update publik-create-databases
This commit is contained in:
parent
d9bd5ee59d
commit
0dd73b2641
|
@ -2,6 +2,5 @@ publik-create-users /usr/bin
|
||||||
publik-create-databases /usr/bin
|
publik-create-databases /usr/bin
|
||||||
publik-cluster-link /usr/bin
|
publik-cluster-link /usr/bin
|
||||||
publik-emailconf /usr/bin
|
publik-emailconf /usr/bin
|
||||||
publik.conf.example /etc/publik
|
|
||||||
nginx/conf.d/* etc/nginx/conf.d
|
nginx/conf.d/* etc/nginx/conf.d
|
||||||
nginx/snippets/*.conf etc/nginx/snippets
|
nginx/snippets/*.conf etc/nginx/snippets
|
||||||
|
|
|
@ -1,23 +0,0 @@
|
||||||
#! /bin/sh
|
|
||||||
set -e
|
|
||||||
|
|
||||||
case "$1" in
|
|
||||||
configure)
|
|
||||||
chmod 600 /etc/publik/publik.conf.example
|
|
||||||
;;
|
|
||||||
|
|
||||||
triggered)
|
|
||||||
;;
|
|
||||||
|
|
||||||
abort-upgrade|abort-remove|abort-deconfigure)
|
|
||||||
;;
|
|
||||||
|
|
||||||
*)
|
|
||||||
echo "postinst called with unknown argument \`$1'" >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
#DEBHELPER#
|
|
||||||
|
|
||||||
exit 0
|
|
|
@ -1,130 +1,77 @@
|
||||||
#!/usr/bin/python3
|
#!/usr/bin/python3
|
||||||
import os
|
|
||||||
import argparse
|
import argparse
|
||||||
|
import os
|
||||||
|
import random
|
||||||
|
import string
|
||||||
import subprocess
|
import subprocess
|
||||||
import yaml
|
import sys
|
||||||
|
|
||||||
parser = argparse.ArgumentParser()
|
|
||||||
parser.add_argument('--config', type=str, default='/etc/publik/publik.conf')
|
|
||||||
parser.add_argument('--simulate', action='store_true')
|
|
||||||
parser.add_argument('--configure', action='store_true')
|
|
||||||
args = parser.parse_args()
|
|
||||||
|
|
||||||
model = """DATABASES['default']['HOST'] = '{host}'
|
|
||||||
DATABASES['default']['PORT'] = {port}
|
|
||||||
DATABASES['default']['PASSWORD'] = '{password}'"""
|
|
||||||
|
|
||||||
|
|
||||||
def run_pg(connection, cmd):
|
publik = {
|
||||||
cmd = cmd.replace('"', '\\"')
|
"authentic2-multitenant": {
|
||||||
if connection.get('host') == 'localhost' and not connection.get('admin'):
|
"database": "authentic2_multitenant",
|
||||||
subprocess.call('echo "%s" | sudo -u postgres psql' % cmd, shell=True)
|
"user": "authentic-multitenant",
|
||||||
|
"extensions": ["unaccent", "pg_trgm"],
|
||||||
|
},
|
||||||
|
"bijoe": {},
|
||||||
|
"chrono": {},
|
||||||
|
"combo": {"extensions": ["unaccent"]},
|
||||||
|
"fargo": {},
|
||||||
|
"hobo": {},
|
||||||
|
"passerelle": {},
|
||||||
|
"wcs": {},
|
||||||
|
"welco": {},
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
def run(command, database="postgres", fake=False):
|
||||||
|
cmd = 'sudo -u postgres psql -c "%s" %s' % (command.replace('"', '\\"'), database)
|
||||||
|
if fake:
|
||||||
|
print(cmd)
|
||||||
else:
|
else:
|
||||||
admin = connection.get('admin')
|
subprocess.run(cmd, shell=True, check=True)
|
||||||
subprocess.call("echo '%s' | psql -h -U %s -W" % (cmd, admin), shell=True)
|
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def write_setting(brique, host, port, password):
|
||||||
if not os.path.isfile(args.config):
|
settings_d = "/etc/%s/settings.d" % brique
|
||||||
raise(Exception('Configuration file not found: %s' % args.config))
|
settings = "%s/database.py" % settings_d
|
||||||
|
if not os.path.isdir(settings_d):
|
||||||
with open(args.config) as fh:
|
os.system('mkdir -p %s' % settings_d)
|
||||||
cfg = yaml.load(fh)
|
with open(settings, "w") as fh:
|
||||||
|
fh.write("DATABASES['default']['HOST'] = '{host}'\n"
|
||||||
if 'defaults' in cfg.keys():
|
"DATABASES['default']['PORT'] = {port}\n"
|
||||||
defaults = cfg.get('defaults')
|
"DATABASES['default']['PASSWORD'] = '{password}'".format(host=host, port=port, password=password))
|
||||||
else:
|
|
||||||
defaults = {}
|
|
||||||
|
|
||||||
if 'databases' not in defaults.keys() and 'instances' not in cfg.keys():
|
|
||||||
raise(Exception('No "instances" nor "defaults" keys found in configuration file'))
|
|
||||||
|
|
||||||
for instance, data in cfg['instances'].items():
|
|
||||||
if 'databases' not in data.keys():
|
|
||||||
data['databases'] = defaults['databases']
|
|
||||||
|
|
||||||
if 'connection' in defaults.keys():
|
|
||||||
connection = defaults['connection']
|
|
||||||
if 'connection' in data.keys():
|
|
||||||
connection.update(data['connection'])
|
|
||||||
else:
|
|
||||||
connection = data['connection']
|
|
||||||
|
|
||||||
|
|
||||||
if args.configure:
|
def main(args):
|
||||||
if 'roles' not in data.keys():
|
for brique, data in publik.items():
|
||||||
raise(Exception('Not implemented: no passwords defined'))
|
database = data.get("database", brique)
|
||||||
configure_briques(connection, data['databases'], data['roles'])
|
user = data.get("user", brique)
|
||||||
else:
|
extensions = data.get("extensions")
|
||||||
if 'roles' not in data.keys():
|
run('CREATE USER "%s";' % user, fake=args.fake)
|
||||||
print('No "roles" key found, going for passwordless configuration')
|
if user == "wcs":
|
||||||
data['roles'] = False
|
run("ALTER USER wcs CREATEDB;", fake=args.fake)
|
||||||
create_databases(connection, instance, data['databases'], data['roles'])
|
if args.password:
|
||||||
|
password = "".join(random.choice(string.ascii_letters + string.digits) for _ in range(16))
|
||||||
|
run("ALTER USER \"%s\" with password '%s';" % (user, password), fake=args.fake)
|
||||||
|
run("CREATE DATABASE {} WITH OWNER = \"{}\" TEMPLATE = template0 "
|
||||||
|
"LC_COLLATE = 'fr_FR.UTF-8' LC_CTYPE = 'fr_FR.UTF-8';".format(database, user), fake=args.fake)
|
||||||
|
if extensions:
|
||||||
|
for e in extensions:
|
||||||
|
run("CREATE EXTENSION %s;" % e, database=database, fake=args.fake)
|
||||||
|
if not args.fake and args.password:
|
||||||
|
write_setting(brique, args.host, args.port, password)
|
||||||
|
|
||||||
|
|
||||||
def configure_briques(connection, databases, roles):
|
if __name__ == "__main__":
|
||||||
for database, role in databases.items():
|
parser = argparse.ArgumentParser()
|
||||||
|
parser.add_argument("--password", action="store_true", help="generate password")
|
||||||
|
parser.add_argument("--fake", action="store_true", help="dry-run")
|
||||||
|
parser.add_argument("--host", default="localhost")
|
||||||
|
parser.add_argument("--port", default="5432")
|
||||||
|
args = parser.parse_args()
|
||||||
|
|
||||||
if database == 'wcs':
|
if not args.fake and os.geteuid() != 0:
|
||||||
continue
|
sys.exit("You need to have privileges to run this script, please try again with sudo.")
|
||||||
|
|
||||||
password = roles[role]
|
main(args)
|
||||||
if database == 'authentic2_multitenant':
|
|
||||||
service = 'authentic2-multitenant'
|
|
||||||
user = 'authentic-multitenant'
|
|
||||||
else:
|
|
||||||
user, service = database, database
|
|
||||||
settings_d = '/etc/%s/settings.d' % service
|
|
||||||
settings = '%s/connection.py' % settings_d
|
|
||||||
|
|
||||||
if not os.path.isdir(settings_d) and not args.simultate:
|
|
||||||
os.system('mkdir -p %s' % settings_d)
|
|
||||||
|
|
||||||
s = model.format(database=database, host=connection['host'],
|
|
||||||
port=connection['port'], password=password)
|
|
||||||
|
|
||||||
if args.simulate:
|
|
||||||
print(s)
|
|
||||||
continue
|
|
||||||
|
|
||||||
with open(settings, 'w') as fh:
|
|
||||||
fh.write(s)
|
|
||||||
|
|
||||||
os.system('chown -R %s %s' % (user, settings_d))
|
|
||||||
|
|
||||||
|
|
||||||
def create_databases(connection, instance, databases, roles):
|
|
||||||
count = len(databases.keys())
|
|
||||||
print('instance {} has {} components'.format(instance, count))
|
|
||||||
|
|
||||||
cmds = []
|
|
||||||
for database, role in databases.items():
|
|
||||||
if roles:
|
|
||||||
password = roles[role]
|
|
||||||
else:
|
|
||||||
password = False
|
|
||||||
cmds.append(gen_cmd(database, role, password))
|
|
||||||
|
|
||||||
if args.simulate:
|
|
||||||
print(connection)
|
|
||||||
for c in cmds:
|
|
||||||
print(c)
|
|
||||||
else:
|
|
||||||
run_pg(connection, " ".join(cmds))
|
|
||||||
|
|
||||||
|
|
||||||
def gen_cmd(database, role, password):
|
|
||||||
out = []
|
|
||||||
if password:
|
|
||||||
out.append("CREATE USER \"{}\" PASSWORD '{}';".format(role, password))
|
|
||||||
else:
|
|
||||||
out.append("CREATE USER \"{}\";".format(role))
|
|
||||||
out.append("CREATE DATABASE {} WITH OWNER = \"{}\" TEMPLATE = template0 "
|
|
||||||
"LC_COLLATE = 'fr_FR.UTF-8' LC_CTYPE = 'fr_FR.UTF-8';".format(database, role))
|
|
||||||
if database == 'wcs':
|
|
||||||
out.append("ALTER USER wcs CREATEDB;")
|
|
||||||
return " ".join(out)
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
|
||||||
main()
|
|
||||||
|
|
|
@ -1,43 +0,0 @@
|
||||||
defaults:
|
|
||||||
connection:
|
|
||||||
# the following is suitable for a local postgresql service
|
|
||||||
host: localhost
|
|
||||||
admin:
|
|
||||||
password:
|
|
||||||
databases:
|
|
||||||
authentic2_multitenant: authentic-multitenant
|
|
||||||
bijoe: bijoe
|
|
||||||
chrono: chrono
|
|
||||||
combo: combo
|
|
||||||
fargo: fargo
|
|
||||||
hobo: hobo
|
|
||||||
passerelle: passerelle
|
|
||||||
wcs: wcs
|
|
||||||
welco: welco
|
|
||||||
briques:
|
|
||||||
- authentic2-multitenant
|
|
||||||
- bijoe
|
|
||||||
- chrono
|
|
||||||
- combo
|
|
||||||
- hobo
|
|
||||||
- fargo
|
|
||||||
- passerelle
|
|
||||||
- welco
|
|
||||||
- wcs
|
|
||||||
|
|
||||||
instances:
|
|
||||||
local.publik: {}
|
|
||||||
|
|
||||||
## Example
|
|
||||||
# instances:
|
|
||||||
# demo.local.publik:
|
|
||||||
# connection:
|
|
||||||
# host: w.x.y.z
|
|
||||||
# admin: admin
|
|
||||||
# password: secret
|
|
||||||
# databases:
|
|
||||||
# authentic2_multitenant: authentic-multitenant
|
|
||||||
# combo: combo
|
|
||||||
# roles:
|
|
||||||
# authentic-multitenant: juzi3Uhi
|
|
||||||
# combo: j0kl32fa
|
|
Loading…
Reference in New Issue