Add db::postgresql to openstacklib

The openstacklib::db::postgresql resource is a library resource that can be used by nova, cinder, ceilometer, etc., rather than replicating equivalent functionality across all of these modules. This resource is very simple, but its addition will make maintenance and adding features much more straightforward and consistent than implementing individually across modules. openstacklib::db::postgresql uses the puppetlabs postgresql::server::db resource to configure the database and user. openstacklib::db::postgresql accepts a password_hash as a parameter and passes it to the postgresql::server::db resource as the password parameter. While this seems to conflict, the postgresql::server::db resource is actually using the password parameter as a password hash. Change-Id: I1446f37e7fba3305cff3eb3dd7ea4e7d5577eb4e Implements: blueprint commmon-openstack-database-resource
2014-07-15 14:30:20 -07:00
parent 999f7849a3
commit 082d2882b8
5 changed files with 241 additions and 2 deletions
--- a/.fixtures.yml
+++ b/.fixtures.yml
@@ -2,6 +2,7 @@ fixtures:
  repositories:
    aviator: git://github.com/aimonb/puppet_aviator.git
    mysql: git://github.com/puppetlabs/puppetlabs-mysql.git
+    postgresql: git://github.com/puppetlabs/puppetlabs-postgresql.git
    stdlib: git://github.com/puppetlabs/puppetlabs-stdlib.git
    rabbitmq:
      repo: 'git://github.com/puppetlabs/puppetlabs-rabbitmq'
--- a/README.md
+++ b/README.md
@@ -120,6 +120,60 @@ array or string; optional; default to undef
 Privileges given to the database user;
 string or array of strings; optional; default to 'ALL'

+#### Defined type: openstacklib::db::postgresql
+
+The db::postgresql resource is a library resource that can be used by nova,
+cinder, ceilometer, etc., to create a postgresql database and a user with
+configurable privileges.
+
+Typically this resource will be declared with a notify parameter to configure
+the sync command to execute when the database resource is changed.
+
+For example, in heat::db::postgresql you might declare:
+
+```
+::openstacklib::db::postgresql { $dbname:
+  password_hash => postgresql_password($user, $password),
+  dbname        => $dbname,
+  user          => $user,
+  notify        => Exec['heat-dbsync'],
+}
+```
+
+Some modules should ensure that the database is created before the service is
+set up. For example, in keystone::db::postgresql you would have:
+
+```
+::openstacklib::db::postgresql { $dbname:
+  password_hash => postgresql_password($user, $password),
+  dbname        => $dbname,
+  user          => $user,
+  notify        => Exec['keystone-manage db_sync'],
+  before        => Service['keystone'],
+}
+```
+
+** Parameters for openstacklib::db::postgresql: **
+
+#####`password_hash`
+Password hash to use for the database user for this service;
+string; required
+
+#####`dbname`
+The name of the database
+string; optional; default to the $title of the resource, i.e. 'nova'
+
+#####`user`
+The database user to create;
+string; optional; default to the $title of the resource, i.e. 'nova'
+
+#####`encoding`
+The encoding use for the database;
+string; optional; default to undef
+
+#####`privileges`
+Privileges given to the database user;
+string or array of strings; optional; default to 'ALL'

 #### Defined type: openstacklib::service_validation

@@ -228,7 +282,11 @@ configuration and extra functionality through types and providers.
 Limitations
 -----------

-* Limitations will be added as they are discovered.
+The python-migrate system package for RHEL 6 and below is out of date and may
+fail to correctly migrate postgresql databases. While this module does not
+handle database migrations, it is common to set up refresh relationships
+between openstacklib::db::postgresql resource and the database sync exec
+resource. Relying on this behavior may cause errors.

 Development
 -----------
--- a/manifests/db/postgresql.pp
+++ b/manifests/db/postgresql.pp
@@ -0,0 +1,46 @@
+# == Definition: openstacklib::db::postgresql
+#
+# This resource configures a postgresql database for an OpenStack service
+#
+# == Parameters:
+#
+#  [*password_hash*]
+#    Password hash to use for the database user for this service;
+#    string; required
+#
+#  [*dbname*]
+#    The name of the database
+#    string; optional; default to the $title of the resource, i.e. 'nova'
+#
+#  [*user*]
+#    The database user to create;
+#    string; optional; default to the $title of the resource, i.e. 'nova'
+#
+#  [*encoding*]
+#    The charset to use for the database;
+#    string; optional; default to undef
+#
+#  [*privileges*]
+#    Privileges given to the database user;
+#    string or array of strings; optional; default to 'ALL'
+
+define openstacklib::db::postgresql (
+  $password_hash,
+  $dbname     = $title,
+  $user       = $title,
+  $encoding   = undef,
+  $privileges = 'ALL',
+){
+
+  if ((($::operatingsystem == 'RedHat' or $::operatingsystem == 'CentOS') and $::operatingsystemmajrelease <= 6)
+    or ($::operatingsystem == 'Fedora' and $::operatingsystemmajrelease <= 14)) {
+    warning('The system packages handling the postgresql infrastructure for OpenStack are out of date and should not be relied on for database migrations.')
+  }
+
+  postgresql::server::db { $dbname:
+    user     => $user,
+    password => $password_hash,
+    encoding => $encoding,
+    grant    => $privileges,
+  }
+}
--- a/metadata.json
+++ b/metadata.json
@@ -34,6 +34,7 @@
    { "name": "aimonb/aviator", "version_requirement": ">=0.4.2 <1.0.0" },
    { "name": "puppetlabs/mysql", "version_requirement": ">=2.2.0 <3.0.0" },
    { "name": "puppetlabs/stdlib", "version_requirement": ">=4.0.0 <5.0.0" },
-    { "name": "puppetlabs/rabbitmq", "version_requirement": ">=2.0.2 <4.0.0" }
+    { "name": "puppetlabs/rabbitmq", "version_requirement": ">=2.0.2 <4.0.0" },
+    { "name": "puppetlabs/postgresql", "version_requirement": ">=3.3.0 <4.0.0" }
  ]
 }
--- a/spec/defines/openstacklib_db_postgresql_spec.rb
+++ b/spec/defines/openstacklib_db_postgresql_spec.rb
@@ -0,0 +1,133 @@
+require 'spec_helper'
+
+describe 'openstacklib::db::postgresql' do
+  password_hash = 'AA1420F182E88B9E5F874F6FBE7459291E8F4601'
+  title = 'nova'
+  let (:title) { title }
+
+  let :required_params do
+    { :password_hash => password_hash }
+  end
+
+  context 'on a RedHat osfamily' do
+    let :facts do
+      {
+        :postgres_default_version => '8.4',
+        :osfamily => 'RedHat'
+      }
+    end
+
+    context 'with only required parameters' do
+      let :params do
+        required_params
+      end
+
+      it { should contain_postgresql__server__db(title).with(
+        :user     => title,
+        :password => password_hash
+      )}
+    end
+
+    context 'when overriding encoding' do
+      let :params do
+        { :encoding => 'latin1' }.merge(required_params)
+      end
+      it { should contain_postgresql__server__db(title).with_encoding(params[:encoding]) }
+    end
+
+    context 'when omitting the required parameter password_hash' do
+      let :params do
+        required_params.delete(:password_hash)
+      end
+
+      it { expect { should raise_error(Puppet::Error) } }
+    end
+
+    context 'when notifying other resources' do
+      let :pre_condition do
+        'exec { "nova-db-sync": }'
+      end
+      let :params do
+        { :notify => 'Exec[nova-db-sync]'}.merge(required_params)
+      end
+
+      it {should contain_exec('nova-db-sync').that_subscribes_to("Openstacklib::Db::Postgresql[#{title}]") }
+    end
+
+    context 'when required for other openstack services' do
+      let :pre_condition do
+        'service {"keystone":}'
+      end
+      let :title do
+        'keystone'
+      end
+      let :params do
+        { :before => 'Service[keystone]'}.merge(required_params)
+      end
+
+      it { should contain_service('keystone').that_requires("Openstacklib::Db::Postgresql[keystone]") }
+    end
+
+  end
+
+  context 'on a Debian osfamily' do
+    let :facts do
+      {
+        :osfamily => 'Debian'
+      }
+    end
+
+    context 'with only required parameters' do
+      let :params do
+        required_params
+      end
+
+      it { should contain_postgresql__server__db(title).with(
+        :user     => title,
+        :password => password_hash
+      )}
+    end
+
+    context 'when overriding encoding' do
+      let :params do
+        { :encoding => 'latin1' }.merge(required_params)
+      end
+      it { should contain_postgresql__server__db(title).with_encoding(params[:encoding]) }
+    end
+
+    context 'when omitting the required parameter password_hash' do
+      let :params do
+        required_params.delete(:password_hash)
+      end
+
+      it { expect { should raise_error(Puppet::Error) } }
+    end
+
+    context 'when notifying other resources' do
+      let :pre_condition do
+        'exec { "nova-db-sync": }'
+      end
+      let :params do
+        { :notify => 'Exec[nova-db-sync]'}.merge(required_params)
+      end
+
+      it {should contain_exec('nova-db-sync').that_subscribes_to("Openstacklib::Db::Postgresql[#{title}]") }
+    end
+
+    context 'when required for other openstack services' do
+      let :pre_condition do
+        'service {"keystone":}'
+      end
+      let :title do
+        'keystone'
+      end
+      let :params do
+        { :before => 'Service[keystone]'}.merge(required_params)
+      end
+
+      it { should contain_service('keystone').that_requires("Openstacklib::Db::Postgresql[keystone]") }
+    end
+
+  end
+
+end