Imported Upstream version 4.6.0

c6a02fe3 · Stig Sandbeck Mathisen · b09dc291 · 43fd0e89 · c6a02fe3 · c6a02fe3
Commit c6a02fe3 authored 9 years ago by Stig Sandbeck Mathisen
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
+## 2015-09-01 - Supported Release 4.6.0
+### Summary
+This release adds a proxy feature for yum, Postgis improvements, and decoupling pg_hba_rule from postgresql::server.
+
+#### Features
+- Support setting a proxy for yum operations
+- Allow for undefined PostGIS version
+- Decouple pg_hba_rule from postgresql::server
+
+#### Bugfixes
+- Fix postgis default package name on RedHat
+
+## 2015-07-27 - Supported Release 4.5.0
+### Summary
+This release adds sequence grants, some postgresql 9.4 fixes, and `onlyif` to
+the psql resource.
+
+### Features
+- Add `onlyif` parameter to `postgresql_psql`
+- Add unsupported compatibility with Ubuntu 15.04
+- Add unsupported compatibility with SLES 11/12 and OpenSuSE 13.2
+- Add `postgresql::server::grant::onlyif_exists` attribute
+- Add `postgresql::server::table_grant::onlyif_exists` attribute
+- Add granting permissions on sequences
+
+### Bugfixes
+- Added docs for `postgresql::server::grant`
+- Fix `pg_hba_conf_defaults => false` to not disable ipv4/ipv6 acls
+- Fix 9.4 for `postgresql::server::pg_hba_rule`
+
+## 2015-07-07 - Supported Release 4.4.2
+### Summary
+This release fixes a bug introduced in 4.4.0.
+
+#### Bugfixes
+- Fixes `withenv` execution under Puppet 2.7. (MODULES-2185)
+
+## 2015-07-01 - Supported Release 4.4.1
+### Summary
+This release fixes RHEL 7 & Fedora with manage_package_repo switched on.
+
+#### Bugfixes
+- Ensure manage_package_repo variable is in scope for systemd-override file for RHEL7
+
+## 2015-06-30 - Supported Release 4.4.0
+### Summary
+This release has several new features, bugfixes, and test improvements.
+
+#### Features
+- Adds a resource to manage recovery.conf.
+- Adds a parameter that allows the specification of a validate connection script in `postgresql::client`.
+- Adds support for plpython package management.
+- Adds support for postgresql-docs management.
+- Adds ability to make `postgresql::server::schema` titles unique. (MODULES-2049)
+- Updates puppetlabs-apt module dependency to support version 2.1.0.
+
+#### Bugfixes
+- Fix `postgresql_psql` parameter ordering to work on OpenBSD with Future Parser
+- Fix setting postgres role password (MODULES-1869)
+- Fix execution command with puppet <3.4 (MODULES-1923)
+- Fix Puppet.newtype deprecation warning (MODULES-2007)
+- Fix systemd override for manage_repo package versions
+- Fix Copy snakeoil certificate and key instead of symlinking
+
+#### Test Improvements
+- Allows setting BEAKER and BEAKER_RSPEC versions via environment variables.
+- Enables Unit testing on Travis CI with Puppet 4.
+- Cleans up spec_helper_acceptance.rb to use new puppet_install_helper gem.
+
 ## 2015-03-24 - Supported Release 4.3.0
 ### Summary
 This release fixes compatibility with Puppet 4 and removes opportunities for local users to view the postgresql password. It also adds a new custom resource to aid in managing replication.

--- a/Gemfile
+++ b/Gemfile
 source ENV['GEM_SOURCE'] || "https://rubygems.org"

+def location_for(place, fake_version = nil)
+  if place =~ /^(git:[^#]*)#(.*)/
+    [fake_version, { :git => $1, :branch => $2, :require => false }].compact
+  elsif place =~ /^file:\/\/(.*)/
+    ['>= 0', { :path => File.expand_path($1), :require => false }]
+  else
+    [place, { :require => false }]
+  end
+end
+
 group :development, :unit_tests do
  gem 'rspec-core', '3.1.7',     :require => false
  gem 'puppetlabs_spec_helper',  :require => false
@@ -9,10 +19,20 @@ group :development, :unit_tests do
 end

 group :system_tests do
-  gem 'beaker-rspec',  :require => false
+  if beaker_version = ENV['BEAKER_VERSION']
+    gem 'beaker', *location_for(beaker_version)
+  end
+  if beaker_rspec_version = ENV['BEAKER_RSPEC_VERSION']
+    gem 'beaker-rspec', *location_for(beaker_rspec_version)
+  else
+    gem 'beaker-rspec',  :require => false
+  end
  gem 'serverspec',    :require => false
+  gem 'beaker-puppet_install_helper', :require => false
 end

+
+
 if facterversion = ENV['FACTER_GEM_VERSION']
  gem 'facter', facterversion, :require => false
 else

--- a/README.md
+++ b/README.md
@@ -131,10 +131,12 @@ Classes:
 * [postgresql::globals](#class-postgresqlglobals)
 * [postgresql::lib::devel](#class-postgresqllibdevel)
 * [postgresql::lib::java](#class-postgresqllibjava)
+* [postgresql::lib::docs](#class-postgresqllibdocs)
 * [postgresql::lib::perl](#class-postgresqllibperl)
 * [postgresql::lib::python](#class-postgresqllibpython)
 * [postgresql::server](#class-postgresqlserver)
 * [postgresql::server::plperl](#class-postgresqlserverplperl)
+* [postgresql::server::plpython](#class-postgresqlserverplpython)
 * [postgresql::server::contrib](#class-postgresqlservercontrib)
 * [postgresql::server::postgis](#class-postgresqlserverpostgis)

@@ -147,6 +149,7 @@ Resources:
 * [postgresql::server::extension](#resource-postgresqlserverextension)
 * [postgresql::server::pg_hba_rule](#resource-postgresqlserverpg_hba_rule)
 * [postgresql::server::pg_ident_rule](#resource-postgresqlserverpg_ident_rule)
+* [postgresql::server::recovery](#resource-postgresqlserverrecovery)
 * [postgresql::server::role](#resource-postgresqlserverrole)
 * [postgresql::server::schema](#resource-postgresqlserverschema)
 * [postgresql::server::table_grant](#resource-postgresqlservertable_grant)
@@ -204,12 +207,18 @@ This setting can be used to override the default postgresql devel package name.
 ####`java_package_name`
 This setting can be used to override the default postgresql java package name. If not specified, the module will use whatever package name is the default for your OS distro.

+####`docs_package_name`
+This setting can be used to override the default postgresql docs package name. If not specified, the module will use whatever package name is the default for your OS distro.
+
 ####`perl_package_name`
 This setting can be used to override the default postgresql Perl package name. If not specified, the module will use whatever package name is the default for your OS distro.

 ####`plperl_package_name`
 This setting can be used to override the default postgresql PL/perl package name. If not specified, the module will use whatever package name is the default for your OS distro.

+####`plpython_package_name`
+This setting can be used to override the default postgresql PL/python package name. If not specified, the module will use whatever package name is the default for your OS distro.
+
 ####`python_package_name`
 This setting can be used to override the default postgresql Python package name. If not specified, the module will use whatever package name is the default for your OS distro.

@@ -246,6 +255,9 @@ Path to your `pg\_ident.conf` file.
 ####`postgresql_conf_path`
 Path to your `postgresql.conf` file.

+####`recovery_conf_path`
+Path to your `recovery.conf` file.
+
 ####`pg_hba_conf_defaults`
 If false, disables the defaults supplied with the module for `pg\_hba.conf`. This is useful if you disagree with the defaults and wish to override them yourself. Be sure that your changes of course align with the rest of the module, as some access is required to perform basic `psql` operations for example.

@@ -289,6 +301,10 @@ This will set the default encoding encoding for all databases created with this
 ####`locale`
 This will set the default database locale for all databases created with this module. On certain operating systems this will be used during the `template1` initialization as well so it becomes a default outside of the module as well. Defaults to `undef` which is effectively `C`.

+####`repo_proxy`
+This will set the proxy option for the official PostgreSQL yum-repositories only, Debian is currently not supported. This is useful if your server is behind a corporate firewall and needs to use proxyservers for outside connectivity.
+
+
 #####Debian

 On Debian you'll need to ensure that the 'locales-all' package is installed for full functionality of Postgres.
@@ -311,6 +327,9 @@ Value to pass through to the `package` resource when creating the server instanc
 ####`plperl_package_name`
 This sets the default package name for the PL/Perl extension. Defaults to utilising the operating system default.

+####`plpython_package_name`
+This sets the default package name for the PL/Python extension. Defaults to utilising the operating system default.
+
 ####`service_manage`
 This setting selects whether Puppet should manage the service. Defaults to `true`.

@@ -365,6 +384,9 @@ Path to your `pg\_ident.conf` file.
 ####`postgresql_conf_path`
 Path to your `postgresql.conf` file.

+####`recovery_conf_path`
+Path to your `recovery.conf` file.
+
 ####`pg_hba_conf_defaults`
 If false, disables the defaults supplied with the module for `pg\_hba.conf`. This is useful if you di
 sagree with the defaults and wish to override them yourself. Be sure that your changes of course alig
@@ -396,10 +418,16 @@ This value defaults to `true`. Whether or not manage the pg_hba.conf. If set to
 ####`manage_pg_ident_conf`
 This value defaults to `true`. Whether or not manage the pg_ident.conf. If set to `true`, puppet will overwrite this file. If set to `false`, puppet will not modify the file.

+####`manage_recovery_conf`
+This value defaults to `false`. Whether or not manage the recovery.conf. If set to `true`, puppet will overwrite this file. If set to `false`, puppet will not create the file.
+
 ###Class: postgresql::client

 This class installs postgresql client software. Alter the following parameters if you have a custom version you would like to install (Note: don't forget to make sure to add any necessary yum or apt repositories if specifying a custom version):

+####`validcon_script_path`
+Path to validate connection script. Defaults to `/usr/local/bin/validate_postgresql_connection.sh`.
+
 ####`package_name`
 The name of the postgresql client package.

@@ -443,6 +471,15 @@ The name of the postgresql java package.
 ####`package_ensure`
 The ensure parameter passed on to postgresql java package resource.

+###Class: postgresql::lib::docs
+This class installs postgresql bindings for Postgres-Docs. Alter the following parameters if you have a custom version you would like to install (Note: don't forget to make sure to add any necessary yum or apt repositories if specifying a custom version):
+
+####`package_name`
+The name of the postgresql docs package.
+
+####`package_ensure`
+The ensure parameter passed on to postgresql docs package resource.
+

 ###Class: postgresql::lib::perl
 This class installs the postgresql Perl libraries. For customer requirements you can customise the following parameters:
@@ -453,6 +490,14 @@ The name of the postgresql perl package.
 ####`package_ensure`
 The ensure parameter passed on to postgresql perl package resource.

+###Class: postgresql::server::plpython
+This class installs the PL/Python procedural language for postgresql.
+
+####`package_name`
+The name of the postgresql PL/Python package.
+
+####`package_ensure`
+The ensure parameter passed on to postgresql PL/Python package resource.

 ###Class: postgresql::lib::python
 This class installs the postgresql Python libraries. For customer requirements you can customise the following parameters:
@@ -605,6 +650,39 @@ If provided, this will install the given package prior to activating the extensi
 ####`package_ensure`
 By default, the package specified with `package_name` will be installed when the extension is activated, and removed when the extension is deactivated. You can override this behavior by setting the `ensure` value for the package.

+###Resource: postgresql::server::grant
+This defined type manages grant based access privileges for roles. Consult the PostgreSQL documentation for `grant` for more information.
+
+####`namevar`
+Used to uniquely identify this resource, but functionality not used during grant.
+
+####`db`
+Database of object which you are granting access on.
+
+####`role`
+Role or user whom you are granting access for.
+
+####`privilege`
+The privilege you are granting. Can be `ALL`, `ALL PRIVILEGES` or
+`object_type` dependent string.
+
+####`object_type`
+The type of object you are granting privileges on. Can be `DATABASE`,
+`SCHEMA`, `SEQUENCE`, `ALL SEQUENCES IN SCHEMA`, `TABLE` or `ALL
+TABLES IN SCHEMA`.
+
+####`object_name`
+Object of type `object_type` on which to grant access.
+
+####`psql_db`
+Database to execute the grant against. This should not ordinarily be changed from the default, which is `postgres`.
+
+####`psql_user`
+OS user for running `psql`. Defaults to the default user for the module, usually `postgres`.
+
+####`port`
+Port to use when connecting. Default to 'undef' which generally defaults to 5432 depending on your PostgreSQL packaging.
+
 ###Resource: postgresql::server::pg\_hba\_rule
 This defined type allows you to create an access rule for `pg_hba.conf`. For more details see the [PostgreSQL documentation](http://www.postgresql.org/docs/8.2/static/auth-pg-hba-conf.html).

@@ -626,6 +704,19 @@ This would create a ruleset in `pg_hba.conf` similar to:
    # Order: 150
    host  app  app  200.1.2.0/24  md5

+By default, `pg_hba_rule` requires that you include `postgresql::server`, however, you can override that behavior by setting target and postgresql_version when declaring your rule.  That might look like the following.
+
+    postgresql::server::pg_hba_rule { 'allow application network to access app database':
+      description        => "Open up postgresql for access from 200.1.2.0/24",
+      type               => 'host',
+      database           => 'app',
+      user               => 'app',
+      address            => '200.1.2.0/24',
+      auth_method        => 'md5',
+      target             => '/path/to/pg_hba.conf',
+      postgresql_version => '9.4',
+    }
+
 ####`namevar`
 A unique identifier or short description for this rule. The namevar doesn't provide any functional usage, but it is stored in the comments of the produced `pg_hba.conf` so the originating resource can be identified.

@@ -656,6 +747,8 @@ An order for placing the rule in `pg_hba.conf`. Defaults to `150`.
 ####`target`
 This provides the target for the rule, and is generally an internal only property. Use with caution.

+####`postgresql_version`
+Defaults to the version set in `postgresql::server`.  Use this if you want to manage `pg_hba.conf` without managing the entire PostgreSQL instance.

 ###Resource: postgresql::server::pg\_ident\_rule
 This defined type allows you to create user name maps for `pg_ident.conf`. For more details see the [PostgreSQL documentation](http://www.postgresql.org/docs/current/static/auth-username-maps.html).
@@ -696,6 +789,65 @@ An order for placing the mapping in pg_ident.conf. Defaults to 150.
 ####`target`
 This provides the target for the rule, and is generally an internal only property. Use with caution.

+###Resource: postgresql::server::recovery
+This defined type allows you to create the content for `recovery.conf`. For more details see the [PostgreSQL documentation](http://www.postgresql.org/docs/9.4/static/recovery-config.html).
+
+For example:
+
+    postgresql::server::recovery{ 'Create a recovery.conf file with the following defined parameters':
+      restore_command                => 'cp /mnt/server/archivedir/%f %p',
+      archive_cleanup_command        => undef,
+      recovery_end_command           => undef,
+      recovery_target_name           => 'daily backup 2015-01-26',
+      recovery_target_time           => '2015-02-08 22:39:00 EST',
+      recovery_target_xid            => undef,
+      recovery_target_inclusive      => true,
+      recovery_target                => 'immediate',
+      recovery_target_timeline       => 'latest',
+      pause_at_recovery_target       => true,
+      standby_mode                   => 'on',
+      primary_conninfo               => 'host=localhost port=5432',
+      primary_slot_name              => undef,
+      trigger_file                   => undef,
+      recovery_min_apply_delay       => 0,
+    }
+
+This would create a `recovery.conf` config file, similar to this:
+
+    restore_command = 'cp /mnt/server/archivedir/%f %p'
+    recovery_target_name = 'daily backup 2015-01-26'
+    recovery_target_time = '2015-02-08 22:39:00 EST'
+    recovery_target_inclusive = true
+    recovery_target = 'immediate'
+    recovery_target_timeline = 'latest'
+    pause_at_recovery_target = true
+    standby_mode = on
+    primary_conninfo = 'host=localhost port=5432'
+    recovery_min_apply_delay = 0
+
+
+Only the specified parameters will be recognize in the template! The `recovery.conf` will be only create if at least one parameter set and [manage_recovery_conf](#manage_recovery_conf) set to true.
+
+Every param value is a String set in the template with inverted comma except `recovery_target_inclusive`, `pause_at_recovery_target`, `standby_mode` and `recovery_min_apply_delay`.
+`standby_mode` is special, String ('on'/'off') and Boolean (true/false) is allowed, but the postgres documentation says it's a Boolean.
+
+A detailed description of all above listed parameters can be found in the [PostgreSQL documentation](http://www.postgresql.org/docs/9.4/static/recovery-config.html).
+
+The parameters are grouped into these three sections:
+
+
+#### [`Archive Recovery Parameters`](http://www.postgresql.org/docs/9.4/static/archive-recovery-settings.html)
+In this section the `restore_command`, `archive_cleanup_command` and `recovery_end_command` parameters are listed.
+
+#### [`Recovery Target Settings`](http://www.postgresql.org/docs/9.4/static/recovery-target-settings.html)
+In this section the `recovery_target_name`, `recovery_target_time`, `recovery_target_xid`, `recovery_target_inclusive`, `recovery_target`, `recovery_target_timeline` and `pause_at_recovery_target` parameters are listed.
+
+#### [`Standby Server Settings`](http://www.postgresql.org/docs/9.4/static/standby-settings.html)
+In this section the `standby_mode`, `primary_conninfo`, `primary_slot_name`, `trigger_file` and `recovery_min_apply_delay` parameters are listed.
+
+####`target`
+This provides the target for the rule, and is generally an internal only property. Use with caution.
+

 ###Resource: postgresql::server::role
 This resource creates a role or user in PostgreSQL.
@@ -943,6 +1095,10 @@ Current it is only actively tested with the following operating systems:

 Although patches are welcome for making it work with other OS distros, it is considered best effort.

+### Apt module support
+
+While this module supports both 1.x and 2.x versions of the puppetlabs-apt module, it does not support puppetlabs-apt 2.0.0 or 2.0.1.
+
 ### Postgis support

 Postgis is currently considered an unsupported feature as it doesn't work on

--- a/checksums.json
+++ b/checksums.json
 {
-  "CHANGELOG.md": "fc584e2f4f80d4d6cbf5993b6d9605e0",
+  "CHANGELOG.md": "3cec2a5a6d77e99549c5c80a9d21ca90",
  "CONTRIBUTING.md": "e2b8e8e433fc76b3798b7fe435f49375",
-  "Gemfile": "03928be28a2c07a592a40d9944a89460",
+  "Gemfile": "e6e6eb07f0bfc9bb1e328895ca49b3f5",
  "LICENSE": "746fe83ebbf8970af0a9ea13962293e9",
  "NOTICE": "d8ffc52f00e00877b45d2b77e709f69e",
-  "README.md": "cdd983bf8eb626c2206aea2bd3584b3a",
+  "README.md": "01fda54caf6289077880d22271662447",
  "Rakefile": "d953eb985f82600dc3b9ac6e1f2cfe64",
  "files/RPM-GPG-KEY-PGDG": "78b5db170d33f80ad5a47863a7476b22",
  "files/validate_postgresql_connection.sh": "20301932819f035492a30880f5bf335a",
@@ -12,48 +12,51 @@
  "lib/puppet/parser/functions/postgresql_escape.rb": "2e136fcd653ab38d831c5b40806d47d1",
  "lib/puppet/parser/functions/postgresql_password.rb": "820da02a888ab42357fe9bc2352b1c37",
  "lib/puppet/provider/postgresql_conf/parsed.rb": "8d8fdb4349d1ddfb79bc5539e7843e45",
-  "lib/puppet/provider/postgresql_psql/ruby.rb": "3166a7e78fde24cd33104b9ad4e7936b",
+  "lib/puppet/provider/postgresql_psql/ruby.rb": "589ada55e324bc6eea0003d62d8559d5",
  "lib/puppet/provider/postgresql_replication_slot/ruby.rb": "dcd93860861c530a12f1233334ea5f17",
-  "lib/puppet/type/postgresql_conf.rb": "4f333138a3689f9768e7fe4bc3cde9fd",
-  "lib/puppet/type/postgresql_psql.rb": "04af46b2db65175cb024772f994c7bb1",
+  "lib/puppet/type/postgresql_conf.rb": "95c73ca169db02aa1128ae3baa2f7399",
+  "lib/puppet/type/postgresql_psql.rb": "01fa589d0c71691e1ed13031cef363c5",
  "lib/puppet/type/postgresql_replication_slot.rb": "cd9362cdb569945ca42986d005e88bcb",
-  "manifests/client.pp": "5996dbf44a6fbc1107dc906ff6cc247a",
-  "manifests/globals.pp": "8595b7a7c1d7cfba0ab852564591dc9f",
+  "manifests/client.pp": "45131980b230139b39ca168437725f69",
+  "manifests/globals.pp": "22413edee0b13ece955ea08bc227fa9b",
  "manifests/lib/devel.pp": "5989d15c43b2543aad8cf872e6a8b2ba",
+  "manifests/lib/docs.pp": "ec903581401a6629fb29d8dc6fed1a1f",
  "manifests/lib/java.pp": "ed639fd6ba8392cf4239cfe02be6ace5",
  "manifests/lib/perl.pp": "5213fb4284f041fe28a22d68119f646d",
  "manifests/lib/python.pp": "90736f86301c4c6401ec1180c176b616",
-  "manifests/params.pp": "e0d11c9163998b061b593adb6d8b723a",
+  "manifests/params.pp": "081a16ae87648321843f575ee6582093",
  "manifests/repo/apt_postgresql_org.pp": "e6ad65e3a62b86c69ed0d33fe43a5d84",
-  "manifests/repo/yum_postgresql_org.pp": "70e7af94bb2a33a0a882f1d9f2528ed6",
-  "manifests/repo.pp": "974a70862512c950a8252d2c89140ed8",
-  "manifests/server/config.pp": "a9b7a67719036f8285abebc732999a4d",
+  "manifests/repo/yum_postgresql_org.pp": "999d830dc382be7eca8e4c01b933972c",
+  "manifests/repo.pp": "108094937440689e0caa99a4f7a7e0de",
+  "manifests/server/config.pp": "d58ad2b42825bbe17e945e9ff81bb3e7",
  "manifests/server/config_entry.pp": "fac655a3e96e443c62eeda1d12bd39e7",
  "manifests/server/contrib.pp": "a0aafd867ca7c932bee14ebf480bfacd",
  "manifests/server/database.pp": "a1d39858335e6bd1e5ed68f85a10736c",
  "manifests/server/database_grant.pp": "66e5470bb932b087b540c444ee49941b",
  "manifests/server/db.pp": "ea41e1e51fc00fdb7a9129ecc5279ca3",
  "manifests/server/extension.pp": "bbfce6b3f8af0ba3a9e5fb2ca8a8b1cf",
-  "manifests/server/grant.pp": "688853b6c8f38b7c66e5de94cd74fd25",
-  "manifests/server/initdb.pp": "c5fb98cc46ee09f15319d07ddf3117a8",
+  "manifests/server/grant.pp": "8dbfd728383f70093c57074e93fa0a2c",
+  "manifests/server/initdb.pp": "5e717e795a471823ed668820678991ca",
  "manifests/server/install.pp": "ddd4000b5cee099a3d0ebed79fd458bb",
-  "manifests/server/passwd.pp": "ad95bfbe8047c028f0b2bde77e138594",
-  "manifests/server/pg_hba_rule.pp": "2845af83d0d7904d028ebd642d2dd993",
+  "manifests/server/passwd.pp": "bdfd5f7b9f428dc85cddc99569821ccf",
+  "manifests/server/pg_hba_rule.pp": "c2e2130a82f75b75ba409fc33bb70d1a",
  "manifests/server/pg_ident_rule.pp": "0fa70e2d42d17c59f41bd3351d5d96fb",
  "manifests/server/plperl.pp": "189c47d04158440874dc136ca2b3fd7a",
+  "manifests/server/plpython.pp": "4a1f44cd2a8019e42cb8e05075a1751c",
  "manifests/server/postgis.pp": "6ac7fbd262907bb1303aa29970e908eb",
+  "manifests/server/recovery.pp": "7d2cc6a96a5a5982dbb375ca7d47ac81",
  "manifests/server/reload.pp": "218ac61018f7fab71f250284c4b879d0",
-  "manifests/server/role.pp": "669a53ed003d00beb403ecb5a17bab45",
-  "manifests/server/schema.pp": "ed638f20b880364a07aa00b126982481",
+  "manifests/server/role.pp": "c77ec478110ef526c46e7c86ae34ea99",
+  "manifests/server/schema.pp": "ad34f007dac59dc4673b1feebedaa048",
  "manifests/server/service.pp": "86b88df8df316c5305a7024f8b5c83a1",
-  "manifests/server/table_grant.pp": "7fbf5eafa4e5191b93195b07ef839bf9",
+  "manifests/server/table_grant.pp": "9b5c3cff1162be7348ac12a2e8f9f83a",
  "manifests/server/tablespace.pp": "7a76820bae0f079bdbcde0be7a164f82",
-  "manifests/server.pp": "d643c8d39a010c0c85b2cf99b389a5a5",
-  "manifests/validate_db_connection.pp": "acee3c40ae0972804f5a8217d790f115",
-  "metadata.json": "93c55cf647ee7d26c7d31f3cbb65512e",
+  "manifests/server.pp": "60405bc9368079d6110b41522b104eac",
+  "manifests/validate_db_connection.pp": "a4d331cfbc32562fd641b1fa4b54e35a",
+  "metadata.json": "4b1df540f3cad9f6fd854e6ae490acab",
  "spec/acceptance/00-utf8_encoding_spec.rb": "68d1771b2ae116c394841a6d9ac81a0c",
  "spec/acceptance/alternative_port_spec.rb": "cf33ba48e8d54ba9f63ae7ad6c737d57",
-  "spec/acceptance/db_spec.rb": "8362cc82797224de7ea1ad59263bef29",
+  "spec/acceptance/db_spec.rb": "bad1c86df16a8d9a123416358b0fe0b6",
  "spec/acceptance/default_parameters_spec.rb": "e90626a6a1a84336b0829521ed89152e",
  "spec/acceptance/nodesets/centos-510-x64.yml": "5698f7e61292730c603e03f64fe19359",
  "spec/acceptance/nodesets/centos-59-x64.yml": "57eb3e471b9042a8ea40978c467f8151",
@@ -66,38 +69,43 @@
  "spec/acceptance/nodesets/ubuntu-server-10044-x64.yml": "75e86400b7889888dc0781c0ae1a1297",
  "spec/acceptance/nodesets/ubuntu-server-12042-x64.yml": "d30d73e34cd50b043c7d14e305955269",
  "spec/acceptance/nodesets/ubuntu-server-1404-x64.yml": "5f0aed10098ac5b78e4217bb27c7aaf0",
-  "spec/acceptance/postgresql_psql_spec.rb": "a9ac14d95a1faa0c8334bc27fdbdb35d",
+  "spec/acceptance/postgresql_psql_spec.rb": "5d70b4c3e35f1b5fc89a768498f74987",
+  "spec/acceptance/server/recovery_spec.rb": "04c87359a23d3ac297ccf49127111ac1",
  "spec/acceptance/server/schema_spec.rb": "988aa84ae180a4508897abf6a7fdb39e",
  "spec/acceptance/z_alternative_pgdata_spec.rb": "64f73267d91c5dd59a9346fb554b224a",
  "spec/spec.opts": "a600ded995d948e393fbe2320ba8e51c",
  "spec/spec_helper.rb": "2c3b776fcf7328f372f63550663d05fd",
-  "spec/spec_helper_acceptance.rb": "4b51b4c8b4db5150a79c4993f493f9a1",
-  "spec/unit/classes/client_spec.rb": "6f59c2d1ad8d5afad545b7aa4f8f40fd",
-  "spec/unit/classes/globals_spec.rb": "982e062a944229be31ed0ed61c39747d",
+  "spec/spec_helper_acceptance.rb": "411e4c6f836cf8f231f8f76a0f4b46eb",
+  "spec/unit/classes/client_spec.rb": "782d49105bf582bb61364790d55d4080",
+  "spec/unit/classes/globals_spec.rb": "3f03233518aa7978e511eff739ccf13e",
  "spec/unit/classes/lib/devel_spec.rb": "149e26d7cff5198b73de081cc36b2937",
  "spec/unit/classes/lib/java_spec.rb": "2d8bd73fe651e9e62d0bba49abef292c",
  "spec/unit/classes/lib/perl_spec.rb": "748a923db31aa42b3ee2fa5ac534d0d6",
+  "spec/unit/classes/lib/pgdocs_spec.rb": "edd7c5b7fee837d8975c6a1b11954095",
  "spec/unit/classes/lib/python_spec.rb": "085a1fd6809298d8774b8fd84157908d",
  "spec/unit/classes/params_spec.rb": "af9c9224fb32b0e64bf575275167bebf",
  "spec/unit/classes/repo_spec.rb": "cd1385198525063f7444fb7ef57b08cc",
+  "spec/unit/classes/server/config_spec.rb": "809473756bdeb5f55d15fb0eb8acbda9",
  "spec/unit/classes/server/contrib_spec.rb": "a0334495869618a6b75858211fec8cc8",
  "spec/unit/classes/server/initdb_spec.rb": "ad013b15fc4d6cebb41710a4574c6c86",
  "spec/unit/classes/server/plperl_spec.rb": "5fb32ffacadf95aa84646e32017a30f4",
+  "spec/unit/classes/server/plpython_spec.rb": "692b8fa96db2dbdf985e11c8d3e187cf",
  "spec/unit/classes/server/postgis_spec.rb": "3975f38629148de15fd2cd87385f8e2e",
-  "spec/unit/classes/server_spec.rb": "b393bc5e3e26f8545ea2fd2881d90a87",
+  "spec/unit/classes/server_spec.rb": "38d614cbfa1a6a51320c5b21586e1409",
  "spec/unit/defines/server/config_entry_spec.rb": "a666efb4906edaf700010b98a3a3c79b",
  "spec/unit/defines/server/database_grant_spec.rb": "52e7ba3370d10b7c23a7b29fffe1ff33",
  "spec/unit/defines/server/database_spec.rb": "75493abe8a6f79b0dba31dce45cfeedf",
  "spec/unit/defines/server/db_spec.rb": "33b0f3152a559f701acf1b1ee5485acd",
  "spec/unit/defines/server/extension_spec.rb": "b7fa829927057f763a202673f9b6fe53",
-  "spec/unit/defines/server/grant_spec.rb": "5e6030fd1c268d88152f206701949122",
-  "spec/unit/defines/server/pg_hba_rule_spec.rb": "55dde955aa8d21fdfe6a5797702f2939",
+  "spec/unit/defines/server/grant_spec.rb": "7f3bb631deee7df104c90c3550f761ed",
+  "spec/unit/defines/server/pg_hba_rule_spec.rb": "fd1b947dfe0df3b81f1403928064c22f",
  "spec/unit/defines/server/pg_ident_rule_spec.rb": "2e32da6f0f107359fc5ab5727812f853",
+  "spec/unit/defines/server/recovery_spec.rb": "86fba4b913ebeef06be8e63c52e72044",
  "spec/unit/defines/server/role_spec.rb": "d421756024b2c3be85785f3a092939bb",
  "spec/unit/defines/server/schema_spec.rb": "d42e5fdee9427032df915f599a0f8de2",
  "spec/unit/defines/server/table_grant_spec.rb": "21e375467a0635194d0f2e5effdcf22a",
  "spec/unit/defines/server/tablespace_spec.rb": "ac4b95389354e2b489547f3a95441b61",
-  "spec/unit/defines/validate_db_connection_spec.rb": "b4758bd989da37699d550e412bfbeb52",
+  "spec/unit/defines/validate_db_connection_spec.rb": "066c39f36fd5e6af8d36d34c8dd78b51",
  "spec/unit/functions/postgresql_acls_to_resources_hash_spec.rb": "ba576b0f385aa44fa352df6d5812f4ae",
  "spec/unit/functions/postgresql_escape_spec.rb": "ddf2f5498937840f8c55a5ff2d8e9cb1",
  "spec/unit/functions/postgresql_password_spec.rb": "8ca30e0a155e27dd3c161cea558a97eb",
@@ -109,5 +117,6 @@
  "spec/unit/type/postgresql_conf_spec.rb": "069ce03012044d4864d7e81b60f022e0",
  "templates/pg_hba_rule.conf": "13b46eecdfd359eddff71fa485ef2f54",
  "templates/pg_ident_rule.conf": "444c85172fd44262344588e83ebb2515",
-  "templates/systemd-override.erb": "138e7da67c0676f5cccb3a73e888388a"
+  "templates/recovery.conf": "ae00a6031a3790b169d7ab50a224e827",
+  "templates/systemd-override.erb": "17c39b9317b81cb9cbfc16b27ec7c292"
 }
\ No newline at end of file
--- a/lib/puppet/provider/postgresql_psql/ruby.rb
+++ b/lib/puppet/provider/postgresql_psql/ruby.rb
@@ -50,11 +50,15 @@ Puppet::Type.type(:postgresql_psql).provide(:ruby) do
  def run_command(command, user, group)
    command = command.join ' '
    environment = get_environment
-    if Puppet::PUPPETVERSION.to_f < 3.4
+    if Puppet::PUPPETVERSION.to_f < 3.0
      require 'puppet/util/execution'
      Puppet::Util::Execution.withenv environment do
        Puppet::Util::SUIDManager.run_and_capture(command, user, group)
      end
+    elsif Puppet::PUPPETVERSION.to_f < 3.4
+      Puppet::Util.withenv environment do
+        Puppet::Util::SUIDManager.run_and_capture(command, user, group)
+      end
    else
      output = Puppet::Util::Execution.execute(command, {
        :uid                => user,

--- a/lib/puppet/type/postgresql_conf.rb
+++ b/lib/puppet/type/postgresql_conf.rb
-module Puppet
-  newtype(:postgresql_conf) do
+Puppet::Type.newtype(:postgresql_conf) do

-    @doc = "This type allows puppet to manage postgresql.conf parameters."
+  @doc = "This type allows puppet to manage postgresql.conf parameters."

-    ensurable
+  ensurable

-    newparam(:name) do
-      desc "The postgresql parameter name to manage."
-      isnamevar
+  newparam(:name) do
+    desc "The postgresql parameter name to manage."
+    isnamevar

-      newvalues(/^[\w\.]+$/)
-    end
-
-    newproperty(:value) do
-      desc "The value to set for this parameter."
-    end
+    newvalues(/^[\w\.]+$/)
+  end

-    newproperty(:target) do
-      desc "The path to postgresql.conf"
-      defaultto {
-        if @resource.class.defaultprovider.ancestors.include?(Puppet::Provider::ParsedFile)
-          @resource.class.defaultprovider.default_target
-        else
-          nil
-        end
-      }
-    end
+  newproperty(:value) do
+    desc "The value to set for this parameter."
+  end

+  newproperty(:target) do
+    desc "The path to postgresql.conf"
+    defaultto {
+      if @resource.class.defaultprovider.ancestors.include?(Puppet::Provider::ParsedFile)
+        @resource.class.defaultprovider.default_target
+      else
+        nil
+      end
+    }
  end
+
 end
--- a/lib/puppet/type/postgresql_psql.rb
+++ b/lib/puppet/type/postgresql_psql.rb
@@ -43,6 +43,25 @@ Puppet::Type.newtype(:postgresql_psql) do
    end
  end

+  newparam(:onlyif) do
+    desc "An optional SQL command to execute prior to the main :command; " +
+        "this is generally intended to be used for idempotency, to check " +
+        "for the existence of an object in the database to determine whether " +
+        "or not the main SQL command needs to be executed at all."
+
+    # Return true if a matching row is found
+    def matches(value)
+      output, status = provider.run_unless_sql_command(value)
+      status = output.exitcode if status.nil?
+
+      self.fail("Error evaluating 'onlyif' clause, returned #{status}: '#{output}'") unless status == 0
+
+      result_count = output.strip.to_i
+      self.debug("Found #{result_count} row(s) executing 'onlyif' clause")
+      result_count > 0
+    end
+  end
+
  newparam(:db) do
    desc "The name of the database to execute the SQL command against."
  end
@@ -97,7 +116,9 @@ Puppet::Type.newtype(:postgresql_psql) do
  end

  def should_run_sql(refreshing = false)
+    onlyif_param = @parameters[:onlyif]
    unless_param = @parameters[:unless]
+    return false if !onlyif_param.nil? && !onlyif_param.value.nil? && !onlyif_param.matches(onlyif_param.value)
    return false if !unless_param.nil? && !unless_param.value.nil? && unless_param.matches(unless_param.value)
    return false if !refreshing && @parameters[:refreshonly].value == :true
    true

--- a/manifests/client.pp
+++ b/manifests/client.pp
 # Install client cli tool. See README.md for more details.
 class postgresql::client (
  $file_ensure    = 'file',
+  $validcon_script_path  = $postgresql::params::validcon_script_path,
  $package_name   = $postgresql::params::client_package_name,
  $package_ensure = 'present'
 ) inherits postgresql::params {
+  validate_absolute_path($validcon_script_path)
  validate_string($package_name)

  package { 'postgresql-client':
@@ -12,7 +14,7 @@ class postgresql::client (
    tag    => 'postgresql',
  }

-  file { '/usr/local/bin/validate_postgresql_connection.sh':
+  file { $validcon_script_path:
    ensure => $file_ensure,
    source => 'puppet:///modules/postgresql/validate_postgresql_connection.sh',
    owner  => 0,

--- a/manifests/globals.pp
+++ b/manifests/globals.pp
 # Class for setting cross-class global overrides. See README.md for more
 # details.
 class postgresql::globals (
-  $client_package_name  = undef,
-  $server_package_name  = undef,
-  $contrib_package_name = undef,
-  $devel_package_name   = undef,
-  $java_package_name    = undef,
-  $perl_package_name    = undef,
-  $plperl_package_name  = undef,
-  $python_package_name  = undef,
-  $postgis_package_name = undef,
+  $client_package_name    = undef,
+  $server_package_name    = undef,
+  $contrib_package_name   = undef,
+  $devel_package_name     = undef,
+  $java_package_name      = undef,
+  $docs_package_name      = undef,
+  $perl_package_name      = undef,
+  $plperl_package_name    = undef,
+  $plpython_package_name  = undef,
+  $python_package_name    = undef,
+  $postgis_package_name   = undef,

-  $service_name         = undef,
-  $service_provider     = undef,
-  $service_status       = undef,
-  $default_database     = undef,
+  $service_name           = undef,
+  $service_provider       = undef,
+  $service_status         = undef,
+  $default_database       = undef,

-  $initdb_path          = undef,
-  $createdb_path        = undef,
-  $psql_path            = undef,
-  $pg_hba_conf_path     = undef,
-  $pg_ident_conf_path   = undef,
-  $postgresql_conf_path = undef,
+  $validcon_script_path   = undef,

-  $pg_hba_conf_defaults = undef,
+  $initdb_path            = undef,
+  $createdb_path          = undef,
+  $psql_path              = undef,
+  $pg_hba_conf_path       = undef,
+  $pg_ident_conf_path     = undef,
+  $postgresql_conf_path   = undef,
+  $recovery_conf_path     = undef,

-  $datadir              = undef,
-  $confdir              = undef,
-  $bindir               = undef,
-  $xlogdir              = undef,
-  $logdir               = undef,
+  $pg_hba_conf_defaults   = undef,

-  $user                 = undef,
-  $group                = undef,
+  $datadir                = undef,
+  $confdir                = undef,
+  $bindir                 = undef,
+  $xlogdir                = undef,
+  $logdir                 = undef,

-  $version              = undef,
-  $postgis_version      = undef,
+  $user                   = undef,
+  $group                  = undef,

-  $needs_initdb         = undef,
+  $version                = undef,
+  $postgis_version        = undef,
+  $repo_proxy             = undef,

-  $encoding             = undef,
-  $locale               = undef,
+  $needs_initdb           = undef,

-  $manage_pg_hba_conf   = undef,
-  $manage_pg_ident_conf = undef,
+  $encoding               = undef,
+  $locale                 = undef,

-  $manage_package_repo  = undef
+  $manage_pg_hba_conf     = undef,
+  $manage_pg_ident_conf   = undef,
+  $manage_recovery_conf   = undef,
+
+  $manage_package_repo    = undef,
 ) {
  # We are determining this here, because it is needed by the package repo
  # class.
@@ -64,6 +71,12 @@ class postgresql::globals (
        /^5\./ => '8.1',
        default => undef,
      },
+      default => $::operatingsystemrelease ? {
+        /^7\./ => '9.2',
+        /^6\./ => '8.4',
+        /^5\./ => '8.1',
+        default => undef,
+      },
    },
    'Debian' => $::operatingsystem ? {
      'Debian' => $::operatingsystemrelease ? {
@@ -73,6 +86,7 @@ class postgresql::globals (
        default => undef,
      },
      'Ubuntu' => $::operatingsystemrelease ? {
+        /^(15.04)$/ => '9.4',
        /^(14.10)$/ => '9.4',
        /^(14.04)$/ => '9.3',
        /^(11.10|12.04|12.10|13.04|13.10)$/ => '9.1',
@@ -88,7 +102,13 @@ class postgresql::globals (
    'FreeBSD' => '93',
    'OpenBSD' => '9.3',
    'Suse' => $::operatingsystem ? {
-      'SLES' => '91',
+      'SLES' => $::operatingsystemrelease ? {
+        /11\.[0-4]/ => '91',
+        default => '93',
+      },
+      'OpenSuSE' => $::operatingsystemrelease ? {
+        '13.2' => '93',
+      },
      default => undef,
    },
    default => undef,
@@ -110,12 +130,16 @@ class postgresql::globals (
    '93'    => '2.1',
    default => undef,
  }
-  $globals_postgis_version = pick($postgis_version, $default_postgis_version)
+  $globals_postgis_version = $postgis_version ? {
+    undef   => $default_postgis_version,
+    default => $postgis_version,
+  }

  # Setup of the repo only makes sense globally, so we are doing this here.
  if($manage_package_repo) {
    class { 'postgresql::repo':
-      version => $globals_version
+      version => $globals_version,
+      proxy   => $repo_proxy,
    }
  }
 }
--- a/manifests/lib/docs.pp
+++ b/manifests/lib/docs.pp
+# This class installs the postgresql-docs See README.md for more
+# details.
+class postgresql::lib::docs (
+  $package_name   = $postgresql::params::docs_package_name,
+  $package_ensure = 'present',
+) inherits postgresql::params {
+
+  validate_string($package_name)
+
+  package { 'postgresql-docs':
+    ensure => $package_ensure,
+    name   => $package_name,
+    tag    => 'postgresql',
+  }
+
+}
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -16,6 +16,7 @@ class postgresql::params inherits postgresql::globals {
  $service_provider           = $service_provider
  $manage_pg_hba_conf         = pick($manage_pg_hba_conf, true)
  $manage_pg_ident_conf       = pick($manage_pg_ident_conf, true)
+  $manage_recovery_conf       = pick($manage_recovery_conf, false)
  $package_ensure             = 'present'

  # Amazon Linux's OS Family is 'Linux', operating system 'Amazon'.
@@ -29,35 +30,39 @@ class postgresql::params inherits postgresql::globals {
      $package_version    = "${version_parts[0]}${version_parts[1]}"

      if $version == $postgresql::globals::default_version {
-        $client_package_name  = pick($client_package_name, 'postgresql')
-        $server_package_name  = pick($server_package_name, 'postgresql-server')
-        $contrib_package_name = pick($contrib_package_name,'postgresql-contrib')
-        $devel_package_name   = pick($devel_package_name, 'postgresql-devel')
-        $java_package_name    = pick($java_package_name, 'postgresql-jdbc')
-        $plperl_package_name  = pick($plperl_package_name, 'postgresql-plperl')
-        $service_name         = pick($service_name, 'postgresql')
-        $bindir               = pick($bindir, '/usr/bin')
-        $datadir              = $::operatingsystem ? {
+        $client_package_name    = pick($client_package_name, 'postgresql')
+        $server_package_name    = pick($server_package_name, 'postgresql-server')
+        $contrib_package_name   = pick($contrib_package_name,'postgresql-contrib')
+        $devel_package_name     = pick($devel_package_name, 'postgresql-devel')
+        $java_package_name      = pick($java_package_name, 'postgresql-jdbc')
+        $docs_package_name      = pick($docs_package_name, 'postgresql-docs')
+        $plperl_package_name    = pick($plperl_package_name, 'postgresql-plperl')
+        $plpython_package_name  = pick($plpython_package_name, 'postgresql-plpython')
+        $service_name           = pick($service_name, 'postgresql')
+        $bindir                 = pick($bindir, '/usr/bin')
+        $datadir                = $::operatingsystem ? {
          'Amazon' => pick($datadir, '/var/lib/pgsql9/data'),
          default  => pick($datadir, '/var/lib/pgsql/data'),
        }
-        $confdir              = pick($confdir, $datadir)
+        $confdir                = pick($confdir, $datadir)
      } else {
-        $client_package_name  = pick($client_package_name, "postgresql${package_version}")
-        $server_package_name  = pick($server_package_name, "postgresql${package_version}-server")
-        $contrib_package_name = pick($contrib_package_name,"postgresql${package_version}-contrib")
-        $devel_package_name   = pick($devel_package_name, "postgresql${package_version}-devel")
-        $java_package_name    = pick($java_package_name, "postgresql${package_version}-jdbc")
-        $plperl_package_name  = pick($plperl_package_name, "postgresql${package_version}-plperl")
-        $service_name         = pick($service_name, "postgresql-${version}")
-        $bindir               = pick($bindir, "/usr/pgsql-${version}/bin")
-        $datadir              = $::operatingsystem ? {
+        $client_package_name    = pick($client_package_name, "postgresql${package_version}")
+        $server_package_name    = pick($server_package_name, "postgresql${package_version}-server")
+        $contrib_package_name   = pick($contrib_package_name,"postgresql${package_version}-contrib")
+        $devel_package_name     = pick($devel_package_name, "postgresql${package_version}-devel")
+        $java_package_name      = pick($java_package_name, "postgresql${package_version}-jdbc")
+        $docs_package_name      = pick($docs_package_name, "postgresql${package_version}-docs")
+        $plperl_package_name    = pick($plperl_package_name, "postgresql${package_version}-plperl")
+        $plpython_package_name  = pick($plpython_package_name, "postgresql${package_version}-plpython")
+        $service_name           = pick($service_name, "postgresql-${version}")
+        $bindir                 = pick($bindir, "/usr/pgsql-${version}/bin")
+        $datadir                = $::operatingsystem ? {
          'Amazon' => pick($datadir, "/var/lib/pgsql9/${version}/data"),
          default  => pick($datadir, "/var/lib/pgsql/${version}/data"),
        }
-        $confdir              = pick($confdir, $datadir)
+        $confdir                = pick($confdir, $datadir)
      }
-      $psql_path            = pick($psql_path, "${bindir}/psql")
+      $psql_path           = pick($psql_path, "${bindir}/psql")

      $service_status      = $service_status
      $service_reload      = "service ${service_name} reload"
@@ -67,7 +72,7 @@ class postgresql::params inherits postgresql::globals {
      $postgis_package_name = pick(
        $postgis_package_name,
        $::operatingsystemrelease ? {
-          /5/     => 'postgis',
+          /^5\./     => 'postgis',
          default => versioncmp($postgis_version, '2') ? {
            '-1'    => "postgis${package_version}",
            default => "postgis2_${package_version}",}
@@ -83,26 +88,27 @@ class postgresql::params inherits postgresql::globals {

      # Archlinux doesn't have a client-package but has a libs package which
      # pulls in postgresql server
-      $client_package_name  = pick($client_package_name, 'postgresql')
-      $server_package_name  = pick($server_package_name, 'postgresql-libs')
-      $java_package_name    = pick($java_package_name, 'postgresql-jdbc')
+      $client_package_name    = pick($client_package_name, 'postgresql')
+      $server_package_name    = pick($server_package_name, 'postgresql-libs')
+      $java_package_name      = pick($java_package_name, 'postgresql-jdbc')
      # Archlinux doesn't have develop packages
-      $devel_package_name   = pick($devel_package_name, 'postgresql-devel')
+      $devel_package_name     = pick($devel_package_name, 'postgresql-devel')
      # Archlinux does have postgresql-contrib but it isn't maintained
-      $contrib_package_name = pick($contrib_package_name,'undef')
+      $contrib_package_name   = pick($contrib_package_name,'undef')
      # Archlinux postgresql package provides plperl
-      $plperl_package_name  = pick($plperl_package_name, 'undef')
-      $service_name         = pick($service_name, 'postgresql')
-      $bindir               = pick($bindir, '/usr/bin')
-      $datadir              = pick($datadir, '/var/lib/postgres/data')
-      $confdir              = pick($confdir, $datadir)
-      $psql_path            = pick($psql_path, "${bindir}/psql")
+      $plperl_package_name    = pick($plperl_package_name, 'undef')
+      $plpython_package_name  = pick($plpython_package_name, 'undef')
+      $service_name           = pick($service_name, 'postgresql')
+      $bindir                 = pick($bindir, '/usr/bin')
+      $datadir                = pick($datadir, '/var/lib/postgres/data')
+      $confdir                = pick($confdir, $datadir)
+      $psql_path              = pick($psql_path, "${bindir}/psql")

-      $service_status      = $service_status
-      $service_reload      = "service ${service_name} reload"
-      $python_package_name = pick($python_package_name, 'python-psycopg2')
+      $service_status         = $service_status
+      $service_reload         = "service ${service_name} reload"
+      $python_package_name    = pick($python_package_name, 'python-psycopg2')
      # Archlinux does not have a perl::DBD::Pg package
-      $perl_package_name = pick($perl_package_name, 'undef')
+      $perl_package_name      = pick($perl_package_name, 'undef')
    }

    'Debian': {
@@ -125,31 +131,32 @@ class postgresql::params inherits postgresql::globals {
        }
      }

-      $client_package_name  = pick($client_package_name, "postgresql-client-${version}")
-      $server_package_name  = pick($server_package_name, "postgresql-${version}")
-      $contrib_package_name = pick($contrib_package_name, "postgresql-contrib-${version}")
+      $client_package_name    = pick($client_package_name, "postgresql-client-${version}")
+      $server_package_name    = pick($server_package_name, "postgresql-${version}")
+      $contrib_package_name   = pick($contrib_package_name, "postgresql-contrib-${version}")
      if versioncmp($postgis_version, '2') < 0 {
        $postgis_package_name = pick($postgis_package_name, "postgresql-${version}-postgis")
      } else {
        $postgis_package_name = pick($postgis_package_name, "postgresql-${version}-postgis-${postgis_version}")
      }
-      $devel_package_name   = pick($devel_package_name, 'libpq-dev')
-      $java_package_name    = pick($java_package_name, 'libpostgresql-jdbc-java')
-      $perl_package_name    = pick($perl_package_name, 'libdbd-pg-perl')
-      $plperl_package_name  = pick($plperl_package_name, "postgresql-plperl-${version}")
-      $python_package_name  = pick($python_package_name, 'python-psycopg2')
+      $devel_package_name     = pick($devel_package_name, 'libpq-dev')
+      $java_package_name      = pick($java_package_name, 'libpostgresql-jdbc-java')
+      $perl_package_name      = pick($perl_package_name, 'libdbd-pg-perl')
+      $plperl_package_name    = pick($plperl_package_name, "postgresql-plperl-${version}")
+      $plpython_package_name  = pick($plpython_package_name, "postgresql-plpython-${version}")
+      $python_package_name    = pick($python_package_name, 'python-psycopg2')

-      $bindir               = pick($bindir, "/usr/lib/postgresql/${version}/bin")
-      $datadir              = pick($datadir, "/var/lib/postgresql/${version}/main")
-      $confdir              = pick($confdir, "/etc/postgresql/${version}/main")
+      $bindir                 = pick($bindir, "/usr/lib/postgresql/${version}/bin")
+      $datadir                = pick($datadir, "/var/lib/postgresql/${version}/main")
+      $confdir                = pick($confdir, "/etc/postgresql/${version}/main")
      if $::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8.0') >= 0 {
        # Jessie uses systemd
        $service_status = pick($service_status, "/usr/sbin/service ${service_name}@*-main status")
      } else {
        $service_status = pick($service_status, "/etc/init.d/${service_name} status | /bin/egrep -q 'Running clusters: .+|online'")
      }
-      $service_reload       = "service ${service_name} reload"
-      $psql_path            = pick($psql_path, '/usr/bin/psql')
+      $service_reload         = "service ${service_name} reload"
+      $psql_path              = pick($psql_path, '/usr/bin/psql')
    }

    'FreeBSD': {
@@ -210,10 +217,10 @@ class postgresql::params inherits postgresql::globals {
      $server_package_name  = pick($server_package_name, "postgresql${version}-server")
      $contrib_package_name = pick($contrib_package_name, "postgresql${version}-contrib")
      $devel_package_name   = pick($devel_package_name, "postgresql${version}-devel")
-      $java_package_name    = pick($java_package_name, undef)
-      $perl_package_name    = pick($plperl_package_name, undef)
-      $plperl_package_name  = pick($plperl_package_name, undef)
-      $python_package_name  = pick($python_package_name, undef)
+      $java_package_name    = pick($java_package_name, "postgresql${version}-jdbc")
+      $perl_package_name    = pick($plperl_package_name, 'perl-DBD-Pg')
+      $plperl_package_name  = pick($plperl_package_name, "postgresql${version}-plperl")
+      $python_package_name  = pick($python_package_name, 'python-psycopg2')

      $service_name         = pick($service_name, 'postgresql')
      $bindir               = pick($bindir, "/usr/lib/postgresql${version}/bin")
@@ -244,11 +251,13 @@ class postgresql::params inherits postgresql::globals {
    }
  }

+  $validcon_script_path = pick($validcon_script_path, '/usr/local/bin/validate_postgresql_connection.sh')
  $initdb_path          = pick($initdb_path, "${bindir}/initdb")
  $createdb_path        = pick($createdb_path, "${bindir}/createdb")
  $pg_hba_conf_path     = pick($pg_hba_conf_path, "${confdir}/pg_hba.conf")
  $pg_hba_conf_defaults = pick($pg_hba_conf_defaults, true)
  $pg_ident_conf_path   = pick($pg_ident_conf_path, "${confdir}/pg_ident.conf")
  $postgresql_conf_path = pick($postgresql_conf_path, "${confdir}/postgresql.conf")
+  $recovery_conf_path   = pick($recovery_conf_path, "${datadir}/recovery.conf")
  $default_database     = pick($default_database, 'postgres')
 }
--- a/manifests/repo.pp
+++ b/manifests/repo.pp
 # PRIVATE CLASS: do not use directly
 class postgresql::repo (
-  $version = undef
+  $version = undef,
+  $proxy = undef,
 ) inherits postgresql::params {
  case $::osfamily {
    'RedHat', 'Linux': {

--- a/manifests/repo/yum_postgresql_org.pp
+++ b/manifests/repo/yum_postgresql_org.pp
@@ -23,6 +23,7 @@ class postgresql::repo::yum_postgresql_org inherits postgresql::repo {
    enabled  => 1,
    gpgcheck => 1,
    gpgkey   => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-${package_version}",
+    proxy    => $postgresql::repo::proxy,
  }

  Yumrepo['yum.postgresql.org'] -> Package<|tag == 'postgresql'|>

--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -7,6 +7,7 @@ class postgresql::server (
  $package_ensure             = $postgresql::params::package_ensure,

  $plperl_package_name        = $postgresql::params::plperl_package_name,
+  $plpython_package_name      = $postgresql::params::plpython_package_name,

  $service_ensure             = $postgresql::params::service_ensure,
  $service_enable             = $postgresql::params::service_enable,
@@ -30,6 +31,7 @@ class postgresql::server (
  $pg_hba_conf_path           = $postgresql::params::pg_hba_conf_path,
  $pg_ident_conf_path         = $postgresql::params::pg_ident_conf_path,
  $postgresql_conf_path       = $postgresql::params::postgresql_conf_path,
+  $recovery_conf_path         = $postgresql::params::recovery_conf_path,

  $datadir                    = $postgresql::params::datadir,
  $xlogdir                    = $postgresql::params::xlogdir,
@@ -47,6 +49,7 @@ class postgresql::server (

  $manage_pg_hba_conf         = $postgresql::params::manage_pg_hba_conf,
  $manage_pg_ident_conf       = $postgresql::params::manage_pg_ident_conf,
+  $manage_recovery_conf       = $postgresql::params::manage_recovery_conf,

  #Deprecated
  $version                    = undef,

--- a/manifests/server/config.pp
+++ b/manifests/server/config.pp
@@ -9,12 +9,15 @@ class postgresql::server::config {
  $pg_hba_conf_path           = $postgresql::server::pg_hba_conf_path
  $pg_ident_conf_path         = $postgresql::server::pg_ident_conf_path
  $postgresql_conf_path       = $postgresql::server::postgresql_conf_path
+  $recovery_conf_path         = $postgresql::server::recovery_conf_path
  $pg_hba_conf_defaults       = $postgresql::server::pg_hba_conf_defaults
  $user                       = $postgresql::server::user
  $group                      = $postgresql::server::group
  $version                    = $postgresql::server::_version
+  $manage_package_repo        = $postgresql::server::manage_package_repo
  $manage_pg_hba_conf         = $postgresql::server::manage_pg_hba_conf
  $manage_pg_ident_conf       = $postgresql::server::manage_pg_ident_conf
+  $manage_recovery_conf       = $postgresql::server::manage_recovery_conf
  $datadir                    = $postgresql::server::datadir
  $logdir                     = $postgresql::server::logdir

@@ -67,12 +70,6 @@ class postgresql::server::config {
        order       => '004',
      }

-      # ipv4acls are passed as an array of rule strings, here we transform
-      # them into a resources hash, and pass the result to create_resources
-      $ipv4acl_resources = postgresql_acls_to_resources_hash($ipv4acls,
-      'ipv4acls', 10)
-      create_resources('postgresql::server::pg_hba_rule', $ipv4acl_resources)
-
      postgresql::server::pg_hba_rule { 'allow access to all users':
        type        => 'host',
        address     => $ip_mask_allow_all_users,
@@ -85,13 +82,20 @@ class postgresql::server::config {
        auth_method => 'md5',
        order       => '101',
      }
-
-      # ipv6acls are passed as an array of rule strings, here we transform
-      # them into a resources hash, and pass the result to create_resources
-      $ipv6acl_resources = postgresql_acls_to_resources_hash($ipv6acls,
-      'ipv6acls', 102)
-      create_resources('postgresql::server::pg_hba_rule', $ipv6acl_resources)
    }
+
+    # ipv4acls are passed as an array of rule strings, here we transform
+    # them into a resources hash, and pass the result to create_resources
+    $ipv4acl_resources = postgresql_acls_to_resources_hash($ipv4acls,
+    'ipv4acls', 10)
+    create_resources('postgresql::server::pg_hba_rule', $ipv4acl_resources)
+
+
+    # ipv6acls are passed as an array of rule strings, here we transform
+    # them into a resources hash, and pass the result to create_resources
+    $ipv6acl_resources = postgresql_acls_to_resources_hash($ipv6acls,
+    'ipv6acls', 102)
+    create_resources('postgresql::server::pg_hba_rule', $ipv6acl_resources)
  }

  # We must set a "listen_addresses" line in the postgresql.conf if we
@@ -144,11 +148,22 @@ class postgresql::server::config {
    }
  }

+  if ($manage_recovery_conf == true) {
+    concat { $recovery_conf_path:
+      owner  => $user,
+      group  => $group,
+      force  => true, # do not crash if there is no recovery conf file
+      mode   => '0640',
+      warn   => true,
+      notify => Class['postgresql::server::reload'],
+    }
+  }
+
  if $::osfamily == 'RedHat' {
    if $::operatingsystemrelease =~ /^7/ or $::operatingsystem == 'Fedora' {
      file { 'systemd-override':
        ensure  => present,
-        path    => '/etc/systemd/system/postgresql.service',
+        path    => "/etc/systemd/system/${postgresql::params::service_name}.service",
        owner   => root,
        group   => root,
        content => template('postgresql/systemd-override.erb'),

--- a/manifests/server/grant.pp
+++ b/manifests/server/grant.pp
@@ -2,12 +2,13 @@
 define postgresql::server::grant (
  $role,
  $db,
-  $privilege   = undef,
-  $object_type = 'database',
-  $object_name = undef,
-  $psql_db     = $postgresql::server::default_database,
-  $psql_user   = $postgresql::server::user,
-  $port        = $postgresql::server::port
+  $privilege     = undef,
+  $object_type   = 'database',
+  $object_name   = undef,
+  $psql_db       = $postgresql::server::default_database,
+  $psql_user     = $postgresql::server::user,
+  $port          = $postgresql::server::port,
+  $onlyif_exists = false,
 ) {
  $group     = $postgresql::server::group
  $psql_path = $postgresql::server::psql_path
@@ -18,6 +19,8 @@ define postgresql::server::grant (
    $_object_name = $object_name
  }

+  validate_bool($onlyif_exists)
+
  ## Munge the input values
  $_object_type = upcase($object_type)
  $_privilege   = upcase($privilege)
@@ -31,13 +34,15 @@ define postgresql::server::grant (
    #'FUNCTION',
    #'PROCEDURAL LANGUAGE',
    'SCHEMA',
-    #'SEQUENCE',
+    'SEQUENCE',
+    'ALL SEQUENCES IN SCHEMA',
    'TABLE',
    'ALL TABLES IN SCHEMA',
    #'TABLESPACE',
    #'VIEW',
  )
  # You can use ALL TABLES IN SCHEMA by passing schema_name to object_name
+  # You can use ALL SEQUENCES IN SCHEMA by passing schema_name to object_name

  ## Validate that the object type's privilege is acceptable
  # TODO: this is a terrible hack; if they pass "ALL" as the desired privilege,
@@ -59,6 +64,7 @@ define postgresql::server::grant (
        'ALL','ALL PRIVILEGES')
      $unless_function = 'has_database_privilege'
      $on_db = $psql_db
+      $onlyif_function = undef
    }
    'SCHEMA': {
      $unless_privilege = $_privilege ? {
@@ -69,6 +75,54 @@ define postgresql::server::grant (
      validate_string($_privilege, 'CREATE', 'USAGE', 'ALL', 'ALL PRIVILEGES')
      $unless_function = 'has_schema_privilege'
      $on_db = $db
+      $onlyif_function = undef
+    }
+    'SEQUENCE': {
+      $unless_privilege = $_privilege ? {
+        'ALL'   => 'USAGE',
+        default => $_privilege,
+      }
+      validate_string($unless_privilege,'USAGE','ALL','ALL PRIVILEGES')
+      $unless_function = 'has_sequence_privilege'
+      $on_db = $db
+    }
+    'ALL SEQUENCES IN SCHEMA': {
+      validate_string($_privilege,'USAGE','ALL','ALL PRIVILEGES')
+      $unless_function = 'custom'
+      $on_db = $db
+
+      $schema = $object_name
+
+      $custom_privilege = $_privilege ? {
+        'ALL'            => 'USAGE',
+        'ALL PRIVILEGES' => 'USAGE',
+        default          => $_privilege,
+      }
+      
+      # This checks if there is a difference between the sequences in the
+      # specified schema and the sequences for which the role has the specified
+      # privilege. It uses the EXCEPT clause which computes the set of rows
+      # that are in the result of the first SELECT statement but not in the
+      # result of the second one. It then counts the number of rows from this
+      # operation. If this number is zero then the role has the specified
+      # privilege for all sequences in the schema and the whole query returns a
+      # single row, which satisfies the `unless` parameter of Postgresql_psql.
+      # If this number is not zero then there is at least one sequence for which
+      # the role does not have the specified privilege, making it necessary to
+      # execute the GRANT statement.
+      $custom_unless = "SELECT 1 FROM (
+        SELECT sequence_name
+        FROM information_schema.sequences
+        WHERE sequence_schema='${schema}'
+          EXCEPT DISTINCT
+        SELECT object_name as sequence_name
+        FROM information_schema.role_usage_grants
+        WHERE object_type='SEQUENCE'
+        AND grantee='${role}'
+        AND object_schema='${schema}'
+        AND privilege_type='${custom_privilege}'
+        ) P
+        HAVING count(P.sequence_name) = 0"
    }
    'TABLE': {
      $unless_privilege = $_privilege ? {
@@ -79,12 +133,17 @@ define postgresql::server::grant (
        'TRUNCATE','REFERENCES','TRIGGER','ALL','ALL PRIVILEGES')
      $unless_function = 'has_table_privilege'
      $on_db = $db
+      $onlyif_function = $onlyif_exists ? {
+        true    => 'table_exists',
+        default => undef,
+      }
    }
    'ALL TABLES IN SCHEMA': {
      validate_string($_privilege,'SELECT','INSERT','UPDATE','DELETE',
        'TRUNCATE','REFERENCES','TRIGGER','ALL','ALL PRIVILEGES')
      $unless_function = 'custom'
      $on_db = $db
+      $onlyif_function = undef

      $schema = $object_name

@@ -150,6 +209,11 @@ define postgresql::server::grant (
                  '${_granted_object}', '${unless_privilege}')",
  }

+  $_onlyif = $onlyif_function ? {
+    'table_exists' => "SELECT true FROM pg_tables WHERE tablename = '${_togrant_object}'",
+    default        => undef,
+  }
+
  $grant_cmd = "GRANT ${_privilege} ON ${_object_type} \"${_togrant_object}\" TO
      \"${role}\""
  postgresql_psql { "grant:${name}":
@@ -160,6 +224,7 @@ define postgresql::server::grant (
    psql_group => $group,
    psql_path  => $psql_path,
    unless     => $_unless,
+    onlyif     => $_onlyif,
    require    => Class['postgresql::server']
  }


--- a/manifests/server/initdb.pp
+++ b/manifests/server/initdb.pp
@@ -83,19 +83,25 @@ class postgresql::server::initdb {
      require   => File[$require_before_initdb],
    }
    # The package will take care of this for us the first time, but if we
-    # ever need to init a new db we need to make these links explicitly
+    # ever need to init a new db we need to copy these files explicitly
    if $::operatingsystem == 'Debian' or $::operatingsystem == 'Ubuntu' {
      if $::operatingsystemrelease =~ /^6/ or $::operatingsystemrelease =~ /^7/ or $::operatingsystemrelease =~ /^10\.04/ or $::operatingsystemrelease =~ /^12\.04/ {
        file { 'server.crt':
-          ensure  => link,
+          ensure  => file,
          path    => "${datadir}/server.crt",
-          target  => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
+          source  => 'file:///etc/ssl/certs/ssl-cert-snakeoil.pem',
+          owner   => $::postgresql::server::user,
+          group   => $::postgresql::server::group,
+          mode    => '0644',
          require => Exec['postgresql_initdb'],
        }
        file { 'server.key':
-          ensure  => link,
+          ensure  => file,
          path    => "${datadir}/server.key",
-          target  => '/etc/ssl/private/ssl-cert-snakeoil.key',
+          source  => 'file:///etc/ssl/private/ssl-cert-snakeoil.key',
+          owner   => $::postgresql::server::user,
+          group   => $::postgresql::server::group,
+          mode    => '0600',
          require => Exec['postgresql_initdb'],
        }
      }

--- a/manifests/server/passwd.pp
+++ b/manifests/server/passwd.pp
@@ -21,8 +21,8 @@ class postgresql::server::passwd {
      logoutput   => true,
      cwd         => '/tmp',
      environment => [
-        "PGPASSWORD='${postgres_password}'",
-        "NEWPASSWD_ESCAPED='${escaped}'",
+        "PGPASSWORD=${postgres_password}",
+        "NEWPASSWD_ESCAPED=${escaped}",
      ],
      # With this command we're passing -h to force TCP authentication, which
      # does require a password.  We specify the password via the PGPASSWORD

--- a/manifests/server/pg_hba_rule.pp
+++ b/manifests/server/pg_hba_rule.pp
@@ -12,10 +12,19 @@ define postgresql::server::pg_hba_rule(

  # Needed for testing primarily, support for multiple files is not really
  # working.
-  $target      = $postgresql::server::pg_hba_conf_path
+  $target             = $postgresql::server::pg_hba_conf_path,
+  $postgresql_version = $postgresql::server::_version
 ) {

-  if $postgresql::server::manage_pg_hba_conf == false {
+  #Allow users to manage pg_hba.conf even if they are not managing the whole PostgreSQL instance
+  if !defined( 'postgresql::server' ) {
+    $manage_pg_hba_conf = true
+  }
+  else {
+    $manage_pg_hba_conf = $postgresql::server::manage_pg_hba_conf
+  }
+
+  if $manage_pg_hba_conf == false {
      fail('postgresql::server::manage_pg_hba_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests')
  } else {
    validate_re($type, '^(local|host|hostssl|hostnossl)$',
@@ -25,13 +34,14 @@ define postgresql::server::pg_hba_rule(
      fail('You must specify an address property when type is host based')
    }

-    $allowed_auth_methods = $postgresql::server::_version ? {
-      '9.3' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
-      '9.2' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
-      '9.1' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
-      '9.0' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'radius', 'cert', 'pam'],
-      '8.4' => ['trust', 'reject', 'md5', 'sha1', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'cert', 'pam'],
-      '8.3' => ['trust', 'reject', 'md5', 'sha1', 'crypt', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'pam'],
+    $allowed_auth_methods = $postgresql_version ? {
+      '9.4' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
+      '9.3' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
+      '9.2' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
+      '9.1' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],
+      '9.0' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'radius', 'cert', 'pam'],
+      '8.4' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'cert', 'pam'],
+      '8.3' => ['trust', 'reject', 'md5', 'crypt', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'pam'],
      '8.2' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'ldap', 'pam'],
      '8.1' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'pam'],
      default => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'crypt']

--- a/manifests/server/plpython.pp
+++ b/manifests/server/plpython.pp
+# This class installs the PL/Python procedural language for postgresql. See
+# README.md for more details.
+class postgresql::server::plpython(
+  $package_ensure = 'present',
+  $package_name   = $postgresql::server::plpython_package_name,
+) {
+  package { 'postgresql-plpython':
+    ensure => $package_ensure,
+    name   => $package_name,
+    tag    => 'postgresql',
+  }
+
+  anchor { 'postgresql::server::plpython::start': }->
+  Class['postgresql::server::install']->
+  Package['postgresql-plpython']->
+  Class['postgresql::server::service']->
+  anchor { 'postgresql::server::plpython::end': }
+
+}