Skip to content

Parameters roles, config_entires, and pg_hba_rules to postgresql::server for hiera #950

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Mar 29, 2018
Merged

Parameters roles, config_entires, and pg_hba_rules to postgresql::server for hiera #950

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d69ff1e
Autorequire the service class for postgresql_psql
ekohl Jan 31, 2018
5ae1dd4
Use contain rather than the anchor pattern
ekohl Jan 18, 2018
27a4813
Allow adding roles, config entires and hba rules via hiera
ekohl Jan 18, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions lib/puppet/type/postgresql_psql.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,8 @@ def matches(value)
newvalues(:true, :false)
end

autorequire(:class) { ['Postgresql::Server::Service'] }

def should_run_sql(refreshing = false)
onlyif_param = @parameters[:onlyif]
unless_param = @parameters[:unless]
Expand Down
41 changes: 34 additions & 7 deletions manifests/server.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,11 @@
$manage_pg_ident_conf = $postgresql::params::manage_pg_ident_conf,
$manage_recovery_conf = $postgresql::params::manage_recovery_conf,
$module_workdir = $postgresql::params::module_workdir,

Hash[String, Hash] $roles = {},
Hash[String, Any] $config_entries = {},
Hash[String, Hash] $pg_hba_rules = {},

#Deprecated
$version = undef,
) inherits postgresql::params {
Expand All @@ -74,11 +79,33 @@
# Reload has its own ordering, specified by other defines
class { "${pg}::reload": require => Class["${pg}::install"] }

anchor { "${pg}::start": }
-> class { "${pg}::install": }
-> class { "${pg}::initdb": }
-> class { "${pg}::config": }
-> class { "${pg}::service": }
-> class { "${pg}::passwd": }
-> anchor { "${pg}::end": }
contain postgresql::server::install
contain postgresql::server::initdb
contain postgresql::server::config
contain postgresql::server::service
contain postgresql::server::passwd

Class['postgresql::server::install']
-> Class['postgresql::server::initdb']
-> Class['postgresql::server::config']
-> Class['postgresql::server::service']
-> Class['postgresql::server::passwd']

$roles.each |$rolename, $role| {
postgresql::server::role { $rolename:
* => $role,
}
}

$config_entries.each |$entry, $value| {
postgresql::server::config_entry { $entry:
value => $value,
}
}

$pg_hba_rules.each |$rule_name, $rule| {
postgresql::server::pg_hba_rule { $rule_name:
* => $rule,
}
}
}
1 change: 0 additions & 1 deletion manifests/server/grant.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -413,7 +413,6 @@
psql_path => $psql_path,
unless => $_unless,
onlyif => $_onlyif,
require => Class['postgresql::server']
}

if($role != undef and defined(Postgresql::Server::Role[$role])) {
Expand Down
1 change: 0 additions & 1 deletion manifests/server/reassign_owned_by.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,6 @@
psql_group => $group,
psql_path => $psql_path,
onlyif => $onlyif,
require => Class['postgresql::server']
}

if($old_role != undef and defined(Postgresql::Server::Role[$old_role])) {
Expand Down
9 changes: 3 additions & 6 deletions manifests/server/role.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,10 +47,7 @@
psql_path => $psql_path,
connect_settings => $connect_settings,
cwd => $module_workdir,
require => [
Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"],
Class['postgresql::server'],
],
require => Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"],
}

if $ensure == 'present' {
Expand All @@ -72,7 +69,7 @@
command => "CREATE ROLE \"${username}\" ${password_sql} ${login_sql} ${createrole_sql} ${createdb_sql} ${superuser_sql} ${replication_sql} CONNECTION LIMIT ${connection_limit}",
unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}'",
environment => $environment,
require => Class['Postgresql::Server'],
require => undef,
}

postgresql_psql {"ALTER ROLE \"${username}\" ${superuser_sql}":
Expand Down Expand Up @@ -128,7 +125,7 @@
# ensure == absent
postgresql_psql { "DROP ROLE \"${username}\"":
onlyif => "SELECT 1 FROM pg_roles WHERE rolname = '${username}'",
require => Class['Postgresql::Server'],
require => undef,
}
}
}
2 changes: 1 addition & 1 deletion manifests/server/tablespace.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@
postgresql_psql { "CREATE TABLESPACE \"${spcname}\"":
command => "CREATE TABLESPACE \"${spcname}\" LOCATION '${location}'",
unless => "SELECT 1 FROM pg_tablespace WHERE spcname = '${spcname}'",
require => [Class['postgresql::server'], File[$location]],
require => File[$location],
}

if $owner {
Expand Down
53 changes: 53 additions & 0 deletions spec/acceptance/overridden_settings_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
require 'spec_helper_acceptance'

# These tests are designed to ensure that the module, when ran overrides,
# sets up everything correctly and allows us to connect to Postgres.
describe 'postgresql::server', unless: UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
pp = <<-MANIFEST
class { 'postgresql::server':
roles => {
'testusername' => {
password_hash => postgresql_password('testusername', 'supersecret'),
createdb => true,
},
},
config_entries => {
max_connections => 200,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems to be causing issues on some of our test nodes:

09:04:41   Apr 03 09:04:39 k8ytf5mtkdzr708 pg_ctl[14776]: FATAL:  could not create shared memory segment: Invalid argument
09:04:41   Apr 03 09:04:39 k8ytf5mtkdzr708 pg_ctl[14776]: DETAIL:  Failed system call was shmget(key=5432001, size=36954112, 03600).
09:04:41   Apr 03 09:04:39 k8ytf5mtkdzr708 pg_ctl[14776]: HINT:  This error usually means that PostgreSQL's request for a shared memory segment exceeded your kernel's SHMMAX parameter.  You can either reduce the request size or reconfigure the kernel with larger SHMMAX.  To reduce the request size (currently 36954112 bytes), reduce PostgreSQL's shared memory usage, perhaps by reducing shared_buffers or max_connections.
09:04:41   Apr 03 09:04:39 k8ytf5mtkdzr708 pg_ctl[14776]: If the request size is already small, it's possible that it is less than your kernel's SHMMIN parameter, in which case raising the request size or reconfiguring SHMMIN is called for.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should I lower it to 20?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's continue this in #974

},
pg_hba_rules => {
'from_remote_host' => {
type => 'host',
database => 'mydb',
user => 'myuser',
auth_method => 'md5',
address => '192.0.2.100/32',
},
},
}

postgresql::server::database { 'testusername':
owner => 'testusername',
}
MANIFEST

it 'with additional hiera entries' do
apply_manifest(pp, catch_failures: true)
apply_manifest(pp, catch_changes: true)
end

describe port(5432) do
it { is_expected.to be_listening }
end

it 'can connect with psql' do
psql('--command="\l" postgres', 'postgres') do |r|
expect(r.stdout).to match(%r{List of databases})
end
end

it 'can connect with psql as testusername' do
shell('PGPASSWORD=supersecret psql -U testusername -h localhost --command="\l"') do |r|
expect(r.stdout).to match(%r{List of databases})
end
end
end
54 changes: 54 additions & 0 deletions spec/unit/classes/server_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -163,4 +163,58 @@ class { 'postgresql::globals':
is_expected.to contain_class('postgresql::repo').with_version('99.5')
end
end

describe 'additional roles' do
let(:params) do
{
roles: {
username: { createdb: true },
},
}
end

it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_postgresql__server__role('username').with_createdb(true) }
end

describe 'additional config_entries' do
let(:params) do
{
config_entries: {
fsync: 'off',
checkpoint_segments: '20',
},
}
end

it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_postgresql__server__config_entry('fsync').with_value('off') }
it { is_expected.to contain_postgresql__server__config_entry('checkpoint_segments').with_value('20') }
end

describe 'additional pg_hba_rules' do
let(:params) do
{
pg_hba_rules: {
from_remote_host: {
type: 'host',
database: 'mydb',
user: 'myuser',
auth_method: 'md5',
address: '192.0.2.100',
},
},
}
end

it { is_expected.to compile.with_all_deps }
it do
is_expected.to contain_postgresql__server__pg_hba_rule('from_remote_host')
.with_type('host')
.with_database('mydb')
.with_user('myuser')
.with_auth_method('md5')
.with_address('192.0.2.100')
end
end
end
2 changes: 1 addition & 1 deletion spec/unit/defines/server/grant_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,7 +210,7 @@ class {'postgresql::server':}
it { is_expected.to contain_postgresql__server__role('test') }
it do
is_expected.to contain_postgresql_psql('grant:test') \
.that_requires('Postgresql::Server::Role[test]')
.that_requires(['Class[postgresql::server::service]', 'Postgresql::Server::Role[test]'])
end
end

Expand Down
3 changes: 2 additions & 1 deletion spec/unit/defines/server/reassign_owned_by_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,12 +32,13 @@ class {'postgresql::server':}
MANIFEST
end

it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_postgresql__server__reassign_owned_by('test') }

it {
is_expected.to contain_postgresql_psql('reassign_owned_by:test:REASSIGN OWNED BY "test_old_role" TO "test_new_role"')
.with_command('REASSIGN OWNED BY "test_old_role" TO "test_new_role"')
.with_onlyif(%r{SELECT tablename FROM pg_catalog.pg_tables WHERE\s*schemaname NOT IN \('pg_catalog', 'information_schema'\) AND\s*tableowner = 'test_old_role'.*}m)
.that_requires('Class[postgresql::server]')
.that_requires('Class[Postgresql::Server::Service]')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ooo, dependency refs are case insensitive. TIL

}
end
3 changes: 2 additions & 1 deletion spec/unit/defines/server/role_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@
.with_unless("SELECT 1 FROM pg_roles WHERE rolname = 'test'")
.with_port(5432)
.with_connect_settings('PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.1', 'PGUSER' => 'login-user', 'PGPASSWORD' => 'login-pass')
.that_requires('Class[postgresql::server::service]')
end
it 'has alter role for "test" user with password as ****' do
is_expected.to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****')
Expand Down Expand Up @@ -138,7 +139,7 @@
end

it 'has drop role for "test" user if ensure absent' do
is_expected.to contain_postgresql_psql('DROP ROLE "test"')
is_expected.to contain_postgresql_psql('DROP ROLE "test"').that_requires('Class[postgresql::server::service]')
end
end
end
1 change: 1 addition & 0 deletions spec/unit/defines/server/tablespace_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
end

it { is_expected.to contain_postgresql__server__tablespace('test') }
it { is_expected.to contain_postgresql_psql('CREATE TABLESPACE "test"').that_requires('Class[postgresql::server::service]') }

context 'with different owner' do
let :params do
Expand Down