gpinitsystem: Add -O support of FQDN_HBA init cluster config file

Add behave test for FQDN_HBA flag support
Co-authored-by: NXin Zhang <xzhang@pivotal.io>
Co-authored-by: NGoutam Tadi <gtadi@pivotal.io>

gpMgmt/bin/gpinitsystem

@@ -230,7 +230,7 @@ CHK_PARAMS () {
 		    fi
 		    
 		    # Make sure old CLUSTER_CONFIG settings are not hanging around.
-		    unset PORT_BASE SEG_PREFIX DATA_DIRECTORY REPLICATION_PORT_BASE HEAP_CHECKSUM
+		    unset PORT_BASE SEG_PREFIX DATA_DIRECTORY REPLICATION_PORT_BASE HEAP_CHECKSUM FQDN_HBA
 
 		    # Make sure it is not a dos file with CTRL M at end of each line
 		    $TR -d '\r' < $CLUSTER_CONFIG > $TMP_FILE
@@ -286,6 +286,11 @@ CHK_PARAMS () {
 			LOG_MSG "[INFO]:-Could not find HEAP_CHECKSUM in cluster config, defaulting to on."
 		fi
 
+		if [ x"" = x"$FQDN_HBA" ]; then
+			FQDN_HBA=0
+			LOG_MSG "[INFO]:-Could not find FQDN_HBA in cluster config, defaulting to 0."
+		fi
+
 		if [ x"" == x"$LOCALE_SETTING" ];then
 			LOG_MSG "[INFO]:-Locale has not been set in $CLUSTER_CONFIG, will set to default value" 1
 			LOCALE_SETTING=$DEFAULT_LOCALE_SETTING
@@ -1077,6 +1082,7 @@ DISPLAY_CONFIG () {
 		LOG_MSG "[INFO]:-Initdb to be used          = $INITDB" 1
 		LOG_MSG "[INFO]:-GP_LIBRARY_PATH is         = $GP_LIBRARY_PATH" 1
 		LOG_MSG "[INFO]:-HEAP_CHECKSUM is           = $HEAP_CHECKSUM" 1
+		LOG_MSG "[INFO]:-FQDN_HBA is                = $FQDN_HBA" 1
 		if [ $ULIMIT_WARN -eq 1 ];then
 			LOG_MSG "[WARN]:-Ulimit check               = Warnings generated, see log file $WARN_MARK" 1
 		else
@@ -1671,6 +1677,10 @@ DUMP_OUTPUT_CONFIG () {
 	$ECHO "HEAP_CHECKSUM=$HEAP_CHECKSUM" >> $OUTPUT_CONFIG
     fi
 
+    if [ x"" != x"$FQDN_HBA" ] ; then
+	$ECHO "FQDN_HBA=$FQDN_HBA" >> $OUTPUT_CONFIG
+    fi
+
     $ECHO "QD_PRIMARY_ARRAY=$QD_PRIMARY_ARRAY" >> $OUTPUT_CONFIG
     $ECHO "declare -a PRIMARY_ARRAY=(" >> $OUTPUT_CONFIG
     for qe in ${QE_PRIMARY_ARRAY[@]}

gpMgmt/bin/lib/gpcreateseg.sh

@@ -215,6 +215,13 @@ PROCESS_QE () {
         $TRUSTED_SHELL ${GP_HOSTADDRESS} "$ECHO host     all          $USER_NAME         $CIDR_ADDR      trust >> ${GP_DIR}/$PG_HBA"
         done
     else
+        # cleanup the pg_hba.conf
+        $GREP "^#" ${GP_DIR}/$PG_HBA > $TMP_PG_HBA
+        $MV $TMP_PG_HBA ${GP_DIR}/$PG_HBA
+
+        # add localhost
+        $TRUSTED_SHELL ${GP_HOSTADDRESS} "$ECHO host     all          all         localhost      trust >> ${GP_DIR}/$PG_HBA"
+
         if [ x"" = x"$COPY_FROM_PRIMARY_HOSTADDRESS" ]; then
             $TRUSTED_SHELL ${GP_HOSTADDRESS} "$ECHO host	all	all	${MASTER_HOSTNAME}	trust >> ${GP_DIR}/$PG_HBA"
             PARA_EXIT $? "Update $PG_HBA for master IP address ${MASTER_HOSTNAME}"

gpMgmt/test/behave/mgmt_utils/gpinitsystem.feature

@@ -82,49 +82,53 @@ Feature: gpinitsystem tests
     Scenario: gpinitsystem creates a cluster in default timezone
         Given the database is not running
         And the environment variable "TZ" is not set
-		And the system timezone is saved
-		And the user runs command "rm -rf ../gpAux/gpdemo/datadirs/*"
-		And the user runs command "mkdir ../gpAux/gpdemo/datadirs/qddir; mkdir ../gpAux/gpdemo/datadirs/dbfast1; mkdir ../gpAux/gpdemo/datadirs/dbfast2; mkdir ../gpAux/gpdemo/datadirs/dbfast3"
-		And the user runs command "mkdir ../gpAux/gpdemo/datadirs/dbfast_mirror1; mkdir ../gpAux/gpdemo/datadirs/dbfast_mirror2; mkdir ../gpAux/gpdemo/datadirs/dbfast_mirror3"
-		And the user runs command "rm -rf /tmp/gpinitsystemtest && mkdir /tmp/gpinitsystemtest"
-		When the user runs "gpinitsystem -a -c ../gpAux/gpdemo/clusterConfigFile -l /tmp/gpinitsystemtest -P 21100 -h ../gpAux/gpdemo/hostfile"
-		And gpinitsystem should return a return code of 0
-		Then the database timezone is saved
-		And the database timezone matches the system timezone
-		And the startup timezone is saved
-		And the startup timezone matches the system timezone
+        And the system timezone is saved
+        And the user runs command "rm -rf ../gpAux/gpdemo/datadirs/*"
+        And the user runs command "mkdir ../gpAux/gpdemo/datadirs/qddir; mkdir ../gpAux/gpdemo/datadirs/dbfast1; mkdir ../gpAux/gpdemo/datadirs/dbfast2; mkdir ../gpAux/gpdemo/datadirs/dbfast3"
+        And the user runs command "mkdir ../gpAux/gpdemo/datadirs/dbfast_mirror1; mkdir ../gpAux/gpdemo/datadirs/dbfast_mirror2; mkdir ../gpAux/gpdemo/datadirs/dbfast_mirror3"
+        And the user runs command "rm -rf /tmp/gpinitsystemtest && mkdir /tmp/gpinitsystemtest"
+        When the user runs "gpinitsystem -a -c ../gpAux/gpdemo/clusterConfigFile -l /tmp/gpinitsystemtest -P 21100 -h ../gpAux/gpdemo/hostfile"
+        And gpinitsystem should return a return code of 0
+        Then the database timezone is saved
+        And the database timezone matches the system timezone
+        And the startup timezone is saved
+        And the startup timezone matches the system timezone
 
     @gpinitsystem_verify_timezone_setting
     Scenario: gpinitsystem creates a cluster using TZ
         Given the database is not running
         And the environment variable "TZ" is set to "US/Hawaii"
-		And the user runs command "rm -rf ../gpAux/gpdemo/datadirs/*"
-		And the user runs command "mkdir ../gpAux/gpdemo/datadirs/qddir; mkdir ../gpAux/gpdemo/datadirs/dbfast1; mkdir ../gpAux/gpdemo/datadirs/dbfast2; mkdir ../gpAux/gpdemo/datadirs/dbfast3"
-		And the user runs command "mkdir ../gpAux/gpdemo/datadirs/dbfast_mirror1; mkdir ../gpAux/gpdemo/datadirs/dbfast_mirror2; mkdir ../gpAux/gpdemo/datadirs/dbfast_mirror3"
-		And the user runs command "rm -rf /tmp/gpinitsystemtest && mkdir /tmp/gpinitsystemtest"
-		When the user runs "gpinitsystem -a -c ../gpAux/gpdemo/clusterConfigFile -l /tmp/gpinitsystemtest -P 21100 -h ../gpAux/gpdemo/hostfile"
-		And gpinitsystem should return a return code of 0
-		Then the database timezone is saved
-		And the database timezone matches "HST"
-		And the startup timezone is saved
-		And the startup timezone matches "HST"
+        And the user runs command "rm -rf ../gpAux/gpdemo/datadirs/*"
+        And the user runs command "mkdir ../gpAux/gpdemo/datadirs/qddir; mkdir ../gpAux/gpdemo/datadirs/dbfast1; mkdir ../gpAux/gpdemo/datadirs/dbfast2; mkdir ../gpAux/gpdemo/datadirs/dbfast3"
+        And the user runs command "mkdir ../gpAux/gpdemo/datadirs/dbfast_mirror1; mkdir ../gpAux/gpdemo/datadirs/dbfast_mirror2; mkdir ../gpAux/gpdemo/datadirs/dbfast_mirror3"
+        And the user runs command "rm -rf /tmp/gpinitsystemtest && mkdir /tmp/gpinitsystemtest"
+        When the user runs "gpinitsystem -a -c ../gpAux/gpdemo/clusterConfigFile -l /tmp/gpinitsystemtest -P 21100 -h ../gpAux/gpdemo/hostfile"
+        And gpinitsystem should return a return code of 0
+        Then the database timezone is saved
+        And the database timezone matches "HST"
+        And the startup timezone is saved
+        And the startup timezone matches "HST"
 
-    @gpinitsystem_fqdn
-    Scenario: gpinitsystem should print IP addresses in pg_hba.conf when FQDN_HBA=1
+    @gpinitsystem_fqdn_hba
+    @gpinitsystem_fqdn_hba_on
+    Scenario: gpinitsystem should print FQDN in pg_hba.conf when FQDN_HBA=1
         Given the cluster config is generated with FQDN_HBA "1"
-        Then verify that file "fqdn_config_file" exists under "/tmp"
-        And verify that the file "/tmp/fqdn_config_file" contains "FQDN_HBA=1"
-        And the user runs "gpinitsystem -a -I /tmp/fqdn_config_file -l /tmp/"
-        And gpinitsystem should return a return code of 0
-        Then verify that file "pg_hba.conf" exists under "../gpAux/gpdemo/datadirs/qddir"
-        And verify that the file "../gpAux/gpdemo/datadirs/qddir/pg_hba.conf" contains "master_hostname       trust"
+        When the user runs command "gpinitsystem -a -c ../gpAux/gpdemo/clusterConfigFile -O /tmp/output_config_file"
+        Then gpinitsystem should return a return code of 0
+        And verify that the file "/tmp/output_config_file" contains "FQDN_HBA=1"
+        When the user runs "gpinitsystem -a -I /tmp/output_config_file -l /tmp/"
+        Then gpinitsystem should return a return code of 0
+        And verify that the file "../gpAux/gpdemo/datadirs/qddir/demoDataDir-1/pg_hba.conf" contains FQDN only for trusted host
+        And verify that the file "../gpAux/gpdemo/datadirs/dbfast1/demoDataDir0/pg_hba.conf" contains FQDN only for trusted host
 
-    @gpinitsystem_fqdn
-    Scenario: gpinitsystem should print FQDNs in pg_hba.conf when FQDN_HBA=0
+    @gpinitsystem_fqdn_hba
+    @gpinitsystem_fqdn_hba_off
+    Scenario: gpinitsystem should print CIDR in pg_hba.conf when FQDN_HBA=0
         Given the cluster config is generated with FQDN_HBA "0"
-        Then verify that file "fqdn_config_file" exists under "/tmp"
-        And verify that the file "/tmp/fqdn_config_file" contains "FQDN_HBA=0"
-        And the user runs "gpinitsystem -a -I /tmp/fqdn_config_file -l /tmp/"
-        And gpinitsystem should return a return code of 0
-        Then verify that file "pg_hba.conf" exists under "../gpAux/gpdemo/datadirs/qddir"
-        And verify that the file "../gpAux/gpdemo/datadirs/qddir/pg_hba.conf" contains "127.0.0.1
+        When the user runs command "gpinitsystem -a -c ../gpAux/gpdemo/clusterConfigFile -O /tmp/output_config_file"
+        Then gpinitsystem should return a return code of 0
+        And verify that the file "/tmp/output_config_file" contains "FQDN_HBA=0"
+        When the user runs "gpinitsystem -a -I /tmp/output_config_file -l /tmp/"
+        Then gpinitsystem should return a return code of 0
+        And verify that the file "../gpAux/gpdemo/datadirs/qddir/demoDataDir-1/pg_hba.conf" contains CIDR only for trusted host
+        And verify that the file "../gpAux/gpdemo/datadirs/dbfast1/demoDataDir0/pg_hba.conf" contains CIDR only for trusted host

gpMgmt/test/behave/mgmt_utils/steps/mgmt_utils.py

@@ -37,6 +37,28 @@ master_data_dir = os.environ.get('MASTER_DATA_DIRECTORY')
 if master_data_dir is None:
     raise Exception('Please set MASTER_DATA_DIRECTORY in environment')
 
+@given('the cluster config is generated with FQDN_HBA "{fqdn_hba_toggle}"')
+def impl(context, fqdn_hba_toggle):
+    stop_database(context)
+
+    cmd = """
+    cd ../gpAux/gpdemo; \
+        export MASTER_DEMO_PORT={master_port} && \
+        export DEMO_PORT_BASE={port_base} && \
+        export NUM_PRIMARY_MIRROR_PAIRS={num_primary_mirror_pairs} && \
+        export WITH_MIRRORS={with_mirrors} && \
+        ./demo_cluster.sh -d && ./demo_cluster.sh -c && \
+        env EXTRA_CONFIG="FQDN_HBA={fqdn_hba_toggle}" ONLY_PREPARE_CLUSTER_ENV=true ./demo_cluster.sh
+    """.format(master_port=os.getenv('MASTER_PORT', 15432),
+               port_base=os.getenv('PORT_BASE', 25432),
+               num_primary_mirror_pairs=os.getenv('NUM_PRIMARY_MIRROR_PAIRS', 3),
+               with_mirrors='true',
+               fqdn_hba_toggle=fqdn_hba_toggle)
+
+    run_command(context, cmd)
+
+    if context.ret_code != 0:
+        raise Exception('%s' % context.error_message)
 
 @given('the cluster config is generated with data_checksums "{checksum_toggle}"')
 def impl(context, checksum_toggle):
@@ -61,26 +83,6 @@ def impl(context, checksum_toggle):
     if context.ret_code != 0:
         raise Exception('%s' % context.error_message)
 
-@given('the gpinitsystem config is generated with FQDN_HBA "{fqdn_toggle}"')
-def impl(context, checksum_toggle):
-    import socket
-    hostname = socket.gethostname()
-    config = """
-QD_PRIMARY_ARRAY={hostname}~5432~/greenplum/data-1~1~-1~0
-declare -a PRIMARY_ARRAY=(
-{hostname}~40000~/greenplum/data~2~0~6000
-)
-declare -a MIRROR_ARRAY=(
-{hostname}~50000~/greenplum/mirror/data~3~0~6001
-)
-FQDN_HBA={fqdn_toggle}
-""".format(hostname=hostname,
-           fqdn_toggle=fqdn_toggle)
-
-    with open("/tmp/fqdn_config_file", 'w') as fp:
-        fp.write(config)
-
-
 @given('the database is running')
 @then('the database is running')
 def impl(context):
@@ -1259,6 +1261,38 @@ def impl(context, cmd):
     thread.start_new_thread(run_command, (context, cmd))
 
 
+# For any pg_hba.conf line with `host ... trust`, its address should only contain FQDN
+@then('verify that the file "{filename}" contains FQDN only for trusted host')
+def impl(context, filename):
+    with open(filename) as fr:
+        for line in fr:
+            contents = line.strip()
+            # for example: host all all hostname    trust
+            if contents.startswith("host") and contents.endswith("trust"):
+                tokens = contents.split()
+                if tokens.__len__() != 5:
+                    raise Exception("failed to parse pg_hba.conf line '%s'" % contents)
+                hostname = tokens[3]
+                if hostname.__contains__("/"):
+                    raise Exception("'%s' is not valid FQDN" % hostname)
+
+
+# For any pg_hba.conf line with `host ... trust`, its address should only contain CIDR
+@then('verify that the file "{filename}" contains CIDR only for trusted host')
+def impl(context, filename):
+    with open(filename) as fr:
+        for line in fr:
+            contents = line.strip()
+            # for example: host all all hostname    trust
+            if contents.startswith("host") and contents.endswith("trust"):
+                tokens = contents.split()
+                if tokens.__len__() != 5:
+                    raise Exception("failed to parse pg_hba.conf line '%s'" % contents)
+                cidr = tokens[3]
+                if not cidr.__contains__("/") and cidr not in ["samenet", "samehost"]:
+                    raise Exception("'%s' is not valid CIDR" % cidr)
+
+
 @then('verify that the file "{filename}" contains the string "{output}"')
 def impl(context, filename, output):
     contents = ''