Merge pull request puppetlabs#404 from thunderkeys/postgresql-server-port-support

Add support for port parameter to postgresql::server

Author: Ashley Penney

README.md

@@ -399,6 +399,9 @@ This setting is used to specify the name of the default database to connect with
 ####`listen_addresses`
 This value defaults to `localhost`, meaning the postgres server will only accept connections from localhost. If you'd like to be able to connect to postgres from remote machines, you can override this setting. A value of `*` will tell postgres to accept connections from any remote machine. Alternately, you can specify a comma-separated list of hostnames or IP addresses. (For more info, have a look at the `postgresql.conf` file from your system's postgres package).
 
+####`port`
+This value defaults to `5432`, meaning the postgres server will listen on TCP port 5432. Note that the same port number is used for all IP addresses the server listens on.
+
 ####`ip_mask_deny_postgres_user`
 This value defaults to `0.0.0.0/0`. Sometimes it can be useful to block the superuser account from remote connections if you are allowing other database users to connect remotely. Set this to an IP and mask for which you want to deny connections by the postgres superuser account. So, e.g., the default value of `0.0.0.0/0` will match any remote IP and deny access, so the postgres user won't be able to connect remotely at all. Conversely, a value of `0.0.0.0/32` would not match any remote IP, and thus the deny rule will not be applied and the postgres user will be allowed to connect.
 

lib/puppet/provider/postgresql_psql/ruby.rb

@@ -63,6 +63,7 @@ def run_sql_command(sql)
 
     command = [resource[:psql_path]]
     command.push("-d", resource[:db]) if resource[:db]
+    command.push("-p", resource[:port]) if resource[:port]
     command.push("-t", "-c", sql)
 
     if resource[:cwd]

lib/puppet/type/postgresql_psql.rb

@@ -49,6 +49,10 @@ def sync(refreshing = false)
     desc "The name of the database to execute the SQL command against."
   end
 
+  newparam(:port) do
+    desc "The port of the database server to execute the SQL command against."
+  end
+
   newparam(:search_path) do
     desc "The schema search path to use when executing the SQL command"
   end

manifests/params.pp

@@ -4,6 +4,7 @@
   $version                    = $globals_version
   $postgis_version            = $globals_postgis_version
   $listen_addresses           = 'localhost'
+  $port                       = 5432
   $ip_mask_deny_postgres_user = '0.0.0.0/0'
   $ip_mask_allow_all_users    = '127.0.0.1/32'
   $ipv4acls                   = []

manifests/server.pp

@@ -18,6 +18,7 @@
   $default_database           = $postgresql::params::default_database,
 
   $listen_addresses           = $postgresql::params::listen_addresses,
+  $port                       = $postgresql::params::port,
   $ip_mask_deny_postgres_user = $postgresql::params::ip_mask_deny_postgres_user,
   $ip_mask_allow_all_users    = $postgresql::params::ip_mask_allow_all_users,
   $ipv4acls                   = $postgresql::params::ipv4acls,

manifests/server/config.pp

@@ -4,6 +4,7 @@
   $ip_mask_deny_postgres_user = $postgresql::server::ip_mask_deny_postgres_user
   $ip_mask_allow_all_users    = $postgresql::server::ip_mask_allow_all_users
   $listen_addresses           = $postgresql::server::listen_addresses
+  $port                       = $postgresql::server::port
   $ipv4acls                   = $postgresql::server::ipv4acls
   $ipv6acls                   = $postgresql::server::ipv6acls
   $pg_hba_conf_path           = $postgresql::server::pg_hba_conf_path
@@ -97,6 +98,18 @@
     postgresql::server::config_entry { 'listen_addresses':
       value => $listen_addresses,
     }
+    postgresql::server::config_entry { 'port':
+      value => "${port}",
+    }
+
+    # RedHat-based systems hardcode some PG* variables in the init script, and need to be overriden
+    # in /etc/sysconfig/pgsql/postgresql. Create a blank file so we can manage it with augeas later.
+    if ($::osfamily == 'RedHat') {
+      file { '/etc/sysconfig/pgsql/postgresql':
+        ensure  => present,
+        replace => false,
+      }
+    }
   } else {
     file { $pg_hba_conf_path:
       ensure => absent,

manifests/server/config_entry.pp

@@ -26,6 +26,20 @@
     }
   }
 
+  if ($::osfamily == 'RedHat') {
+    if ($name == 'port') {
+      augeas { 'override PGPORT in /etc/sysconfig/pgsql/postgresql':
+        lens    => 'Shellvars.lns',
+        incl    => '/etc/sysconfig/pgsql/*',
+        context => '/files/etc/sysconfig/pgsql/postgresql',
+        changes => "set PGPORT $value",
+        require => File['/etc/sysconfig/pgsql/postgresql'],
+        notify  => Class['postgresql::server::service'],
+        before  => Class['postgresql::server::reload'],
+      }
+    }
+  }
+
   case $ensure {
     /present|absent/: {
       postgresql_conf { $name:

manifests/server/database.pp

@@ -12,6 +12,7 @@
   $user          = $postgresql::server::user
   $group         = $postgresql::server::group
   $psql_path     = $postgresql::server::psql_path
+  $port          = $postgresql::server::port
   $version       = $postgresql::server::version
   $default_db    = $postgresql::server::default_database
 
@@ -20,6 +21,7 @@
     psql_user  => $user,
     psql_group => $group,
     psql_path  => $psql_path,
+    port       => $port,
   }
 
   # Optionally set the locale switch. Older versions of createdb may not accept
@@ -45,12 +47,13 @@
     default => "--tablespace='${tablespace}' ",
   }
 
-  $createdb_command = "${createdb_path} --owner='${owner}' --template=${template} ${encoding_option}${locale_option}${tablespace_option} '${dbname}'"
+  $createdb_command = "${createdb_path} --port='${port}' --owner='${owner}' --template=${template} ${encoding_option}${locale_option}${tablespace_option} '${dbname}'"
 
   postgresql_psql { "Check for existence of db '${dbname}'":
     command => 'SELECT 1',
     unless  => "SELECT datname FROM pg_database WHERE datname='${dbname}'",
     db      => $default_db,
+    port    => $port,
     require => Class['postgresql::server::service']
   }~>
   exec { $createdb_command :
@@ -63,6 +66,7 @@
   #  granted privileges.
   postgresql_psql {"REVOKE ${public_revoke_privilege} ON DATABASE \"${dbname}\" FROM public":
     db          => $default_db,
+    port        => $port,
     refreshonly => true,
   }
 

manifests/server/firewall.pp

@@ -3,17 +3,17 @@
   $ensure             = $postgresql::server::ensure
   $manage_firewall    = $postgresql::server::manage_firewall
   $firewall_supported = $postgresql::server::firewall_supported
+  $port               = $postgresql::server::port
 
   if ($manage_firewall and $firewall_supported) {
     if ($ensure == 'present' or $ensure == true) {
-      # TODO: get rid of hard-coded port
-      firewall { '5432 accept - postgres':
-        port   => '5432',
+      firewall { "$port accept - postgres":
+        port   => $port,
         proto  => 'tcp',
         action => 'accept',
       }
     } else {
-      firewall { '5432 accept - postgres':
+      firewall { "$port accept - postgres":
         ensure => absent,
       }
     }

manifests/server/grant.pp

@@ -6,7 +6,8 @@
   $object_type = 'database',
   $object_name = $db,
   $psql_db     = $postgresql::server::default_database,
-  $psql_user   = $postgresql::server::user
+  $psql_user   = $postgresql::server::user,
+  $port        = $postgresql::server::port
 ) {
   $group     = $postgresql::server::group
   $psql_path = $postgresql::server::psql_path
@@ -68,6 +69,7 @@
   $grant_cmd = "GRANT ${_privilege} ON ${_object_type} \"${object_name}\" TO \"${role}\""
   postgresql_psql { $grant_cmd:
     db         => $on_db,
+    port       => $port,
     psql_user  => $psql_user,
     psql_group => $group,
     psql_path  => $psql_path,

manifests/server/role.pp

@@ -4,6 +4,7 @@
   $createdb         = false,
   $createrole       = false,
   $db               = $postgresql::server::default_database,
+  $port             = $postgresql::server::port,
   $login            = true,
   $inherit          = true,
   $superuser        = false,
@@ -30,6 +31,7 @@
 
   Postgresql_psql {
     db         => $db,
+    port       => $port,
     psql_user  => $psql_user,
     psql_group => $psql_group,
     psql_path  => $psql_path,

manifests/server/service.pp

@@ -5,6 +5,7 @@
   $service_provider = $postgresql::server::service_provider
   $service_status   = $postgresql::server::service_status
   $user             = $postgresql::server::user
+  $port             = $postgresql::server::port
   $default_database = $postgresql::server::default_database
 
   $service_ensure = $ensure ? {
@@ -33,6 +34,7 @@
     postgresql::validate_db_connection { 'validate_service_is_running':
       run_as          => $user,
       database_name   => $default_database,
+      database_port   => $port,
       sleep           => 1,
       tries           => 60,
       create_db_first => false,

manifests/server/table_grant.pp

@@ -5,12 +5,14 @@
   $table,
   $db,
   $role,
+  $port      = $postgresql::server::port,
   $psql_db   = undef,
   $psql_user = undef
 ) {
   postgresql::server::grant { "table:${name}":
     role        => $role,
     db          => $db,
+    port        => $port,
     privilege   => $privilege,
     object_type => 'TABLE',
     object_name => $table,

manifests/server/tablespace.pp

@@ -6,12 +6,14 @@
 ) {
   $user      = $postgresql::server::user
   $group     = $postgresql::server::group
+  $port      = $postgresql::server::port
   $psql_path = $postgresql::server::psql_path
 
   Postgresql_psql {
     psql_user  => $user,
     psql_group => $group,
     psql_path  => $psql_path,
+    port       => $port,
   }
 
   if ($owner == undef) {

spec/acceptance/server/database_spec.rb

@@ -27,3 +27,28 @@ class { 'postgresql::server': }
     end
   end
 end
+
+describe 'postgresql::server::database: alternate port', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+  it 'should idempotently create a db on a non-default port that we can connect to' do
+    begin
+      pp = <<-EOS.unindent
+        $db = 'postgresql_test_db'
+        class { 'postgresql::server':
+          port => 5433,
+        }
+
+        postgresql::server::database { $db: }
+      EOS
+
+      apply_manifest(pp, :catch_failures => true)
+      apply_manifest(pp, :catch_changes => true)
+
+      psql('--command="select datname from pg_database" --port=5433 postgresql_test_db') do |r|
+        expect(r.stdout).to match(/postgresql_test_db/)
+        expect(r.stderr).to eq('')
+      end
+    ensure
+      psql('--command="drop database postgresql_test_db" --port=5433 postgres')
+    end
+  end
+end

spec/acceptance/server_spec.rb

@@ -87,9 +87,6 @@ class { "postgresql::server": }
           user     => "foo1",
           password => postgresql_password('foo1', 'foo1'),
         }
-        postgresql::server::config_entry { 'port':
-          value => '5432',
-        }
       EOS
 
       apply_manifest(pp, :catch_failures => true)
@@ -181,3 +178,26 @@ class { "postgresql::server":
     end
   end
 end
+
+describe 'server on alternate port:', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+  after :all do
+    apply_manifest("class { 'postgresql::server': ensure => absent }", :catch_failures => true)
+  end
+
+  context 'test installing postgresql with alternate port' do
+    it 'perform installation and make sure it is idempotent' do
+      pp = <<-EOS.unindent
+        class { "postgresql::server":
+          port => 5433,
+        }
+      EOS
+
+      apply_manifest(pp, :catch_failures => true)
+      apply_manifest(pp, :catch_changes => true)
+    end
+
+    describe port(5433) do
+      it { should be_listening }
+    end
+  end
+end

spec/spec_helper_acceptance.rb

@@ -45,6 +45,17 @@ def psql(psql_cmd, user = 'postgres', exit_codes = [0], &block)
     install_package host, 'rubygems'
     on host, 'gem install puppet --no-ri --no-rdoc'
     on host, "mkdir -p #{host['distmoduledir']}"
+    osfamily = fact 'osfamily'
+    # install augeas dependencies
+    if osfamily =~ /Debian/
+      install_package host, 'ruby-dev'
+      install_package host, 'libaugeas-dev'
+    end
+    if osfamily =~ /RedHat/
+      install_package host, 'ruby-devel'
+      install_package host, 'augeas-devel'
+    end
+    on host, 'gem install ruby-augeas --no-ri --no-rdoc'
   end
 end