manageiq-appliance_console 6.0.0 → 6.1.0

data/lib/manageiq/appliance_console/message_configuration_client.rb

@@ -0,0 +1,96 @@
+require "awesome_spawn"
+require "fileutils"
+require "linux_admin"
+require 'net/scp'
+require "manageiq/appliance_console/message_configuration"
+
+module ManageIQ
+  module ApplianceConsole
+    class MessageClientConfiguration < MessageConfiguration
+      attr_reader :message_server_password, :message_server_username, :installed_files,
+                  :message_truststore_path_src, :message_ca_cert_path_src
+
+      def initialize(options = {})
+        super(options)
+
+        @message_server_host         = options[:message_server_host]
+        @message_server_username     = options[:message_server_usernamed] || "root"
+        @message_server_password     = options[:message_server_password]
+
+        @message_truststore_path_src = options[:message_truststore_path_src] || truststore_path
+        @message_ca_cert_path_src    = options[:message_ca_cert_path_src] || ca_cert_path
+
+        @installed_files = [client_properties_path, messaging_yaml_path, truststore_path]
+      end
+
+      def configure
+        begin
+          MessageServerConfiguration.new.unconfigure if MessageServerConfiguration.configured?
+          configure_messaging_yaml          # Set up the local message client in case EVM is actually running on this, Message Server
+          create_client_properties          # Create the client.properties configuration fle
+          fetch_truststore_from_server      # Fetch the Java Keystore from the Kafka Server
+          configure_messaging_type("kafka") # Settings.prototype.messaging_type = 'kafka'
+          restart_evmserverd
+        rescue AwesomeSpawn::CommandResultError => e
+          say(e.result.output)
+          say(e.result.error)
+          say("")
+          say("Failed to Configure the Message Client- #{e}")
+          return false
+        rescue => e
+          say("Failed to Configure the Message Client- #{e}")
+          return false
+        end
+        true
+      end
+
+      def ask_for_parameters
+        say("\nMessage Client Parameters:\n\n")
+
+        @message_server_host         = ask_for_string("Message Server Hostname or IP address")
+        @message_server_port         = ask_for_integer("Message Server Port number", (1..65_535), 9_093).to_i
+        @message_server_username     = ask_for_string("Message Server Username", message_server_username)
+        @message_server_password     = ask_for_password("Message Server Password")
+        @message_truststore_path_src = ask_for_string("Message Server Truststore Path", truststore_path)
+        @message_ca_cert_path_src    = ask_for_string("Message Server CA Cert Path", ca_cert_path)
+        @message_keystore_username   = ask_for_string("Message Keystore Username", message_keystore_username) if secure?
+        @message_keystore_password   = ask_for_password("Message Keystore Password") if secure?
+      end
+
+      def show_parameters
+        say("\nMessage Client Configuration:\n")
+        say("Message Client Details:\n")
+        say("  Message Server Hostname:   #{message_server_host}\n")
+        say("  Message Server Username:   #{message_server_username}\n")
+        say("  Message Keystore Username: #{message_keystore_username}\n")
+      end
+
+      def fetch_truststore_from_server
+        say(__method__.to_s.tr("_", " ").titleize)
+
+        fetch_from_server(message_truststore_path_src, truststore_path)
+      end
+
+      def fetch_ca_cert_from_server
+        say(__method__.to_s.tr("_", " ").titleize)
+
+        fetch_from_server(message_ca_cert_path_src, ca_cert_path)
+      end
+
+      private
+
+      def fetch_from_server(src_file, dst_file)
+        return if file_found?(dst_file)
+
+        Net::SCP.start(message_server_host, message_server_username, :password => message_server_password) do |scp|
+          scp.download!(src_file, dst_file)
+        end
+
+        File.exist?(dst_file)
+      rescue => e
+        say("Failed to fetch #{src_file} from server: #{e.message}")
+        false
+      end
+    end
+  end
+end

data/lib/manageiq/appliance_console/message_configuration_server.rb

@@ -0,0 +1,319 @@
+require "awesome_spawn"
+require "fileutils"
+require "linux_admin"
+require "manageiq/appliance_console/message_configuration"
+
+module ManageIQ
+  module ApplianceConsole
+    class MessageServerConfiguration < MessageConfiguration
+      attr_reader :jaas_config_path,
+                  :server_properties_path, :server_properties_sample_path,
+                  :ca_cert_srl_path, :ca_key_path, :cert_file_path, :cert_signed_path,
+                  :keystore_files, :installed_files, :message_persistent_disk
+
+      PERSISTENT_DIRECTORY = Pathname.new("/var/lib/kafka/persistent_data").freeze
+      PERSISTENT_NAME = "kafka_messages".freeze
+
+      def initialize(options = {})
+        super(options)
+
+        @message_server_host           = options[:message_server_use_ipaddr] == true ? my_ipaddr : options[:message_server_host] || my_hostname
+        @message_persistent_disk       = LinuxAdmin::Disk.new(:path => options[:message_persistent_disk]) unless options[:message_persistent_disk].nil?
+
+        @jaas_config_path              = config_dir_path.join("kafka_server_jaas.conf")
+        @server_properties_path        = config_dir_path.join("server.properties")
+        @server_properties_sample_path = sample_config_dir_path.join("server.properties")
+
+        @ca_cert_srl_path              = keystore_dir_path.join("ca-cert.srl")
+        @ca_key_path                   = keystore_dir_path.join("ca-key")
+        @cert_file_path                = keystore_dir_path.join("cert-file")
+        @cert_signed_path              = keystore_dir_path.join("cert-signed")
+
+        @keystore_files  = [ca_cert_path, ca_cert_srl_path, ca_key_path, cert_file_path, cert_signed_path, truststore_path, keystore_path]
+        @installed_files = [jaas_config_path, client_properties_path, server_properties_path, messaging_yaml_path, LOGS_DIR] + keystore_files
+      end
+
+      def configure
+        begin
+          configure_persistent_disk         # Configure the persistent message store on a different disk
+          create_jaas_config                # Create the message server jaas config file
+          create_client_properties          # Create the client.properties config
+          create_logs_directory             # Create the logs directory:
+          configure_firewall                # Open the firewall for message port 9093
+          configure_keystore                # Populate the Java Keystore
+          create_server_properties          # Update the /opt/message/config/server.properties
+          configure_messaging_yaml          # Set up the local message client in case EVM is actually running on this, Message Server
+          configure_messaging_type("kafka") # Settings.prototype.messaging_type = 'kafka'
+          restart_services
+        rescue AwesomeSpawn::CommandResultError => e
+          say(e.result.output)
+          say(e.result.error)
+          say("")
+          say("Failed to Configure the Message Server- #{e}")
+          return false
+        rescue => e
+          say("Failed to Configure the Message Server- #{e}")
+          return false
+        end
+        true
+      end
+
+      def restart_services
+        say("Starting zookeeper and configure it to start on reboots ...")
+        LinuxAdmin::Service.new("zookeeper").start.enable
+
+        say("Starting kafka and configure it to start on reboots ...")
+        LinuxAdmin::Service.new("kafka").start.enable
+
+        restart_evmserverd
+      end
+
+      def ask_for_parameters
+        say("\nMessage Server Parameters:\n\n")
+
+        @message_server_host       = ask_for_string("Message Server Hostname or IP address", message_server_host)
+        @message_keystore_username = ask_for_string("Message Keystore Username", message_keystore_username)
+        @message_keystore_password = ask_for_password("Message Keystore Password")
+        @message_persistent_disk   = ask_for_persistent_disk
+      end
+
+      def ask_for_persistent_disk
+        choose_disk if use_new_disk
+      end
+
+      def use_new_disk
+        agree("Configure a new persistent disk volume? (Y/N): ")
+      end
+
+      def choose_disk
+        ask_for_disk("Persistent disk")
+      end
+
+      def show_parameters
+        say("\nMessage Server Configuration:\n")
+        say("Message Server Details:\n")
+        say("    Message Server Hostname: #{message_server_host}\n")
+        say("  Message Keystore Username: #{message_keystore_username}\n")
+        say("    Persistent message disk: #{message_persistent_disk.path}\n") if message_persistent_disk
+      end
+
+      def unconfigure
+        super
+
+        unconfigure_firewall
+        deactivate_services
+      end
+
+      def self.configured?
+        LinuxAdmin::Service.new("kafka").running? ||
+          LinuxAdmin::Service.new("zookeeper").running?
+      end
+
+      private
+
+      def my_ipaddr
+        LinuxAdmin::IpAddress.new.address
+      end
+
+      def my_hostname
+        LinuxAdmin::Hosts.new.hostname
+      end
+
+      def configure_persistent_disk
+        return true unless message_persistent_disk
+
+        say(__method__.to_s.tr("_", " ").titleize)
+
+        deactivate_services # Just in case they are running.
+
+        FileUtils.mkdir_p(PERSISTENT_DIRECTORY)
+        LogicalVolumeManagement.new(:disk => message_persistent_disk, :mount_point => PERSISTENT_DIRECTORY, :name => PERSISTENT_NAME).setup
+        FileUtils.chmod(0o755, PERSISTENT_DIRECTORY)
+        FileUtils.chown("kafka", "kafka", PERSISTENT_DIRECTORY)
+
+        true
+      end
+
+      def activate_new_persistent_disk
+        return true unless message_persistent_disk
+
+        say(__method__.to_s.tr("_", " ").titleize)
+
+        data = File.read(server_properties_path)
+        data.gsub!(/^log.dirs=.*$/, "log.dirs=#{PERSISTENT_DIRECTORY}")
+        File.write(server_properties_path, data)
+
+        true
+      end
+
+      def create_jaas_config
+        say(__method__.to_s.tr("_", " ").titleize)
+
+        content = <<~JAAS
+          KafkaServer {
+            org.apache.kafka.common.security.plain.PlainLoginModule required
+            username=#{message_keystore_username}
+            password=#{message_keystore_password}
+            user_admin=#{message_keystore_password} ;
+          };
+        JAAS
+
+        File.write(jaas_config_path, content) unless file_found?(jaas_config_path)
+      end
+
+      def create_logs_directory
+        say(__method__.to_s.tr("_", " ").titleize)
+
+        return if file_found?(LOGS_DIR)
+
+        FileUtils.mkdir_p(LOGS_DIR)
+        FileUtils.chmod(0o755, LOGS_DIR)
+        FileUtils.chown("kafka", "kafka", LOGS_DIR)
+      end
+
+      def configure_firewall
+        say(__method__.to_s.tr("_", " ").titleize)
+
+        modify_firewall(:add_port)
+      end
+
+      def configure_keystore
+        say(__method__.to_s.tr("_", " ").titleize)
+
+        return if files_found?(keystore_files)
+
+        keystore_params = assemble_keystore_params
+
+        # Generte a Java keystore and key pair, creating keystore.jks
+        # :stdin_data provides the -storepass twice to confirm and an extra CR to accept the same password for -keypass
+        AwesomeSpawn.run!("keytool", :params => keystore_params, :stdin_data => "#{message_keystore_password}\n#{message_keystore_password}\n\n")
+
+        # Use openssl to create a new CA cert, creating ca-cert and ca-key
+        AwesomeSpawn.run!("openssl", :env    => {"PASSWORD" => message_keystore_password},
+                                     :params => ["req", "-new", "-x509", {"-keyout"  => ca_key_path,
+                                                                          "-out"     => ca_cert_path,
+                                                                          "-days"    => 10_000,
+                                                                          "-passout" => "env:PASSWORD",
+                                                                          "-subj"    => '/CN=something'}])
+
+        # Import the CA cert into the trust store, creating truststore.jks
+        # :stdin_data provides the -storepass argument and yes to confirm
+        AwesomeSpawn.run!("keytool", :params     => {"-keystore" => truststore_path,
+                                                     "-alias"    => "CARoot",
+                                                     "-import"   => nil,
+                                                     "-file"     => ca_cert_path},
+                                     :stdin_data => "#{message_keystore_password}\n#{message_keystore_password}\nyes\n")
+
+        # Generate a certificate signing request (CSR) for an existing Java keystore, creating cert-file
+        # :stdin_data provides the -storepass argument
+        AwesomeSpawn.run!("keytool", :params     => {"-keystore" => keystore_path,
+                                                     "-alias"    => keystore_params["-alias"],
+                                                     "-certreq"  => nil,
+                                                     "-file"     => cert_file_path},
+                                     :stdin_data => "#{message_keystore_password}\n")
+
+        # Use openssl to sign the certificate with the "CA" certificate, creating ca-cert.srl and cert-signed
+        AwesomeSpawn.run!("openssl", :env    => {"PASSWORD" => message_keystore_password},
+                                     :params => ["x509", "-req", {"-CA"             => ca_cert_path,
+                                                                  "-CAkey"          => ca_key_path,
+                                                                  "-in"             => cert_file_path,
+                                                                  "-out"            => cert_signed_path,
+                                                                  "-days"           => 10_000,
+                                                                  "-CAcreateserial" => nil,
+                                                                  "-passin"         => "env:PASSWORD"}])
+
+        # Import a root or intermediate CA certificate to an existing Java keystore, updating keystore.jks
+        # :stdin_data provides the -storepass argument and yes to confirm
+        AwesomeSpawn.run!("keytool", :params     => {"-keystore" => keystore_path,
+                                                     "-alias"    => "CARoot",
+                                                     "-import"   => nil,
+                                                     "-file"     => ca_cert_path},
+                                     :stdin_data => "#{message_keystore_password}\nyes\n")
+
+        # Import a signed primary certificate to an existing Java keystore, updating keystore.jks
+        # :stdin_data provides the -storepass argument
+        AwesomeSpawn.run!("keytool", :params     => {"-keystore" => keystore_path,
+                                                     "-alias"    => keystore_params["-alias"],
+                                                     "-import"   => nil,
+                                                     "-file"     => cert_signed_path},
+                                     :stdin_data => "#{message_keystore_password}\n")
+      end
+
+      def create_server_properties
+        say(__method__.to_s.tr("_", " ").titleize)
+
+        if message_server_host.ipaddress?
+          ident_algorithm = ""
+          client_auth = "none"
+        else
+          ident_algorithm = "HTTPS"
+          client_auth = "required"
+        end
+
+        content = <<~SERVER_PROPERTIES
+
+          listeners=SASL_SSL://:#{message_server_port}
+
+          ssl.endpoint.identification.algorithm=#{ident_algorithm}
+          ssl.keystore.location=#{keystore_path}
+          ssl.keystore.password=#{message_keystore_password}
+          ssl.key.password=#{message_keystore_password}
+
+          ssl.truststore.location=#{truststore_path}
+          ssl.truststore.password=#{message_keystore_password}
+
+          ssl.client.auth=#{client_auth}
+
+          sasl.enabled.mechanisms=PLAIN
+          sasl.mechanism.inter.broker.protocol=PLAIN
+
+          security.inter.broker.protocol=SASL_SSL
+        SERVER_PROPERTIES
+
+        return if file_contains?(server_properties_path, content)
+
+        FileUtils.cp(server_properties_sample_path, server_properties_path)
+        File.write(server_properties_path, content, :mode => "a")
+
+        activate_new_persistent_disk
+      end
+
+      def unconfigure_firewall
+        say(__method__.to_s.tr("_", " ").titleize)
+
+        modify_firewall(:remove_port)
+      end
+
+      def deactivate_services
+        say(__method__.to_s.tr("_", " ").titleize)
+
+        LinuxAdmin::Service.new("zookeeper").stop
+        LinuxAdmin::Service.new("kafka").stop
+      end
+
+      def assemble_keystore_params
+        keystore_params = {"-keystore" => keystore_path,
+                           "-validity" => 10_000,
+                           "-genkey"   => nil,
+                           "-keyalg"   => "RSA"}
+
+        if message_server_host.ipaddress?
+          keystore_params["-alias"] = "localhost"
+          keystore_params["-ext"] = "san=ip:#{message_server_host}"
+        else
+          keystore_params["-alias"] = message_server_host
+          keystore_params["-ext"] = "san=dns:#{message_server_host}"
+        end
+
+        keystore_params["-dname"] = "cn=#{keystore_params["-alias"]}"
+
+        keystore_params
+      end
+
+      def modify_firewall(action)
+        AwesomeSpawn.run!("firewall-cmd", :params => {action => "#{message_server_port}/tcp", :permanent => nil})
+        AwesomeSpawn.run!("firewall-cmd --reload")
+      end
+    end
+  end
+end

data/lib/manageiq/appliance_console/postgres_admin.rb

@@ -0,0 +1,325 @@
+require 'awesome_spawn'
+require 'pathname'
+require 'linux_admin'
+
+module ManageIQ
+module ApplianceConsole
+  class PostgresAdmin
+    def self.data_directory
+      Pathname.new(ENV.fetch("APPLIANCE_PG_DATA"))
+    end
+
+    def self.mount_point
+      Pathname.new(ENV.fetch("APPLIANCE_PG_MOUNT_POINT"))
+    end
+
+    def self.template_directory
+      Pathname.new(ENV.fetch("APPLIANCE_TEMPLATE_DIRECTORY"))
+    end
+
+    def self.service_name
+      ENV.fetch("APPLIANCE_PG_SERVICE")
+    end
+
+    def self.package_name
+      ENV.fetch('APPLIANCE_PG_PACKAGE_NAME')
+    end
+
+    # Unprivileged user to run postgresql
+    def self.user
+      "postgres".freeze
+    end
+
+    def self.group
+      user
+    end
+
+    def self.logical_volume_name
+      "lv_pg".freeze
+    end
+
+    def self.volume_group_name
+      "vg_data".freeze
+    end
+
+    def self.database_disk_filesystem
+      "xfs".freeze
+    end
+
+    def self.initialized?
+      !Dir[data_directory.join("*")].empty?
+    end
+
+    def self.service_running?
+      LinuxAdmin::Service.new(service_name).running?
+    end
+
+    def self.local_server_in_recovery?
+      data_directory.join("recovery.conf").exist?
+    end
+
+    def self.local_server_status
+      if service_running?
+        "running (#{local_server_in_recovery? ? "standby" : "primary"})"
+      elsif initialized?
+        "initialized and stopped"
+      else
+        "not initialized"
+      end
+    end
+
+    def self.logical_volume_path
+      Pathname.new("/dev").join(volume_group_name, logical_volume_name)
+    end
+
+    def self.database_size(opts)
+      result = run_command("psql", opts, :command => "SELECT pg_database_size('#{opts[:dbname]}');")
+      result.match(/^\s+([0-9]+)\n/)[1].to_i
+    end
+
+    def self.prep_data_directory
+      # initdb will fail if the database directory is not empty or not owned by the PostgresAdmin.user
+      FileUtils.mkdir(PostgresAdmin.data_directory) unless Dir.exist?(PostgresAdmin.data_directory)
+      FileUtils.chown_R(PostgresAdmin.user, PostgresAdmin.group, PostgresAdmin.data_directory)
+      FileUtils.rm_rf(PostgresAdmin.data_directory.children.map(&:to_s))
+    end
+
+    PG_DUMP_MAGIC = "PGDMP".force_encoding(Encoding::BINARY).freeze
+    def self.pg_dump_file?(file)
+      File.open(file, "rb") { |f| f.readpartial(5) } == PG_DUMP_MAGIC
+    end
+
+    BASE_BACKUP_MAGIC = "\037\213".force_encoding(Encoding::BINARY).freeze # just the first 2 bits of gzip magic
+    def self.base_backup_file?(file)
+      File.open(file, "rb") { |f| f.readpartial(2) } == BASE_BACKUP_MAGIC
+    end
+
+    def self.backup(opts)
+      backup_pg_compress(opts)
+    end
+
+    def self.restore(opts)
+      file        = opts[:local_file]
+      backup_type = opts.delete(:backup_type)
+
+      case
+      when backup_type == :pgdump     then restore_pg_dump(opts)
+      when backup_type == :basebackup then restore_pg_basebackup(file)
+      when pg_dump_file?(file)        then restore_pg_dump(opts)
+      when base_backup_file?(file)    then restore_pg_basebackup(file)
+      else
+        raise "#{file} is not a database backup"
+      end
+    end
+
+    def self.restore_pg_basebackup(file)
+      pg_service = LinuxAdmin::Service.new(service_name)
+
+      pg_service.stop
+      prep_data_directory
+
+      require 'rubygems/package'
+
+      # Using a Gem::Package instance for the #extract_tar_gz method, so we don't
+      # have to re-write all of that logic.  Mostly making use of
+      # `Gem::Package::TarReader` + `Zlib::GzipReader` that is already part of
+      # rubygems/stdlib and integrated there.
+      unpacker = Gem::Package.new("obviously_not_a_gem")
+      File.open(file, IO::RDONLY | IO::NONBLOCK) do |backup_file|
+        unpacker.extract_tar_gz(backup_file, data_directory.to_s)
+      end
+
+      FileUtils.chown_R(PostgresAdmin.user, PostgresAdmin.group, PostgresAdmin.data_directory)
+
+      pg_service.start
+      file
+    end
+
+    def self.backup_pg_dump(opts)
+      opts = opts.dup
+      dbname = opts.delete(:dbname)
+
+      args = combine_command_args(opts, :format => "c", :file => opts[:local_file], nil => dbname)
+      args = handle_multi_value_pg_dump_args!(opts, args)
+
+      run_command_with_logging("pg_dump", opts, args)
+      opts[:local_file]
+    end
+
+    def self.backup_pg_compress(opts)
+      opts = opts.dup
+
+      # discard dbname as pg_basebackup does not connect to a specific database
+      opts.delete(:dbname)
+
+      path = Pathname.new(opts.delete(:local_file))
+      FileUtils.mkdir_p(path.dirname)
+
+      # Build commandline from AwesomeSpawn
+      args = {:z => nil, :format => "t", :wal_method => "fetch", :pgdata => "-"}
+      cmd  = AwesomeSpawn.build_command_line("pg_basebackup", combine_command_args(opts, args))
+      logger.info("MIQ(#{name}.#{__method__}) Running command... #{cmd}")
+
+      # Run command in a separate thread
+      read, write    = IO.pipe
+      error_path     = Dir::Tmpname.create("") { |tmpname| tmpname }
+      process_thread = Process.detach(Kernel.spawn(pg_env(opts), cmd, :out => write, :err => error_path))
+      stream_reader  = Thread.new { IO.copy_stream(read, path) } # Copy output to path
+      write.close
+
+      # Wait for them to finish
+      process_status = process_thread.value
+      stream_reader.join
+      read.close
+
+      handle_error(cmd, process_status.exitstatus, error_path)
+      path.to_s
+    end
+
+    def self.recreate_db(opts)
+      dbname = opts[:dbname]
+      opts = opts.merge(:dbname => 'postgres')
+      run_command("psql", opts, :command => "DROP DATABASE IF EXISTS #{dbname}")
+      run_command("psql", opts, :command => "CREATE DATABASE #{dbname} WITH OWNER = #{opts[:username] || 'root'} ENCODING = 'UTF8'")
+    end
+
+    def self.restore_pg_dump(opts)
+      recreate_db(opts)
+      args = { :verbose => nil, :exit_on_error => nil }
+
+      if File.pipe?(opts[:local_file])
+        cmd_args   = combine_command_args(opts, args)
+        cmd        = AwesomeSpawn.build_command_line("pg_restore", cmd_args)
+        error_path = Dir::Tmpname.create("") { |tmpname| tmpname }
+        spawn_args = { :err => error_path, :in => [opts[:local_file].to_s, "rb"] }
+
+        logger.info("MIQ(#{name}.#{__method__}) Running command... #{cmd}")
+        process_thread = Process.detach(Kernel.spawn(pg_env(opts), cmd, spawn_args))
+        process_status = process_thread.value
+
+        handle_error(cmd, process_status.exitstatus, error_path)
+      else
+        args[nil] = opts[:local_file]
+        run_command("pg_restore", opts, args)
+      end
+      opts[:local_file]
+    end
+
+    GC_DEFAULTS = {
+      :analyze  => false,
+      :full     => false,
+      :verbose  => false,
+      :table    => nil,
+      :dbname   => nil,
+      :username => nil,
+      :reindex  => false
+    }
+
+    GC_AGGRESSIVE_DEFAULTS = {
+      :analyze  => true,
+      :full     => true,
+      :verbose  => false,
+      :table    => nil,
+      :dbname   => nil,
+      :username => nil,
+      :reindex  => true
+    }
+
+    def self.gc(options = {})
+      options = (options[:aggressive] ? GC_AGGRESSIVE_DEFAULTS : GC_DEFAULTS).merge(options)
+
+      result = vacuum(options)
+      logger.info("MIQ(#{name}.#{__method__}) Output... #{result}") if result.to_s.length > 0
+
+      if options[:reindex]
+        result = reindex(options)
+        logger.info("MIQ(#{name}.#{__method__}) Output... #{result}") if result.to_s.length > 0
+      end
+    end
+
+    def self.vacuum(opts)
+      # TODO: Add a real exception here
+      raise "Vacuum requires database" unless opts[:dbname]
+
+      args = {}
+      args[:analyze] = nil if opts[:analyze]
+      args[:full]    = nil if opts[:full]
+      args[:verbose] = nil if opts[:verbose]
+      args[:table]   = opts[:table] if opts[:table]
+      run_command("vacuumdb", opts, args)
+    end
+
+    def self.reindex(opts)
+      args = {}
+      args[:table] = opts[:table] if opts[:table]
+      run_command("reindexdb", opts, args)
+    end
+
+    def self.run_command(cmd_str, opts, args)
+      run_command_with_logging(cmd_str, opts, combine_command_args(opts, args))
+    end
+
+    def self.run_command_with_logging(cmd_str, opts, params = {})
+      logger.info("MIQ(#{name}.#{__method__}) Running command... #{AwesomeSpawn.build_command_line(cmd_str, params)}")
+      AwesomeSpawn.run!(cmd_str, :params => params, :env => pg_env(opts)).output
+    end
+
+    class << self
+      # Temporary alias due to manageiq core stubbing this method
+      alias runcmd_with_logging run_command_with_logging
+    end
+
+    private_class_method def self.combine_command_args(opts, args)
+      default_args            = {:no_password => nil}
+      default_args[:dbname]   = opts[:dbname]   if opts[:dbname]
+      default_args[:username] = opts[:username] if opts[:username]
+      default_args[:host]     = opts[:hostname] if opts[:hostname]
+      default_args[:port]     = opts[:port]     if opts[:port]
+      default_args.merge(args)
+    end
+
+    private_class_method def self.logger
+      ManageIQ::ApplianceConsole.logger
+    end
+
+    private_class_method def self.pg_env(opts)
+      {
+        "PGUSER"     => opts[:username],
+        "PGPASSWORD" => opts[:password]
+      }.delete_blanks
+    end
+    # rubocop:disable Style/SymbolArray
+    PG_DUMP_MULTI_VALUE_ARGS = [
+      :t, :table,  :T, :exclude_table,  :"exclude-table", :exclude_table_data, :"exclude-table-data",
+      :n, :schema, :N, :exclude_schema, :"exclude-schema"
+    ].freeze
+    # rubocop:enable Style/SymbolArray
+    #
+    # NOTE:  Potentially mutates opts hash (args becomes new array and not
+    # mutated by this method)
+    private_class_method def self.handle_multi_value_pg_dump_args!(opts, args)
+      if opts.keys.any? { |key| PG_DUMP_MULTI_VALUE_ARGS.include?(key) }
+        args = args.to_a
+        PG_DUMP_MULTI_VALUE_ARGS.each do |table_key|
+          next unless opts.key?(table_key)
+          table_val = opts.delete(table_key)
+          args += Array.wrap(table_val).map! { |v| [table_key, v] }
+        end
+      end
+      args
+    end
+
+    private_class_method def self.handle_error(cmd, exit_status, error_path)
+      if exit_status != 0
+        result = AwesomeSpawn::CommandResult.new(cmd, "", File.read(error_path), exit_status)
+        message = AwesomeSpawn::CommandResultError.default_message(cmd, exit_status)
+        logger.error("AwesomeSpawn: #{message}")
+        logger.error("AwesomeSpawn: #{result.error}")
+        raise AwesomeSpawn::CommandResultError.new(message, result)
+      end
+    ensure
+      File.delete(error_path) if File.exist?(error_path)
+    end
+  end
+end
+end