You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

107 lines
2.9 KiB

  1. #!/bin/bash
  2. ## When writing relation script, remember:
  3. ## - they should be idempotents
  4. ## - they can be launched while the dockers is already up
  5. ## - they are launched from the host
  6. ## - the target of the link is launched first, and get a chance to ``relation-set``
  7. ## - both side of the scripts get to use ``relation-get``.
  8. DBNAME=$(relation-get dbname) || {
  9. DBNAME="$BASE_SERVICE_NAME"
  10. relation-set dbname "$DBNAME"
  11. }
  12. USER=$(relation-get user) || {
  13. USER="$BASE_SERVICE_NAME"
  14. relation-set user "$USER"
  15. }
  16. relation-set host "$MASTER_TARGET_SERVICE_NAME"
  17. relation-set port "5432"
  18. . lib/common
  19. set -e
  20. ## YYY: check that password was not already generated/set for the same user
  21. ## use session state storage.
  22. ## is there a previous password set for user $USER ?
  23. NO_PREVIOUS_PASS=
  24. PREVIOUS_PASSWORD_PATH="$state_tmpdir/$SERVICE_NAME/pwd/$USER"
  25. PREVIOUS_PASSWORD=$(cat "$PREVIOUS_PASSWORD_PATH" 2>/dev/null) || NO_PREVIOUS_PASS=true
  26. if PASSWORD="$(relation-get password 2>/dev/null)"; then
  27. if [ -z "$NO_PREVIOUS_PASS" -a "$PREVIOUS_PASSWORD" != "$PASSWORD" ]; then
  28. die "Inconsistent password specification for user '$USER' on ${DARKYELLOW}$TARGET_SERVICE_NAME$NORMAL."
  29. fi
  30. else
  31. if [ "$PREVIOUS_PASSWORD" ]; then
  32. PASSWORD="${PREVIOUS_PASSWORD}"
  33. else
  34. PASSWORD="$(gen_password)"
  35. info "Generated a new password for user '$USER'."
  36. fi
  37. fi
  38. array_read-0 extensions < <(relation-get extensions 2>/dev/null | shyaml get-values-0)
  39. ensure_db_docker_running
  40. ## XXXvlab: should send all these into only one docker...
  41. if ! db_has_database "$DBNAME"; then
  42. INITDB_ARGS=(encoding lc-collate lc-ctype template)
  43. CREATEDB_OPTS=()
  44. for option in "${INITDB_ARGS[@]}"; do
  45. value="$(relation-get "$option" 2>/dev/null)" || true
  46. if [ -n "$value" ]; then
  47. CREATEDB_OPTS+=("--$option=$value")
  48. fi
  49. done
  50. db_create "$DBNAME" "${CREATEDB_OPTS[@]}" || exit 1
  51. if sql=$(relation-get init-sql); then
  52. ddb "$DBNAME" > /dev/null < <(e "$sql") || exit 1
  53. fi
  54. fi
  55. if [ "${#extensions[@]}" -gt 0 ]; then
  56. db_install_extensions "$DBNAME" "${extensions[@]}" || exit 1
  57. fi
  58. if ! db_has_user "$USER"; then
  59. info "Creating a new user $USER."
  60. db_create_user "$USER" "$PASSWORD" || exit 1
  61. else
  62. info "Updating password of user $USER."
  63. db_change_password "$USER" "$PASSWORD" || exit 1
  64. fi
  65. db_grant_rights "$DBNAME" "$USER"
  66. info "Granted rights on database '$DBNAME' to user '$USER'."
  67. ##
  68. ## PGPASS
  69. ##
  70. pgpass_line="*:*:*:$USER:$PASSWORD"
  71. pgpass_file="$CONFIGSTORE/$BASE_SERVICE_NAME/root/.pgpass"
  72. if [ -e "$pgpass_file" ]; then
  73. sed -ri "/^.+:.+:.+:$USER:.*$/d" "$pgpass_file"
  74. fi
  75. mkdir -p "$(dirname "$pgpass_file")"
  76. echo "$pgpass_line" >> "$pgpass_file"
  77. chmod 600 "$pgpass_file"
  78. ##
  79. ## Saving password
  80. ##
  81. relation-set password "$PASSWORD"
  82. mkdir -p "$(dirname "$PREVIOUS_PASSWORD_PATH")"
  83. echo "$PASSWORD" > "$PREVIOUS_PASSWORD_PATH"