puppetlabs
diff --git a/‎.fixtures.yml‎
Lines changed: 1 addition & 0 deletions b/‎.fixtures.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/mend.yml‎
Lines changed: 15 additions & 0 deletions b/‎.github/workflows/mend.yml‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎manifests/params.pp‎
Lines changed: 1 addition & 1 deletion b/‎manifests/params.pp‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎manifests/server/config_entry.pp‎
Lines changed: 1 addition & 72 deletions b/‎manifests/server/config_entry.pp‎
Lines changed: 1 addition & 72 deletions
diff --git a/‎manifests/server/instance/config.pp‎
Lines changed: 6 additions & 69 deletions b/‎manifests/server/instance/config.pp‎
Lines changed: 6 additions & 69 deletions
diff --git a/‎manifests/server/instance/systemd.pp‎
Lines changed: 31 additions & 0 deletions b/‎manifests/server/instance/systemd.pp‎
Lines changed: 31 additions & 0 deletions
diff --git a/‎manifests/server/pg_hba_rule.pp‎
Lines changed: 21 additions & 8 deletions b/‎manifests/server/pg_hba_rule.pp‎
Lines changed: 21 additions & 8 deletions
diff --git a/‎manifests/server/pg_ident_rule.pp‎
Lines changed: 16 additions & 4 deletions b/‎manifests/server/pg_ident_rule.pp‎
Lines changed: 16 additions & 4 deletions
@@ -10,3 +10,4 @@ fixtures:
     puppet_agent: 'https://github.com/puppetlabs/puppetlabs-puppet_agent.git'
     stdlib: "https://github.com/puppetlabs/puppetlabs-stdlib.git"
     yumrepo_core: "https://github.com/puppetlabs/puppetlabs-yumrepo_core.git"
+    systemd: "https://github.com/voxpupuli/puppet-systemd.git"
@@ -0,0 +1,15 @@
+name: "mend"
+
+on:
+  pull_request:
+    branches:
+      - "main"
+  schedule:
+    - cron: "0 0 * * *"
+  workflow_dispatch:
+
+jobs:
+
+  mend:
+    uses: "puppetlabs/cat-github-actions/.github/workflows/mend_ruby.yml@main"
+    secrets: "inherit"
@@ -26,7 +26,7 @@
   $package_ensure               = 'present'
   $module_workdir               = pick($module_workdir,'/tmp')
   $password_encryption          = undef
-  $extra_systemd_config         = ''
+  $extra_systemd_config         = undef
   $manage_datadir               = true
   $manage_logdir                = true
   $manage_xlogdir               = true
 
@@ -2,7 +2,7 @@
 #
 # @param ensure Removes an entry if set to 'absent'.
 # @param value Defines the value for the setting.
-# @param path Path for postgresql.conf 
+# @param path Path for postgresql.conf
 #
 define postgresql::server::config_entry (
   Enum['present', 'absent']             $ensure = 'present',
@@ -70,10 +70,6 @@
     'max_pred_locks_per_transaction'      => undef,
   }
 
-  Exec {
-    logoutput => 'on_failure',
-  }
-
   if ! ($name in $requires_restart_until and (
       ! $requires_restart_until[$name] or
       versioncmp($postgresql::server::_version, $requires_restart_until[$name]) < 0
@@ -91,73 +87,6 @@
     }
   }
 
-  # We have to handle ports and the data directory in a weird and
-  # special way.  On early Debian and Ubuntu and RHEL we have to ensure
-  # we stop the service completely. On RHEL 7 we either have to create
-  # a systemd override for the port or update the sysconfig file, but this
-  # is managed for us in postgresql::server::config.
-  if $facts['os']['name'] == 'Debian' or $facts['os']['name'] == 'Ubuntu' {
-    if $name == 'data_directory' {
-      $stop_command = ['service', $postgresql::server::service_name, 'stop']
-      $stop_onlyif = ['service', $postgresql::server::service_name, 'status']
-      $stop_unless = [['grep', "data_directory = '${value}'", $postgresql::server::postgresql_conf_path]]
-      exec { "postgresql_stop_${name}":
-        command => $stop_command,
-        onlyif  => $stop_onlyif,
-        unless  => $stop_unless,
-        path    => '/usr/sbin:/sbin:/bin:/usr/bin:/usr/local/bin',
-        before  => Postgresql_conf[$name],
-      }
-    }
-  } elsif $facts['os']['family'] == 'RedHat' and versioncmp($facts['os']['release']['major'], '7') < 0 {
-    if $name == 'port' {
-      # We need to force postgresql to stop before updating the port
-      # because puppet becomes confused and is unable to manage the
-      # service appropriately.
-      $stop_command = ['service', $postgresql::server::service_name, 'stop']
-      $stop_onlyif = ['service', $postgresql::server::service_name, 'status']
-      $stop_unless = "grep 'PGPORT=${shell_escape($value)}' /etc/sysconfig/pgsql/postgresql"
-      exec { "postgresql_stop_${name}":
-        command => $stop_command,
-        onlyif  => $stop_onlyif,
-        unless  => $stop_unless,
-        path    => '/sbin:/bin:/usr/bin:/usr/local/bin',
-        require => File['/etc/sysconfig/pgsql/postgresql'],
-      }
-      -> augeas { 'override PGPORT in /etc/sysconfig/pgsql/postgresql':
-        lens    => 'Shellvars.lns',
-        incl    => '/etc/sysconfig/pgsql/postgresql',
-        context => '/files/etc/sysconfig/pgsql/postgresql',
-        changes => "set PGPORT ${value}",
-        require => File['/etc/sysconfig/pgsql/postgresql'],
-        notify  => Class['postgresql::server::service'],
-        before  => Class['postgresql::server::reload'],
-      }
-    } elsif $name == 'data_directory' {
-      # We need to force postgresql to stop before updating the data directory
-      # otherwise init script breaks
-      $stop_command = ['service', $postgresql::server::service_name, 'stop']
-      $stop_onlyif = ['service', $postgresql::server::service_name, 'status']
-      $stop_unless = [['grep', "PGDATA=${value}", '/etc/sysconfig/pgsql/postgresql']]
-      exec { "postgresql_${name}":
-        command => $stop_command,
-        onlyif  => $stop_onlyif,
-        unless  => $stop_unless,
-        path    => '/sbin:/bin:/usr/bin:/usr/local/bin',
-        require => File['/etc/sysconfig/pgsql/postgresql'],
-      }
-      -> augeas { 'override PGDATA in /etc/sysconfig/pgsql/postgresql':
-        lens    => 'Shellvars.lns',
-        incl    => '/etc/sysconfig/pgsql/postgresql',
-        context => '/files/etc/sysconfig/pgsql/postgresql',
-        changes => "set PGDATA ${value}",
-        require => File['/etc/sysconfig/pgsql/postgresql'],
-        notify  => Class['postgresql::server::service'],
-        before  => Class['postgresql::server::reload'],
-      }
-    }
-  }
-
   postgresql_conf { $name:
     ensure  => $ensure,
     target  => $target,
 
@@ -217,25 +217,6 @@
     }
   }
 
-  # RedHat-based systems hardcode some PG* variables in the init script, and need to be overriden
-  # in /etc/sysconfig/pgsql/postgresql. Create a blank file so we can manage it with augeas later.
-  if $facts['os']['family'] == 'RedHat' and versioncmp($facts['os']['release']['major'], '7') < 0 {
-    file { '/etc/sysconfig/pgsql/postgresql':
-      ensure  => file,
-      replace => false,
-    }
-
-    # The init script from the packages of the postgresql.org repository
-    # sources an alternate sysconfig file.
-    # I. e. /etc/sysconfig/pgsql/postgresql-9.3 for PostgreSQL 9.3
-    # Link to the sysconfig file set by this puppet module
-    file { "/etc/sysconfig/pgsql/postgresql-${version}":
-      ensure  => link,
-      target  => '/etc/sysconfig/pgsql/postgresql',
-      require => File['/etc/sysconfig/pgsql/postgresql'],
-    }
-  }
-
   if ($manage_pg_ident_conf == true) {
     concat { $pg_ident_conf_path:
       owner  => $user,
@@ -246,58 +227,14 @@
     }
   }
   # lint:ignore:140chars
-  # RHEL 7 and 8 both support drop-in files for systemd units.  The old include directive is deprecated and may be removed in future systemd releases.
-  # Gentoo also supports drop-in files.
+  # RHEL 7 and 8 both support drop-in files for systemd units. Gentoo also supports drop-in files.
+  # Edit 02/2023 RHEL basedc Systems and Gentoo need Variables set for $PGPORT, $DATA_DIR or $PGDATA, thats what the drop-in file is for.
   # lint:endignore:140chars
   if $facts['os']['family'] in ['RedHat', 'Gentoo'] and $facts['service_provider'] == 'systemd' {
-    # While Puppet 6.1 and newer can do a daemon-reload if needed, systemd
-    # doesn't appear to report that correctly in all cases.
-    # One such case seems to be when an overriding unit file is removed from /etc
-    # and the original one from /lib *should* be used again.
-    #
-    # This can be removed when Puppet < 6.1 support is dropped *and* the file
-    # old-systemd-override is removed.
-    $systemd_command = ['systemctl', 'daemon-reload']
-    exec { 'restart-systemd':
-      command     => $systemd_command,
-      refreshonly => true,
-      path        => '/bin:/usr/bin:/usr/local/bin',
-      before      => Class['postgresql::server::service'],
-    }
-
-    file {
-      default:
-        ensure => file,
-        owner  => root,
-        group  => root,
-        notify => [Exec['restart-systemd'], Class['postgresql::server::service']],
-        before => Class['postgresql::server::reload'];
-
-      'systemd-conf-dir':
-        ensure => directory,
-        path   => "/etc/systemd/system/${service_name}.service.d";
-
-      # Template uses:
-      # - $facts['os']['name']
-      # - $facts['os']['release']['major']
-      # - $service_name
-      # - $port
-      # - $datadir
-      # - $extra_systemd_config
-      'systemd-override':
-        path    => "/etc/systemd/system/${service_name}.service.d/${service_name}.conf",
-        content => template('postgresql/systemd-override.erb'),
-        require => File['systemd-conf-dir'];
-    }
-
-    if $service_enable != 'mask' {
-      # Remove old unit file to avoid conflicts
-      file { 'old-systemd-override':
-        ensure => absent,
-        path   => "/etc/systemd/system/${service_name}.service",
-        notify => [Exec['restart-systemd'], Class['postgresql::server::service']],
-        before => Class['postgresql::server::reload'],
-      }
+    postgresql::server::instance::systemd { $service_name:
+      port                 => $port,
+      datadir              => $datadir,
+      extra_systemd_config => $extra_systemd_config,
     }
   }
 }
@@ -0,0 +1,31 @@
+# @summary This define handles systemd drop-in files for the postgres main instance (default) or additional instances
+# @param service_name Overrides the default PostgreSQL service name.
+# @param drop_in_ensure sets the Systemd drop-in file to present or absent
+# @api private
+define postgresql::server::instance::systemd (
+  Variant[String[1], Stdlib::Port] $port,
+  Stdlib::Absolutepath $datadir,
+  Optional[String[1]] $extra_systemd_config = undef,
+  String[1] $service_name                   = $name,
+  Enum[present, absent] $drop_in_ensure     = 'present',
+
+) {
+  # Template uses:
+  # - $port
+  # - $datadir
+  # - $extra_systemd_config
+  systemd::dropin_file { "${service_name}.conf":
+    ensure  => $drop_in_ensure,
+    unit    => "${service_name}.service",
+    owner   => 'root',
+    group   => 'root',
+    content => epp('postgresql/systemd-override.conf.epp', {
+        port                 => $port,
+        datadir              => $datadir,
+        extra_systemd_config => $extra_systemd_config,
+      }
+    ),
+    notify  => Class['postgresql::server::service'],
+    before  => Class['postgresql::server::reload'],
+  }
+}
@@ -1,3 +1,4 @@
+# lint:ignore:140chars
 # @summary This resource manages an individual rule that applies to the file defined in target.
 #
 # @param type Sets the type of rule.
@@ -10,13 +11,14 @@
 # @param order Sets an order for placing the rule in pg_hba.conf. This can be either a string or an integer. If it is an integer, it will be converted to a string by zero-padding it to three digits. E.g. 42 will be zero-padded to the string '042'. The pg_hba_rule fragments are sorted using the alpha sorting order. Default value: 150.
 # @param target Provides the target for the rule, and is generally an internal only property. Use with caution.
 # @param postgresql_version Manages pg_hba.conf without managing the entire PostgreSQL instance.
+# lint:endignore:140chars
 define postgresql::server::pg_hba_rule (
   Postgresql::Pg_hba_rule_type $type,
-  String $database,
-  String $user,
-  String $auth_method,
+  String[1] $database,
+  String[1] $user,
+  String[1] $auth_method,
   Optional[Postgresql::Pg_hba_rule_address] $address = undef,
-  String $description             = 'none',
+  String[1] $description          = 'none',
   Optional[String] $auth_option   = undef,
   Variant[String, Integer] $order = 150,
 
@@ -34,7 +36,7 @@
   }
 
   if $manage_pg_hba_conf == false {
-    fail('postgresql::server::manage_pg_hba_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests')
+    fail('postgresql::server::manage_pg_hba_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests') # lint:ignore:140chars
   } else {
     if($type =~ /^host/ and $address == undef) {
       fail('You must specify an address property when type is host based')
@@ -48,7 +50,7 @@
     }
 
     $allowed_auth_methods = $postgresql_version ? {
-      '10'  => ['trust', 'reject', 'scram-sha-256', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'],
+      '10'  => ['trust', 'reject', 'scram-sha-256', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'], # lint:ignore:140chars
       '9.6' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'],
       '9.5' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
       '9.4' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
@@ -60,7 +62,7 @@
       '8.3' => ['trust', 'reject', 'md5', 'crypt', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'pam'],
       '8.2' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'ldap', 'pam'],
       '8.1' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'pam'],
-      default => ['trust', 'reject', 'scram-sha-256', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'crypt', 'bsd']
+      default => ['trust', 'reject', 'scram-sha-256', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'crypt', 'bsd'] # lint:ignore:140chars
     }
 
     assert_type(Enum[$allowed_auth_methods], $auth_method)
@@ -69,7 +71,18 @@
     $fragname = "pg_hba_rule_${name}"
     concat::fragment { $fragname:
       target  => $target,
-      content => template('postgresql/pg_hba_rule.conf'),
+      content => epp('postgresql/pg_hba_rule.conf.epp', {
+          name        => $name,
+          description => $description,
+          order       => $order,
+          type        => $type,
+          database    => $database,
+          user        => $user,
+          address     => $address,
+          auth_method => $auth_method,
+          auth_option => $auth_option,
+        }
+      ),
       order   => $_order,
     }
   }
 
@@ -2,8 +2,12 @@
 #
 # @param map_name Sets the name of the user map that is used to refer to this mapping in pg_hba.conf.
 # @param system_username Specifies the operating system user name (the user name used to connect to the database).
-# @param database_username Specifies the user name of the database user. The system_username is mapped to this user name.
-# @param description Sets a longer description for this rule if required. This description is placed in the comments above the rule in pg_ident.conf. Default value: 'none'.
+# @param database_username
+#   Specifies the user name of the database user.
+#   The system_username is mapped to this user name.
+# @param description
+#   Sets a longer description for this rule if required.
+#   This description is placed in the comments above the rule in pg_ident.conf.
 # @param order Defines an order for placing the mapping in pg_ident.conf. Default value: 150.
 # @param target Provides the target for the rule and is generally an internal only property. Use with caution.
 define postgresql::server::pg_ident_rule (
@@ -18,13 +22,21 @@
   Variant[String[1], Stdlib::Absolutepath] $target = $postgresql::server::pg_ident_conf_path
 ) {
   if $postgresql::server::manage_pg_ident_conf == false {
-    fail('postgresql::server::manage_pg_ident_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests')
+    fail('postgresql::server::manage_pg_ident_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests') # lint:ignore:140chars
   } else {
     # Create a rule fragment
     $fragname = "pg_ident_rule_${name}"
     concat::fragment { $fragname:
       target  => $target,
-      content => template('postgresql/pg_ident_rule.conf'),
+      content => epp('postgresql/pg_ident_rule.conf.epp', {
+          name              => $name,
+          description       => $description,
+          order             => $order,
+          map_name          => $map_name,
+          system_username   => $system_username,
+          database_username => $database_username,
+        }
+      ),
       order   => $order,
     }
   }