: which hosts are allowed to connect, how clients
# are authenticated, which PostgreSQL user names they can use, which
# databases they can access. Records take one of these forms:
#
# acls:
# - ['local', 'DATABASE', 'USER', 'METHOD']
# - ['host', 'DATABASE', 'USER', 'ADDRESS', 'METHOD']
# - ['hostssl', 'DATABASE', 'USER', 'ADDRESS', 'METHOD']
# - ['hostnossl', 'DATABASE', 'USER', 'ADDRESS', 'METHOD']
#
# The uppercase items must be replaced by actual values.
# METHOD could be omitted, 'md5' will be appended by default.
#
# Postgres expect a valid CIDR for ADDRESS (not ipaddress)
#
# If ``acls`` item value is empty ('', [], null), then the contents of
# ``pg_hba.conf`` file will not be touched at all.
acls:
- ['local', 'db0', 'connuser', 'peer map=users_as_appuser']
- ['local', 'db1', 'localUser']
- ['host', 'db2', 'remoteUser', '192.168.33.0/24']
- ['host', 'all', 'all', '127.0.0.1/32', 'md5']
identity_map:
- ['users_as_appuser', 'jdoe', 'connuser']
- ['users_as_appuser', 'jsmith', 'connuser']
# Backup extension for configuration files, defaults to ``.bak``.
# Set ``false`` to stop creation of backups when config files change.
{%- if salt['status.time']|default(none) is callable %}
config_backup: ".backup@{{ salt['status.time']('%y-%m-%d_%H:%M:%S') }}"
{%- endif %}
{%- if 'init' in grains and grains['init'] == 'unknown' %}
# If Salt is unable to detect init system running in the scope of state run,
# probably we are trying to bake a container/VM image with PostgreSQL.
# Use ``bake_image`` setting to control how PostgreSQL will be started: if set
# to ``true`` the raw ``pg_ctl`` will be utilized instead of packaged init
# script, job or unit run with Salt ``service`` state.
bake_image: true
{%- endif %}
# Create/remove users, tablespaces, databases, schema and extensions.
# Each of these dictionaries contains PostgreSQL entities which
# mapped to the ``postgres_*`` Salt states with arguments. See the Salt
# documentation to get all supported argument for a particular state.
#
# Format is the following:
#
# <users|tablespaces|databases|schemas|extensions>:
# NAME:
# ensure: <present|absent> # 'present' is the default
# ARGUMENT: VALUE
# ...
#
# where 'NAME' is the state name, 'ARGUMENT' is the kwarg name, and
# 'VALUE' is kwarg value.
#
# For example, the Pillar:
#
# users:
# testUser:
# password: test
#
# will render such state:
#
# postgres_user-testUser:
# postgres_user.present:
# - name: testUser
# - password: test
users:
localUser:
ensure: present
password: '98ruj923h4rf'
createdb: false
createroles: false
inherit: true
replication: false
remoteUser:
ensure: present
password: '98ruj923h4rf'
createdb: false
createroles: false
inherit: true
replication: false
absentUser:
ensure: absent
# tablespaces to be created
tablespaces:
my_space:
directory: /srv/my_tablespace
owner: localUser
# databases to be created
databases:
db1:
owner: 'localUser'
template: 'template0'
lc_ctype: 'en_US.UTF-8'
lc_collate: 'en_US.UTF-8'
db2:
owner: 'remoteUser'
template: 'template0'
lc_ctype: 'en_US.UTF-8'
lc_collate: 'en_US.UTF-8'
tablespace: 'my_space'
# set custom schema
schemas:
public:
owner: 'localUser'
# enable per-db extension
extensions:
uuid-ossp:
schema: 'public'
# optional schemas to enable on database
schemas:
uuid-ossp:
dbname: db1
owner: localUser
# optional extensions to install in schema
extensions:
# postgis: {}
uuid-ossp:
schema: uuid-ossp
maintenance_db: db1
remove:
data: true
multiple_releases: true
releases: ['9.6', '10']
# vim: ft=yaml ts=2 sts=2 sw=2 et