Browse Source

new: [postgres] ensure base host access is setup each time

postgres
Valentin Lab 6 years ago
parent
commit
82ec24a48e
  1. 35
      postgres/hooks/init
  2. 6
      postgres/hooks/postgres_database-relation-joined
  3. 50
      postgres/lib/common

35
postgres/hooks/init

@ -11,43 +11,34 @@
## - SERVICE_CONFIGSTORE Location on host of the CONFIGSTORE of this service
# Please note that postgres detect on its own if its datadir needs to be populated
[ -e ~/.pgpass ] && exit 0
. lib/common
set -e
POSTGRES_ROOT_PASSWORD="$(gen_password)"
ensure_db_docker_running
errlvl=$?
if [[ "$errlvl" == 18 ]]; then
err "Db connection seems not setup. Setting up."
_set_up_connection || exit 1
ensure_db_docker_running || {
die "Setup connection didn't work as expected."
}
fi
##
## Setting up access from host
## checking permission of base directory
##
ddb < <(echo "ALTER USER postgres WITH ENCRYPTED password '$POSTGRES_ROOT_PASSWORD'")
sed -ri 's%^host all all 0\.0\.0\.0/0 trust$%host all all 0.0.0.0/0 md5%g' \
"$SERVICE_DATASTORE/var/lib/postgresql/data/pg_hba.conf"
docker restart "$container_id"
## XXXvlab: this won't help support multiple project running on the
## same host
cat <<EOF > ~/.pgpass
*:*:*:postgres:$POSTGRES_ROOT_PASSWORD
EOF
mkdir -p "$SERVICE_DATASTORE/var/lib/postgresql/data"
find "$SERVICE_DATASTORE/var/lib/postgresql/data" \! -perm 700 -exec chmod -v 700 {} \;
chmod 600 ~/.pgpass
##
## pgm
##
echo 'prefix_pg_local_command=" " ## otherwise, will default to sudo -u postgres ' > /root/.pgm.rc
echo 'prefix_pg_local_command=" " ## otherwise, will default to sudo -u postgres ' > ~/.pgm.rc
info "New root password for postgres. "

6
postgres/hooks/postgres_database-relation-joined

@ -17,12 +17,14 @@ DBNAME=$(relation-get dbname)
set -e
USER=$(relation-get user)
PASSWORD="$(gen_password)"
PASSWORD="$(relation-get password 2>/dev/null)" || PASSWORD="$(gen_password)"
POSTGIS=$(relation-get postgis 2>/dev/null) || true
UNACCENT=$(relation-get unaccent 2>/dev/null) || true
ensure_db_docker_running
if ! ensure_db_docker_running; then
die "Can't ensure valid link to postgres"
fi
db_has_database "$DBNAME" || UNACCENT="$UNACCENT" POSTGIS="$POSTGIS" db_create "$DBNAME"
if ! db_has_user "$USER"; then

50
postgres/lib/common

@ -37,6 +37,44 @@ _set_db_params() {
export db_docker_opts="--network $docker_network -e PGHOST=$docker_ip -e PGUSER=postgres"
export db_cmd_opts=
PGHOST="$docker_ip"
PGUSER="postgres"
export PGHOST PGUSER
}
## Must setup a direct connection
_set_up_connection() {
if [ -e "$DB_PASSFILE" ]; then
POSTGRES_ROOT_PASSWORD=$(cat "$DB_PASSFILE" | cut -f 5 -d :)
else
POSTGRES_ROOT_PASSWORD="$(gen_password)"
fi
##
## Setting up access from host
##
debug docker exec -i "$container_id" psql -U postgres -qAt
docker exec -i "$container_id" psql -U postgres -qAt \
< <(echo "ALTER USER postgres WITH ENCRYPTED password '$POSTGRES_ROOT_PASSWORD'") || {
die "direct PSQL injection failed."
}
sed -ri 's%^host all all 0\.0\.0\.0/0 trust$%host all all 0.0.0.0/0 md5%g' \
"$SERVICE_DATASTORE/var/lib/postgresql/data/pg_hba.conf" || return 1
docker restart "$container_id" || return 1
## XXXvlab: this won't help support multiple project running on the
## same host
cat <<EOF > "$DB_PASSFILE"
*:*:*:postgres:$POSTGRES_ROOT_PASSWORD
EOF
chmod 600 "$DB_PASSFILE" || return 1
}
ddb () { dcmd psql -qAt "$@"; }
@ -104,6 +142,11 @@ db_change_password() {
db_grant_rights () {
local dbname="$1" user="$2"
PGM chown "$user" "$dbname"
}
PGM() {
local src="$1" dst="$2"
require psql || apt-get install -y postgresql-client </dev/null
require pgm || {
(
@ -115,6 +158,9 @@ db_grant_rights () {
# git checkout master
)
}
debug PGHOST="$DOCKER_IP" PGUSER=postgres pgm chown "$user" "$dbname"
PGHOST="$DOCKER_IP" PGUSER=postgres prefix_pg_local_command=" " pgm chown "$user" "$dbname"
ensure_db_docker_running </dev/null || return 1
debug pgm "$@"
pgm "$@"
}
Loading…
Cancel
Save