Suse: Introduce support for upstream repo

[noelmcloughlin]

This PR is an enhancement to allow the upstream repo to be used for SLES and OpenSUSE.

The osmap.yaml was updated introducing the feature. Design is aligned with Redhat Stanza for convenience and continuity. These log files demonstrate working "feature" on OpenSuse LEAP 42 as postgresql 9.5 software is retrieved from upstream-

1. postgres95_nogpgcheck_run1.log.txt
2. postgres95_nogpgcheck_run2.log.txt
3. postgres95_nogpgcheck_run3.log.txt

Limitation
GPGCHECK is disabled (for now): See https://redmine.postgresql.org/issues/2732

Followup

1. Fix gpgcheck on Suse - Raise ISSUE.

Nice to Have
The pillar.example was improved in the following manner-

• Required parameters are prominent. For example the value of service differs depending on whether linux distribution or upstream repo is used.
• Unnecessary parameters (pkg, pkg_client, pkgs_extra) were removed to fix confusion.

Thanks

[vutny]

I welcome a good intension to add upstream support for SUSE, but for me the implementation looks like half-done.
Very quick and rough investigation reveals obvious things. Please take a look at my in-line comments.

Also, would you mind to organize Git history in PR(s) a little bit? You can use --amend to simply add stuff to your previous commit. And do --interactive rebase to squash intermediate commits. This will significantly improve understanding what's changed and why, especially when the PR would be eventually merged.

[vutny]

Hard-coding SUSE release number looks not very flexible. Things may change, so maybe use $releasever? However, this may affect OpenSuse...

[noelmcloughlin]

I cannot use '$releasever' because packages target Suse family (SUSE 12+, OpenSUSE 42+), so the upstream repo convention seems to be hardcoding of "sles-12". Using '$releasever' breaks the formula for Suse family except Sles 12.

[vutny]

Yeah, that's true, I understand. My point was that the installation could be broken on other SUSE variants which is not currently supported by upstream: SLES 11, OpenSuse 13 or Tumbleweed.
In such cases it's better to fail fast. But that also introduces complexities.
I think this is fine for now.

[vutny]

I'm not a SUSE expert by any mean, but I assume GPG key verification should just work as in other RedHat-based distro. Have you tried to resolve this? I would make a guess that the key public key file is just located elsewhere.

It looks not so nice to introduce "half-secure" solution by default.

[noelmcloughlin]

I agree its not nice - I'm looking for agreement to raise as "ISSUE" and fix afterwards.

[noelmcloughlin]

Yes I done some troubleshooting. But @myoung34 has identified the problem.

[vutny]

You just need to provide correct public key URL, and I think everything would just "magically" work :)

[noelmcloughlin]

Duh, need to wear my reading glasses.

[vutny]

As I see, client binaries are available from postgresql{{ release }} package.

[vutny]

Why to blindly copy-paste all the stuff? It seems that SUSE packages install all (?) needed alternatives itself during post-installation phase.

[noelmcloughlin]

The PR description explains why ... "Design is aligned with Redhat Stanza for convenience and continuity". It keeps the PR simple.

It seems that SUSE packages install all (?) needed alternatives itself during post-installation phase.

The upstream repo is common to SusE/RedHat/Fedora so same comment applies. Perhaps alternatives handling can be improved but lets keep PR focussed.

[vutny]

The SUSE section does need to be full copy of RedHat just for the sake of artificial consistency.
These options bin_dir, client_bins and server_bins serve a concrete purpose: allow subsequent states and postges modules to properly discover binaries and be able to do the job.

Other distros don't have them, because they don't need to. That's why it is configurable.
The necessary thing should be already done by installed packages, so the formula must not duplicate this.

[noelmcloughlin]

This alternatives cod is legacy. Perhaps in the past the packages did not already do this.

I will investigate and raise common issue on RedHat/Suse.

[vutny]

And Suse definitely doesn't require that.

[myoung34]

There has to be a better way to handle this than to cargo cult large blocks that are similar between os families

[noelmcloughlin]

Thanks for pointing me in right way here. Surely RedHat has same problem.

Agreed - I tested and all except two are already handled by upstream packages.

[vutny]

Again, are you sure the client and the server package are the same in packages provided by SUSE distribution?

[noelmcloughlin]

Yes, I'm sure.

[vutny]

Actually, it was a rhetoric question :)
https://software.opensuse.org/package/postgresql

[noelmcloughlin]

I'm sorry, okay thanks.

[vutny]

I'm aware that hard-coding platform-specific packages here was bad idea. But this possibly may affect later installation of the uuid_ossp extension defined below. Have you tried to run test kitchen with provided config?

[noelmcloughlin]

No, I've tested on OpenSUSE LEAP 42.

[vutny]

Better to test your changes on other platforms as well, because you change shared things, and pillar.example has been used in existent test. That's not perfect, and the change is actually meaningful, but we need to understand an impact.

[noelmcloughlin]

I've already been testing formula on other distributions - see #171 #170 #164.

Only regression is #172 which is something you mentioned regarding pkgs_extra()

[vutny]

I assume this affects Ubuntu and the existing test based on it.

[myoung34]

Also this is just a pillar.example, just leave the values as is to help people understand layout. We only get one pillar.example and support (unofficially) any number of distros so it doesnt need to change with every iteration of what distro was last used against it.

[vutny]

That's exactly what I've been trying to express 👍 But having some working example that fits the most popular ones would be great.

[noelmcloughlin]

Agreed. Will action.

[myoung34]

this isnt a gpg key, this is a yum repo metadata xml file

[noelmcloughlin]

Good spot, thanks.

[vutny]

I have found that starting from PostgreSQL 9.6 they ship valid repo key within the repo:
https://download.postgresql.org/pub/repos/zypp/9.6/suse/sles-12-x86_64/repodata/repomd.xml.key

I think we could leave 9.5 and versions below as is, since user is able to override GPG check in Pillar.

[myoung34]

I see that there's a .kitchen.yml file. can we get @aboe76 to enable it to prevent some regressions?

[vutny]

Hi @noelmcloughlin

Could you please update the status of this PR? Would you have some time or any plans to work on it further according to review comments?
Thanks for your contributions anyway!

[noelmcloughlin]

Hey @vutny
To recap, the original PR proposes adding support for OpenSUSE without Hash-checking. PR reviewers preferred full feature rather than incremental improvement. However, full feature is blocked by issues mentioned in #173. The correct action here is to close the PR and I should refactor a new solution acceptable to community.

Thank you for reviewing!!!!! I will followup on #173 and your comments in this review in a new PR as soon as I make some time.

[vutny]

@noelmcloughlin Awesome, thanks. So let's keep this PR open as a reminded until you'd have another one refactored. Then we close it out in favor of that.

[noelmcloughlin]

Hi @vutny I'll pick this up again as next priority, been hectic with other stuff. thx

[noelmcloughlin]

Rebased as #176