Default PowerDNS auth & rec to 4.8 + updates PowerDNS pubkey + Switch…

…es Ubuntu (focal for bionic) (#130)

.github/workflows/ci.yml

@@ -72,10 +72,10 @@ jobs:
         os:
           - 'centos-7'
           - 'centos-8'
-          - 'debian-11'
           - 'debian-10'
-          - 'ubuntu-1804'
+          - 'debian-11'
           - 'ubuntu-2004'
+          - 'ubuntu-2204'
         suite:
           - 'authoritative-multi'
           - 'authoritative-postgres'

files/default/powerdns.asc

@@ -1,5 +1,4 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1
 
 mQINBFV2/GwBEADD4oJuwcLkYZD6R+PM0zKdZ04owicJ9e1nTbBb8OA+92TI0cJY
 8XGpjEJBRECOMJi9Gr6p3QxgZX1IQbiB/RJgRN0BYTZJ6BKobJAlSNsZBVH4wt/F
@@ -13,18 +12,18 @@ yt1K0ow4M54woB/68cMy0UB6cA8uOHscRObau3T3UB0ohsEPF7KYAqOKfKP0irV+
 Ys6tR0KI/TeHqrqKhCA9PGOpOmqJaibt5GqFTc3Dp4U19njMmh4eboki8EwS6DNy
 4HD76dFz2jkSQ74uB/X+nxuFEVRKS54q4aeg83NL5lnsD8TWdhTui4mURQARAQAB
 tDxQb3dlckROUyBSZWxlYXNlIFNpZ25pbmcgS2V5IDxwb3dlcmRucy5zdXBwb3J0
-QHBvd2VyZG5zLmNvbT6JAj4EEwECACgFAlV2/GwCGwMFCQ8JnAAGCwkIBwMCBhUI
-AgkKCwQWAgMBAh4BAheAAAoJEBsMYgX9OA+75QYQAJ7a3rZiTmBJkYfDYbZGOcJj
-tIgWj5ieyIHjaG1kR3setK1GbYrd7dkeHuWIT8FCO/mQwrKTlxEd+Vj5a79Bpu0D
-de1MRi7jTIb/Qrge532Pnk5T7qFjJWfvTWhpSV9XDwHR216aByuHZ9gAJt92hgo5
-eSXHPpwbi+qAdymndUswFBHY0kLNpIYAa2mZcSNbaI/RFNYPOM/aqDMcpQ2s1Rf1
-c8iTPewf04jlNd75M59AAbnpdoFiCKbV+Q8oeUNxRGhHCQgcTaWhT5vdF2pXP1jb
-rVykPxN7U5zTu03m/qbUCKg9Pqkhr79a2XNIpcGHhsp58B6dJdBPhXT/tFXnVpY0
-wZHGGlBVhZzC1Qdq58ilyQ2qfIci2sjMoS62lAffemb88CyoQ2UadhNKZTn93Ogo
-lmW1txqN7UU7hUBxwdztw+Pgf7V+ADwkPHnSsNLupkZ7QUOl2i1kPwgcnwHLPFoD
-bYDteCtqcVVCY5v3OC95jGJ4bqwgIIeQ5kloKY2pRLeNedbCHbGc6rVjX5X0K2zt
-F7/dWOklI1Ox4Y+Vv0Ln7u3BvSyl5jWXWzH2V6q3ff7NKVro3keZmgTzcBwJEv/z
-p40ds9f2LTKJX4DajyAF2Z+j79obMYwKo0w+Vy36QrO8TlKk+ZU/6vcFfVdEoCtv
-d5a03QgyYgMX0WW8Smam
-=BY4B
+QHBvd2VyZG5zLmNvbT6JAlUEEwEKAD8CGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4B
+AheAFiEEn6qlV36Pz2IJPQNsGwxiBf04D7sFAmSBbicFCRSuDDsACgkQGwxiBf04
+D7s/HRAAooP+NzYZnxr8pynTZxCK2yGTwb8kuDVLfBYNibtHHXdHQZ5qhxhGfmI/
+rtnAjQS3SCzwwvAyK6Y5XU7z5ahctnEKaN+J43ve/nP5e9Aq15ioE72gLawg9IEU
+I8e+7FL/WF+feQQo/8dhmqx4inOlOSb+kx9CCbSvA9Mxb+dDvf9dKBmTj/22uxQG
+oeVBnj5TK4XCSmIiNZC3phHJWuL38pFUKYsOMDpRg1VUkgRPqc/9n1iWod2QkblU
+ynpL74SAag2HG5zzbvknqWlgrNAqjMZjx2V/DKTdTTEeqo2jq1eWinoOv79vZlH7
+L8kOyVPKMotQQdnp7n+Hs/FEHdyBV8OApGb62lF2xElDXnX+EertforubqloE46k
+KcAzlylJKqIr1DGb/2VbpZUOllr8Y4aFB6yU1CL9S7MF5GTjsG9LmmUDbhHw8v4b
+v3r7EmRN5AzBMhIDpNb3cDi8a83IztcfrUQlbzu4h4YU670t1+OTJ5KgwL6Mdr+1
+TMiPJg5Y2ZfTVhi82hJDBCHzaOunyjXcU+pgMEl4YBNUsnFrkvBV2S7lLCJi5aDA
+scFMb1hGMVeDFvd9sZg520PekP1Tejj+KjKXdWGi5xAT8M3MlIHJKV2mVLGuirx4
+aOLHBOKR3n/8SGXuUuVIxmeF5mzdZuyfxn4lz4EXTTQ6J5fFX78=
+=/3of
 -----END PGP PUBLIC KEY BLOCK-----

kitchen.yml

@@ -41,17 +41,17 @@ platforms:
         - RUN /usr/bin/apt-get update
         - RUN /usr/bin/apt-get install dnsutils -y
 
-  - name: ubuntu-18.04
+  - name: ubuntu-20.04
     driver:
-      image: dokken/ubuntu-18.04
+      image: dokken/ubuntu-20.04
       pid_one_command: /bin/systemd
       intermediate_instructions:
         - RUN /usr/bin/apt-get update
         - RUN /usr/bin/apt-get install dnsutils -y
 
-  - name: ubuntu-20.04
+  - name: ubuntu-22.04
     driver:
-      image: dokken/ubuntu-20.04
+      image: dokken/ubuntu-22.04
       pid_one_command: /bin/systemd
       intermediate_instructions:
         - RUN /usr/bin/apt-get update

metadata.rb

@@ -9,7 +9,7 @@
 
 chef_version '>= 15'
 
-supports 'ubuntu', '>= 18.04'
+supports 'ubuntu', '>= 20.04'
 supports 'debian', '>= 9.0'
 supports 'centos', '>= 7.0'
 supports 'redhat', '>= 7.0'

resources/authoritative_config.rb

@@ -19,7 +19,7 @@
 
 provides :pdns_authoritative_config, platform: 'ubuntu'
 unified_mode true do |node|
-  node['platform_version'].to_f >= 18.04
+  node['platform_version'].to_f >= 20.04
 end
 
 provides :pdns_authoritative_config, platform: 'debian' do |node|

resources/authoritative_install_debian.rb

@@ -19,15 +19,15 @@
 
 provides :pdns_authoritative_install, platform: 'ubuntu'
 unified_mode true do |node|
-  node['platform_version'].to_f >= 18.04
+  node['platform_version'].to_f >= 20.04
 end
 
 provides :pdns_authoritative_install, platform: 'debian' do |node|
   node['platform_version'].to_i >= 9
 end
 
 property :version, String
-property :series, String, default: '45'
+property :series, String, default: '48'
 property :debug, [true, false], default: false
 property :allow_upgrade, [true, false], default: false
 property :backends, Array

resources/authoritative_install_rhel.rb

@@ -23,7 +23,7 @@
 end
 
 property :version, String
-property :series, String, default: '45'
+property :series, String, default: '48'
 property :debug, [true, false], default: false
 property :allow_upgrade, [true, false], default: false
 property :backends, Array

resources/recursor_config.rb

@@ -19,7 +19,7 @@
 
 provides :pdns_recursor_config, platform: 'ubuntu'
 unified_mode true do |node|
-  node['platform_version'].to_f >= 18.04
+  node['platform_version'].to_f >= 20.04
 end
 
 provides :pdns_recursor_config, platform: 'debian' do |node|

resources/recursor_install_debian.rb

@@ -19,14 +19,14 @@
 
 provides :pdns_recursor_install, platform: 'ubuntu'
 unified_mode true do |node|
-  node['platform_version'].to_f >= 18.04
+  node['platform_version'].to_f >= 20.04
 end
 
 provides :pdns_recursor_install, platform: 'debian' do |node|
   node['platform_version'].to_i >= 9
 end
 
-property :series, String, default: '45'
+property :series, String, default: '48'
 property :version, String
 property :debug, [true, false], default: false
 property :allow_upgrade, [true, false], default: false

resources/recursor_install_rhel.rb

@@ -23,7 +23,7 @@
 end
 
 property :version, String
-property :series, String, default: '45'
+property :series, String, default: '48'
 property :debug, [true, false], default: false
 property :allow_upgrade, [true, false], default: false
 

spec/recipes/hyphens_spec.rb

@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe 'pdns_test::hyphens' do
-  platform 'ubuntu', '18.04'
+  platform 'ubuntu', '20.04'
 
   context('pdns_authoritative_config') do
     it 'raises an exception for a hyphen in the name' do

test/cookbooks/pdns_test/files/default/schema_postgres.sql

@@ -3,24 +3,26 @@ CREATE TABLE domains (
   name                  VARCHAR(255) NOT NULL,
   master                VARCHAR(128) DEFAULT NULL,
   last_check            INT DEFAULT NULL,
-  type                  VARCHAR(6) NOT NULL,
-  notified_serial       INT DEFAULT NULL,
+  type                  TEXT NOT NULL,
+  notified_serial       BIGINT DEFAULT NULL,
   account               VARCHAR(40) DEFAULT NULL,
+  options               TEXT DEFAULT NULL,
+  catalog               TEXT DEFAULT NULL,
   CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
 );
 
 CREATE UNIQUE INDEX name_index ON domains(name);
+CREATE INDEX catalog_idx ON domains(catalog);
 
 
 CREATE TABLE records (
-  id                    SERIAL PRIMARY KEY,
+  id                    BIGSERIAL PRIMARY KEY,
   domain_id             INT DEFAULT NULL,
   name                  VARCHAR(255) DEFAULT NULL,
   type                  VARCHAR(10) DEFAULT NULL,
   content               VARCHAR(65535) DEFAULT NULL,
   ttl                   INT DEFAULT NULL,
   prio                  INT DEFAULT NULL,
-  change_date           INT DEFAULT NULL,
   disabled              BOOL DEFAULT 'f',
   ordername             VARCHAR(255),
   auth                  BOOL DEFAULT 't',
@@ -78,6 +80,7 @@ CREATE TABLE cryptokeys (
   domain_id             INT REFERENCES domains(id) ON DELETE CASCADE,
   flags                 INT NOT NULL,
   active                BOOL,
+  published             BOOL DEFAULT TRUE,
   content               TEXT
 );
 
@@ -92,4 +95,4 @@ CREATE TABLE tsigkeys (
   CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
 );
 
-CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);
+CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);

test/cookbooks/pdns_test/recipes/authoritative_install_single_postgres.rb

@@ -1,13 +1,17 @@
 apt_update 'RIGHT_MEOW'
 
-execute 'disble postgresql dnf module' do
+execute 'disable postgresql dnf module' do
   command 'dnf -qy module disable postgresql'
   only_if { platform_family?('rhel') && node['platform_version'].to_i == 8 }
 end
 
-postgresql_server_install 'default' do
-  version '13'
-  action [:install, :create]
+postgresql_install 'postgresql' do
+  version 15
+  action %i(install init_server)
+end
+
+postgresql_service 'postgresql' do
+  action %i(enable start)
 end
 
 execute 'setup_postgres_user' do
@@ -41,12 +45,7 @@
 include_recipe 'pdns_test::disable_systemd_resolved'
 
 pdns_authoritative_install 'default' do
-  series '44'
-  backends [pg_backend_package]
-end
-
-pdns_authoritative_install 'default_upgrade' do
-  series '45'
+  series '48'
   backends [pg_backend_package]
   allow_upgrade true
 end

test/cookbooks/pdns_test/recipes/disable_systemd_resolved.rb

@@ -1,7 +1,7 @@
 # On ubuntu >=18.04 systemd-resolved needs to be disabled and stopped as it port conflicts
 service 'systemd-resolved' do
   action [:stop, :disable]
-  only_if { node['platform'].include?('ubuntu') && node['platform_version'].to_f >= 18.04 }
+  only_if { node['platform'].include?('ubuntu') && node['platform_version'].to_f >= 20.04 }
 end
 
 # Since we remove resolved we need to make our own resolv.conf
@@ -11,5 +11,5 @@
 nameserver 2620:fe::9
   EOF
   force_unlink true
-  only_if { node['platform'].include?('ubuntu') && node['platform_version'].to_f >= 18.04 }
+  only_if { node['platform'].include?('ubuntu') && node['platform_version'].to_f >= 20.04 }
 end

test/integration/authoritative-multi/default_spec.rb

@@ -26,18 +26,10 @@
   it { should exist }
 end
 
-describe processes(Regexp.new(/pdns_server\s(?!--config-name=server_02)/)) do
-  its('users') { should eq ['pdns'] }
-end
-
-describe processes(Regexp.new(/pdns_server\s(?=--config-name=server_02)/)) do
-  its('users') { should eq ['pdns'] }
-end
-
 describe command('dig -p 53 chaos txt version.bind @127.0.0.1 +short') do
-  its('stdout.chomp') { should match(/"PowerDNS Authoritative Server 4\.5\.\d/) }
+  its('stdout.chomp') { should match(/"PowerDNS Authoritative Server 4\.8\.\d/) }
 end
 
 describe command('dig -p 54 chaos txt version.bind @127.0.0.1 +short') do
-  its('stdout.chomp') { should match(/"PowerDNS Authoritative Server 4\.5\.\d/) }
+  its('stdout.chomp') { should match(/"PowerDNS Authoritative Server 4\.8\.\d/) }
 end

test/integration/authoritative-postgres/default_spec.rb

@@ -26,7 +26,7 @@
 end
 
 describe command('dig chaos txt version.bind @127.0.0.1 +short') do
-  its('stdout.chomp') { should match(/"PowerDNS Authoritative Server 4\.5.\d/) }
+  its('stdout.chomp') { should match(/"PowerDNS Authoritative Server 4\.8.\d/) }
 end
 
 describe command('dig @127.0.0.1 smoke.example.org') do

test/integration/recursor-multi/default_spec.rb

@@ -26,20 +26,12 @@
   it { should exist }
 end
 
-describe processes(Regexp.new(/pdns_recursor\s(?!--config)/)) do
-  its('users') { should match [Regexp.new(/pdns(-recursor)?/)] }
-end
-
-describe processes(Regexp.new(/pdns_recursor --config-name=server_02/)) do
-  its('users') { should match [Regexp.new(/pdns/)] }
-end
-
 describe command('dig -p 53 chaos txt version.bind @127.0.0.1 +short') do
-  its('stdout.chomp') { should match(Regexp.new(/"PowerDNS Recursor 4\.5\.\d/)) }
+  its('stdout.chomp') { should match(Regexp.new(/"PowerDNS Recursor 4\.8\.\d/)) }
 end
 
 describe command('dig -p 54 chaos txt version.bind @127.0.0.1 +short') do
-  its('stdout.chomp') { should match(Regexp.new(/"PowerDNS Recursor 4\.5\.\d/)) }
+  its('stdout.chomp') { should match(Regexp.new(/"PowerDNS Recursor 4\.8\.\d/)) }
 end
 
 describe command('dig -p 53 @127.0.0.1 dnsimple.com') do