I believe that at the time being, if you'd like to switch to a different version of postgres (e.g. from 8.4 to 9.1), you probably need to override a bunch of different path variables in your manifest. It would be nice to have a simple catch-all version-number setting, which would automatically handle the logic of switching all of the path variables.

Currently in server.pp $service_status is a complex grep for some systems because of the lack of working exit codes when you run service postgresql status.

Some users are complaining that with non-standard packaging (where perhaps this issue is fixed) the grep is not matching. See #15 for an example.

We should probably provide a parameter to allow users to modify this.

Opened the module in the Geppetto editor and a few errors popped up right away.

In config.pp on lines 33 and 34. The referenced variables from ::params do not exist. Line 33 seems to be missing "deny" and 34 seems to be missing "allow".
$ip_mask_deny_postgres_user = $postgresql::params::ip_mask_postgres_user
$ip_mask_allow_all_users = $postgresql::params::ip_mask_all_users

In psql.pp on line 45, $quoted_$unless has an extra dollar sign. It should be $quoted_unless.

When creating a database on postgres 8.1 using the module, you will get this error:

Error: /Stage[main]/Puppetdb::Database::Postgresql/Postgresql::Db[puppetdb]/Postgresql::Database[puppetdb]/Postgresql_psql[REVOKE CONNECT ON DATABASE puppetdb FROM public]: Failed to call refresh: Error executing SQL; psql returned 256: 'ERROR:  unrecognized privilege type "connect"                                                                                     

'

Since this doesn't actually prevent the database from being created, subsequent runs will succeed even though this run failed... but we need to put an if statement around this such that it either does 'REVOKE ALL' or it doesn't revoke anything.

I made databases named matt_dev and matt_test and I want to set up a postgresql user named matt, and I want matt to be a superuser.

Not sure how to do this! Here's what I tried:

postgresql::db { ['matt_dev', 'matt_test']:
user => 'matt',
password => 'PASSWORD',
before => Postgresql::Role['matt'],
}

postgresql::role { 'matt':
password_hash => postgresql_password('matt', 'PASSWORD'),
superuser => true,
}

I get a Duplicate Resource error because the postgresql::db resource seems to set up a matt role already.

I need to set up the matt user as a superuser!

What's the solution?

Database names should be properly quoted when using psql calls for granting, revoking or creating databases, so that database names starting with, for example, a digit, don't trip up the underlying psql command.

I've submitted a PR about this in three months ago, and it got merged (c4147a4), but my changes were overwritten by a subsequent commit.

If no one beats me to it I'll submit a new PR regarding this, but probably not today.

This is one of two errors I've received on current master. Commit 8bb71e4

The first is a simple syntax error see. #55

The other is the following error message which I'm not sure how to interpret.

err: /Stage[main]/Redmine::Db/Postgresql::Db[redmine]/Postgresql::Database[redmine]/Postgresql_psql[Check for existence of db 'redmine']: Could not evaluate: Must pass an array to execute()

This is in part of a redmine module I am working on but the source that causes this is.

postgresql::db { "${db_name}":
  user     => "${db_user}",
  password => "${db_password}",
}

Everything works fine in commit 32b65b8

the RPM GPG Key is only placed in /etc/pki/rpm-gpg/.. but not imported leading to problems with Spacewalk for instance which expects it to be imported already.

Needs to be addressed differently for RHEL/debian. I only have a working patch for RHEL

When changes are made to pg_hba.conf by means of config_hash the postgresql service gets restarted. This is potentially dangerous since clients get disconnected, possibly while currently reading or writing to the database, which can cause errors in the applications accessing the database.

PostgreSQL supports reloading the cluster for this very reason (pg_ctl reload). Very few changes to the configuration actually require a full restart. For most a reload is perfectly fine.

This module should support a way to reload the cluster for configuration changes, instead of restarting it.

The camptocamp postgres module uses a defined type and Augeas for managing the pg_hba.conf file and execs something like /etc/init.d/postgresql reload. Perhaps this is a viable alternative to the config_hash method of this module.

I kept getting this error:

err: Could not retrieve catalog from remote server: Error 400 on SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: Invalid resource type concat at /etc/puppet/modules/postgresql/manifests/pg_hba.pp:16 on node example.com

I resolved it by installing ripienaar/concat (since the line in question called the concat resource instead of the Concat::Fragement resource in the official puppet docs).

If there is a dependency, could it be documented somewhere?

In the Modulefile, the stdlib dependency version is set to =2.x. We are using stdlib v3.0.1 and this prevents us from being able to use the postgresql module.

Hi,

I thought I'd open an issue here to discuss whether and how to use Augeas for managing postgresql.conf and pg_hba.conf.

Augeas 1.0.0 has been released recently and I know that packages are available at least for Ubuntu from @raphink's PPA (https://launchpad.net/~raphink/+archive/augeas). Ubuntu 13.04 will have official Augeas 1.0.0 packages. I don't know how support looks on RHEL or other systems.

Augeas 1.0.0 now has extended lenses for both postgresql.conf and pg_hba.conf which look pretty good to me, but I have yet to test them thoroughly with Puppet. So I wonder: is it worthwhile to pursue using Augeas to manage these important files, or are people happier with the current template-based approach and the ideas for postgresql.conf discussed in issue #26 (I wanted to take a crack at this, but haven't had the time yet, unfortunately)?

The advantages or Augeas are, in my opinion, clear: no need for complex template constructs, we get syntax checks and support for all settings in postgresql.conf and also for all kinds of ACLs in pg_hba.conf without having to expose specific ACL types to the user and hiding or not supporting others (ipv4acls/ipv6acls vs unixacls, see PR #72). Using Augeas from within Puppet is easy enough, although in the end there might again be need for some kind of template/eruby hackery.

One thing to consider is that Augeas 1.0.0 will probably not be available on most systems for quite some time so Augeas support in this module should only be used if facter augeasversion >= 1.0.0. For earlier versions the template approach for pg_hba.conf and file_line for postgresql.conf (issue #26) will remain the only option.

Another thing to consider is that Augeas can significantly slow down a Puppet run if it manages many configuration settings.

And of course, as @jhoblitt has pointed out in PR #72 Augeas only manages specified settings, so manual edits to the configuration are, by design, still possible and not caught by Puppet.

So it might be necessary for the module user to be able to decide whether he wants to use Augeas or not.

One or two new types will probably have to be defined, such as postgresql::server::conf (manages a setting in postgresql.conf) and postgresql::server::hba (manages an ACL in pg_hba.conf).

This could lead to something like this:

postgresql::server::conf { 
  'listen_addresses': value => '*';
  'port':             value => '5432';
  'max_connections':  value => '500';
}

And for pg_hba.conf the @camptocamp guys have already defined an IMHO reasonable type for ACLs, which would look somewhat like this:

postgresl::server::hba { 'access to some database for alice':
  ensure => present,
  type => 'host',
  database => 'some',
  user => 'alice',
  address => '10.0.0.0/16',
  method => 'md5',
}

But there would probably have to be a way to abstract and hide these declarations, or they would clutter up the user's manifests since they are a bit more verbose (and thus ugly) than the current config_hash approach.

Sorry for this lengthy braindump. Maybe someone has some comments or ideas, I'd love to hear them. I hope I find the time to test and experiment with this myself in the coming weeks.

Can't add local access to pg_hba, like:
local all postgres trust

with:

class { 'postgresql::server':
config_hash => {
'listen_addresses' => '*',
'ipv4acls' => ['local all postgres trust'],
},
}

The problem is comming from missing CIDR parameter, which isn't needed with local type.

I have the following statements:

    include postgresql::server
    postgresql::db { "weight":
        user     => "weight",
        password => "foobar",
    }

    postgresql::pg_hba_rule { "Turn password authentication on for local inet users.":
        type        => "host",
        database    => "all",
        user        => "all",
        address     => "127.0.0.0/8",
        auth_method => "md5",
    }

    postgresql::pg_hba_rule { "Turn password authentication on for local socket users.":
        type        => "local",
        database    => "all",
        user        => "all",
        auth_method => "md5",
    }

When in /root, I get the following the second time I run it:

Info: Applying configuration version '1362334951'
Notice: /Stage[main]/Weightgrapher::Dev/Postgresql::Db[weight]/Postgresql::Database[weight]/Postgresql_psql[Check for existence of db 'weight']/command: command changed '' to 'SELECT 1'
Info: /Stage[main]/Weightgrapher::Dev/Postgresql::Db[weight]/Postgresql::Database[weight]/Postgresql_psql[Check for existence of db 'weight']: Scheduling refresh of Exec[/usr/lib/postgresql/8.4/bin/createdb --template=template0 --encoding 'UTF8'  'weight']
Notice: /Stage[main]/Weightgrapher::Dev/Postgresql::Db[weight]/Postgresql::Database[weight]/Exec[/usr/lib/postgresql/8.4/bin/createdb --template=template0 --encoding 'UTF8'  'weight']/returns: could not change directory to "/root"
Notice: /Stage[main]/Weightgrapher::Dev/Postgresql::Db[weight]/Postgresql::Database[weight]/Exec[/usr/lib/postgresql/8.4/bin/createdb --template=template0 --encoding 'UTF8'  'weight']/returns: createdb: database creation failed: ERROR:  database "weight" already exists
Error: /Stage[main]/Weightgrapher::Dev/Postgresql::Db[weight]/Postgresql::Database[weight]/Exec[/usr/lib/postgresql/8.4/bin/createdb --template=template0 --encoding 'UTF8'  'weight']: Failed to call refresh: /usr/lib/postgresql/8.4/bin/createdb --template=template0 --encoding 'UTF8'  'weight' returned 1 instead of one of [0]
Error: /Stage[main]/Weightgrapher::Dev/Postgresql::Db[weight]/Postgresql::Database[weight]/Exec[/usr/lib/postgresql/8.4/bin/createdb --template=template0 --encoding 'UTF8'  'weight']: /usr/lib/postgresql/8.4/bin/createdb --template=template0 --encoding 'UTF8'  'weight' returned 1 instead of one of [0]
Error: Error executing SQL; psql returned 256: 'could not change directory to "/root"
ERROR:  role "weight" already exists
'
Error: /Stage[main]/Weightgrapher::Dev/Postgresql::Db[weight]/Postgresql::Database_user[weight]/Postgresql::Role[weight]/Postgresql_psql[CREATE ROLE "weight" ENCRYPTED PASSWORD '1YpTq^Bg25JKrIa$' LOGIN NOCREATEROLE NOCREATEDB NOSUPERUSER  CONNECTION LIMIT -1]/command: change from  to CREATE ROLE "weight" ENCRYPTED PASSWORD 'foobar' LOGIN NOCREATEROLE NOCREATEDB NOSUPERUSER  CONNECTION LIMIT -1 failed: Error executing SQL; psql returned 256: 'could not change directory to "/root"
ERROR:  role "weight" already exists
'
Notice: /Stage[main]/Weightgrapher::Dev/Postgresql::Db[weight]/Postgresql::Database_grant[GRANT weight - ALL - weight]/Postgresql_psql[GRANT ALL ON database "weight" TO "weight"]: Dependency Postgresql_psql[CREATE ROLE "weight" ENCRYPTED PASSWORD 'foobar' LOGIN NOCREATEROLE NOCREATEDB NOSUPERUSER  CONNECTION LIMIT -1] has failures: true
Warning: /Stage[main]/Weightgrapher::Dev/Postgresql::Db[weight]/Postgresql::Database_grant[GRANT weight - ALL - weight]/Postgresql_psql[GRANT ALL ON database "weight" TO "weight"]: Skipping because of failed dependencies
Notice: Finished catalog run in 1.05 seconds

When running in any other directory, no errors are encountered. This may be related to switching to the postgres user without resetting the environment as outlined here: http://www.postgresql.org/message-id/[email protected]

I am not sure why but the unless call fails and at every puppet run the password is set again:

Debug: Exec[set_postgres_postgrespw](provider=posix): Executing check 'env PGPASSWORD="xxx" psql -h localhost
-c 'select 1' > /dev/null'
Debug: Executing 'env PGPASSWORD="xxx" psql -h localhost -c 'select 1' > /dev/null'
Debug: /Stage[main]/Postgresql::Config::Afterservice/Exec[set_postgres_postgrespw]/unless: psql: FATAL:  pg_hba.conf rejects connection for host "127.0.0.1", user "postgres", database "postgres", SSL on
Debug: /Stage[main]/Postgresql::Config::Afterservice/Exec[set_postgres_postgrespw]/unless: FATAL:  pg_hba.conf rejects connection for host "127.0.0.1", user "postgres", database "postgres", SSL off
Debug: Exec[set_postgres_postgrespw](provider=posix): Executing 'psql -c "ALTER ROLE postgres PASSWORD 'xxx'"'
Debug: Executing 'psql -c "ALTER ROLE postgres PASSWORD 'xxx'"'
Notice: /Stage[main]/Postgresql::Config::Afterservice/Exec[set_postgres_postgrespw]/returns: ALTER ROLE
Notice: /Stage[main]/Postgresql::Config::Afterservice/Exec[set_postgres_postgrespw]/returns: executed successfully

It does hint at pg_hba.conf not being configured properly, but I did not provide any configuration for this in my postgresql::server entry, since I expected the defaults to work out of the box.

(This ticket tracks the intentions of #106, but finishes the job.)

We want to add more parameters to the module to allow the overriding of the options:

• client package name
• server package name
• development package name
• data directory
• binary directory
• service name
• postgresql user
• postgresql group
• force initdb
• service status check (subsumes #76)

This will allow those who use non-standard postgresql packaging to override the defaults.

I get this since I updated to latest master (from 2.0.something)

Error: /Stage[main]//Node[server]/Postgresql_psql[GRANT CONNECT ON DATABASE foo TO user]: Could not evaluate: Error evaluating 'unless' clause: 'ERROR:  server "foo" does not exist

It seems that this is triggering it:

    postgresql::db { ['foo', 'bar']:
        user => 'user',
        password => postgresql_password('user', 'pwd'),
    }

This worked fine before, but now my puppet config just won't run through anymore. Looking at the error, it seems to be trying to connect to a server that has the name of the database, it's kinda weird.

Hi,

Just started testing this postgres module, with a simple config:
class { 'postgresql::server': }

However postgres cannot start and starting it manually give:
/etc/init.d/postgresql start

• Starting PostgreSQL 9.1 database server * The PostgreSQL server failed to start. Please check the log output:
  2013-03-13 15:25:22 CET LOG: invalid connection type "-e"
  2013-03-13 15:25:22 CET CONTEXT: line 1 of configuration file "/etc/postgresql/9.1/main/pg_hba.conf"
  2013-03-13 15:25:22 CET FATAL: could not load pg_hba.conf

Looking at /etc/postgresql/9.1/main/pg_hba.conf, the first line is:
-e # This file is managed by Puppet. DO NOT EDIT.

Note the "-e".
Removing that "-e" allows the startup files to work correctly.

I did go looking in the source and manifests/pg_hba_rule.pp calls concat, but the proble is not obvious to me.

Environment: Ubuntu 12.04 with puppet master 3.0.2, client 2.7.11. postgres and concat packages pulled from puppetlabs github.

Test

Ends up that postgresql::database might run before the package is installed. This quick patch seems to fix it:

diff --git a/puppet/modules/postgresql/manifests/database.pp b/puppet/modules/postgresql/manifests/database.pp
index 560dc9d..a36fffd 100644
--- a/puppet/modules/postgresql/manifests/database.pp
+++ b/puppet/modules/postgresql/manifests/database.pp
@@ -35,6 +35,7 @@ define postgresql::database(
     command => "SELECT 1",
     unless  => "SELECT datname FROM pg_database WHERE datname='$dbname'",
     cwd     => $postgresql::params::datadir,
+    require => Package['postgresql-server'],
   } ~>

   exec { $createdb_command :

Right now, the psql resource type is implemented using Puppet Exec instances. This works fine, but it limits our control over logging, handling system exit codes, etc. It would be extremely valuable to port at least this one resource type over to Ruby to give us more fine-grained control over things.

The postgresql::validate_db_connection definition (in validate_db_connection.pp) tries to inherit postgresql::params but, if I'm not mistaken, definitions cannot inherit.

When supplying a custom pg_hba and postgresql.conf directory, the service doesnt startup because its looking in the default folder.
The PGDATA env variable needs to be set

Leverage the existing API from the puppetlabs-mysql module. It would present a nice coherent interface. Perhaps even becoming 'standard'?

Probably depends on #25 / #6.

I get an error when loading the postgresql::server class:

Info: Retrieving plugin
Debug: file_metadata supports formats: b64_zlib_yaml pson raw yaml; using pson
Debug: Finishing transaction 11992540
Info: Loading facts in /var/lib/puppet/lib/facter/iptables.rb
Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/postgres_default_version.rb
Debug: catalog supports formats: b64_zlib_yaml dot pson raw yaml; using pson
Error: Could not retrieve catalog from remote server: Could not intern from pson: Invalid tag "[\"postgresql::config\"]"

In postgresql.conf, there's a number of settings (ssl, max_connections, data_directory,...) that need to be changed in our environment, but the only one that can be puppeted is listen_addresses, which is done through the (non-scalable) file_line in beforeservice.pp.

How should adding on to the changeable options for postgresql.conf be handled?

The postgres_default_version fact scrapes the output of yum info to determine the default version of postgres on the system such as Centos. This code assumes that this command will return output and will fail if no repos are enabled.

This can cause issues for modules such as puppetdb. The puppetdb module for instance will return:

err: Could not retrieve catalog from remote server: Error 400 on SERVER:
 No value for postgres_default_version facter fact;
it's possible that you don't have pluginsync enabled. at /etc/puppetlabs/puppet/modules/postgresql/manifests/params.pp:29 on node classroom.puppetlabs.vm

When using a class such as puppetd that depends on this module.

Further as pluginsync copies this fact out, you will receive an error during every run on systems that would not not ever need postgresql-server installed on them , such as those that would be using puppetdb::master::config.

info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/puppet_vardir.rb
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/virtual.rb
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/root_home.rb
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/concat_basedir.rb
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/iptables.rb
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/postgres_default_version.rb
Error: No matching Packages to list
Error: No matching Packages to list
Error: No matching Packages to list

The initdb exec does not require the postgresql-server package. Therefore, a installation may fail when the initdb is attempted before the install of the postgresql-server package.

postgresql::db doesn't check to see if a user has not already been defined before creating it. It fails when trying to add multiple databases owned by the same user.

Using database::grant doesn't seem to grant the specified role permissions to the database's tables, even when using privilege => 'ALL'. Using this:

postgresql::database_grant { 'foo_all_bar':
  privilege => 'ALL',
  db        => 'bar',
  role      => 'foo',
}

I still had to do the following manually in the "bar" database:

GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO foo;

This is on Postgres 9.1 in Ubuntu 12.04.

It would be great if there's a way to create a DB and directly set the owner. Currently it seems the user assigned to the DB isn't the owner.

Patrick Carlisle suggested that it would be valuable for the module to expose parameters for some of the more potent and commonly used performance tuning settings for postgres. Notes below...

It would be good for the module to help you configure the system for some reasonable settings. Default postgres config is for a machine from around 1992. It would be cool if it were easy to scale these based on a machine's total memory.

shared_buffers => maybe 1/4 ram

To be able to turn this up you have to modify SHMMAX with sysctl, so you have to manage sysctl.conf on most systems. This is a painful surprise to every new postgres user so even though it's a pain it would be really good to have in the module.

work_mem => hard to say a default for this because it's dependent on how many concurrent users you expect

effective_cache_size => 1/2 to 2/3 of available ram

other common settings to weak include:
wal_buffers (8mb?)
checkpoint_segments (probably 16)
maintenance_work_mem (256mb)

Some of these suggested defaults i took from experience, the rest from http://www.pgexperts.com/document.html?id=36

The standard postgres docs also have useful discussion and suggestions for all of these settings.

We got a report from @timdenike on issue #95 that we're not determining the correct bindir for the postgresql84 package on RHEL5. Users will be able to work around this by overriding parameters once the issues around #95 are resolved, but my opinion is that we should also fix the case statements in params.pp to automatically support the RHEL5/postgresql84 combination without requiring users to override the params at all.

@timdenike is the package you're using coming from the default RHEL5 package repo? or EPEL? Or yum.postgresql.org?

(I am not sure the linux ami actually has anything to do with this problem) When I update my puppet agents from the puppetmaster, I get the following error:

err: /Stage[main]/Postgresql::Config::Beforeservice/Postgresql::Pg_hba[main]/Concat[/var/lib/pgsql/data/pg_hba.conf]/File[/var/lib/pgsql/data/pg_hba.conf]: Could not evaluate: Could not retrieve information from environment production source(s) file:/var/lib/puppet/concat/_var_lib_pgsql_data_pg_hba.conf/fragments.concat.out at /etc/puppet/modules/concat/manifests/init.pp:228

Any ideas what this means?

Thanks!

(full output gist of `puppet agent -t --noop --verbose --trace here: https://gist.github.com/geetotes/c58bc3afee958d29aa70 )

Authentication should be performed via md5 instead of ident, in order to fix some login trouble:

vagrant@precise32:~$ psql -U postgres
psql: FATAL:  Peer authentication failed for user "postgres"
vagrant@precise32:~$ grep ^local /etc/postgresql/9.1/main/pg_hba.conf
local   all         postgres                          ident
local   all         all                               ident
vagrant@precise32:~$ sudo vim /etc/postgresql/9.1/main/pg_hba.conf
# ...
vagrant@precise32:~$ grep ^local /etc/postgresql/9.1/main/pg_hba.conf
local   all         postgres                          md5
local   all         all                               md5
vagrant@precise32:~$ sudo killall -HUP postgres
vagrant@precise32:~$ psql -U postgres
Password for user postgres:

Looks like postgresql requires stdlib 2.x. I had 3.x installed, so it was downgraded. Is there a specific feature of 2.x that broke in 3.x? If so, could that be documented in the Modulefile as to why?

Commit 5e47aff made this module work on Debian 7.0 (Wheezy) boxes that were updated after 2012-12-12. However, installing the module from the forge doesn't get that update, leading to a ~30 line error message when trying to use it. Any chance I can get a version bump on the forge to make this module work? If I read it correctly, that fix was before the 2.0.1 release, but somehow hasn't made it onto my machine where I've installed it (using 'puppet module install').

Contrary to what the README states.

Why not just interpolate the type from the docs into the string that checks if the permission exists in what I can only assume was renamed to database_grant?

Hi all,
I’m quite new here and I hope i’m on the right place… I’m trying to install a puppet platform with puppetdb and I had some succes until today to install it correctly. Issue is that from today the puppetdb installation via module no longer functions :
Error: Could not start Service[postgresqld]: Execution of ‘/sbin/service postgresql start’ returned 1:
Within the postgres log => FATAL: unrecognized configuration parameter “include”
I removed the include line within postgres.conf and I am able to start postgres process. But if I apply puppet catalog again (to install puppetdb via module) it does reinsert the include…
Regards

The spec (really more like acceptance or integration) tests need to be automated... not sure if we should do that with Travis or elsewhere, but it definitely needs to happen. This is the stuff under:

rake spec:system

It would be nice to have some example manifests in the "tests" directory which demonstrated how to use a non-default version of postgres. So, e.g., on CentOS6, the default is postgres 8.4. However, if you add the postgres RPM package repos, you can install postgres 9.1. The module supports this but we don't illustrate how you'd go about configuring your setup to take advantage of it.

Just installed version from git (572f090a1d) and I'm getting this error:

Invalid parameter psql_path at /etc/puppet/modules/postgresql/manifests/database.pp:63 

Invalid tag "[\"postgresql::config\"] at server.pp:35 error is being thrown when postgres_default_version facter fails.

Fedora17 puppet 2.7.18

The default template used by PostgreSQL is template1. Yet, the current createdb command specifies template0 explicitly.

It would probably be better to keep the PostgreSQL default values in general. Perhaps an extra optional parameter similar to the "locale" parameter could be used for those who want to use a non-default value.

In pull req #43 we added initial support for using non-system-default versions of postgres. Part of that changeset included support for managing the yumrepo resource for yum.postgresql.org.

However, the class that manages that also needs to deploy the GPG key, and the module currently only provides a GPG key for postgres 9.2. Therefore if you try to use this feature with other versions of postgres, it will fail due to the missing GPG key.

It's possible that yum.postgresql.org uses the same GPG key for all of the versions, which would make it very easy to fix this. If there are different GPG keys for the different versions, though, then we will need to add a copy of each of them to the module.