diff --git a/postgres/hooks/init b/postgres/hooks/init index bc12e68..f582585 100755 --- a/postgres/hooks/init +++ b/postgres/hooks/init @@ -11,43 +11,34 @@ ## - SERVICE_CONFIGSTORE Location on host of the CONFIGSTORE of this service - # Please note that postgres detect on its own if its datadir needs to be populated - -[ -e ~/.pgpass ] && exit 0 - . lib/common -set -e -POSTGRES_ROOT_PASSWORD="$(gen_password)" +ensure_db_docker_running +errlvl=$? +if [[ "$errlvl" == 18 ]]; then + err "Db connection seems not setup. Setting up." + _set_up_connection || exit 1 + ensure_db_docker_running || { + die "Setup connection didn't work as expected." + } +fi ## -## Setting up access from host +## checking permission of base directory ## -ddb < <(echo "ALTER USER postgres WITH ENCRYPTED password '$POSTGRES_ROOT_PASSWORD'") - -sed -ri 's%^host all all 0\.0\.0\.0/0 trust$%host all all 0.0.0.0/0 md5%g' \ - "$SERVICE_DATASTORE/var/lib/postgresql/data/pg_hba.conf" - -docker restart "$container_id" - - -## XXXvlab: this won't help support multiple project running on the -## same host -cat < ~/.pgpass -*:*:*:postgres:$POSTGRES_ROOT_PASSWORD -EOF +mkdir -p "$SERVICE_DATASTORE/var/lib/postgresql/data" +find "$SERVICE_DATASTORE/var/lib/postgresql/data" \! -perm 700 -exec chmod -v 700 {} \; -chmod 600 ~/.pgpass ## ## pgm ## -echo 'prefix_pg_local_command=" " ## otherwise, will default to sudo -u postgres ' > /root/.pgm.rc +echo 'prefix_pg_local_command=" " ## otherwise, will default to sudo -u postgres ' > ~/.pgm.rc info "New root password for postgres. " diff --git a/postgres/hooks/postgres_database-relation-joined b/postgres/hooks/postgres_database-relation-joined index a74087c..691f17b 100755 --- a/postgres/hooks/postgres_database-relation-joined +++ b/postgres/hooks/postgres_database-relation-joined @@ -17,12 +17,14 @@ DBNAME=$(relation-get dbname) set -e USER=$(relation-get user) -PASSWORD="$(gen_password)" +PASSWORD="$(relation-get password 2>/dev/null)" || PASSWORD="$(gen_password)" POSTGIS=$(relation-get postgis 2>/dev/null) || true UNACCENT=$(relation-get unaccent 2>/dev/null) || true -ensure_db_docker_running +if ! ensure_db_docker_running; then + die "Can't ensure valid link to postgres" +fi db_has_database "$DBNAME" || UNACCENT="$UNACCENT" POSTGIS="$POSTGIS" db_create "$DBNAME" if ! db_has_user "$USER"; then diff --git a/postgres/lib/common b/postgres/lib/common index 67bcbf0..e2c028d 100644 --- a/postgres/lib/common +++ b/postgres/lib/common @@ -37,6 +37,44 @@ _set_db_params() { export db_docker_opts="--network $docker_network -e PGHOST=$docker_ip -e PGUSER=postgres" export db_cmd_opts= + + PGHOST="$docker_ip" + PGUSER="postgres" + export PGHOST PGUSER +} + + +## Must setup a direct connection +_set_up_connection() { + + if [ -e "$DB_PASSFILE" ]; then + POSTGRES_ROOT_PASSWORD=$(cat "$DB_PASSFILE" | cut -f 5 -d :) + else + POSTGRES_ROOT_PASSWORD="$(gen_password)" + fi + + ## + ## Setting up access from host + ## + + debug docker exec -i "$container_id" psql -U postgres -qAt + docker exec -i "$container_id" psql -U postgres -qAt \ + < <(echo "ALTER USER postgres WITH ENCRYPTED password '$POSTGRES_ROOT_PASSWORD'") || { + die "direct PSQL injection failed." + } + + sed -ri 's%^host all all 0\.0\.0\.0/0 trust$%host all all 0.0.0.0/0 md5%g' \ + "$SERVICE_DATASTORE/var/lib/postgresql/data/pg_hba.conf" || return 1 + + docker restart "$container_id" || return 1 + + ## XXXvlab: this won't help support multiple project running on the + ## same host + cat < "$DB_PASSFILE" +*:*:*:postgres:$POSTGRES_ROOT_PASSWORD +EOF + chmod 600 "$DB_PASSFILE" || return 1 + } ddb () { dcmd psql -qAt "$@"; } @@ -104,6 +142,11 @@ db_change_password() { db_grant_rights () { local dbname="$1" user="$2" + PGM chown "$user" "$dbname" +} + +PGM() { + local src="$1" dst="$2" require psql || apt-get install -y postgresql-client