|
| 1 | +# Port to use for the cluster -- can be used to provide a non-standard port |
| 2 | +# NOTE: If already set in the minion config, that value takes priority |
| 3 | +postgres.port: '5432' |
| 4 | + |
| 5 | +postgres: |
| 6 | + # UPSTREAM REPO |
| 7 | + # Set True to configure upstream postgresql.org repository for YUM/APT/ZYPP |
| 8 | + use_upstream_repo: False |
| 9 | + # # Version to install from upstream repository (if upstream_repo: True) |
| 10 | + # version: '10' |
| 11 | + # # Set True to add a file in /etc/profile.d adding the bin dir in $PATH |
| 12 | + # # as packages from upstream put them somewhere like /usr/pgsql-10/bin |
| 13 | + # add_profile: False |
| 14 | + # # If automatic package installation fails, use `fromrepo` to specify the |
| 15 | + # # upstream repo to install packages from [#133, #185] (if upstream_repo: True) |
| 16 | + # fromrepo: 'jessie-pgdg' |
| 17 | + |
| 18 | + # ### MACOS |
| 19 | + # # Set to 'postgresapp' OR 'homebrew' for MacOS |
| 20 | + # # use_upstream_repo: 'postgresapp' |
| 21 | + # # use_upstream_repo: 'homebrew' |
| 22 | + |
| 23 | + # # PACKAGE |
| 24 | + # # These pillars are typically never required. |
| 25 | + # # pkg: 'postgresql' |
| 26 | + # # pkg_client: 'postgresql-client' |
| 27 | + # # service: postgresql |
| 28 | + # pkgs_extra: |
| 29 | + # - postgresql-contrib |
| 30 | + # - postgresql-plpython |
| 31 | + |
| 32 | + # # CLUSTER |
| 33 | + # # The default `encoding` is derived from the `locale` so not recommended |
| 34 | + # # to provide a value for it unless necessary |
| 35 | + # cluster: |
| 36 | + # locale: en_GB.UTF-8 |
| 37 | + # # encoding: UTF8 |
| 38 | + # |
| 39 | + # #'Alternatives system' priority incremental. 0 disables feature. |
| 40 | + # linux: |
| 41 | + # altpriority: 30 |
| 42 | + # |
| 43 | + # # macos limits |
| 44 | + # limits: |
| 45 | + # soft: 64000 |
| 46 | + # hard: 128000 |
| 47 | + |
| 48 | + # POSTGRES |
| 49 | + # Append the lines under this item to your postgresql.conf file. |
| 50 | + # Pay attention to indent exactly with 4 spaces for all lines. |
| 51 | + postgresconf: |- |
| 52 | + listen_addresses = '*' # listen on all interfaces |
| 53 | +
|
| 54 | + # Path to the `pg_hba.conf` file Jinja template on Salt Fileserver |
| 55 | + pg_hba.conf: salt://postgres/templates/pg_hba.conf.j2 |
| 56 | + |
| 57 | + # This section covers ACL management in the ``pg_hba.conf`` file. |
| 58 | + # acls list controls: which hosts are allowed to connect, how clients |
| 59 | + # are authenticated, which PostgreSQL user names they can use, which |
| 60 | + # databases they can access. Records take one of these forms: |
| 61 | + # |
| 62 | + # acls: |
| 63 | + # - ['local', 'DATABASE', 'USER', 'METHOD'] |
| 64 | + # - ['host', 'DATABASE', 'USER', 'ADDRESS', 'METHOD'] |
| 65 | + # - ['hostssl', 'DATABASE', 'USER', 'ADDRESS', 'METHOD'] |
| 66 | + # - ['hostnossl', 'DATABASE', 'USER', 'ADDRESS', 'METHOD'] |
| 67 | + # |
| 68 | + # The uppercase items must be replaced by actual values. |
| 69 | + # METHOD could be omitted, 'md5' will be appended by default. |
| 70 | + # |
| 71 | + # If ``acls`` item value is empty ('', [], null), then the contents of |
| 72 | + # ``pg_hba.conf`` file will not be touched at all. |
| 73 | + acls: |
| 74 | + - ['local', 'db0', 'connuser', 'peer map=users_as_appuser'] |
| 75 | + - ['local', 'db1', 'localUser'] |
| 76 | + - ['host', 'db2', 'remoteUser', '192.168.33.0/24'] |
| 77 | + |
| 78 | + identity_map: |
| 79 | + - ['users_as_appuser', 'jdoe', 'connuser'] |
| 80 | + - ['users_as_appuser', 'jsmith', 'connuser'] |
| 81 | + |
| 82 | + # Backup extension for configuration files, defaults to ``.bak``. |
| 83 | + # Set ``False`` to stop creation of backups when config files change. |
| 84 | + {%- if salt['status.time']|default(none) is callable %} |
| 85 | + config_backup: ".backup@{{ salt['status.time']('%y-%m-%d_%H:%M:%S') }}" |
| 86 | + {%- endif %} |
| 87 | + |
| 88 | + {# {%- if grains['init'] == 'unknown' %} #} |
| 89 | + {# #} |
| 90 | + {# # If Salt is unable to detect init system running in the scope of state run, #} |
| 91 | + {# # probably we are trying to bake a container/VM image with PostgreSQL. #} |
| 92 | + {# # Use ``bake_image`` setting to control how PostgreSQL will be started: if set #} |
| 93 | + {# # to ``True`` the raw ``pg_ctl`` will be utilized instead of packaged init #} |
| 94 | + {# # script, job or unit run with Salt ``service`` state. #} |
| 95 | + {# bake_image: True #} |
| 96 | + {# #} |
| 97 | + {# {%- endif %} #} |
| 98 | + |
| 99 | + # Create/remove users, tablespaces, databases, schema and extensions. |
| 100 | + # Each of these dictionaries contains PostgreSQL entities which |
| 101 | + # mapped to the ``postgres_*`` Salt states with arguments. See the Salt |
| 102 | + # documentation to get all supported argument for a particular state. |
| 103 | + # |
| 104 | + # Format is the following: |
| 105 | + # |
| 106 | + #<users|tablespaces|databases|schemas|extensions>: |
| 107 | + # NAME: |
| 108 | + # ensure: <present|absent> # 'present' is the default |
| 109 | + # ARGUMENT: VALUE |
| 110 | + # ... |
| 111 | + # |
| 112 | + # where 'NAME' is the state name, 'ARGUMENT' is the kwarg name, and |
| 113 | + # 'VALUE' is kwarg value. |
| 114 | + # |
| 115 | + # For example, the Pillar: |
| 116 | + # |
| 117 | + # users: |
| 118 | + # testUser: |
| 119 | + # password: test |
| 120 | + # |
| 121 | + # will render such state: |
| 122 | + # |
| 123 | + # postgres_user-testUser: |
| 124 | + # postgres_user.present: |
| 125 | + # - name: testUser |
| 126 | + # - password: test |
| 127 | + users: |
| 128 | + localUser: |
| 129 | + ensure: present |
| 130 | + password: '98ruj923h4rf' |
| 131 | + createdb: False |
| 132 | + createroles: False |
| 133 | + inherit: True |
| 134 | + replication: False |
| 135 | + |
| 136 | + remoteUser: |
| 137 | + ensure: present |
| 138 | + password: '98ruj923h4rf' |
| 139 | + createdb: False |
| 140 | + createroles: False |
| 141 | + inherit: True |
| 142 | + replication: False |
| 143 | + |
| 144 | + absentUser: |
| 145 | + ensure: absent |
| 146 | + |
| 147 | + # tablespaces to be created |
| 148 | + tablespaces: |
| 149 | + my_space: |
| 150 | + directory: /srv/my_tablespace |
| 151 | + owner: localUser |
| 152 | + |
| 153 | + # databases to be created |
| 154 | + databases: |
| 155 | + db1: |
| 156 | + owner: 'localUser' |
| 157 | + # template: 'template0' |
| 158 | + # lc_ctype: 'en_US.UTF-8' |
| 159 | + # lc_collate: 'en_US.UTF-8' |
| 160 | + db2: |
| 161 | + owner: 'remoteUser' |
| 162 | + # template: 'template0' |
| 163 | + # lc_ctype: 'en_US.UTF-8' |
| 164 | + # lc_collate: 'en_US.UTF-8' |
| 165 | + tablespace: 'my_space' |
| 166 | + # set custom schema |
| 167 | + schemas: |
| 168 | + public: |
| 169 | + owner: 'localUser' |
| 170 | + # enable per-db extension |
| 171 | + {%- if grains.os_family == 'Debian' and grains.osfinger != 'Debian-8' %} |
| 172 | + extensions: |
| 173 | + uuid-ossp: |
| 174 | + schema: 'public' |
| 175 | + {%- endif %} |
| 176 | + |
| 177 | + # optional schemas to enable on database |
| 178 | + schemas: |
| 179 | + uuid-ossp: |
| 180 | + dbname: db1 |
| 181 | + owner: localUser |
| 182 | + |
| 183 | + # optional extensions to install in schema |
| 184 | + {%- if grains.os_family == 'Debian' and grains.osfinger != 'Debian-8' %} |
| 185 | + extensions: |
| 186 | + uuid-ossp: |
| 187 | + schema: uuid-ossp |
| 188 | + maintenance_db: db1 |
| 189 | + # postgis: {} |
| 190 | + {%- endif %} |
| 191 | + |
| 192 | + # remove: |
| 193 | + # data: True |
| 194 | + # multiple_releases: True |
| 195 | + # releases: ['9.6', '10',] |
| 196 | + |
| 197 | +# vim: ft=yaml ts=2 sts=2 sw=2 et |
0 commit comments