OP#207fix variable relationship and add firewall rule

Auto-merge for build 57

See merge request puppet/postgresql_cd!40

.gitignore

@@ -3,3 +3,4 @@
 Gemfile.lock
 FileList
 .scannerwork
+.vscode

.vscode/settings.json

@@ -1,53 +0,0 @@
-{
-    "cSpell.words": [
-        "archivedir",
-        "autovacuum",
-        "bgwriter",
-        "bitmapscan",
-        "bytea",
-        "conninfo",
-        "csvlog",
-        "csvlogs",
-        "datestyle",
-        "ecdh",
-        "fdatasync",
-        "geqo",
-        "hashagg",
-        "hashjoin",
-        "hostssl",
-        "indexonlyscan",
-        "indexscan",
-        "initdb",
-        "intervalstyle",
-        "keepalives",
-        "KEEPCNT",
-        "KEEPIDLE",
-        "KEEPINTVL",
-        "keytab",
-        "llvmjit",
-        "logfile",
-        "logfiles",
-        "maxpages",
-        "mergejoin",
-        "mmap",
-        "multixact",
-        "naptime",
-        "nestloop",
-        "partitionwise",
-        "pgsql",
-        "restartpoint",
-        "seqscan",
-        "seqscans",
-        "sysconfdir",
-        "sysv",
-        "tablespace",
-        "tablespaces",
-        "tidscan",
-        "timezonesets",
-        "walsender",
-        "writethrough",
-        "xacts",
-        "xmlbinary",
-        "xmloption"
-    ]
-}

Jenkinsfile

@@ -69,7 +69,7 @@ pipeline {
             withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) {
               sh '''
               /opt/sonar-scanner/bin/sonar-scanner \
-                -Dsonar.projectKey=postgresql_cd \
+                -Dsonar.projectKey=confdroid_postgresql \
                 -Dsonar.sources=. \
                 -Dsonar.host.url=https://sonarqube.confdroid.com \
                 -Dsonar.token=$SONAR_TOKEN
@@ -93,6 +93,30 @@ pipeline {
                 git add -A && git commit -am "Recommit for updates in build $BUILD_NUMBER" || echo "No changes to commit"
                 git push origin HEAD:master
             '''
+          }
+        }
+      }
+
+      stage('Mirror to Gitea') {
+        steps {
+          withCredentials([usernamePassword(
+            credentialsId: 'Jenkins-gitea',
+            usernameVariable: 'GITEA_USER',
+            passwordVariable: 'GITEA_TOKEN')]) {
+            script {
+              // Checkout from GitLab (already done implicitly)
+                sh '''
+                  git checkout master
+                  git pull origin master
+                  git branch -D development
+                  git branch -D jenkins-build-$BUILD_NUMBER
+                  git rm -f Jenkinsfile
+                  git commit --amend --no-edit --allow-empty
+                  git remote add master https://gitea.confdroid.com/confdroid/confdroid_postgresql.git
+                  git -c credential.helper="!f() { echo username=${GITEA_USER}; echo password=${GITEA_TOKEN}; }; f" \
+                  push master --mirror
+                '''
+          }
         }
       }
     }

README.md

@@ -1,14 +1,12 @@
 # Readme
 
-[![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=postgresql_cd)](https://jenkins.confdroid.com/job/postfresql_cd/)
+[![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=confdroid_postgresql)](https://jenkins.confdroid.com/job/postfresql_cd/)
-
-[[_TOC_]]
 
 ## Synopsis
 
 PostgreSQL is a powerful modern open source SQL database server.
 
-`postgresql_cd` is a Puppet module to automate installation, configuration and management of all aspects of PostgreSQL for Puppet 8
+`confdroid_postgresql` is a Puppet module to automate installation, configuration and management of all aspects of PostgreSQL(standalone) for Puppet 8
 
 ## WARNING
 
@@ -18,7 +16,7 @@ PostgreSQL is a powerful modern open source SQL database server.
 
 Installation
 
-* install binaries as per given parameters for major and minor version
+* install binaries
 * initialize the database cluster
 
 Configuration
@@ -26,6 +24,12 @@ Configuration
 * manage directory structure including file system permissions and selinux context
 * manage service status
 
+Optional:
+
+* manage single line entries in pg_hba via define
+* manage roles and databases via define (set `$pl_manage_content` to true)
+* manage extensions (set `pl_manage_extensions`to `true`)
+* install and manage pg_bouncer (set `pl_use_pg_bouncer`to `true`)
 
 ## Repo Documentation
 
@@ -43,13 +47,13 @@ via site.pp or nodes.pp
 
 ```ruby
 node 'example.example.net' {
-  include postgresql_cd
+  include confdroid_postgresql
 }
 ```
 
 * through Foreman:
 
-In order to apply parameters through Foreman, **__postgresql_cd::params__** must be added to the host or host group in question.
+In order to apply parameters through Foreman, **__confdroid_postgresql::params__** must be added to the host or host group in question.
 
 See [more details about class deployment on Confdroid.com](https://confdroid.com/2017/05/deploying-our-puppet-modules/).
 

manifests/bouncer/bouncer.pp

@@ -0,0 +1,56 @@
+## confdroid_postgresql::bouncer::bouncer.pp
+# Module name: confdroid_postgresql
+# Author: 12ww1160 (12ww1160@confdroid.com)
+# @summary Class manages the pgbouncer service
+# @example  confdroid_postgresql::bouncer::bouncer_rule { 'test connection':
+#     pl_bouncer_db_name    => 'test',
+#     pl_bouncer_host       => '127.0.0.7',
+#     pl_bouncer_host_port  => '5432',
+#     pl_bouncer_user       => 'test_user',
+#     pl_bouncer_order      => '001',
+#   }
+###############################################################################
+class confdroid_postgresql::bouncer::bouncer (
+
+) inherits confdroid_postgresql::params {
+  if ($fqdn == $pl_server_fqdn) and ($pl_use_pg_bouncer == true) {
+    # ensure directory exists
+    file { $pl_bouncer_dir:
+      ensure   => directory,
+      owner    => 'root',
+      group    => 'root',
+      mode     => '0750',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => etc_t,
+      seluser  => system_u,
+    }
+    # create auth user file to be populated through placeholder
+    file { $pl_bouncer_auth_file:
+      ensure   => file,
+      owner    => 'pgbouncer',
+      group    => 'pgbouncer',
+      mode     => '0440',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => etc_t,
+      seluser  => system_u,
+      content  => template($pl_bouncer_auth_erb),
+    }
+
+    # create the pgbouncer.ini file
+    concat { $pl_bouncer_ini_file:
+      ensure => present,
+      owner  => 'pgbouncer',
+      mode   => '0600',
+      #notify => Service[$pl_service],
+    }
+
+    # manage file header
+    concat::fragment { 'bouncer_header':
+      target  => $pl_bouncer_ini_file,
+      content => template($pl_bouncer_ini_erb),
+      order   => '000',
+    }
+  }
+}

manifests/bouncer/bouncer_rule.pp

@@ -0,0 +1,31 @@
+# confdroid_postgresql::bouncer::bouncer_rule.pp
+# Module name: confdroid_postgresql
+# Author: 12ww1160 (12ww1160@confdroid.com)
+# @summary define manages rule entries for bouncer rules
+# @see https://www.postgresql.org/docs/9.6/static/auth-pg-hba-conf.html
+# @param [String] pl_bouncer_db_name db name for the bouncer rule
+# @param [String] pl_bouncer_host IP of the db host to bounce to
+# @param [String] pl_bouncer_host_port port of the db host to bounce to
+# @param [String] pl_bouncer_user user for the connection. Must be defined in
+#   userlist.txt
+# @param [String] pl_bouncer_order the order in which the rule should appear
+##############################################################################
+define confdroid_postgresql::bouncer::bouncer_rule (
+
+  String $pl_bouncer_db_name    = undef,
+  String $pl_bouncer_host       = '127.0.0.1',
+  String $pl_bouncer_host_port  = '5432',
+  String $pl_bouncer_user       = undef,
+  String $pl_bouncer_order      = undef,
+
+) {
+  $pl_bouncer_ini_file    = $confdroid_postgresql::params::pl_bouncer_ini_file
+  $pl_bouncer_ini_erb     = $confdroid_postgresql::params::pl_bouncer_ini_erb
+  $pl_bouncer_rule_erb    = $confdroid_postgresql::params::pl_bouncer_rule_erb
+
+  concat::fragment { "pl_bouncer_rule_${name}":
+    target  => $pl_bouncer_ini_file,
+    content => template($pl_bouncer_rule_erb),
+    order   => $pl_bouncer_order,
+  }
+}

manifests/bouncer/service.pp

@@ -0,0 +1,18 @@
+## confdroid_postgresql::bouncer::service.pp
+# Module name: confdroid_postgresql
+# Author: 12ww1160 (12ww1160@confdroid.com)
+# @summary Class manages the pgbouncer service
+###############################################################################
+class confdroid_postgresql::bouncer::service (
+
+) inherits confdroid_postgresql::params {
+  if ($fqdn == $pl_server_fqdn) and ($pl_use_pg_bouncer == true) {
+    require confdroid_postgresql::bouncer::bouncer
+    service { $pl_bouncer_service:
+      ensure     => running,
+      hasstatus  => true,
+      hasrestart => true,
+      enable     => true,
+    }
+  }
+}

manifests/exporter/dirs.pp

@@ -0,0 +1,21 @@
+## confdroid_postgresql::exporter::dirs.pp
+# Module name: confdroid_postgresql
+# Author: 12ww1160 (12ww1160@confdroid.com)
+# @summary Class manages the postgresql exporter dirs
+###############################################################################
+class confdroid_postgresql::exporter::dirs (
+
+) inherits confdroid_postgresql::params {
+  if ($fqdn == $pl_server_fqdn) and ($pl_use_exporter == true) {
+    file { $pl_install_dir:
+      ensure   => directory,
+      owner    => 'postgres',
+      group    => 'postgres',
+      mode     => '0755',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => usr_t,
+      seluser  => system_u,
+    }
+  }
+}

manifests/exporter/files.pp

@@ -0,0 +1,12 @@
+## confdroid_postgresql::exporter::files.pp
+# Module name: confdroid_postgresql
+# Author: 12ww1160 (12ww1160@confdroid.com)
+# @summary Class manages the postgresql  exporter files
+###############################################################################
+class confdroid_postgresql::exporter::files (
+
+) inherits confdroid_postgresql::params {
+  if ($fqdn == $pl_server_fqdn) and ($pl_use_exporter == true) {
+    require confdroid_postgresql::exporter::dirs
+  }
+}

manifests/exporter/service.pp

@@ -0,0 +1,19 @@
+## confdroid_postgresql::exporter::service.pp
+# Module name: confdroid_postgresql
+# Author: 12ww1160 (12ww1160@confdroid.com)
+# @summary Class manages the postgresql exporter service
+###############################################################################
+class confdroid_postgresql::exporter::service (
+
+) inherits confdroid_postgresql::params {
+  if ($fqdn == $pl_server_fqdn) and ($pl_use_exporter == true) {
+    require confdroid_postgresql::exporter::files
+
+#    service { $pl_exporter_service:
+#      ensure     => running,
+#      hasstatus  => true,
+#      hasrestart => true,
+#      enable     => true,
+#    }
+  }
+}

manifests/firewall/iptables.pp

@@ -1,11 +1,11 @@
-## postgresql_cd::firewall::iptables.pp
+## confdroid_postgresql::firewall::iptables.pp
-# Module name: postgresql_cd
+# Module name: confdroid_postgresql
-# Author: Arne Teuke (arne_teuke@confdroid.com)
+# Author: 12ww1160 (12ww1160@confdroid.com)
 # @summary Class manages the alloy iptables
 ###############################################################################
-class postgresql_cd::firewall::iptables (
+class confdroid_postgresql::firewall::iptables (
 
-) inherits postgresql_cd::params {
+) inherits confdroid_postgresql::params {
   if ($fqdn == $pl_server_fqdn) and ($pl_enable_fw == true) {
     firewall { "${pl_fw_rule_order}${pl_fw_port} tcp port ${pl_fw_port}":
       source => $pl_source_range,
@@ -13,5 +13,13 @@ class postgresql_cd::firewall::iptables (
       dport  => $pl_fw_port,
       jump   => 'accept',
     }
+    if $pl_use_pg_bouncer == true {
+      firewall { "${pl_fw_rule_order}${pl_bouncer_port} tcp port ${pl_bouncer_port}":
+        source => $pl_source_range,
+        proto  => 'tcp',
+        dport  => $pl_bouncer_port,
+        jump   => 'accept',
+      }
+    }
   }
 }

manifests/init.pp

@@ -1,8 +1,8 @@
-## postgresql_cd::init.pp
+## confdroid_postgresql::init.pp
-# Module name: postgresql_cd
+# Module name: confdroid_postgresql
-# Author: Arne Teuke (arne_teuke@confdroid.com)
+# Author: 12ww1160 (12ww1160@confdroid.com)
-# @summary Class initializes the postgresql_cd module.
+# @summary Class initializes the confdroid_postgresql module.
 ##############################################################################
-class postgresql_cd {
+class confdroid_postgresql {
-  include postgresql_cd::params
+  include confdroid_postgresql::params
 }

manifests/main/config.pp

@@ -1,10 +1,20 @@
-## postgresql_cd::main::config.pp
+## confdroid_postgresql::main::config.pp
-# Module name: postgresql_cd
+# Module name: confdroid_postgresql
-# Author: Arne Teuke (arne_teuke@confdroid.com)
+# Author: 12ww1160 (12ww1160@confdroid.com)
-# @summary Class manages logic for the postgresql_cd module.
+# @summary Class manages logic for the confdroid_postgresql module.
 ##############################################################################
-class postgresql_cd::main::config (
+class confdroid_postgresql::main::config (
 
-) inherits postgresql_cd::params {
+) inherits confdroid_postgresql::params {
-  include postgresql_cd::server::service
+  require confdroid_postgresql::main::install
+
+  if $fqdn == $pl_server_fqdn {
+    include confdroid_postgresql::server::service
+#    if $pl_use_exporter == true {
+#      include confdroid_postgresql::exporter::service
+#    }
+    if $pl_use_pg_bouncer == true {
+      include confdroid_postgresql::bouncer::service
+    }
+  }
 }

manifests/main/dirs.pp

@@ -1,10 +1,10 @@
-## postgresql_cd::main::dirs.pp
+## confdroid_postgresql::main::dirs.pp
-# Module name: postgresql_cd
+# Module name: confdroid_postgresql
-# Author: Arne Teuke (arne_teuke@confdroid.com)
+# Author: 12ww1160 (12ww1160@confdroid.com)
-# @summary Class manages logic for the postgresql_cd module.
+# @summary Class manages logic for the confdroid_postgresql module.
 ##############################################################################
-class postgresql_cd::main::dirs (
+class confdroid_postgresql::main::dirs (
 
-) inherits postgresql_cd::params {
+) inherits confdroid_postgresql::params {
-  require postgresql_cd::main::install
+  require confdroid_postgresql::main::install
 }

manifests/main/files.pp

@@ -1,27 +1,14 @@
-## postgresql_cd::main::files.pp
+## confdroid_postgresql::main::files.pp
-# Module name: postgresql_cd
+# Module name: confdroid_postgresql
-# Author: Arne Teuke (arne_teuke@confdroid.com)
+# Author: 12ww1160 (12ww1160@confdroid.com)
-# @summary Class manages logic for the postgresql_cd module.
+# @summary Class manages logic for the confdroid_postgresql module.
 ##############################################################################
-class postgresql_cd::main::files (
+class confdroid_postgresql::main::files (
 
-) inherits postgresql_cd::params {
+) inherits confdroid_postgresql::params {
   if $fqdn == $pl_server_fqdn {
-    require postgresql_cd::server::initdb
+    require confdroid_postgresql::server::initdb
-    require postgresql_cd::main::dirs
+    require confdroid_postgresql::main::dirs
-
-    file { '/var/lib/pgsql/data/pg_hba.conf':
-      ensure   => file,
-      owner    => 'postgres',
-      group    => 'postgres',
-      mode     => '0600',
-      selrange => s0,
-      selrole  => object_r,
-      seltype  => postgresql_db_t,
-      seluser  => unconfined_u,
-      content  => template('postgresql_cd/pg_hba.conf.erb'),
-      notify   => Service[$pl_service],
-    }
 
     file { '/var/lib/pgsql/data/postgresql.conf':
       ensure   => file,
@@ -32,7 +19,7 @@ class postgresql_cd::main::files (
       selrole  => object_r,
       seltype  => postgresql_db_t,
       seluser  => unconfined_u,
-      content  => template('postgresql_cd/postgresql.conf.erb'),
+      content  => template('confdroid_postgresql/postgresql.conf.erb'),
       notify   => Service[$pl_service],
     }
   }

manifests/main/install.pp

@@ -1,11 +1,11 @@
-## postgresql_cd::main::install.pp
+## confdroid_postgresql::main::install.pp
-# Module name: postgresql_cd
+# Module name: confdroid_postgresql
-# Author: Arne Teuke (arne_teuke@confdroid.com)
+# Author: 12ww1160 (12ww1160@confdroid.com)
-# @summary Class manages logic for the postgresql_cd module.
+# @summary Class manages logic for the confdroid_postgresql module.
 ##############################################################################
-class postgresql_cd::main::install (
+class confdroid_postgresql::main::install (
 
-) inherits postgresql_cd::params {
+) inherits confdroid_postgresql::params {
   if $fqdn == $pl_server_fqdn {
     package { $reqpackages_server:
       ensure => $pkg_ensure,
@@ -13,6 +13,16 @@ class postgresql_cd::main::install (
     package { $reqpackages_client:
       ensure => $pkg_ensure,
     }
+    if $pl_manage_extensions == true {
+      package { $reqpackages_extensions:
+        ensure => $pkg_ensure,
+      }
+    }
+    if $pl_use_pg_bouncer == true {
+      package { $reqpackages_bouncer:
+        ensure => $pkg_ensure,
+      }
+    }
   }
 
   if $fqdn != $pl_server_fqdn {

manifests/params.pp

@@ -1,10 +1,13 @@
-## postgresql_cd::params.pp
+## confdroid_postgresql::params.pp
-# Module name: postgresql_cd
+# Module name: confdroid_postgresql
-# Author: Arne Teuke (arne_teuke@confdroid.com)
+# Author: 12ww1160 (12ww1160@confdroid.com)
+# @summary Class contains all parameters for the confdroid_postgresql module.
 # @param [String] pl_server_fqdn the fqdn of the postgresql server. Any other
 #   system will be configured as client
-# @param [String] reqpackages_server the packages for the server
+# @param [Array] reqpackages_server the packages for the server
+# @param [String] reqpackages_extensions the packages for extensions
 # @param [String] reqpackages_client the packages for the client
+# @param [String] reqpackages_bouncer the packages for the bouncer
 # @param [String] pkg_ensure which version of the packages to install, i.e.
 #   'latest', 'present' '13.20',
 # @param [String] pl_fw_rule_order the prefix for the firewall rule
@@ -14,15 +17,33 @@
 # @param [String] pl_listen_address which address should the service listen on
 # @param [String] pl_listen_port which port should the service listen on
 # @param [String] pl_max_conn maximum connections the service will accept
-# @summary Class contains all parameters for the postgresql_cd module.
+# @param [Boolean] pl_ssl_enabled whether SSL is enabled (true) or disabled (false)
+# @param [String] pl_server_crt the name of the server cert
+# @param [String] pl_server_key the name of the server key
+# @param [String] pl_ca_crt the name of the CA  crt
+# @param [Boolean] pl_manage_content whether to manage roles and databases
+# @param [Boolean] pl_manage_extensions whether to manage extensions
+# @param [Boolean] pl_use_exporter whether to use the postgresql-exporter
+# @param [String] pl_install_dir  the path for the postgres-exporter files
+# @param [String] pl_idle_timeout  idle_in_transaction_session_timeout
+# @param [Boolean] pl_use_pg_bouncer whether to use the pc_bouncer
+# @param [String] pl_bouncer_listen_addr bouncer listen address
+# @param [String] pl_bouncer_port bouncer listen port
+# @param [String] pl_bouncer_auth_mode bouncer auth mode
+# @param [String] pl_bouncer_auth_users placeholder for users
+# @param [String] pl_bouncer_pool_mode bouncer pool mode
+# @param [String] pl_bouncer_mx_cl_conn bouncer max client connections
+# @param [String] pl_bouncer_pool_size bouncer default pool size
 ##############################################################################
-class postgresql_cd::params (
+class confdroid_postgresql::params (
 
   String $pl_server_fqdn    = undef,
 
   # installation
-  String $reqpackages_server      = 'postgresql-server',
+  Array $reqpackages_server       = ['postgresql-server','postgresql-contrib'],
+  String $reqpackages_extensions  = 'timescaledb',
   String $reqpackages_client      = 'postgresql',
+  String $reqpackages_bouncer     = 'pgbouncer',
   String $pkg_ensure              = 'latest',
 
   # firewall
@@ -34,7 +55,28 @@ class postgresql_cd::params (
   # main config
   String $pl_listen_address       = '*',
   String $pl_listen_port          = '5432',
-  String $pl_max_conn              = '100',
+  String $pl_max_conn             = '100',
+  String $pl_idle_timeout         = '60000',
+  Boolean $pl_ssl_enabled         = false,
+  String $pl_server_crt           = 'server.crt',
+  String $pl_server_key           = 'server.key',
+  String $pl_ca_crt               = 'root.crt',
+  Boolean $pl_manage_content      = true,
+  Boolean $pl_manage_extensions   = false,
+
+  # postgresql exporter
+  Boolean $pl_use_exporter        = false,
+  String $pl_install_dir          = '/opt/postgres-exporter',
+
+  # pg bouncer
+  Boolean $pl_use_pg_bouncer      = false,
+  String $pl_bouncer_listen_addr  = '0.0.0.0',
+  String $pl_bouncer_port         = '6432',
+  String $pl_bouncer_auth_mode    = 'md5',
+  String $pl_bouncer_auth_users   = '"pgbouncer" "fake"',
+  String $pl_bouncer_pool_mode    = 'transaction',
+  String $pl_bouncer_mx_cl_conn   = '100',
+  String $pl_bouncer_pool_size    = '20',
 
 ) {
   $fqdn                     = $facts['networking']['fqdn']
@@ -42,12 +84,25 @@ class postgresql_cd::params (
   $os_name                  = $facts['os']['name']
   $os_release               = $facts['os']['release']['major']
 
-  # Service
-  $pl_service               = 'postgresql'
-
   # Directories
   $pl_data_dir              = '/var/lib/pgsql/data/'
+  $pl_bouncer_dir           = '/etc/pgbouncer'
+
+  # files
+  $pl_pg_hba_conf           = "${pl_data_dir}/pg_hba.conf"
+  $pl_pg_hba_rule_conf      = 'confdroid_postgresql/server/pghba/pg_hba_rule.conf.erb'
+  $pl_pg_hba_conf_erb       = 'confdroid_postgresql/server/pghba/pg_hba.conf.erb'
+  $pl_bouncer_ini_file      = "${pl_bouncer_dir}/pgbouncer.ini"
+  $pl_bouncer_ini_erb       = 'confdroid_postgresql/server/bouncer/pgbouncer.ini.erb'
+  $pl_bouncer_auth_file     = "${pl_bouncer_dir}/userlist.txt"
+  $pl_bouncer_auth_erb      = 'confdroid_postgresql/server/bouncer/bouncer_users.erb'
+  $pl_bouncer_rule_erb      = 'confdroid_postgresql/server/bouncer/bouncer_rule.erb'
+
+  # Service
+  $pl_service               = 'postgresql'
+  $pl_exporter_service      = 'postgres_exporter'
+  $pl_bouncer_service       = 'pgbouncer'
 
   # includes must be last
-  include postgresql_cd::main::config
+  include confdroid_postgresql::main::config
 }

manifests/server/databases/db_df.pp

@@ -0,0 +1,47 @@
+## confdroid_postgresql::server::databases::db_df
+# Module name: confdroid_postgresql
+# Author: 12ww1160 (12ww1160@confdroid.com.com)
+# @summary define manages databases
+# @see https://www.postgresql.org/docs/9.6/static/managing-databases.html
+# @param [String] pl_db_name the name of the database to be created.
+# @param [String] pl_owner_name the name of the owner for the database
+#   (optional), if none specified, the  postgresql defaults will apply.
+# @param [String] pl_db_action whether to create or drop the database.
+#   'CREATE DATABASE' creates it, 'DROP DATABASE' drops it.
+# @param [String] pl_db_extension
+##############################################################################
+define confdroid_postgresql::server::databases::db_df (
+
+  Optional[String] $pl_db_name      = undef,
+  Optional[String] $pl_owner_name   = undef,
+  Optional[String] $pl_db_action    = undef,
+  String $pl_db_extension           = 'pg_trgm',
+) {
+  $pl_manage_content = $confdroid_postgresql::params::pl_manage_content
+
+  if $pl_manage_content == true {
+    # create databases
+
+    if $pl_db_action == 'CREATE DATABASE' {
+      exec { "create_database_${name}":
+        command => template('confdroid_postgresql/server/databases/db_create_sql.erb'),
+        user    => 'postgres',
+        path    => ['/usr/bin','/bin'],
+        cwd     => '/tmp',
+        unless  => template('confdroid_postgresql/server/databases/unless_db_sql.erb'),
+      }
+    }
+
+    # Drop databases
+
+    if $pl_db_action == 'DROP DATABASE' {
+      exec { "drop_database_${name}":
+        command => template('confdroid_postgresql/server/databases/db_drop_sql.erb'),
+        user    => 'postgres',
+        path    => ['/usr/bin','/bin'],
+        cwd     => '/tmp',
+        onlyif  => template('confdroid_postgresql/server/databases/unless_drop_sql.erb'),
+      }
+    }
+  }
+}

manifests/server/initdb.pp

@@ -1,12 +1,14 @@
-## postgresql_cd::server::initdb.pp
+## confdroid_postgresql::server::initdb.pp
-# Module name: postgresql_cd
+# Module name: confdroid_postgresql
-# Author: Arne Teuke (arne_teuke@confdroid.com)
+# Author: 12ww1160 (12ww1160@confdroid.com)
 # @summary Class initiates the database
 ###############################################################################
-class postgresql_cd::server::initdb (
+class confdroid_postgresql::server::initdb (
 
-) inherits postgresql_cd::params {
+) inherits confdroid_postgresql::params {
   if $fqdn == $pl_server_fqdn {
+    require confdroid_postgresql::main::install
+
     exec { 'init_pgsql_db':
       command => 'postgresql-setup --initdb',
       creates => "${pl_data_dir}/PG_VERSION",
@@ -14,5 +16,5 @@ class postgresql_cd::server::initdb (
     }
   }
 
-  include postgresql_cd::main::files
+  include confdroid_postgresql::main::files
 }

manifests/server/pghba/pg_hba.pp

@@ -0,0 +1,55 @@
+## confdroid_postgresql::server::pg_hba.pp
+# Module name: confdroid_postgresql
+# Author: 12ww1160 (arne_teuke@puppetsoft.com)
+# @summary Class manages pg_hba.conf file and line entries through define
+#   pg_hba_rule.pp
+# @example     confdroid_postgresql::server::pghba::pg_hba_rule { 'local access for role postgres':
+#      pl_auth_type        => 'local',
+#      pl_auth_database    => 'all',
+#      pl_auth_user        => 'postgres',
+#      pl_auth_method      => 'trust',
+#      pl_auth_order       => '001',
+#      pl_auth_option      => '',
+#    }
+##############################################################################
+class confdroid_postgresql::server::pghba::pg_hba (
+
+) inherits confdroid_postgresql::params {
+  if $fqdn == $pl_server_fqdn {
+    # create the pg_hba.conf file
+
+    concat { $pl_pg_hba_conf:
+      ensure => present,
+      owner  => 'postgres',
+      mode   => '0600',
+      notify => Service[$pl_service],
+    }
+
+    # manage file header
+
+    concat::fragment { 'pghba_header':
+      target  => $pl_pg_hba_conf,
+      content => template($pl_pg_hba_conf_erb),
+      order   => '000',
+    }
+
+    # manage default rules => should go into  external config set
+#    confdroid_postgresql::server::pghba::pg_hba_rule { 'local access for role postgres':
+#      pl_auth_type        => 'local',
+#      pl_auth_database    => 'all',
+#      pl_auth_user        => $ql_user_name,
+#      pl_auth_method      => 'trust',
+#      pl_auth_order       => '001',
+#      pl_auth_option      => $ql_auth_option,
+#    }
+
+#    confdroid_postgresql::server::pghba::pg_hba_rule { 'local access for all roles':
+#      pl_auth_type        => 'local',
+#      pl_auth_database    => 'all',
+#      pl_auth_user        => 'all',
+#      pl_auth_method      => 'trust',
+#      pl_auth_order       => '002',
+#      pl_auth_option      => $pl_auth_option,
+#    }
+  }
+}

manifests/server/pghba/pg_hba_rule.pp

@@ -0,0 +1,45 @@
+## confdroid_postgresql::server::pghba::pg_hba_rule
+# Module name: confdroid_postgresql
+# Author: 12ww1160 (12ww1160@confdroid.com)
+# @summary define manages rule entries for pg_hba configuration file
+# @see https://www.postgresql.org/docs/9.6/static/auth-pg-hba-conf.html
+# @param [string] pl_auth_type  Specify the authentication type, can be
+#   'local', 'host', 'hostssl' or 'hostnossl'.
+# @param [string] pl_auth_database Specify the database for the connection
+# @param [string] pl_auth_user Specify the user for the connection
+# @param [string] pl_auth_address Specify IP address or FQDN for the
+#   connection, i.e. where to connect FROM.
+# @param [string] pl_auth_method  Specify the auth method, can be 'trust',
+#   'reject', 'md5' , 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap',
+#   'radius', 'cert', 'pam','bsd'
+# @param [string] pl_auth_option After the auth-method field, there can be
+#   field(s) of the form name=value that specify options for the authentication
+#   method.
+# @param [string] pl_auth_order  Specify the  order in which the entry should
+#   appear on the list. Lower orders are higher on the list.
+# @param [string] pl_auth_description Specify a description for the entry.
+##############################################################################
+define confdroid_postgresql::server::pghba::pg_hba_rule (
+
+  Optional[String] $pl_auth_type         = undef,
+  Optional[String] $pl_auth_database     = undef,
+  Optional[String] $pl_auth_user         = undef,
+  Optional[String] $pl_auth_address      = undef,
+  Optional[String] $pl_auth_method       = undef,
+  Optional[String] $pl_auth_option       = undef,
+  Optional[String] $pl_auth_order        = undef,
+  Optional[String] $pl_auth_description  = undef,
+
+) {
+  $pl_pg_hba_conf       = $confdroid_postgresql::params::pl_pg_hba_conf
+  $pl_pg_hba_rule_conf  = $confdroid_postgresql::params::pl_pg_hba_rule_conf
+  $pl_data_dir          = $confdroid_postgresql::params::pl_data_dir
+
+# create rule fragment
+
+  concat::fragment { "pl_rule_${name}":
+    target  => $pl_pg_hba_conf,
+    content => template($pl_pg_hba_rule_conf),
+    order   => $pl_auth_order,
+  }
+}

manifests/server/roles/role_df.pp

@@ -0,0 +1,33 @@
+## confdroid_postgresql::server::roles::role_df
+# Module name: confdroid_postgresql
+# Author: 12ww1160 (12ww1160@confdroid.com)
+
+# @summary define manages databases
+# @see https://www.postgresql.org/docs/9.6/static/managing-databases.html
+# @param [string] pl_role_name the name of the role to be created.
+# @param [string] pl_role_pw the password to be created
+# @param [string] pl_role_attributes  attributes for the role to be created
+# @param [string] pl_role_status what to do with the role
+##############################################################################
+define confdroid_postgresql::server::roles::role_df (
+
+  Optional[String] $pl_role_name      = undef,
+  Optional[String] $pl_role_pw        = undef,
+  String $pl_role_attributes          = 'LOGIN',
+  String $pl_role_status              = 'CREATE ROLE',
+
+) {
+  $pl_manage_content  = $confdroid_postgresql::params::pl_manage_content
+
+  if $pl_manage_content == true {
+    # create the role
+
+    exec { "role_${name}":
+      command => template('confdroid_postgresql/server/roles/role.sql.erb'),
+      user    => 'postgres',
+      path    => ['/usr/bin','/bin'],
+      cwd     => '/tmp',
+      unless  => template('confdroid_postgresql/server/roles/unless_sql.erb'),
+    }
+  }
+}

manifests/server/service.pp

@@ -1,14 +1,15 @@
-## postgresql_cd::server::service.pp
+## confdroid_postgresql::server::service.pp
-# Module name: postgresql_cd
+# Module name: confdroid_postgresql
-# Author: Arne Teuke (arne_teuke@confdroid.com)
+# Author: 12ww1160 (12ww1160@confdroid.com)
 # @summary Class manages the postgresql service
 ###############################################################################
-class postgresql_cd::server::service (
+class confdroid_postgresql::server::service (
 
-) inherits postgresql_cd::params {
+) inherits confdroid_postgresql::params {
   if $fqdn == $pl_server_fqdn {
-    require postgresql_cd::firewall::iptables
+    require confdroid_postgresql::firewall::iptables
-    require postgresql_cd::server::initdb
+    require confdroid_postgresql::server::initdb
+    require confdroid_postgresql::server::pghba::pg_hba
 
     service { $pl_service:
       ensure     => running,

templates/pg_hba_rule.conf.erb

@@ -1,3 +0,0 @@
-# description:  <%=@name%>
-# order number: <%=@psql_auth_order%>
-<%= @pl_auth_type %>  <%= @pl_auth_database %>  <%= @pl_auth_user %> <%= @pl_auth_address %> <%=@pl_auth_method %> <%=@psql_auth_option%>

templates/postgresql.conf.erb

@@ -93,13 +93,32 @@ max_connections     = <%= @pl_max_conn %>
 #krb_server_keyfile = 'FILE:${sysconfdir}/krb5.keytab'
 #krb_caseins_users = off
 
+# - Shared Library Preloading -
+<% if @pl_manage_extensions == true -%>
+shared_preload_libraries = '<%= @reqpackages_extensions %>'
+<% else -%>
+# shared_preload_libraries = ''
+<% end -%>
+#local_preload_libraries = ''
+#session_preload_libraries = ''
+#jit_provider = 'llvmjit'		# JIT library to use
+
+
 # - SSL -
 
-#ssl = off
+<% if @pl_ssl_enabled == true -%>
-#ssl_ca_file = ''
+ssl 		= on
-#ssl_cert_file = 'server.crt'
+ssl_ca_file 	= '<%= @pl_data_dir %><%= @pl_ca_crt -%>'
+ssl_cert_file 	= '<%= @pl_data_dir %><%= @pl_server_crt -%>'
+ssl_key_file 	= '<%= @pl_data_dir %><%= @pl_server_key -%>'
+<% end -%>
+<% if @pl_ssl_enabled != true -%>
+ssl = off
+<% end -%>
+
+idle_in_transaction_session_timeout = <%= @pl_idle_timeout %>
+
 #ssl_crl_file = ''
-#ssl_key_file = 'server.key'
 #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
 #ssl_prefer_server_ciphers = on
 #ssl_ecdh_curve = 'prime256v1'
@@ -657,7 +676,6 @@ log_timezone = 'Etc/UTC'
 #session_replication_role = 'origin'
 #statement_timeout = 0			# in milliseconds, 0 is disabled
 #lock_timeout = 0			# in milliseconds, 0 is disabled
-#idle_in_transaction_session_timeout = 0	# in milliseconds, 0 is disabled
 #vacuum_freeze_min_age = 50000000
 #vacuum_freeze_table_age = 150000000
 #vacuum_multixact_freeze_min_age = 5000000
@@ -698,13 +716,6 @@ lc_time = 'en_US.UTF-8'				# locale for time formatting
 # default configuration for text search
 default_text_search_config = 'pg_catalog.english'
 
-# - Shared Library Preloading -
-
-#shared_preload_libraries = ''	# (change requires restart)
-#local_preload_libraries = ''
-#session_preload_libraries = ''
-#jit_provider = 'llvmjit'		# JIT library to use
-
 # - Other Defaults -
 
 #dynamic_library_path = '$libdir'

templates/server/bouncer/bouncer_rule.erb

@@ -0,0 +1 @@
+<%= @pl_bouncer_db_name %> = host=<%= @pl_bouncer_host %> port=<%= @pl_bouncer_host_port %>  auth_user=<%= @pl_bouncer_user %> dbname=<%= @pl_bouncer_db_name %>

templates/server/bouncer/bouncer_users.erb

@@ -0,0 +1 @@
+<%= @pl_bouncer_auth_users %>

templates/server/bouncer/pgbouncer.ini.erb

@@ -0,0 +1,11 @@
+[pgbouncer]
+listen_addr = <%= @pl_bouncer_listen_addr %>
+listen_port = <%= @pl_bouncer_port %>
+auth_type = <%= @pl_bouncer_auth_mode %>
+auth_file = <%= @pl_bouncer_auth_file %>
+pool_mode = <%= @pl_bouncer_pool_mode %>
+max_client_conn = <%= @pl_bouncer_mx_cl_conn %>
+default_pool_size = <%= @pl_bouncer_pool_size %>
+ignore_startup_parameters = extra_float_digits
+
+[databases]

templates/server/bouncer/pgbouncer.ini.orig

@@ -0,0 +1,405 @@
+;;;
+;;; PgBouncer configuration file
+;;;
+
+;; database name = connect string
+;;
+;; connect string params:
+;;   dbname= host= port= user= password= auth_user=
+;;   client_encoding= datestyle= timezone=
+;;   pool_size= reserve_pool_size= max_db_connections=
+;;   pool_mode= connect_query= application_name=
+[databases]
+
+;; foodb over Unix socket
+;foodb =
+
+;; redirect bardb to bazdb on localhost
+;bardb = host=localhost dbname=bazdb
+
+;; access to dest database will go with single user
+;forcedb = host=localhost port=300 user=baz password=foo client_encoding=UNICODE datestyle=ISO connect_query='SELECT 1'
+
+;; use custom pool sizes
+;nondefaultdb = pool_size=50 reserve_pool_size=10
+
+;; use auth_user with auth_query if user not present in auth_file
+;; auth_user must exist in auth_file
+; foodb = auth_user=bar
+
+;; run auth_query on a specific database.
+; bardb = auth_dbname=foo max_db_client_connections=10
+
+;; fallback connect string
+;* = host=testserver
+
+;; User-specific configuration
+[users]
+
+;user1 = pool_size=5 reserve_pool_size=2 pool_mode=transaction max_user_connections=10 max_user_client_connections=20
+
+;; Configuration section
+[pgbouncer]
+
+;;;
+;;; Administrative settings
+;;;
+
+logfile = /var/log/pgbouncer/pgbouncer.log
+pidfile = /var/run/pgbouncer/pgbouncer.pid
+
+;;;
+;;; Where to wait for clients
+;;;
+
+;; IP address or * which means all IPs
+listen_addr = localhost
+listen_port = 6432
+
+;; Unix socket is also used for -R.
+;; On Debian it should be /var/run/postgresql
+;unix_socket_dir = /tmp
+;unix_socket_mode = 0777
+;unix_socket_group =
+
+;; The peer id used to identify this pgbouncer process in a group of pgbouncer
+;; processes that are peered together. When set to 0 pgbouncer peering is disabled
+;peer_id = 0
+
+;;; Notify client that they are queued after this many seconds
+;;; Disabled when set to 0
+;query_wait_notify = 5
+
+;;;
+;;; TLS settings for accepting clients
+;;;
+
+;; disable, allow, require, verify-ca, verify-full
+;client_tls_sslmode = disable
+
+;; Path to file that contains trusted CA certs
+;client_tls_ca_file = <system default>
+
+;; Private key and cert to present to clients.
+;; Required for accepting TLS connections from clients.
+;client_tls_key_file =
+;client_tls_cert_file =
+
+;; default, secure, fast, normal, <ciphersuite string>
+;client_tls_ciphers = default
+
+; TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256
+; TLS_AES_128_CCM_8_SHA256 TLS_AES_128_CCM_SHA256
+;client_tls13_ciphers =
+
+;; all, secure, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3
+;client_tls_protocols = secure
+
+;; none, auto, legacy
+;client_tls_dheparams = auto
+
+;; none, auto, <curve name>
+;client_tls_ecdhcurve = auto
+
+;;;
+;;; TLS settings for connecting to backend databases
+;;;
+
+;; disable, allow, prefer, require, verify-ca, verify-full
+;server_tls_sslmode = prefer
+
+;; Path to that contains trusted CA certs
+;server_tls_ca_file = <system default>
+
+;; Private key and cert to present to backend.
+;; Needed only if backend server require client cert.
+;server_tls_key_file =
+;server_tls_cert_file =
+
+;; all, secure, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3
+;server_tls_protocols = secure
+
+;; default, secure, fast, normal, <ciphersuite string>
+;server_tls_ciphers = default
+
+;; See client_tls13_ciphers.
+;server_tls13_ciphers =
+
+;;;
+;;; Authentication settings
+;;;
+
+;; any, trust, plain, md5, cert, hba, ldap, pam
+auth_type = md5
+auth_file = /etc/pgbouncer/userlist.txt
+
+;; Path to HBA-style auth config
+;auth_hba_file =
+
+;; Path to Pg-ident-style map file
+;auth_ident_file =
+
+;; LDAP connection options when "auth_type = ldap"
+;auth_ldap_options =
+
+;; Query to use to fetch password from database.  Result
+;; must have 2 columns - username and password hash.
+;auth_query = SELECT rolname, CASE WHEN rolvaliduntil < pg_catalog.now() THEN NULL ELSE rolpassword END FROM pg_authid WHERE rolname=$1 AND rolcanlogin
+
+;; Authentication database that can be set globally to run "auth_query".
+;auth_dbname =
+
+;;;
+;;; Users allowed into database 'pgbouncer'
+;;;
+
+;; comma-separated list of users who are allowed to change settings
+admin_users = postgres
+
+;; comma-separated list of users who are just allowed to use SHOW command
+stats_users = stats, postgres
+
+;;;
+;;; Pooler personality questions
+;;;
+
+;; When server connection is released back to pool:
+;;   session      - after client disconnects (default)
+;;   transaction  - after transaction finishes
+;;   statement    - after statement finishes
+;pool_mode = session
+
+;; Number of prepared statements to cache on a server connection (zero value
+;; disables support of prepared statements).
+;max_prepared_statements = 0
+
+;; The number of computational iterations to be performed when
+;; encrypting a password using SCRAM-SHA-256.
+;scram_iterations = 4096
+
+;; Query for cleaning connection immediately after releasing from
+;; client.  No need to put ROLLBACK here, pgbouncer does not reuse
+;; connections where transaction is left open.
+;server_reset_query = DISCARD ALL
+
+;; Whether server_reset_query should run in all pooling modes.  If it
+;; is off, server_reset_query is used only for session-pooling.
+;server_reset_query_always = 0
+
+;; Comma-separated list of parameters to track per client.  The
+;; Postgres parameters listed here will be cached per client by
+;; pgbouncer and restored in server every time the client runs a query.
+;track_extra_parameters = IntervalStyle
+
+;; Comma-separated list of parameters to ignore when given in startup
+;; packet.  Newer JDBC versions require the extra_float_digits here.
+;ignore_startup_parameters = extra_float_digits
+
+;; When taking idle server into use, this query is run first.
+;server_check_query = select 1
+
+;; If server was used more recently that this many seconds ago,
+;; skip the check query.  Value 0 may or may not run in immediately.
+;server_check_delay = 30
+
+;; Close servers in session pooling mode after a RECONNECT, RELOAD,
+;; etc. when they are idle instead of at the end of the session.
+;server_fast_close = 0
+
+;; Use <appname - host> as application_name on server.
+;application_name_add_host = 0
+
+;; Period for updating aggregated stats.
+;stats_period = 60
+
+;;;
+;;; Connection limits
+;;;
+
+;; Total number of clients that can connect
+;max_client_conn = 100
+
+;; Default pool size.  20 is good number when transaction pooling
+;; is in use, in session pooling it needs to be the number of
+;; max clients you want to handle at any moment
+;default_pool_size = 20
+
+;; Minimum number of server connections to keep in pool.
+;min_pool_size = 0
+
+; how many additional connection to allow in case of trouble
+;reserve_pool_size = 0
+
+;; If a clients needs to wait more than this many seconds, use reserve
+;; pool.
+;reserve_pool_timeout = 5
+
+;; Maximum number of server connections for a database
+;max_db_connections = 0
+
+;; Maximum number of server connections for a user
+;max_user_connections = 0
+
+;; If off, then server connections are reused in LIFO manner
+;server_round_robin = 0
+
+;;;
+;;; Logging
+;;;
+
+;; Syslog settings
+;syslog = 0
+;syslog_facility = daemon
+;syslog_ident = pgbouncer
+
+;; log if client connects or server connection is made
+;log_connections = 1
+
+;; log if and why connection was closed
+;log_disconnections = 1
+
+;; log error messages pooler sends to clients
+;log_pooler_errors = 1
+
+;; write aggregated stats into log
+;log_stats = 1
+
+;; Logging verbosity.  Same as -v switch on command line.
+;verbose = 0
+
+;;;
+;;; Timeouts
+;;;
+
+;; Close server connection if its been connected longer.
+;server_lifetime = 3600
+
+;; Close server connection if its not been used in this time.  Allows
+;; to clean unnecessary connections from pool after peak.
+;server_idle_timeout = 600
+
+;; Cancel connection attempt if server does not answer takes longer.
+;server_connect_timeout = 15
+
+;; If server login failed (server_connect_timeout or auth failure)
+;; then wait this many second before trying again.
+;server_login_retry = 15
+
+;; Dangerous.  Server connection is closed if query does not return in
+;; this time.  Should be used to survive network problems, _not_ as
+;; statement_timeout. (default: 0)
+;query_timeout = 0
+
+;; Dangerous.  Client connection is closed if the query is not
+;; assigned to a server in this time.  Should be used to limit the
+;; number of queued queries in case of a database or network
+;; failure. (default: 120)
+;query_wait_timeout = 120
+
+;; Dangerous.  Client connection is closed if the cancellation request
+;; is not assigned to a server in this time.  Should be used to limit
+;; the time a client application blocks on a queued cancel request in
+;; case of a database or network failure. (default: 10)
+;cancel_wait_timeout = 10
+
+;; Dangerous.  Client connection is closed if no activity in this
+;; time.  Should be used to survive network problems. (default: 0)
+;client_idle_timeout = 0
+
+;; Disconnect clients who have not managed to log in after connecting
+;; in this many seconds.
+;client_login_timeout = 60
+
+;; Clean automatically created database entries (via "*") if they stay
+;; unused in this many seconds.
+;autodb_idle_timeout = 3600
+
+;; Close connections which are in "IDLE in transaction" state longer
+;; than this many seconds.
+;idle_transaction_timeout = 0
+
+;; How long SUSPEND/-R waits for buffer flush before closing
+;; connection.
+;suspend_timeout = 10
+
+;;;
+;;; Low-level tuning options
+;;;
+
+;; buffer for streaming packets
+;pkt_buf = 4096
+
+;; man 2 listen
+;listen_backlog = 128
+
+;; Max number pkt_buf to process in one event loop.
+;sbuf_loopcnt = 5
+
+;; Maximum PostgreSQL protocol packet size.
+;max_packet_size = 2147483647
+
+;; Set SO_REUSEPORT socket option
+;so_reuseport = 0
+
+;; networking options, for info: man 7 tcp
+
+;; Linux: Notify program about new connection only if there is also
+;; data received.  (Seconds to wait.)  On Linux the default is 45, on
+;; other OS'es 0.
+;tcp_defer_accept = 0
+
+;; In-kernel buffer size (Linux default: 4096)
+;tcp_socket_buffer = 0
+
+;; whether tcp keepalive should be turned on (0/1)
+;tcp_keepalive = 1
+
+;; The following options are Linux-specific.  They also require
+;; tcp_keepalive=1.
+
+;; Count of keepalive packets
+;tcp_keepcnt = 0
+
+;; How long the connection can be idle before sending keepalive
+;; packets
+;tcp_keepidle = 0
+
+;; The time between individual keepalive probes
+;tcp_keepintvl = 0
+
+;; How long may transmitted data remain unacknowledged before TCP
+;; connection is closed (in milliseconds)
+;tcp_user_timeout = 0
+
+;; DNS lookup caching time
+;dns_max_ttl = 15
+
+;; DNS zone SOA lookup period
+;dns_zone_check_period = 0
+
+;; DNS negative result caching time
+;dns_nxdomain_ttl = 15
+
+;; Custom resolv.conf file, to set custom DNS servers or other options
+;; (default: empty = use OS settings)
+;resolv_conf = /etc/pgbouncer/resolv.conf
+
+;;;
+;;; Random stuff
+;;;
+
+;; Hackish security feature.  Helps against SQL injection: when PQexec
+;; is disabled, multi-statement cannot be made.
+;disable_pqexec = 0
+
+;; Config file to use for next RELOAD/SIGHUP
+;; By default contains config file from command line.
+;conffile
+
+;; Windows service name to register as.  job_name is alias for
+;; service_name, used by some Skytools scripts.
+;service_name = pgbouncer
+;job_name = pgbouncer
+
+;; Read additional config from other file
+;%include /etc/pgbouncer/pgbouncer-other.ini

templates/server/databases/db_create_sql.erb

@@ -0,0 +1,2 @@
+psql -U postgres -tc "SELECT 1 FROM pg_database WHERE datname = '<%= @pl_db_name %>'" | grep -q 1 || psql -U postgres -c "CREATE DATABASE <%= @pl_db_name %> OWNER '<%= @pl_owner_name %>' "
+psql -U postgres <%= @pl_db_name %> -c 'create extension if not exists <%= @pl_db_extension %>'

templates/server/databases/db_drop_sql.erb

@@ -0,0 +1 @@
+dropdb -U postgres <%= @pl_db_name %> --if-exists

templates/server/databases/unless_db_sql.erb

@@ -0,0 +1 @@
+psql -U postgres -c  "SELECT datname FROM pg_database WHERE datname='<%= @pl_db_name %>' " | grep -q 1

templates/server/databases/unless_drop_sql.erb

@@ -0,0 +1 @@
+psql -U postgres -c  "SELECT datname FROM pg_database WHERE datname='<%= @pl_db_name %>' " | grep -q 1

templates/server/pghba/pg_hba.conf.erb

@@ -17,4 +17,4 @@ local   replication     all                                     md5
 host    replication     all             127.0.0.1/32            md5
 host    replication     all             ::1/128                 md5
 
-host    all             all             0.0.0.0/0               md5
+# custom rules below

templates/server/pghba/pg_hba_rule.conf.erb

@@ -0,0 +1,3 @@
+
+# description:  <%=@name%>
+<%= @pl_auth_type %>  <%= @pl_auth_database %>  <%= @pl_auth_user %> <%= @pl_auth_address %> <%=@pl_auth_method %> <%=@ql_auth_option%>

templates/server/roles/role.sql.erb

@@ -0,0 +1 @@
+psql -U postgres -c "<%= @pl_role_status %> <%= @pl_role_name %> WITH <%= @pl_role_attributes %>  PASSWORD '<%= @pl_role_pw %>'"

templates/server/roles/unless_sql.erb

@@ -0,0 +1 @@
+psql -U postgres -c  "SELECT usename FROM pg_user WHERE usename='<%= @pl_role_name %>' " | grep -o 1