Add systemd for pdns_authoritative

STATE:
- Currently, systemd is not handle for 'pdns'
- Kitchen-dokken test are failing for 'authoritative-postgres-centos-6'

CAUSE:
- systemd is not the current target for the cookbook mainteners
- The 'postgres' cookbook does fail the first run when used for CentOS 6
  Ref: sous-chefs/postgresql#421
- kitchen-dokken does not provide a correct 'retry' feature:
  PR has been filled: test-kitchen/kitchen-dokken#110
- Inspec 'process' resource has issue with partial match:
  inspec/inspec#1497
  inspec/inspec#1867

FIX:
- Add in '.kitchen.yml' a 'max_retries' value for handling 'posgresql'
  failure for CentOS 6
- Add helper: 'PdnsAuthoritativeResource'
- Convert 'default_authoritative_config_directory' to module_function to
  be used in the test cookbooks
- Change 'socket-dir' right to allow systemd to start
- Change 'pdns_authoritative_config' namespace to 'pdns-INSTANCE_NAME'
  and update rspec tests and cookbook pdns_test to reflect that
- Remove init scripts for sysvinit and use the default implementation
  of powerdns virtual use (link creation)
- Create 'pdns_authoritative_service_systemd' resource
- Create 'pdns_authoritative_service_sysvint' resource
- Add 'mock_service_resource_providers'
- Update rspec tests for handling 'sysvinit' and 'systemd' resources
- Remove 'pdns_authoritative_service_rhel_sysvinit' and
  'pdns_authoritative_service_debian_sysvinit' resources
- Fix recipe 'authoritative_install_single_postgres' (pdns_test)
- Update inspec tests
- Add new inspec helper function to determine if systemd is used or
  not ('systemd_is_init?')
- Add new inspec helper function to get powerdns process name according
  init system ('check_process_name')
- Update '.kitchen.dokken.yml' to be compliant with systemd

Change-Id: Id5ea3264391ab55774c51c1cff1325e9b0f58685

.kitchen.dokken.yml

@@ -8,6 +8,12 @@ transport:
 
 provisioner:
   name: dokken
+  # On CentOS 6, restart the 'postgres' database could fail the first time so
+  # let's try twice before failing:
+  # https://github.com/sous-chefs/postgresql/issues/421
+  retry_on_exit_code:
+    - 1
+  max_retries: 2
 
 verifier:
   name: inspec
@@ -23,6 +29,9 @@ platforms:
   - name: ubuntu-16.04
     driver:
       image: ubuntu:16.04
+      pid_one_command: /bin/systemd
+      volumes:
+        - /sys/fs/cgroup:/sys/fs/cgroup:ro # required by systemd
       intermediate_instructions:
         - RUN /usr/bin/apt-get update
         - RUN /usr/bin/apt-get install apt-transport-https lsb-release procps net-tools lsof dnsutils -y
@@ -38,12 +47,17 @@ platforms:
       image: centos:7
       pid_one_command: /usr/lib/systemd/systemd
       platform: rhel
+      volumes:
+        - /sys/fs/cgroup:/sys/fs/cgroup:ro # required by systemd
       intermediate_instructions:
          - RUN yum -y install lsof which systemd-sysv initscripts wget net-tools
 
   - name: debian-8
     driver:
       image: debian:8
+      pid_one_command: /bin/systemd
+      volumes:
+        - /sys/fs/cgroup:/sys/fs/cgroup:ro # required by systemd
       intermediate_instructions:
         - RUN /usr/bin/apt-get update
         - RUN /usr/bin/apt-get install apt-transport-https lsb-release procps net-tools lsof dnsutils -y

.kitchen.yml

@@ -4,6 +4,12 @@ driver:
 
 provisioner:
   name: chef_zero
+  # On CentOS 6, restart the 'postgres' database could fail the first time so
+  # let's try twice before failing:
+  # https://github.com/sous-chefs/postgresql/issues/421
+  retry_on_exit_code:
+    - 1
+  max_retries: 2
 
 verifier:
   name: inspec
@@ -13,6 +19,7 @@ platforms:
   - name: ubuntu-14.04
   - name: debian-8.7
   - name: centos-6.7
+  - name: centos-6.9
   - name: centos-7.2
 
 suites:
@@ -27,11 +34,13 @@ suites:
       - recipe[pdns_test::authoritative_install_multi]
     attributes:
   - name: authoritative-postgres
-    includes: [
-      'centos-7',
-      'debian-8',
-      'ubuntu-14.04',
-      'ubuntu-16.04'
+    # On CentOS 6, restart the 'postgres' database could fail the first time so
+    # let's try twice before failing:
+    # https://github.com/sous-chefs/postgresql/issues/421
+    excludes: [
+      'centos-6.7',
+      'centos-6.9',
+      'centos-6', # for dokken
     ]
     run_list:
       - recipe[pdns_test::inspec_dependencies]

README.md

@@ -265,7 +265,7 @@ Creates a init service to manage a PowerDNS authoritative instance. This service
 | cookbook       | String, nil | 'pdns'                                                | No |
 | source         | String, nil | 'authoritative.init.debian.erb'                       | No |
 | config_dir | String     | see `default_authoritative_config_directory` helper method | Yes |
-| socket_dir | String     | lazy { |resource| "/var/run/#{resource.instance_name}" }   | Yes |
+| socket_dir | String     | "/var/run/#{instance_name}"   | Yes |
 
 #### Usage example
 

libraries/helpers.rb

@@ -16,14 +16,98 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-module PdnsResource
+module Pdns
+  # Common helper for PowerDNS cookbook
   module Helpers
     def default_user_attributes
       case node['platform_family']
       when 'debian'
-        { home: '/var/spool/powerdns', shell: '/bin/false' }
+        Mash.new(home: '/var/spool/powerdns', shell: '/bin/false')
       when 'rhel'
-        { home: '/', shell: '/sbin/nologin' }
+        Mash.new(home: '/', shell: '/sbin/nologin')
+      end
+    end
+  end
+
+  # Helpers method for recursor feature
+  module PdnsRecursorHelpers
+    include Pdns::Helpers
+
+    def systemd_name(name = nil)
+      "pdns-recursor@#{name}"
+    end
+
+    def sysvinit_name(name = nil)
+      "pdns_recursor-#{name}"
+    end
+
+    def default_recursor_run_user
+      case node['platform_family']
+      when 'debian'
+        'pdns'
+      when 'rhel'
+        'pdns-recursor'
+      end
+    end
+
+    def default_recursor_config_directory
+      case node['platform_family']
+      when 'debian'
+        '/etc/powerdns'
+      when 'rhel'
+        '/etc/pdns-recursor'
+      end
+    end
+  end
+
+  # Helpers method for authoritative feature
+  module PdnsAuthoritativeHelpers
+    include Pdns::Helpers
+
+    def systemd_name(name = nil)
+      "pdns@#{name}"
+    end
+
+    def sysvinit_name(name = nil)
+      "pdns_authoritative-#{name}"
+    end
+
+    def default_authoritative_run_user
+      'pdns'
+    end
+
+    def backend_package_per_platform(instance_name = 'postgresql')
+      return 'pdns-backend-geo'        if node['platform_family'] == 'debian' && instance_name == 'geo'
+      return 'pdns-backend-ldap'       if node['platform_family'] == 'debian' && instance_name == 'ldap'
+      return 'pdns-backend-mysql '     if node['platform_family'] == 'debian' && instance_name == 'mysql'
+      return 'pdns-backend-pgsql'      if node['platform_family'] == 'debian' && instance_name == 'postgresql'
+      return 'pdns-backend-pipe'       if node['platform_family'] == 'debian' && instance_name == 'pipe'
+      return 'pdns-backend-sqlite3'    if node['platform_family'] == 'debian' && instance_name == 'sqlite'
+      return 'pdns-backend-geoip'      if node['platform_family'] == 'debian' && instance_name == 'geoip'
+      return 'pdns-backend-lua'        if node['platform_family'] == 'debian' && instance_name == 'lua'
+      return 'pdns-backend-mydns'      if node['platform_family'] == 'debian' && instance_name == 'mydns'
+      return 'pdns-backend-odbc'       if node['platform_family'] == 'debian' && instance_name == 'odbc'
+      return 'pdns-backend-opendbx'    if node['platform_family'] == 'debian' && instance_name == 'opendbx'
+      return 'pdns-backend-remote'     if node['platform_family'] == 'debian' && instance_name == 'remote'
+      return 'pdns-backend-tinydns'    if node['platform_family'] == 'debian' && instance_name == 'tinydns'
+      return 'pdns-backend-geo'        if node['platform_family'] == 'rhel'   && instance_name == 'geo'
+      return 'pdns-backend-ldap'       if node['platform_family'] == 'rhel'   && instance_name == 'ldap'
+      return 'pdns-backend-lua'        if node['platform_family'] == 'rhel'   && instance_name == 'lua'
+      return 'pdns-backend-mydns'      if node['platform_family'] == 'rhel'   && instance_name == 'mydns'
+      return 'pdns-backend-mysql'      if node['platform_family'] == 'rhel'   && instance_name == 'mysql'
+      return 'pdns-backend-pipe'       if node['platform_family'] == 'rhel'   && instance_name == 'pipe'
+      return 'pdns-backend-postgresql' if node['platform_family'] == 'rhel'   && instance_name == 'postgresql'
+      return 'pdns-backend-remote'     if node['platform_family'] == 'rhel'   && instance_name == 'remote'
+      return 'pdns-backend-sqlite'     if node['platform_family'] == 'rhel'   && instance_name == 'sqlite'
+    end
+
+    module_function
+    def default_authoritative_config_directory(platform_family = 'rhel')
+      case platform_family
+      when 'debian'
+        '/etc/powerdns'
+      when 'rhel'
+        '/etc/pdns'
       end
     end
   end

resources/pdns_authoritative_backend.rb

@@ -16,6 +16,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+include ::Pdns::PdnsAuthoritativeHelpers
 
 resource_name :pdns_authoritative_backend
 
@@ -35,14 +36,14 @@
 property :version, [String, nil], default: nil
 
 action :install do
-  package backend_package_per_platform do
+  package backend_package_per_platform(new_resource.instance_name) do
+    version new_resource.version
     action :install
   end
 end
 
 action :uninstall do
-  apt_package backend_package_per_platform do
+  package backend_package_per_platform(new_resource.instance_name) do
     action :remove
-    version new_resource.version
   end
 end

resources/pdns_authoritative_config.rb

@@ -16,7 +16,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-include ::PdnsResource::Helpers
+include ::Pdns::PdnsAuthoritativeHelpers
 
 resource_name :pdns_authoritative_config
 
@@ -34,12 +34,12 @@
 
 property :instance_name, String, name_property: true
 property :launch, Array, default: ['bind']
-property :config_dir, String, default: lazy { default_authoritative_config_directory }
-property :socket_dir, String, default: lazy { |resource| "/var/run/#{resource.instance_name}" }
+property :config_dir, String, default: lazy { default_authoritative_config_directory(node['platform_family']) }
 property :run_group, String, default: lazy { default_authoritative_run_user }
 property :run_user, String, default: lazy { default_authoritative_run_user }
 property :run_user_home, String, default: lazy { default_user_attributes[:home] }
 property :run_user_shell, String, default: lazy { default_user_attributes[:shell] }
+property :socket_dir, String, default: lazy { |resource| "/var/run/#{resource.instance_name}" }
 property :setuid, String, default: lazy { |resource| resource.run_user }
 property :setgid, String, default: lazy { |resource| resource.run_group }
 
@@ -71,12 +71,15 @@
   directory new_resource.socket_dir do
     owner new_resource.run_user
     group new_resource.run_group
-    mode '0755'
+    # Because of the DynListener creation before dropping privileges, the
+    # socket-directory has to be '0777' for now
+    # Issue: https://github.com/PowerDNS/pdns/issues/4826
+    mode Chef::Platform::ServiceHelpers.service_resource_providers.include?(:systemd) ? '0777' : '0755'
     recursive true
     action :create
   end
 
-  template "#{new_resource.config_dir}/pdns-authoritative_#{new_resource.instance_name}.conf" do
+  template "#{new_resource.config_dir}/pdns-#{new_resource.instance_name}.conf" do
     source new_resource.source
     cookbook new_resource.cookbook
     owner 'root'