Overview

This type allows you to validate the contents of your Postgres database. Here is an example on how you can use this:

pg_validation { 'Ensure rowlevel security NOT enabled/db@instance':
  check                   => 'SELECT oid, relname, relrowsecurity FROM pg_class WHERE relrowsecurity IS TRUE;',
  expected_number_of_rows => 0,
  fail_message            => 'table %<relname>s should not have rowlevel security enabled.',
  report_as               => 'command',
  fail_command            => "/bin/send_to_montoring --node ${::fqdn} '%<messages>s'",
}

The Puppet statement executes a query on the database and report a warning when more the 0 records are found. It uses the returned records of the query to generate a good reading error or warning message.

Experience the Power of Puppet for Postgres

If you want to play and experiment with Puppet and Postgres, please take a look at our playgrounds. At our playgrounds, we provide you with a pre-installed environment, where you experiment fast and easy.

For Postgres   here at our playground...

Attributes

Attribute Name Short Description
check The query to execute as a check.
db database to connect to.
disable_corrective_change Disable the modification of a resource when Puppet decides it is a corrective change.
disable_corrective_ensure Disable the creation or removal of a resource when Puppet decides is a corrective change.
expected_number_of_rows The expected number of rows.
fail_command The message to display when the validation fails.
fail_message The message to display when the validatin fails.
instance Postgres instance to connect to.
name The name of the validation.
password The user’s password.
provider resource.
refreshonly do the exec only when notfied.
report_as This resource allows you to specify which type of alert(warning or error) you want when the check fails .
timeout Timeout for applying a resource in seconds.
username The DB2 username the command will run in.

check

The query to execute as a check.

Back to overview of pg_validation

db

database to connect to.

Back to overview of pg_validation

disable_corrective_change

Disable the modification of a resource when Puppet decides it is a corrective change.

(requires easy_type V2.11.0 or higher)

When using a Puppet Server, Puppet knows about adaptive and corrective changes. A corrective change is when Puppet notices that the resource has changed, but the catalog has not changed. This can occur for example, when a user, by accident or willingly, changed something on the system that Puppet is managing. The normal Puppet process then repairs this and puts the resource back in the state as defined in the catalog. This process is precisely what you want most of the time, but not always. This can sometimes also occur when a hardware or network error occurs. Then Puppet cannot correctly determine the current state of the system and thinks the resource is changed, while in fact, it is not. Letting Puppet recreate remove or change the resource in these cases, is NOT wat you want.

Using the disable_corrective_change parameter, you can disable corrective changes on the current resource.

Here is an example of this:

crucial_resource {'be_carefull':
  ...
  disable_corrective_change => true,
  ...
}

When a corrective ensure does happen on the resource Puppet will not modify the resource and signal an error:

    Error: Corrective change present requested by catalog, but disabled by parameter disable_corrective_change
    Error: /Stage[main]/Main/Crucial_resource[be_carefull]/parameter: change from '10' to '20' failed: Corrective change present requested by catalog, but disabled by parameter disable_corrective_change. (corrective)

Back to overview of pg_validation

disable_corrective_ensure

Disable the creation or removal of a resource when Puppet decides is a corrective change.

(requires easy_type V2.11.0 or higher)

When using a Puppet Server, Puppet knows about adaptive and corrective changes. A corrective change is when Puppet notices that the resource has changed, but the catalog has not changed. This can occur for example, when a user, by accident or willingly, changed something on the system that Puppet is managing. The normal Puppet process then repairs this and puts the resource back in the state as defined in the catalog. This process is precisely what you want most of the time, but not always. This can sometimes also occur when a hardware or network error occurs. Then Puppet cannot correctly determine the current state of the system and thinks the resource is changed, while in fact, it is not. Letting Puppet recreate remove or change the resource in these cases, is NOT wat you want.

Using the disable_corrective_ensure parameter, you can disable corrective ensure present or ensure absent actions on the current resource.

Here is an example of this:

crucial_resource {'be_carefull':
  ensure                    => 'present',
  ...
  disable_corrective_ensure => true,
  ...
}

When a corrective ensure does happen on the resource Puppet will not create or remove the resource and signal an error:

    Error: Corrective ensure present requested by catalog, but disabled by parameter disable_corrective_ensure.
    Error: /Stage[main]/Main/Crucial_resource[be_carefull]/ensure: change from 'absent' to 'present' failed: Corrective ensure present requested by catalog, but disabled by parameter disable_corrective_ensure. (corrective)

Back to overview of pg_validation

expected_number_of_rows

The expected number of rows. If a different number of rows is returned, Puppet will throw an error or a warning.

Back to overview of pg_validation

fail_command

The message to display when the validation fails. The records of the query are passed as arguments to the formatter.

Back to overview of pg_validation

fail_message

The message to display when the validatin fails. The records of the query are passed as arguments to the formatter.

Back to overview of pg_validation

instance

Postgres instance to connect to.

All types have a name like resource@instance.

Back to overview of pg_validation

name

The name of the validation.

Back to overview of pg_validation

password

The user’s password.

Back to overview of pg_validation

provider

The specific backend to use for this pg_validation resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.Available providers are:

simple
Validate Postgres settings

Back to overview of pg_validation

refreshonly

do the exec only when notfied.

The validation should only be run as a refresh mechanism for when a dependent object is changed. It only makes sense to use this option when this command depends on some other object; it is useful for triggering an action:

Note that only subscribe and notify can trigger actions, not require, so it only makes sense to use refreshonly with subscribe or notify.

pg_validation {...:
  ...
  refreshonly => true,
}

The default value is false, meaning the validation is executed as a normal part of the Puppet catalog.

Valid values are true, false.

Back to overview of pg_validation

report_as

This resource allows you to specify which type of alert(warning or error) you want when the check fails .

pg_validate { 'validate something':
  ...
  report_as => 'warning|error|command',
  ...
}

When you specify command as value, a failed check will execute the fail_command commands and pass the fail_message as a message. This can be useful if you want to report validation errors to your monitoring.

Valid values are warning, WARNING, error, ERROR, command, COMMAND.

Back to overview of pg_validation

timeout

Timeout for applying a resource in seconds.

To be sure no Puppet operation, hangs a Puppet run, all operations have a timeout. When this timeout expires, Puppet will abort the current operation and signal an error in the Puppet run.

With this parameter, you can specify the length of the timeout. The value is specified in seconds. In this example, the timeout is set to 600 seconds.

pg_validation { ...:
  ...
  timeout => 600,
}

The default value for timeout is 300 seconds.

Back to overview of pg_validation

username

The DB2 username the command will run in.

If none is specified, it will run as the instance user.

pg_validation { ...:
  ...
  username => 'scott',
}

Back to overview of pg_validation