new: [postgres] ensure base host access is setup each time

postgres/hooks/init

@@ -11,43 +11,34 @@
 ## - SERVICE_CONFIGSTORE         Location on host of the CONFIGSTORE of this service
 
 
-
 # Please note that postgres detect on its own if its datadir needs to be populated
 
-
-[ -e ~/.pgpass ] && exit 0
-
 . lib/common
 
-set -e
 
-POSTGRES_ROOT_PASSWORD="$(gen_password)"
+ensure_db_docker_running
+errlvl=$?
+if [[ "$errlvl" == 18 ]]; then
+    err "Db connection seems not setup. Setting up."
+    _set_up_connection || exit 1
+    ensure_db_docker_running || {
+        die "Setup connection didn't work as expected."
+    }
+fi
 
 ##
-## Setting up access from host
+## checking permission of base directory
 ##
 
-ddb < <(echo "ALTER USER postgres WITH ENCRYPTED password '$POSTGRES_ROOT_PASSWORD'")
-
-sed -ri 's%^host all all 0\.0\.0\.0/0 trust$%host all all 0.0.0.0/0 md5%g' \
-    "$SERVICE_DATASTORE/var/lib/postgresql/data/pg_hba.conf"
-
-docker restart "$container_id"
-
-
-## XXXvlab: this won't help support multiple project running on the
-## same host
-cat <<EOF > ~/.pgpass
-*:*:*:postgres:$POSTGRES_ROOT_PASSWORD
-EOF
+mkdir -p "$SERVICE_DATASTORE/var/lib/postgresql/data"
+find "$SERVICE_DATASTORE/var/lib/postgresql/data" \! -perm 700 -exec chmod -v 700 {} \;
 
-chmod 600 ~/.pgpass
 
 ##
 ## pgm
 ##
 
-echo 'prefix_pg_local_command=" "  ## otherwise, will default to sudo -u postgres ' > /root/.pgm.rc
+echo 'prefix_pg_local_command=" "  ## otherwise, will default to sudo -u postgres ' > ~/.pgm.rc
 
 info "New root password for postgres. "
 

postgres/hooks/postgres_database-relation-joined

@@ -17,12 +17,14 @@ DBNAME=$(relation-get dbname)
 set -e
 
 USER=$(relation-get user)
-PASSWORD="$(gen_password)"
+PASSWORD="$(relation-get password 2>/dev/null)" || PASSWORD="$(gen_password)"
 POSTGIS=$(relation-get postgis 2>/dev/null) || true
 UNACCENT=$(relation-get unaccent 2>/dev/null) || true
 
 
-ensure_db_docker_running
+if ! ensure_db_docker_running; then
+    die "Can't ensure valid link to postgres"
+fi
 
 db_has_database "$DBNAME" || UNACCENT="$UNACCENT" POSTGIS="$POSTGIS" db_create "$DBNAME"
 if ! db_has_user "$USER"; then

postgres/lib/common

@@ -37,6 +37,44 @@ _set_db_params() {
 
     export db_docker_opts="--network $docker_network -e PGHOST=$docker_ip -e PGUSER=postgres"
     export db_cmd_opts=
+
+    PGHOST="$docker_ip"
+    PGUSER="postgres"
+    export PGHOST PGUSER
+}
+
+
+## Must setup a direct connection
+_set_up_connection() {
+
+    if [ -e "$DB_PASSFILE" ]; then
+        POSTGRES_ROOT_PASSWORD=$(cat "$DB_PASSFILE" | cut -f 5 -d :)
+    else
+        POSTGRES_ROOT_PASSWORD="$(gen_password)"
+    fi
+
+    ##
+    ## Setting up access from host
+    ##
+
+    debug docker exec -i "$container_id" psql -U postgres -qAt
+    docker exec -i "$container_id" psql -U postgres -qAt \
+           < <(echo "ALTER USER postgres WITH ENCRYPTED password '$POSTGRES_ROOT_PASSWORD'") || {
+        die "direct PSQL injection failed."
+    }
+
+    sed -ri 's%^host all all 0\.0\.0\.0/0 trust$%host all all 0.0.0.0/0 md5%g' \
+        "$SERVICE_DATASTORE/var/lib/postgresql/data/pg_hba.conf" || return 1
+
+    docker restart "$container_id" || return 1
+
+    ## XXXvlab: this won't help support multiple project running on the
+    ## same host
+    cat <<EOF > "$DB_PASSFILE"
+*:*:*:postgres:$POSTGRES_ROOT_PASSWORD
+EOF
+    chmod 600 "$DB_PASSFILE" || return 1
+
 }
 
 ddb () { dcmd psql -qAt "$@"; }
@@ -104,6 +142,11 @@ db_change_password() {
 
 db_grant_rights () {
     local dbname="$1" user="$2"
+    PGM chown "$user" "$dbname"
+}
+
+PGM() {
+    local src="$1" dst="$2"
     require psql || apt-get install -y postgresql-client </dev/null
     require pgm || {
         (
@@ -115,6 +158,9 @@ db_grant_rights () {
             # git checkout master
         )
     }
-    debug PGHOST="$DOCKER_IP" PGUSER=postgres pgm chown "$user" "$dbname"
-    PGHOST="$DOCKER_IP" PGUSER=postgres prefix_pg_local_command=" " pgm chown "$user" "$dbname"
+
+    ensure_db_docker_running </dev/null || return 1
+
+    debug pgm "$@"
+    pgm "$@"
 }