Merge pull request #275 from ody/get_psql_version

Fetch installed PSQL version

Author: ody

metadata.json

@@ -39,6 +39,10 @@
     {
       "name": "puppetlabs/inifile",
       "version_requirement": ">= 5.2.0 < 6.0.0"
+    },
+    {
+      "name": "puppetlabs/ruby_task_helper",
+      "version_requirement": ">= 0.6.1 < 1.0.0"
     }
   ],
   "operatingsystem_support": [

plans/add_compiler.pp

@@ -44,22 +44,25 @@
     }
   }
 
+  # On the PostgreSQL server backing PuppetDB for compiler, get version number
+  $psql_version = run_task('peadm::get_psql_version', $primary_postgresql_target).first.value['version']
+
   # Add the following two lines to /opt/puppetlabs/server/data/postgresql/11/data/pg_ident.conf
   # 
   # pe-puppetdb-pe-puppetdb-map <new-compiler-host> pe-puppetdb
   # pe-puppetdb-pe-puppetdb-migrator-map <new-compiler-host> pe-puppetdb-migrator
 
   apply($primary_postgresql_target) {
     file_line { 'pe-puppetdb-pe-puppetdb-map':
-      path => '/opt/puppetlabs/server/data/postgresql/11/data/pg_ident.conf',
+      path => "/opt/puppetlabs/server/data/postgresql/${psql_version}/data/pg_ident.conf",
       line => "pe-puppetdb-pe-puppetdb-map ${compiler_target.peadm::certname()} pe-puppetdb",
     }
     file_line { 'pe-puppetdb-pe-puppetdb-migrator-map':
-      path => '/opt/puppetlabs/server/data/postgresql/11/data/pg_ident.conf',
+      path => "/opt/puppetlabs/server/data/postgresql/${psql_version}/data/pg_ident.conf",
       line => "pe-puppetdb-pe-puppetdb-migrator-map ${compiler_target.peadm::certname()} pe-puppetdb-migrator",
     }
     file_line { 'pe-puppetdb-pe-puppetdb-read-map':
-      path => '/opt/puppetlabs/server/data/postgresql/11/data/pg_ident.conf',
+      path => "/opt/puppetlabs/server/data/postgresql/${psql_version}/data/pg_ident.conf",
       line => "pe-puppetdb-pe-puppetdb-read-map ${compiler_target.peadm::certname()} pe-puppetdb-read",
     }
   }

plans/add_replica.pp

@@ -60,28 +60,34 @@
     dns_alt_names      => $dns_alt_names
   )
 
-  # On the PE-PostgreSQL server in the <replacement-avail-group-letter> group
-
-  # Stop puppet and add the following two lines to
-  # /opt/puppetlabs/server/data/postgresql/11/data/pg_ident.conf
-  #  pe-puppetdb-pe-puppetdb-map <replacement-replica-fqdn> pe-puppetdb
-  #  pe-puppetdb-pe-puppetdb-migrator-map <replacement-replica-fqdn> pe-puppetdb-migrator
-  apply($replica_postgresql_target) {
-    file_line { 'pe-puppetdb-pe-puppetdb-map':
-      path => '/opt/puppetlabs/server/data/postgresql/11/data/pg_ident.conf',
-      line => "pe-puppetdb-pe-puppetdb-map ${replica_target.peadm::certname()} pe-puppetdb",
+  # Wrap these things that operate on replica_postgresql_target in an if statement
+  # to avoid failures retrieving PSQL version because you can't operate functions
+  # on a return value of nil.
+  if $replica_postgresql_host {
+    # On the PE-PostgreSQL server in the <replacement-avail-group-letter> group
+    $psql_version = run_task('peadm::get_psql_version', $replica_postgresql_target).first.value['version']
+
+    # Stop puppet and add the following two lines to
+    # /opt/puppetlabs/server/data/postgresql/11/data/pg_ident.conf
+    #  pe-puppetdb-pe-puppetdb-map <replacement-replica-fqdn> pe-puppetdb
+    #  pe-puppetdb-pe-puppetdb-migrator-map <replacement-replica-fqdn> pe-puppetdb-migrator
+    apply($replica_postgresql_target) {
+      file_line { 'pe-puppetdb-pe-puppetdb-map':
+        path => "/opt/puppetlabs/server/data/postgresql/${psql_version}/data/pg_ident.conf",
+        line => "pe-puppetdb-pe-puppetdb-map ${replica_target.peadm::certname()} pe-puppetdb",
+      }
+      file_line { 'pe-puppetdb-pe-puppetdb-migrator-map':
+        path => "/opt/puppetlabs/server/data/postgresql/${psql_version}/data/pg_ident.conf",
+        line => "pe-puppetdb-pe-puppetdb-migrator-map ${replica_target.peadm::certname()} pe-puppetdb-migrator",
+      }
+      file_line { 'pe-puppetdb-pe-puppetdb-read-map':
+        path => "/opt/puppetlabs/server/data/postgresql/${psql_version}/data/pg_ident.conf",
+        line => "pe-puppetdb-pe-puppetdb-read-map ${replica_target.peadm::certname()} pe-puppetdb-read",
+      }
     }
-    file_line { 'pe-puppetdb-pe-puppetdb-migrator-map':
-      path => '/opt/puppetlabs/server/data/postgresql/11/data/pg_ident.conf',
-      line => "pe-puppetdb-pe-puppetdb-migrator-map ${replica_target.peadm::certname()} pe-puppetdb-migrator",
-    }
-    file_line { 'pe-puppetdb-pe-puppetdb-read-map':
-      path => '/opt/puppetlabs/server/data/postgresql/11/data/pg_ident.conf',
-      line => "pe-puppetdb-pe-puppetdb-read-map ${replica_target.peadm::certname()} pe-puppetdb-read",
-    }
-  }
 
-  run_command('systemctl reload pe-postgresql.service', $replica_postgresql_target)
+    run_command('systemctl reload pe-postgresql.service', $replica_postgresql_target)
+  }
 
   run_plan('peadm::util::update_classification', $primary_target,
     server_a_host                    => $replica_avail_group_letter ? { 'A' => $replica_host, default => undef },

plans/subplans/db_populate.pp

@@ -17,22 +17,31 @@
     $destination_target,
   ]))
 
-  # Add the following two lines to /opt/puppetlabs/server/data/postgresql/11/data/pg_ident.conf
+  # Retrieve source's PSQL version
+  $psql_version = run_task('peadm::get_psql_version', $source_target).first.value['version']
+
+  # Determine clientcert setting
+  $clientcert = $psql_version ? {
+    '14'    => 'verify-full',
+    default => 1
+  }
+
+  # Add the following two lines to /opt/puppetlabs/server/data/postgresql/${psql_version}/data/pg_ident.conf
   #
   # These lines allow connections from destination by pg_basebackup to replicate
   # content
   apply($source_target) {
     file_line { 'replication-pe-ha-replication-map':
-      path => '/opt/puppetlabs/server/data/postgresql/11/data/pg_ident.conf',
+      path => "/opt/puppetlabs/server/data/postgresql/${psql_version}/data/pg_ident.conf",
       line => "replication-pe-ha-replication-map ${destination_target.peadm::certname()} pe-ha-replication",
     }
     file_line { 'replication-pe-ha-replication-ipv4':
-      path => '/opt/puppetlabs/server/data/postgresql/11/data/pg_hba.conf',
-      line => 'hostssl replication    pe-ha-replication 0.0.0.0/0  cert  map=replication-pe-ha-replication-map  clientcert=1',
+      path => "/opt/puppetlabs/server/data/postgresql/${psql_version}/data/pg_hba.conf",
+      line => "hostssl replication    pe-ha-replication 0.0.0.0/0  cert  map=replication-pe-ha-replication-map  clientcert=${clientcert}",
     }
     file_line { 'replication-pe-ha-replication-ipv6':
-      path => '/opt/puppetlabs/server/data/postgresql/11/data/pg_hba.conf',
-      line => 'hostssl replication    pe-ha-replication ::/0       cert  map=replication-pe-ha-replication-map  clientcert=1',
+      path => "/opt/puppetlabs/server/data/postgresql/${psql_version}/data/pg_hba.conf",
+      line => "hostssl replication    pe-ha-replication ::/0       cert  map=replication-pe-ha-replication-map  clientcert=${clientcert}",
     }
   }
 
@@ -42,15 +51,15 @@
   # Save existing certificates to use for authentication to source. Can not use
   # certs stored in /etc/puppetlabs/puppet/ssl because we will run pg_basebackup
   # as pe-postgres user, which lacks access
-  run_command('mv /opt/puppetlabs/server/data/postgresql/11/data/certs /opt/puppetlabs/server/data/pg_certs', $destination_target)
+  run_command("mv /opt/puppetlabs/server/data/postgresql/${psql_version}/data/certs /opt/puppetlabs/server/data/pg_certs", $destination_target)
 
   # pg_basebackup requires an entirely empty data directory
   run_command('rm -rf /opt/puppetlabs/server/data/postgresql/*', $destination_target)
 
   $pg_basebackup = @("PGBASE")
     runuser -u pe-postgres -- \
       /opt/puppetlabs/server/bin/pg_basebackup \
-        -D /opt/puppetlabs/server/data/postgresql/11/data \
+        -D /opt/puppetlabs/server/data/postgresql/${psql_version}/data \
         -d "host=${source_host}
             user=pe-ha-replication
             sslmode=verify-full
@@ -72,18 +81,18 @@
   apply($source_target) {
     file_line { 'replication-pe-ha-replication-map':
       ensure => absent,
-      path   => '/opt/puppetlabs/server/data/postgresql/11/data/pg_ident.conf',
+      path   => "/opt/puppetlabs/server/data/postgresql/${psql_version}/data/pg_ident.conf",
       line   => "replication-pe-ha-replication-map ${destination_target.peadm::certname()} pe-ha-replication",
     }
     file_line { 'replication-pe-ha-replication-ipv4':
       ensure => absent,
-      path   => '/opt/puppetlabs/server/data/postgresql/11/data/pg_hba.conf',
-      line   => 'hostssl replication    pe-ha-replication 0.0.0.0/0  cert  map=replication-pe-ha-replication-map  clientcert=1',
+      path   => "/opt/puppetlabs/server/data/postgresql/${psql_version}/data/pg_hba.conf",
+      line   => "hostssl replication    pe-ha-replication 0.0.0.0/0  cert  map=replication-pe-ha-replication-map  clientcert=${clientcert}",
     }
     file_line { 'replication-pe-ha-replication-ipv6':
       ensure => absent,
-      path   => '/opt/puppetlabs/server/data/postgresql/11/data/pg_hba.conf',
-      line   => 'hostssl replication    pe-ha-replication ::/0       cert  map=replication-pe-ha-replication-map  clientcert=1',
+      path   => "/opt/puppetlabs/server/data/postgresql/${psql_version}/data/pg_hba.conf",
+      line   => "hostssl replication    pe-ha-replication ::/0       cert  map=replication-pe-ha-replication-map  clientcert=${clientcert}",
     }
   }
 

tasks/get_psql_version.json

@@ -0,0 +1,6 @@
+{
+  "description": "Run on a PE PSQL node to return the major version of the PSQL server currently installed",
+  "parameters": { },
+  "files": ["ruby_task_helper/files/task_helper.rb"],
+  "input_method": "stdin"
+}

tasks/get_psql_version.rb

@@ -0,0 +1,15 @@
+#!/opt/puppetlabs/puppet/bin/ruby
+# frozen_string_literal: true
+
+require_relative '../../ruby_task_helper/files/task_helper.rb'
+require '/opt/puppetlabs/puppet/cache/lib/pe_install/pe_postgresql_info.rb'
+
+# Task which fetches the installed PSQL server major version
+class GetPSQLInfo < TaskHelper
+  def task(**_kwargs)
+    psql_info = PEPostgresqlInfo.new
+    { 'version' => psql_info.installed_server_version }
+  end
+end
+
+GetPSQLInfo.run if $PROGRAM_NAME == __FILE__