Add pgsql backend and tests

Add postgresql credentials variable in README.md Flag for creating or use existing DB Add install-dependencies.yml tasks in main.yml
PowerDNS · Jun 16, 2024 · 7aa4ef2 · 7aa4ef2
1 parent a0eddd4
commit 7aa4ef2
Show file tree

Hide file tree

Showing 24 changed files with 400 additions and 23 deletions.
diff --git a/README.md b/README.md
@@ -222,6 +222,36 @@ pdns_mysql_databases_credentials:
 Notice that this must only contain the credentials
 for the `gmysql` backends provided in `pdns_backends`.
 
+Administrative credentials for the PostgreSQL backend used to create the PowerDNS Authoritative Server databases and users.
+For example:
+
+```yaml
+pdns_pgsql_databases_credentials:
+  'gpgsql:one':
+    'priv_user': root
+    'priv_password': my_first_password
+    'priv_host': "1.2.3.4"
+```
+
+In case PowerDNS Authoritative Server and PostgreSQL server is running on the same host, Host Based Authentication(HBA) can be used 
+```yaml
+pdns_pgsql_databases_credentials:
+  'gpgsql:one':
+    'priv_user': postgres
+```
+Ansible will connect using the unix socket created by PostgreSQL.
+In that case, `priv_username` is the username which the PostgreSQL server is running as.
+
+
+```yaml
+pdns_pgsql_unix_socket: "/var/run/postgresql"
+````
+Path to PostgreSQL's unix socket.
+
+ 
+
+
+
 ```yaml
 pdns_sqlite_databases_locations: []
 ```

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,4 +1,6 @@
 ---
+# Create or use existing database
+pdns_create_database: true
 
 # By default, no PowerDNS Authoritative Server repository will be configured by the role
 pdns_install_repo: ""
@@ -136,6 +138,26 @@ pdns_mysql_databases_credentials: {}
 #     'priv_host':
 #       - "localhost"
 
+# Administrative credentials to create the PowerDNS Authoritative Server PostgreSQL backend database and user.
+pdns_pgsql_databases_credentials: {}
+# pdns_pgsql_databases_credentials:
+#   'gpgsql:one':
+#     'priv_user': root
+#     'priv_password': my_first_password
+#     'priv_host':
+#       - "localhost"
+#       - "%"
+#   'gpgsql:two':
+#     'priv_user': someprivuser
+#     'priv_password': my_second_password
+#     'priv_host':
+#       - "localhost"
+
+# Path to postgres unix socket. 
+# This is used for creating PowerDNS Authoritative Server database and user when the PostgreSQL server
+# is running on the same host as PowerDNS
+pdns_pgsql_unix_socket: "/var/run/postgresql"
+
 # This will create the PowerDNS Authoritative Server backend SQLite database
 # in the given locations.
 # NOTE: Requries the SQLite CLI tools to be available in the machine and the gsqlite3
@@ -154,3 +176,7 @@ pdns_mysql_schema_file: ""
 # Override the schema used to initialize the SQLite database
 # By default, this role tries to detect the correct file
 pdns_sqlite_schema_file: ""
+
+# Override the schema used to initialize the PostgreSQL database
+# By default, this role tries to detect the correct file
+pdns_pgsql_schema_file: ""
diff --git a/molecule/pdns-47/molecule.yml b/molecule/pdns-47/molecule.yml
@@ -77,6 +77,19 @@ platforms:
     # on creation.
     is_service: yes
 
+  # In order to run the tests we need
+  # a PostgreSQL container to be up & running
+  - name: pgsql
+    image: postgres:16.2
+    env:
+      POSTGRES_PASSWORD: pdns
+      POSTGRES_HOST_AUTH_METHOD: "md5"
+      POSTGRES_INITDB_ARGS: "--auth-host=md5"
+    # Declaring the container as service,
+    # will link it to the others Platforms containers
+    # on creation.
+    is_service: yes
+
 provisioner:
   name: ansible
   options:
@@ -115,5 +128,6 @@ verifier:
     - ../repo-47/
     - ../backend-sqlite/
     - ../backend-mysql/
+    - ../backend-pgsql/
     - ../systemd-override/
 
diff --git a/molecule/pdns-48/molecule.yml b/molecule/pdns-48/molecule.yml
@@ -77,6 +77,19 @@ platforms:
     # on creation.
     is_service: yes
 
+  # In order to run the tests we need
+  # a PostgreSQL container to be up & running
+  - name: pgsql
+    image: postgres:16.2
+    env:
+      POSTGRES_PASSWORD: pdns
+      POSTGRES_HOST_AUTH_METHOD: "md5"
+      POSTGRES_INITDB_ARGS: "--auth-host=md5"
+    # Declaring the container as service,
+    # will link it to the others Platforms containers
+    # on creation.
+    is_service: yes
+
 provisioner:
   name: ansible
   options:
@@ -115,5 +128,6 @@ verifier:
     - ../repo-48/
     - ../backend-sqlite/
     - ../backend-mysql/
+    - ../backend-pgsql/
     - ../systemd-override/
 
diff --git a/molecule/pdns-49/molecule.yml b/molecule/pdns-49/molecule.yml
@@ -76,6 +76,19 @@ platforms:
     # will link it to the others Platforms containers
     # on creation.
     is_service: yes
+
+  # In order to run the tests we need
+  # a PostgreSQL container to be up & running
+  - name: pgsql
+    image: postgres:16.2
+    env:
+      POSTGRES_PASSWORD: pdns
+      POSTGRES_HOST_AUTH_METHOD: "md5"
+      POSTGRES_INITDB_ARGS: "--auth-host=md5"
+    # Declaring the container as service,
+    # will link it to the others Platforms containers
+    # on creation.
+    is_service: yes
 
 provisioner:
   name: ansible
@@ -114,6 +127,7 @@ verifier:
     # path relative to 'directory'
     - ../repo-49/
     - ../backend-sqlite/
+    - ../backend-pgsql/
     - ../backend-mysql/
     - ../systemd-override/
 
diff --git a/molecule/pdns-master/molecule.yml b/molecule/pdns-master/molecule.yml
@@ -77,6 +77,19 @@ platforms:
     # on creation.
     is_service: yes
 
+  # In order to run the tests we need
+  # a PostgreSQL container to be up & running
+  - name: pgsql
+    image: postgres:16.2
+    env:
+      POSTGRES_PASSWORD: pdns
+      POSTGRES_HOST_AUTH_METHOD: "md5"
+      POSTGRES_INITDB_ARGS: "--auth-host=md5"
+    # Declaring the container as service,
+    # will link it to the others Platforms containers
+    # on creation.
+    is_service: yes
+
 provisioner:
   name: ansible
   options:
@@ -112,5 +125,6 @@ verifier:
     - ../repo-master/
     - ../backend-sqlite/
     - ../backend-mysql/
+    - ../backend-pgsql/
     - ../systemd-override/
 
diff --git a/molecule/pdns-os-repos/converge.yml b/molecule/pdns-os-repos/converge.yml
@@ -1,7 +1,17 @@
 ---
 - hosts: pdns
   vars_files:
-    - ../resources/vars/pdns-os-repos.yml
     - ../resources/vars/pdns-backends.yml
+  pre_tasks:
+    - name: "Include variables for Arch"
+      include_vars:
+        file: ../resources/vars/pdns-os-repos-arch.yml
+      when: ansible_os_family == 'Archlinux'
+
+    - name: "Include variables for Debian/Ubuntu"
+      include_vars:
+        file: ../resources/vars/pdns-os-repos-debian.yml
+      when: ansible_os_family == 'Debian'
+
   roles:
     - { role: powerdns.pdns }
diff --git a/molecule/pdns-os-repos/molecule.yml b/molecule/pdns-os-repos/molecule.yml
@@ -68,6 +68,19 @@ platforms:
     # on creation.
     is_service: yes
 
+  # In order to run the tests we need
+  # a PostgreSQL container to be up & running
+  - name: pgsql
+    image: postgres:16.2
+    env:
+      POSTGRES_PASSWORD: pdns
+      POSTGRES_HOST_AUTH_METHOD: "md5"
+      POSTGRES_INITDB_ARGS: "--auth-host=md5"
+    # Declaring the container as service,
+    # will link it to the others Platforms containers
+    # on creation.
+    is_service: yes
+
 provisioner:
   name: ansible
   options:
@@ -103,4 +116,5 @@ verifier:
     - ../systemd-override/
     - ../backend-sqlite/
     - ../backend-mysql/
+    - ../backend-pgsql/
 
diff --git a/molecule/resources/tests/backend-pgsql/test_backend_pgsql.py b/molecule/resources/tests/backend-pgsql/test_backend_pgsql.py
@@ -0,0 +1,44 @@
+
+debian_os = ['debian', 'ubuntu']
+rhel_os = ['redhat', 'centos', 'ol', 'rocky', 'almalinux']
+archlinux_os = ['arch']
+
+
+def test_package_rhel(host):
+    if host.system_info.distribution.lower() in rhel_os:
+        p = host.package('pdns-backend-postgresql')
+        assert p.is_installed
+
+def test_package_debian(host):
+    if host.system_info.distribution.lower() in debian_os:
+        p = host.package('pdns-backend-pgsql')
+        assert p.is_installed
+
+
+def test_config(host):
+    with host.sudo():
+        f = None
+        if host.system_info.distribution.lower() in debian_os + archlinux_os:
+            f = host.file('/etc/powerdns/pdns.conf')
+        if host.system_info.distribution.lower() in rhel_os:
+            f = host.file('/etc/pdns/pdns.conf')
+
+        dbname = host.check_output('hostname -s').replace('.', '_')
+
+        assert f.exists
+        assert f.contains('launch+=gpgsql')
+        assert f.contains('gpgsql-host=pgsql')
+        assert f.contains('gpgsql-password=pdns')
+        assert f.contains('gpgsql-dbname=' + dbname)
+        assert f.contains('gpgsql-user=pdns')
+
+
+def test_database_tables(host):
+    dbname = host.check_output('hostname -s').replace('.', '_')
+
+    cmd = host.run("PGPASSWORD=\"pdns\"  psql --dbname \"%s\" --username=\"pdns\" --host=\"pgsql\" " % dbname +
+                          "--command=\"SELECT DISTINCT tablename FROM pg_catalog.pg_tables WHERE schemaname != 'pg_catalog' AND schemaname != 'information_schema'\"")
+
+    for table in [ 'domains', 'records', 'supermasters', 'comments',
+            'domainmetadata', 'cryptokeys', 'tsigkeys' ]:
+        assert table in cmd.stdout
diff --git a/molecule/resources/vars/pdns-backends.yml b/molecule/resources/vars/pdns-backends.yml
@@ -13,6 +13,11 @@ pdns_backends:
     dbname: "{{ ansible_hostname | replace('.', '_') }}"   # Each Platform will have its MySQL DB
     user: pdns
     password: pdns
+  gpgsql:
+    host: "pgsql"                                          # This is relying on Docker's service discovery
+    dbname: "{{ ansible_hostname | replace('.', '_') }}"   # Each Platform will have its MySQL DB
+    user: pdns
+    password: pdns
 
 pdns_sqlite_databases_locations:
   - '/var/lib/powerdns/pdns.db'
@@ -24,3 +29,9 @@ pdns_mysql_databases_credentials:
     priv_host:                                                        # is injected by Docker into the env
       - '%'
       - 'localhost'
+
+pdns_pgsql_databases_credentials:
+  gpgsql:
+    priv_user: postgres
+    priv_password: "{{ ansible_env.MYSQL_ENV_MYSQL_ROOT_PASSWORD }}"  # The PgSQL root password
+    priv_host: "pgsql"                                                # is injected by Docker into the env
diff --git a/molecule/resources/vars/pdns-os-repos-arch.yml b/molecule/resources/vars/pdns-os-repos-arch.yml
@@ -0,0 +1,26 @@
+---
+
+##
+# PowerDNS Configuration
+##
+
+pdns_config:
+
+  # Turns on primary operations
+  primary: true
+
+  # Listen Address
+  local-address: "127.0.0.1"
+  local-port: "53"
+
+  # API Configuration
+  api: yes
+  api-key: "powerdns"
+
+  # Embedded webserver
+  webserver: yes
+  webserver-address: "0.0.0.0"
+  webserver-port: "8001"
+
+pdns_service_overrides:
+  LimitCORE: infinity
diff --git a/molecule/resources/vars/pdns-os-repos.yml → ...e/resources/vars/pdns-os-repos-debian.yml b/molecule/resources/vars/pdns-os-repos.yml → ...e/resources/vars/pdns-os-repos-debian.yml
diff --git a/requirements.yml b/requirements.yml
@@ -1,6 +1,7 @@
 ---
 collections:
   - name: community.mysql
+  - name: community.postgresql
   - name: community.general
   - name: community.docker
   - name: ansible.posix
diff --git a/tasks/database-mysql.yml b/tasks/database-mysql.yml
@@ -1,10 +1,4 @@
 ---
-
-- name: Install the MySQL dependencies
-  package:
-    name: "{{ pdns_mysql_packages }}"
-    state: present
-
 - name: Create the PowerDNS MySQL databases
   mysql_db:
     login_user: "{{ item['value']['priv_user'] }}"
@@ -29,6 +23,7 @@
     priv: "{{ item[0]['dbname'] }}.*:ALL"
     append_privs: yes
     state: present
+  throttle: 1
   with_subelements:
     - "{{ pdns_backends | combine(pdns_mysql_databases_credentials, recursive=True) }}"
     - priv_host