(MODULES-9658) - custom ports are not labeled correctly

[blackknight36]

When a node has SELinux enabled the port must be labeled properly to allow the postgresql service to start.

[lionce]

Hello @blackknight36 ,

This PR looks good. Unfortunately acceptance tests are failing (Failed on 5 nodes: redhat-5-x86_64",centos-5-x86_64", oracle-5-x86_64", oracle-6-x86_64", oracle-7-x86_64"). Would it be possible to check them using litmus? Please let us know if you need any help!

Cheers!

`Failures:

  1) postgresql::server on an alternative port
     On host `f16svhg5g3ghtgd.delivery.puppetlabs.net'
     Failure/Error: idempotent_apply(pp)
     RuntimeError:
       apply manifest failed
       ` puppet apply /tmp/manifest_20190813_82428_1s1svk.pp`
       ======
       [{"node"=>"f16svhg5g3ghtgd.delivery.puppetlabs.net", "target"=>"f16svhg5g3ghtgd.delivery.puppetlabs.net", "action"=>"command", "object"=>" puppet apply /tmp/manifest_20190813_82428_1s1svk.pp", "status"=>"failure", "result"=>{"stdout"=>"", "stderr"=>"\e[1;31mError: Evaluation Error: Error while evaluating a Resource Statement, Unknown resource type: 'selinux::port' (file: /etc/puppetlabs/code/environments/production/modules/postgresql/manifests/server/config.pp, line: 110, column: 5) on node f16svhg5g3ghtgd.delivery.puppetlabs.net\e[0m\n", "exit_code"=>1, "_error"=>{"kind"=>"puppetlabs.tasks/command-error", "issue_code"=>"COMMAND_ERROR", "msg"=>"The command failed with exit code 1", "details"=>{"exit_code"=>1}}}}]
       
     # ./vendor/bundle/ruby/2.5.0/gems/puppet_litmus-0.8.0/lib/puppet_litmus/serverspec.rb:54:in `apply_manifest'
     # ./vendor/bundle/ruby/2.5.0/gems/puppet_litmus-0.8.0/lib/puppet_litmus/serverspec.rb:12:in `idempotent_apply'
     # ./spec/acceptance/alternative_port_spec.rb:14:in `block (2 levels) in <top (required)>'

  2) postgresql::server can connect with psql
     On host `f16svhg5g3ghtgd.delivery.puppetlabs.net'
     Failure/Error: run_shell("cd /tmp; su #{shellescape(user)} -c #{shellescape(psql)}", acceptable_exit_codes: exit_codes, &block)
     RuntimeError:
       shell failed
       `cd /tmp; su postgres -c psql\ -p\ 55433\ --command\=\"\\l\"\ postgres`
       ======
       [{"node"=>"f16svhg5g3ghtgd.delivery.puppetlabs.net", "target"=>"f16svhg5g3ghtgd.delivery.puppetlabs.net", "action"=>"command", "object"=>"cd /tmp; su postgres -c psql\\ -p\\ 55433\\ --command\\=\\\"\\\\l\\\"\\ postgres", "status"=>"failure", "result"=>{"stdout"=>"", "stderr"=>"su: user postgres does not exist\n", "exit_code"=>1, "_error"=>{"kind"=>"puppetlabs.tasks/command-error", "issue_code"=>"COMMAND_ERROR", "msg"=>"The command failed with exit code 1", "details"=>{"exit_code"=>1}}}}]
       
     # ./vendor/bundle/ruby/2.5.0/gems/puppet_litmus-0.8.0/lib/puppet_litmus/serverspec.rb:106:in `run_shell'
     # ./spec/spec_helper_acceptance_local.rb:24:in `psql'
     # ./spec/acceptance/alternative_port_spec.rb:22:in `block (2 levels) in <top (required)>'

  3) postgresql::server Port "55433" should be listening
     On host `f16svhg5g3ghtgd.delivery.puppetlabs.net'
     Failure/Error: it { is_expected.to be_listening }
       expected Port "55433" to be listening
       /bin/sh -c ss\ -tunl\ \|\ grep\ -E\ --\ :55433\\\ 
       
     # ./spec/acceptance/alternative_port_spec.rb:18:in `block (3 levels) in <top (required)>'`

[blackknight36]

@lionce Where are you seeing these failures? TravisCI shows that all checks passed, is there another service that I need to check?

[blackknight36]

I suspect the failures are due to those distros not having an "os" fact mocked up when the tests run. The selinux module uses this fact and puppet runs will fail if it is not defined.

[lionce]

Hello @blackknight36 ,

We're using litmus to execute acceptance tests. You can run the tests following this turorial
We ran tests on all platforms defined in provision.yaml file under release_checks section.

Evaluation Error: Error while evaluating a Resource Statement, Unknown resource type: 'selinux::port' (file: /etc/puppetlabs/code/environments/production/modules/postgresql/manifests/server/config.pp, line: 110, column: 5) on node dbdl9prilm3wfu4.delivery.puppetlabs.net\e[0m\n", "exit_code"=>1, "_error"=>{"kind"=>"puppetlabs.tasks/command-error", "issue_code"=>"COMMAND_ERROR", "msg"=>"The command failed with exit code 1", "details"=>{"exit_code"=>1}}}}]

Cheers!

[blackknight36]

@lionce Thanks for the links. I'll have to see if I can get Litmus working on my system.

Evaluation Error: Error while evaluating a Resource Statement, Unknown resource type: 'selinux::port'

This means that the selinux module is missing. I updated the .fixtures.yml file to ensure that the module is installed but it looks like certain distros aren't honoring this file properly.

[blackknight36]

@lionce Tests should pass now. I have removed the dependency on the selinux module.

[florindragos]

@blackknight36 There's still acceptance tests failing on Oracle 6 and Oracle 7. These platforms might not come with semanage preinstalled:
Dependency Exec[/usr/sbin/semanage port -a -t postgresql_port_t -p tcp 55433] has failures: true\e[0m\n\e[mNotice: Applied catalog in 0.25 seconds\e[0m\n", "stderr"=>"\e[1;31mError: /Stage[main]/Postgresql::Server::Config/Exec[/usr/sbin/semanage port -a -t postgresql_port_t -p tcp 55433]: Could not evaluate: Could not find command '/usr/sbin/semanage'

[blackknight36]

@florindragos I suspect you are correct. The semanage command is part of the policycoreutils-python package which may not be installed by default in Oracle LInux. The selinux module usually handles installing this package if it's missing but in this case we're not using the selinux module which leads to an issue here.

I can add a package resource to install the package needed but that would also lead to a conflict with the selinux module. What would be the best way to handle this?

[florindragos]

Cool! Successful on 19 nodes 👍