postgresql (124) Versions 7.1.3

Installs and configures postgresql for clients or servers

Quality 100%

PostgreSQL cookbook

CircleCI Cookbook Version pullreminders

Installs and configures PostgreSQL as a client or a server.


If you are wondering where all the recipes went in v7.0+, or how on earth I use this new cookbook please see for a full description.



  • Amazon Linux
  • Debian 7+
  • Ubuntu 14.04+
  • Red Hat/CentOS/Scientific 6+
  • Fedora

PostgreSQL version

We follow the currently supported versions listed on


  • Chef 13.8+

Cookbook Dependencies




This resource installs PostgreSQL client packages.


  • install - (default) Install client packages


Name Types Description Default Required?
version String Version of PostgreSQL to install '9.6' no
setup_repo Boolean Define if you want to add the PostgreSQL repo true no
hba_file String #{conf_dir}/main/pg_hba.conf no
ident_file String #{conf_dir}/main/pg_ident.conf no
external_pid_file String /var/run/postgresql/#{version} no
password String, nil Pass in a password, or have the cookbook generate one for you <random string> no


To install version 9.5:

postgresql_client_install 'My PostgreSQL Client install' do
  version '9.5'


This resource installs PostgreSQL client and server packages.


  • install - (default) Install client and server packages
  • create - Initialize the database


Name Types Description Default Required?
version String Version of PostgreSQL to install '9.6' no
setup_repo Boolean Define if you want to add the PostgreSQL repo true no
hba_file String Path of pg_hba.conf file <default_os_path>/pg_hba.conf' no
ident_file String Path of pg_ident.conf file <default_os_path>/pg_ident.conf no
external_pid_file String Path of PID file /var/run/postgresql/<version></version> no
password String, nil Set PostgreSQL user password 'generate' no
port Integer Set listen port of PostgreSQL service 5432 no
initdb_locale String Locale to initialise the database with 'C' no


To install PostgreSQL server, set your own postgres password using non-default service port.

postgresql_server_install 'My PostgreSQL Server install' do
  action :install

postgresql_server_install 'Setup my PostgreSQL 9.6 server' do
  password 'MyP4ssw0rd'
  port 5433
  action :create

Known issues

On some platforms (e.g. Ubuntu 18.04), your initdb_locale should be set to the
same as the template database GH-555.


This resource manages postgresql.conf configuration file.


  • modify - (default) Manager PostgreSQL configuration file (postgresql.conf)


Name Types Description Default Required?
version String Version of PostgreSQL to install '9.6' no
data_directory String Path of PostgreSQL data directory <default_os_data_path> no
hba_file String Path of pg_hba.conf file <default_os_conf_path>/pg_hba.conf no
ident_file String Path of pg_ident.conf file <default_os_conf_path>/pg_ident.conf no
external_pid_file String Path of PID file /var/run/postgresql/<postgresql_version> no
stats_temp_directory String Path of stats file /var/run/postgresql/version>-main.pg_stat_tmp no
port Integer Set listen port of PostgreSQL service 5432 no
additional_config Hash Extra configuration for the config file {} no


To setup your PostgreSQL configuration with a specific data directory. If you have installed a specific version of PostgreSQL (different from 9.6), you must specify version in this resource too.

postgresql_server_conf 'My PostgreSQL Config' do
  version '9.5'
  data_directory '/data/postgresql/9.5/main'
  notifies :reload, 'service[postgresql]'


This resource manages PostgreSQL extensions for a given database.


  • create - (default) Creates an extension in a given database
  • drop - Drops an extension from the database


Name Types Description Default Required?
database String Name of the database to install the extension into yes
extension String Name of the extension to install the database Name of resource yes
version String Version of the extension to install no
old_version String Older module name for new extension replacement. Appends FROM to extension query no


To install the adminpack extension:

# Add the contrib package in Ubuntu/Debian
package 'postgresql-contrib-9.6'

# Install adminpack extension
postgresql_extension 'postgres adminpack' do
  database 'postgres'
  extension 'adminpack'


This resource uses the accumulator pattern to build up the pg_hba.conf file via chef resources instead of piling on a mountain of chef attributes to make this cookbook more reusable. It directly mirrors the configuration options of the postgres hba file in the resource and by default notifies the server with a reload to avoid a full restart, causing a potential outage of service. To revoke access, simply remove the resource and the access change won't be computed into the final pg_hba.conf


  • grant - (default) Creates an access line inside of pg_hba.conf


Name Types Description Default Required?
name String Name of the access resource, this is left as a comment inside the pg_hba config Resource name yes
source String The cookbook template filename if you want to use your own custom template 'pg_hba.conf.erb' yes
cookbook String The cookbook to look in for the template source 'postgresql' yes
comment String A comment to leave above the entry in pg_hba nil no
access_type String The type of access, e.g. local or host 'local' yes
access_db String The database to access. Can use 'all' for all databases 'all' yes
access_user String The user accessing the database. Can use 'all' for any user 'all' yes
access_addr String The address(es) allowed access. Can be nil if method ident is used since it is local then nil no
access_method String Authentication method to use 'ident' yes


To grant access to the PostgreSQL user with ident authentication:

postgresql_access 'local_postgres_superuser' do
  comment 'Local postgres superuser access'
  access_type 'local'
  access_db 'all'
  access_user 'postgres'
  access_addr nil
  access_method 'ident'

This generates the following line in the pg_hba.conf:

# Local postgres superuser access
local   all             postgres                                ident

Note: The template by default generates a local access for Unix domain sockets only to support running the SQL execute resources. In Postgres version 9.1 and higher, the method is 'peer' instead of 'ident' which is identical. It looks like this:

# "local" is for Unix domain socket connections only
local   all             all                                     peer


This resource generate pg_ident.conf configuration file to manage user mapping between system and PostgreSQL users.


  • create - (default) Creates an mapping line inside of pg_ident.conf


Name Types Description Default Required?
mapname String Name of the user mapping Resource name yes
source String The cookbook template filename if you want to use your own custom template 'pg_ident.conf.erb' no
cookbook String The cookbook to look in for the template source 'postgresql' no
comment String, nil A comment to leave above the entry in pg_ident nil no
system_user String System user or regexp used for the mapping None yes
pg_user String Pg user or regexp used for the mapping None yes


Creates a mymapping mapping that map john system user to user1 PostgreSQL user:

postgresql_ident 'Map john to user1' do
  comment 'John Mapping'
  mapname 'mymapping'
  system_user 'john'
  pg_user 'user1'

This generates the following line in the pg_ident.conf:


# John Mapping
mymapping       john                    user1

To grant access to the foo user with password authentication:

postgresql_access 'local_foo_user' do
  comment 'Foo user access'
  access_type 'host'
  access_db 'all'
  access_user 'foo'
  access_addr ''
  access_method 'md5'

This generates the following line in the pg_hba.conf:

# Local postgres superuser access
host   all             foo                ident


This resource manages PostgreSQL databases.


  • create - (default) Creates the given database.
  • drop - Drops the given database.


Name Types Description Default Required?
database String Name of the database to create Resource name yes
user String User which run psql command 'postgres' no
template String Template used to create the new database 'template1' no
host String Define the host server where the database creation will be executed Not set (localhost) no
port Integer Define the port of PostgreSQL server 5432 no
encoding String Define database encoding 'UTF-8' no
locale String Define database locale 'en_US.UTF-8' no
owner String Define the owner of the database Not set no


To create database named 'my_app' with owner 'user1':

postgresql_database 'my_app' do
  owner 'user1'

Known issues

On some platforms (e.g. Ubuntu 18.04), your initdb_locale should be set to the
same as the template database GH-555.


This resource manage PostgreSQL users.


  • create - (default) Creates the given user with default or given privileges.
  • update - Update user privilieges.
  • drop - Deletes the given user.


Name Types Description Default Required?
create_user String User to create (defaults to the resource name) Yes
superuser Boolean Define if user needs superuser role false no
createdb Boolean Define if user needs createdb role false no
createrole Boolean Define if user needs createrole role false no
inherit Boolean Define if user inherits the privileges of roles true no
replication Boolean Define if user needs replication role false no
login Boolean Define if user can login true no
password String Set user's password no
encrypted_password String Set user's password with an hashed password no
valid_until String Define an account expiration date no
attributes Hash Additional attributes for :update action {} no
user String User for command postgres no
database String Database for command no
host String Hostname for command no
port Integer Port number to connect to postgres 5432 no


Create a user user1 with a password, with createdb role and set an expiration date to 2018, Dec 21.

postgresql_user 'user1' do
  password 'UserP4ssword'
  createdb true
  valid_until '2018-12-31'

Create a user user1 with a password, with createdb role and set an expiration date to 2018, Dec 21.

postgresql_user 'user1' do
  password 'UserP4ssword'
  createdb true
  valid_until '2018-12-31'


To install and configure your PostgreSQL instance you need to create your own cookbook and call needed resources with your own parameters.

More examples can be found in test/cookbooks/test/recipes

Example Usage

# cookbooks/my_postgresql/recipes/default.rb

postgresql_client_install 'PostgreSQL Client' do
  setup_repo false
  version '10.6'

postgresql_server_install 'PostgreSQL Server' do
  version '10.6'
  setup_repo false
  password 'P0stgresP4ssword'

postgresql_server_conf 'PostgreSQL Config' do
  notifies :reload, 'service[postgresql]'


Please refer to each project's style guidelines and guidelines for submitting patches and additions. In general, we follow the "fork-and-pull" Git workflow.

  1. Fork the repo on GitHub
  2. Clone the project to your own machine
  3. Commit changes to your own branch
  4. Push your work back up to your fork
  5. Submit a Pull request so that we can review your changes

NOTE: Be sure to merge the latest from "upstream" before making a pull request!

[Contribution informations for this project](


Copyright 2010-2017, Chef Software, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
See the License for the specific language governing permissions and
limitations under the License.

postgresql Cookbook CHANGELOG

This file is used to list changes made in the last 3 major versions of the postgresql cookbook.


v7.1.3 (15-01-2019)

  • Added support for dash in database role name.

v7.1.2 (06-01-2019)

  • Cleanup and update the user resource documentation and code. Removed extraneous 'sensitive' property which is a common property in all Chef resources.
  • Change default permissions on the postgres.conf to be world readable so that psql can work.

v7.1.1 (26-09-2018)

  • Rename slave to follower
  • Use CircleCI for testing
  • Simplyfy extension resource

v7.1.0 (22-06-2018)

  • Update the initdb script to use initdb rather than a service. #542
  • Refactor database commands to use the common connect method. #535
  • Increase the unit test coverage.

v7.0.0 (25-05-2018)

Breaking Change Please see and the for information how to use.

  • Add custom resources for:

    • postgresql_client_install
    • postgresql_server_install
    • postgresql_repository
    • postgresql_pg_gem
  • Deprecate recipes:

    • apt_pgdg_postgresql
    • config_initdb
    • config_pgtune
    • contrib
    • ruby
    • yum_pgdg_postgresql
  • Remove deprecated tests

v6.1.3 (2018-04-18)

  • Fix recipes referencing the old helpers

v6.1.2 (2018-04-16)

this will be the last release of the 6.0 series before all recipes are removed from the cookbook

  • Deprecate all recipes

v6.1.1 (2017-03-08)

  • Fix pg gem installation on non-omnibus chef runs
  • Resolve resource cloning deprecation warnings in the ruby recipe
  • Fix issues resolving the timezone on CentOS 7 and probably other distros
  • Test with Delivery local instead of Rake

v6.1.0 (2017-02-18)

  • Fix a method name conflict that caused errors if Chef Sugar was also being used on the run list
  • Revert a previous PR that added support for Postgresql 9.6 as it introduced incorrect configuration values
  • Added Fedora 25 support for pgdg packages
  • Added RHEL 5 support for Postgresql 9.4 pgdg packages
  • Removed testing for RHEL 5 and Ubuntu 12.04 as they are scheduled for EoL in the near future
  • Improvements to Test Kitchen testing to allow more extensive testing in Travis CI
  • Fixed the client recipe on Fedora
  • Added Inspec tests for client installs

v6.0.1 (2017-01-04

  • Fix systemd unit file template

v6.0.0 (2017-01-03)

  • This cookbook now requires Chef 12.1 or later
  • Removed the dependency on the apt cookbook as this functionality is built into modern chef client releases
  • Added a new custom resource for installing extensions. This acts as a replacement for the contrib recipe with minimal backwards compatibility. You can now install / remove extensions into any database. This adds the compat_resource cookbook dependency so we can continue to support Chef 12.1-12.4, which lack custom resource support.
  • The unused get_result_orig helper has been removed. If you utilized this you'll want to move it to your own wrapper cookbook
  • Updates for compatibility with Postgresql 9.5 and 9.6
  • Fixed client package installation on openSUSE Leap 42.2
  • ca-certificates recipe has been deprecated. If ca-certificates package needs to be upgraded the user should do so prior to including this recipe. Package upgrades in community cookbooks are generally a bad idea as this bring in updated packages to production systems. The recipe currently warns if used and will be removed with the next major cookbook release.
  • Fixed RHEL platform detection in the Ruby recipe
  • systemd fixes for RHEL systems
  • Fix systemd service file include when using pgdg packages
  • Package installation now uses multi-package installs to speed up converge times
  • Added integration testing in Travis of the client recipe using a new test cookbook. This will be expanded in the future to cover server installation as well
  • Expanded the specs to test converges on multiple platforms

v5.2.0 (2016-12-30)

  • Updated contacts and links to point to Sous Chefs now
  • Added a Code of Conduct (the Chef CoC)
  • Removed duplicate platforms in the metadata
  • Fix Chef runs with local mode in the server recipe
  • Fix the ruby recipe to not fail when you specify enabling both the apt and yum repos for mixed distro environments
  • Set the postgresql data directory to 700 permissions
  • Added node['postgresql']['pg_gem']['version'] to specify the version of the pg gem to install
  • Cookstyle fixes for the latest cookstyle release
  • Removed test deps from the Gemfile. Rely on ChefDK for base testing deps instead

v5.1.0 (2016-11-01)

  • Maintenance of this cookbook has been migrated from Heavy Water to Sous Chefs -
  • Add support for Chef-Zero (local mode)
  • Don't hardcode the UID / GID on RHEL/Amazon/Suse platforms
  • Add PGDG yum RPMs for 9.5 / 9.6

v5.0.0 (2016-10-25)

Breaking changes

  • Switched from Librarian to Berkshelf
  • Remove support for the following platforms

    • SLES < 12
    • openSUSE < 13
    • Debian < 7
    • Ubuntu < 12.04
    • RHEL < 6
    • Amazon < 2013
    • Unsupported (EOL) Fedora releases

Other changes

  • Added support for Ubuntu 16.04
  • Loosened cookbook dependencies to not prevent pulling in the latest community cookbooks
  • Added chef_version metadata
  • Switched from rubocop to cookstyle and fix all warnings
  • Removed minitests and the minitest handler
  • Added support for opensuse / opensuseleap
  • Added support for Fedora 23/24
  • Added a chefignore file to limit the files uploaded to the chef server
  • Updated Test Kitchen config to test on modern platform releases
  • Added a Rakefile and updated Travis to test with ChefDK and that rakefile
  • Avoid installing packages included in build-essential twice in the ruby recipe
  • Require at least build-essential 2.0
  • Don't cleanup the old PPA files in the apt_pgdg_postgresql recipe anymore. These should be long gone everywhere
  • Remove logic in the apt_pgdg_postgresql recipe that made Chef fail when new distro releases came out
  • Avoid node.set deprecation warnings
  • Avoid managed_home deprecation warnings in server_redhat recipe

