From 082d2882b87c97e7ef9c6ae29bf72191e0e9fae8 Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Tue, 15 Jul 2014 14:30:20 -0700 Subject: [PATCH] Add db::postgresql to openstacklib The openstacklib::db::postgresql resource is a library resource that can be used by nova, cinder, ceilometer, etc., rather than replicating equivalent functionality across all of these modules. This resource is very simple, but its addition will make maintenance and adding features much more straightforward and consistent than implementing individually across modules. openstacklib::db::postgresql uses the puppetlabs postgresql::server::db resource to configure the database and user. openstacklib::db::postgresql accepts a password_hash as a parameter and passes it to the postgresql::server::db resource as the password parameter. While this seems to conflict, the postgresql::server::db resource is actually using the password parameter as a password hash. Change-Id: I1446f37e7fba3305cff3eb3dd7ea4e7d5577eb4e Implements: blueprint commmon-openstack-database-resource --- .fixtures.yml | 1 + README.md | 60 +++++++- manifests/db/postgresql.pp | 46 ++++++ metadata.json | 3 +- .../openstacklib_db_postgresql_spec.rb | 133 ++++++++++++++++++ 5 files changed, 241 insertions(+), 2 deletions(-) create mode 100644 manifests/db/postgresql.pp create mode 100644 spec/defines/openstacklib_db_postgresql_spec.rb diff --git a/.fixtures.yml b/.fixtures.yml index af30f27a..a3f4dbbb 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -2,6 +2,7 @@ fixtures: repositories: aviator: git://github.com/aimonb/puppet_aviator.git mysql: git://github.com/puppetlabs/puppetlabs-mysql.git + postgresql: git://github.com/puppetlabs/puppetlabs-postgresql.git stdlib: git://github.com/puppetlabs/puppetlabs-stdlib.git rabbitmq: repo: 'git://github.com/puppetlabs/puppetlabs-rabbitmq' diff --git a/README.md b/README.md index 84af03da..4329cd24 100644 --- a/README.md +++ b/README.md @@ -120,6 +120,60 @@ array or string; optional; default to undef Privileges given to the database user; string or array of strings; optional; default to 'ALL' +#### Defined type: openstacklib::db::postgresql + +The db::postgresql resource is a library resource that can be used by nova, +cinder, ceilometer, etc., to create a postgresql database and a user with +configurable privileges. + +Typically this resource will be declared with a notify parameter to configure +the sync command to execute when the database resource is changed. + +For example, in heat::db::postgresql you might declare: + +``` +::openstacklib::db::postgresql { $dbname: + password_hash => postgresql_password($user, $password), + dbname => $dbname, + user => $user, + notify => Exec['heat-dbsync'], +} +``` + +Some modules should ensure that the database is created before the service is +set up. For example, in keystone::db::postgresql you would have: + +``` +::openstacklib::db::postgresql { $dbname: + password_hash => postgresql_password($user, $password), + dbname => $dbname, + user => $user, + notify => Exec['keystone-manage db_sync'], + before => Service['keystone'], +} +``` + +** Parameters for openstacklib::db::postgresql: ** + +#####`password_hash` +Password hash to use for the database user for this service; +string; required + +#####`dbname` +The name of the database +string; optional; default to the $title of the resource, i.e. 'nova' + +#####`user` +The database user to create; +string; optional; default to the $title of the resource, i.e. 'nova' + +#####`encoding` +The encoding use for the database; +string; optional; default to undef + +#####`privileges` +Privileges given to the database user; +string or array of strings; optional; default to 'ALL' #### Defined type: openstacklib::service_validation @@ -228,7 +282,11 @@ configuration and extra functionality through types and providers. Limitations ----------- -* Limitations will be added as they are discovered. +The python-migrate system package for RHEL 6 and below is out of date and may +fail to correctly migrate postgresql databases. While this module does not +handle database migrations, it is common to set up refresh relationships +between openstacklib::db::postgresql resource and the database sync exec +resource. Relying on this behavior may cause errors. Development ----------- diff --git a/manifests/db/postgresql.pp b/manifests/db/postgresql.pp new file mode 100644 index 00000000..18fc3059 --- /dev/null +++ b/manifests/db/postgresql.pp @@ -0,0 +1,46 @@ +# == Definition: openstacklib::db::postgresql +# +# This resource configures a postgresql database for an OpenStack service +# +# == Parameters: +# +# [*password_hash*] +# Password hash to use for the database user for this service; +# string; required +# +# [*dbname*] +# The name of the database +# string; optional; default to the $title of the resource, i.e. 'nova' +# +# [*user*] +# The database user to create; +# string; optional; default to the $title of the resource, i.e. 'nova' +# +# [*encoding*] +# The charset to use for the database; +# string; optional; default to undef +# +# [*privileges*] +# Privileges given to the database user; +# string or array of strings; optional; default to 'ALL' + +define openstacklib::db::postgresql ( + $password_hash, + $dbname = $title, + $user = $title, + $encoding = undef, + $privileges = 'ALL', +){ + + if ((($::operatingsystem == 'RedHat' or $::operatingsystem == 'CentOS') and $::operatingsystemmajrelease <= 6) + or ($::operatingsystem == 'Fedora' and $::operatingsystemmajrelease <= 14)) { + warning('The system packages handling the postgresql infrastructure for OpenStack are out of date and should not be relied on for database migrations.') + } + + postgresql::server::db { $dbname: + user => $user, + password => $password_hash, + encoding => $encoding, + grant => $privileges, + } +} diff --git a/metadata.json b/metadata.json index 6395246a..ae6e3279 100644 --- a/metadata.json +++ b/metadata.json @@ -34,6 +34,7 @@ { "name": "aimonb/aviator", "version_requirement": ">=0.4.2 <1.0.0" }, { "name": "puppetlabs/mysql", "version_requirement": ">=2.2.0 <3.0.0" }, { "name": "puppetlabs/stdlib", "version_requirement": ">=4.0.0 <5.0.0" }, - { "name": "puppetlabs/rabbitmq", "version_requirement": ">=2.0.2 <4.0.0" } + { "name": "puppetlabs/rabbitmq", "version_requirement": ">=2.0.2 <4.0.0" }, + { "name": "puppetlabs/postgresql", "version_requirement": ">=3.3.0 <4.0.0" } ] } diff --git a/spec/defines/openstacklib_db_postgresql_spec.rb b/spec/defines/openstacklib_db_postgresql_spec.rb new file mode 100644 index 00000000..ee88603c --- /dev/null +++ b/spec/defines/openstacklib_db_postgresql_spec.rb @@ -0,0 +1,133 @@ +require 'spec_helper' + +describe 'openstacklib::db::postgresql' do + password_hash = 'AA1420F182E88B9E5F874F6FBE7459291E8F4601' + title = 'nova' + let (:title) { title } + + let :required_params do + { :password_hash => password_hash } + end + + context 'on a RedHat osfamily' do + let :facts do + { + :postgres_default_version => '8.4', + :osfamily => 'RedHat' + } + end + + context 'with only required parameters' do + let :params do + required_params + end + + it { should contain_postgresql__server__db(title).with( + :user => title, + :password => password_hash + )} + end + + context 'when overriding encoding' do + let :params do + { :encoding => 'latin1' }.merge(required_params) + end + it { should contain_postgresql__server__db(title).with_encoding(params[:encoding]) } + end + + context 'when omitting the required parameter password_hash' do + let :params do + required_params.delete(:password_hash) + end + + it { expect { should raise_error(Puppet::Error) } } + end + + context 'when notifying other resources' do + let :pre_condition do + 'exec { "nova-db-sync": }' + end + let :params do + { :notify => 'Exec[nova-db-sync]'}.merge(required_params) + end + + it {should contain_exec('nova-db-sync').that_subscribes_to("Openstacklib::Db::Postgresql[#{title}]") } + end + + context 'when required for other openstack services' do + let :pre_condition do + 'service {"keystone":}' + end + let :title do + 'keystone' + end + let :params do + { :before => 'Service[keystone]'}.merge(required_params) + end + + it { should contain_service('keystone').that_requires("Openstacklib::Db::Postgresql[keystone]") } + end + + end + + context 'on a Debian osfamily' do + let :facts do + { + :osfamily => 'Debian' + } + end + + context 'with only required parameters' do + let :params do + required_params + end + + it { should contain_postgresql__server__db(title).with( + :user => title, + :password => password_hash + )} + end + + context 'when overriding encoding' do + let :params do + { :encoding => 'latin1' }.merge(required_params) + end + it { should contain_postgresql__server__db(title).with_encoding(params[:encoding]) } + end + + context 'when omitting the required parameter password_hash' do + let :params do + required_params.delete(:password_hash) + end + + it { expect { should raise_error(Puppet::Error) } } + end + + context 'when notifying other resources' do + let :pre_condition do + 'exec { "nova-db-sync": }' + end + let :params do + { :notify => 'Exec[nova-db-sync]'}.merge(required_params) + end + + it {should contain_exec('nova-db-sync').that_subscribes_to("Openstacklib::Db::Postgresql[#{title}]") } + end + + context 'when required for other openstack services' do + let :pre_condition do + 'service {"keystone":}' + end + let :title do + 'keystone' + end + let :params do + { :before => 'Service[keystone]'}.merge(required_params) + end + + it { should contain_service('keystone').that_requires("Openstacklib::Db::Postgresql[keystone]") } + end + + end + +end