Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat(postgresql): Add support for postgresql backend (including tests) #211

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 30 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -222,6 +222,36 @@ pdns_mysql_databases_credentials:
Notice that this must only contain the credentials
for the `gmysql` backends provided in `pdns_backends`.

Administrative credentials for the PostgreSQL backend used to create the PowerDNS Authoritative Server databases and users.
For example:

```yaml
pdns_mysql_databases_credentials:
'gpgsql:one':
'priv_user': root
'priv_password': my_first_password
'priv_host': "1.2.3.4"
```

In case PowerDNS Authoritative Server and PostgreSQL server is running on the same host, Host Based Authentication(HBA) can be used
```yaml
pdns_mysql_databases_credentials:
'gpgsql:one':
'priv_user': postgres
```
Ansible will connect using the unix socket created by PostgreSQL.
In that case, `priv_username` is the username which the PostgreSQL server is running as.


```yaml
pdns_pgsql_unix_socket: "/var/run/postgresql"
````
Path to PostgreSQL's unix socket.





```yaml
pdns_sqlite_databases_locations: []
```
Expand Down
25 changes: 25 additions & 0 deletions defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,27 @@ pdns_mysql_databases_credentials: {}
# 'priv_host':
# - "localhost"

# Administrative credentials to create the PowerDNS Authoritative Server PostgreSQL backend database and user.
pdns_pgsql_databases_credentials: {}
# pdns_pgsql_databases_credentials:
# 'gpgsql:one':
# 'priv_user': root
# 'priv_password': my_first_password
# 'priv_host':
# - "localhost"
# - "%"
# 'gpgsql:two':
# 'priv_user': someprivuser
# 'priv_password': my_second_password
# 'priv_host':
# - "localhost"

# Path to postgres unix socket.
# This is used for creating PowerDNS Authoritative Server database and user when the PostgreSQL server
# is running on the same host as PowerDNS
pdns_pgsql_unix_socket: "/var/run/postgresql"


# This will create the PowerDNS Authoritative Server backend SQLite database
# in the given locations.
# NOTE: Requries the SQLite CLI tools to be available in the machine and the gsqlite3
Expand All @@ -154,3 +175,7 @@ pdns_mysql_schema_file: ""
# Override the schema used to initialize the SQLite database
# By default, this role tries to detect the correct file
pdns_sqlite_schema_file: ""

# Override the schema used to initialize the PostgreSQL database
# By default, this role tries to detect the correct file
pdns_pgsql_schema_file: ""
14 changes: 14 additions & 0 deletions molecule/pdns-47/molecule.yml
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,19 @@ platforms:
# on creation.
is_service: yes

# In order to run the tests we need
# a PostgreSQL container to be up & running
- name: pgsql
image: postgres:16.2
env:
POSTGRES_PASSWORD: pdns
POSTGRES_HOST_AUTH_METHOD: "md5"
POSTGRES_INITDB_ARGS: "--auth-host=md5"
# Declaring the container as service,
# will link it to the others Platforms containers
# on creation.
is_service: yes

provisioner:
name: ansible
options:
Expand Down Expand Up @@ -115,5 +128,6 @@ verifier:
- ../repo-47/
- ../backend-sqlite/
- ../backend-mysql/
- ../backend-pgsql/
- ../systemd-override/

14 changes: 14 additions & 0 deletions molecule/pdns-48/molecule.yml
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,19 @@ platforms:
# on creation.
is_service: yes

# In order to run the tests we need
# a PostgreSQL container to be up & running
- name: pgsql
image: postgres:16.2
env:
POSTGRES_PASSWORD: pdns
POSTGRES_HOST_AUTH_METHOD: "md5"
POSTGRES_INITDB_ARGS: "--auth-host=md5"
# Declaring the container as service,
# will link it to the others Platforms containers
# on creation.
is_service: yes

provisioner:
name: ansible
options:
Expand Down Expand Up @@ -115,5 +128,6 @@ verifier:
- ../repo-48/
- ../backend-sqlite/
- ../backend-mysql/
- ../backend-pgsql/
- ../systemd-override/

14 changes: 14 additions & 0 deletions molecule/pdns-49/molecule.yml
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,19 @@ platforms:
# will link it to the others Platforms containers
# on creation.
is_service: yes

# In order to run the tests we need
# a PostgreSQL container to be up & running
- name: pgsql
image: postgres:16.2
env:
POSTGRES_PASSWORD: pdns
POSTGRES_HOST_AUTH_METHOD: "md5"
POSTGRES_INITDB_ARGS: "--auth-host=md5"
# Declaring the container as service,
# will link it to the others Platforms containers
# on creation.
is_service: yes

provisioner:
name: ansible
Expand Down Expand Up @@ -114,6 +127,7 @@ verifier:
# path relative to 'directory'
- ../repo-49/
- ../backend-sqlite/
- ../backend-pgsql/
- ../backend-mysql/
- ../systemd-override/

14 changes: 14 additions & 0 deletions molecule/pdns-master/molecule.yml
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,19 @@ platforms:
# on creation.
is_service: yes

# In order to run the tests we need
# a PostgreSQL container to be up & running
- name: pgsql
image: postgres:16.2
env:
POSTGRES_PASSWORD: pdns
POSTGRES_HOST_AUTH_METHOD: "md5"
POSTGRES_INITDB_ARGS: "--auth-host=md5"
# Declaring the container as service,
# will link it to the others Platforms containers
# on creation.
is_service: yes

provisioner:
name: ansible
options:
Expand Down Expand Up @@ -112,5 +125,6 @@ verifier:
- ../repo-master/
- ../backend-sqlite/
- ../backend-mysql/
- ../backend-pgsql/
- ../systemd-override/

12 changes: 11 additions & 1 deletion molecule/pdns-os-repos/converge.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,17 @@
---
- hosts: pdns
vars_files:
- ../resources/vars/pdns-os-repos.yml
- ../resources/vars/pdns-backends.yml
pre_tasks:
- name: "Include variables for Arch"
include_vars:
file: ../resources/vars/pdns-os-repos-arch.yml
when: ansible_os_family == 'Archlinux'

- name: "Include variables for Debian/Ubuntu"
include_vars:
file: ../resources/vars/pdns-os-repos-debian.yml
when: ansible_os_family == 'Debian'

roles:
- { role: powerdns.pdns }
14 changes: 14 additions & 0 deletions molecule/pdns-os-repos/molecule.yml
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,19 @@ platforms:
# on creation.
is_service: yes

# In order to run the tests we need
# a PostgreSQL container to be up & running
- name: pgsql
image: postgres:16.2
env:
POSTGRES_PASSWORD: pdns
POSTGRES_HOST_AUTH_METHOD: "md5"
POSTGRES_INITDB_ARGS: "--auth-host=md5"
# Declaring the container as service,
# will link it to the others Platforms containers
# on creation.
is_service: yes

provisioner:
name: ansible
options:
Expand Down Expand Up @@ -103,4 +116,5 @@ verifier:
- ../systemd-override/
- ../backend-sqlite/
- ../backend-mysql/
- ../backend-pgsql/

44 changes: 44 additions & 0 deletions molecule/resources/tests/backend-pgsql/test_backend_pgsql.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@

debian_os = ['debian', 'ubuntu']
rhel_os = ['redhat', 'centos', 'ol', 'rocky', 'almalinux']
archlinux_os = ['arch']


def test_package_rhel(host):
if host.system_info.distribution.lower() in rhel_os:
p = host.package('pdns-backend-postgresql')
assert p.is_installed

def test_package_debian(host):
if host.system_info.distribution.lower() in debian_os:
p = host.package('pdns-backend-pgsql')
assert p.is_installed


def test_config(host):
with host.sudo():
f = None
if host.system_info.distribution.lower() in debian_os + archlinux_os:
f = host.file('/etc/powerdns/pdns.conf')
if host.system_info.distribution.lower() in rhel_os:
f = host.file('/etc/pdns/pdns.conf')

dbname = host.check_output('hostname -s').replace('.', '_')

assert f.exists
assert f.contains('launch+=gpgsql')
assert f.contains('gpgsql-host=pgsql')
assert f.contains('gpgsql-password=pdns')
assert f.contains('gpgsql-dbname=' + dbname)
assert f.contains('gpgsql-user=pdns')


def test_database_tables(host):
dbname = host.check_output('hostname -s').replace('.', '_')

cmd = host.run("PGPASSWORD=\"pdns\" psql --dbname \"%s\" --username=\"pdns\" --host=\"pgsql\" " % dbname +
"--command=\"SELECT DISTINCT tablename FROM pg_catalog.pg_tables WHERE schemaname != 'pg_catalog' AND schemaname != 'information_schema'\"")

for table in [ 'domains', 'records', 'supermasters', 'comments',
'domainmetadata', 'cryptokeys', 'tsigkeys' ]:
assert table in cmd.stdout
11 changes: 11 additions & 0 deletions molecule/resources/vars/pdns-backends.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,11 @@ pdns_backends:
dbname: "{{ ansible_hostname | replace('.', '_') }}" # Each Platform will have its MySQL DB
user: pdns
password: pdns
gpgsql:
host: "pgsql" # This is relying on Docker's service discovery
dbname: "{{ ansible_hostname | replace('.', '_') }}" # Each Platform will have its MySQL DB
user: pdns
password: pdns

pdns_sqlite_databases_locations:
- '/var/lib/powerdns/pdns.db'
Expand All @@ -24,3 +29,9 @@ pdns_mysql_databases_credentials:
priv_host: # is injected by Docker into the env
- '%'
- 'localhost'

pdns_pgsql_databases_credentials:
gpgsql:
priv_user: postgres
priv_password: "{{ ansible_env.MYSQL_ENV_MYSQL_ROOT_PASSWORD }}" # The PgSQL root password
priv_host: "pgsql" # is injected by Docker into the env
26 changes: 26 additions & 0 deletions molecule/resources/vars/pdns-os-repos-arch.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
---

##
# PowerDNS Configuration
##

pdns_config:

# Turns on primary operations
primary: true

# Listen Address
local-address: "127.0.0.1"
local-port: "53"

# API Configuration
api: yes
api-key: "powerdns"

# Embedded webserver
webserver: yes
webserver-address: "0.0.0.0"
webserver-port: "8001"

pdns_service_overrides:
LimitCORE: infinity
1 change: 1 addition & 0 deletions requirements.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
collections:
- name: community.mysql
- name: community.postgresql
- name: community.general
- name: community.docker
- name: ansible.posix
1 change: 1 addition & 0 deletions tasks/database-mysql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
priv: "{{ item[0]['dbname'] }}.*:ALL"
append_privs: yes
state: present
throttle: 1
with_subelements:
- "{{ pdns_backends | combine(pdns_mysql_databases_credentials, recursive=True) }}"
- priv_host
Expand Down
Loading