Author: tmckay
Date: 2012-09-26 21:48:37 +0000 (Wed, 26 Sep 2012)
New Revision: 5482
Modified:
trunk/cumin/bin/cumin-admin
trunk/cumin/bin/cumin-database
trunk/cumin/etc/cumin.conf
trunk/cumin/python/cumin/admin.py
trunk/cumin/python/cumin/config.py
trunk/cumin/python/cumin/database.py
Log:
Use standard PostgreSQL authentication instead of modified pg_hba.conf
BZ846345
Modified: trunk/cumin/bin/cumin-admin
===================================================================
--- trunk/cumin/bin/cumin-admin 2012-09-26 21:35:31 UTC (rev 5481)
+++ trunk/cumin/bin/cumin-admin 2012-09-26 21:48:37 UTC (rev 5482)
@@ -26,7 +26,20 @@
error("You have insufficient privileges")
if uid == 0:
- os.setuid(file_uid)
+ import pwd
+
+ # Okay, if the file is not owned by us, then this is a local
+ # (development) instance and cumin is not installed as a package.
+ # In this case we need to set the effective uid as the file owner.
+ # That owner should have added themselves as a postgres user so
+ # auth will work.
+ if file_uid != uid:
+ os.seteuid(file_uid)
+ else:
+ # Become the cumin user so we have
+ # access to the db with ident authentication
+ cumin = pwd.getpwnam("cumin")
+ os.seteuid(cumin[2])
setup_initial_logging()
@@ -105,7 +118,9 @@
error("Only schema commands are allowed until the schema is
repaired")
try:
- handler(app, cursor, opts, args[1:])
+ res = handler(app, cursor, opts, args[1:])
+ if type(res) is tuple:
+ conn, cursor = res
conn.commit()
finally:
cursor.close()
@@ -256,17 +271,28 @@
script = os.path.join(upgrade_dir, steps[0]+"_to_"+steps[1])
print "Executing script %s" % script
- cmd = [script]
- res = subprocess.Popen(cmd, stdout=PIPE, stderr=PIPE)
- out, err = res.communicate()
- if res.returncode != 0:
- print "Script exited with error code %s" % res.returncode
- if out:
- print "Script stdout:\n%s" % out
- if err:
- print "Script stderr:\n%s" % err
+ res = subprocess.Popen(script, shell=True).wait()
+ if res != 0:
+ print "Script exited with error code %s" % res
break
else:
+ # Well, some upgrade scripts might restart the server
+ # Get the connection back. Try multiple, the server
+ # may be in the process of starting
+ conn = None
+ for i in range(20):
+ try:
+ conn = app.database.get_connection()
+ break
+ except:
+ import time
+ time.sleep(0.5)
+ if conn is None:
+ print "Upgrade failed, unable to write "\
+ "new schema version."
+ return
+
+ cursor = conn.cursor()
app.admin.update_schema_version(cursor, steps[1])
curr = app.admin.get_schema_version(cursor)
@@ -274,6 +300,7 @@
print "Upgrade failed, schema is version %s" % curr
else:
print "Upgrade to schema version %s succeeded" % target
+ return conn, cursor
def handle_create_schema(app, cursor, opts, args):
try:
@@ -285,6 +312,8 @@
app.admin.add_role(cursor, "admin")
print "The schema is created"
+ if conn and cursor:
+ return conn, cursor
def handle_check_schema(app, cursor, opts, args):
try:
Modified: trunk/cumin/bin/cumin-database
===================================================================
--- trunk/cumin/bin/cumin-database 2012-09-26 21:35:31 UTC (rev 5481)
+++ trunk/cumin/bin/cumin-database 2012-09-26 21:48:37 UTC (rev 5482)
@@ -102,18 +102,8 @@
fi
}
-function check-configured {
- grep "$dbname" "$pghbaconf" &> /dev/null || {
- echo "Error: The database is not configured"
- if [ "$1" != noadvice ]; then
- echo "Hint: Run 'cumin-database install'"
- fi
- return 1
- }
-}
-
function check-created {
- psql -d cumin -U cumin -h localhost -c '\q' &> /dev/null || {
+ su - postgres -c 'echo \\q | psql -d cumin' &> /dev/null || {
echo "Error: The database is not created"
if [ "$1" != noadvice ]; then
echo "Hint: Run 'cumin-database install'"
@@ -125,7 +115,7 @@
function check-created-wait {
for ((c=0; c<=30; c++))
do
- res="$(psql -d cumin -U cumin -h localhost -c '\q'
2>&1)" || true
+ res="$(su - postgres -c 'echo \\q | psql -d cumin'
2>&1)" || true
case $res in
*"could not connect"* | *"database system is starting
up"*)
if [ $c -eq 0 ] ; then
@@ -165,8 +155,6 @@
* It will initialize the postgresql database cluster if it isn't
already initialized.
- * It will alter postgresql configuration files.
-
If you already have a custom-configured postgresql install, you may
not want to proceed.
@@ -200,11 +188,6 @@
check-initialized &> /dev/null || initialize
- check-configured &> /dev/null || {
- configure
- restart > /dev/null
- }
-
check-started &> /dev/null || start > /dev/null
check-created-wait &> /dev/null || create
@@ -275,35 +258,9 @@
}
}
-function configure {
- check-environment || exit 1
- check-initialized || exit 1
-
- if check-configured &> /dev/null; then
- echo "Error: The database server is already configured"
- echo "(Note, the server must be restarted after configuration."
- echo " If it has not been restarted since configuration, use"
- echo " 'cumin-database stop' and 'cumin-database start' to
restart it)"
- exit 1
- fi
-
- python <<EOF
-import os
-import sys
-
-home = os.environ.get("CUMIN_HOME",
os.path.normpath("/usr/share/cumin"))
-sys.path.append(os.path.join(home, "python"))
-
-from cumin.database import modify_pghba_conf
-
-modify_pghba_conf('${pghbaconf}', '${dbname}', 'cumin')
-EOF
-}
-
function create {
check-environment || exit 1
check-started || exit 1
- check-configured || exit 1
if check-created &> /dev/null; then
echo "Error: The database is already created"
@@ -313,7 +270,7 @@
run "createuser --superuser ${dbname}" postgres
run "createdb --owner=${dbname} ${dbname}" postgres
- cumin-admin create-schema > /dev/null
+ cumin-admin create-schema
# cumin-admin add-role user
# cumin-admin add-role admin
}
@@ -366,7 +323,6 @@
start Start the database server
stop Stop the database server
initialize Create the main database cluster
- configure Configure the main database cluster
create Create the user, database, and schema
drop Discard the database user, database, and all data
EOF
@@ -383,10 +339,6 @@
check-initialized $2 || exit 1
echo "OK"
- echo -n "Checking configuration ...... "
- check-configured $2 || exit 1
- echo "OK"
-
echo -n "Checking server ............. "
check-started $2 || exit 1
echo "OK"
@@ -416,17 +368,6 @@
initialize
echo "The database server is initialized"
;;
- configure)
- configure && {
- echo "The database server is configured"
- $(postgresql_str status) &> /dev/null && {
- echo -e "\nAfter configuration the server must be restarted."
- echo -e "Would you like to restart the server now?\n"
- get-explicit-confirmation
- restart
- }
- }
- ;;
create)
create
echo "The database is created"
Modified: trunk/cumin/etc/cumin.conf
===================================================================
--- trunk/cumin/etc/cumin.conf 2012-09-26 21:35:31 UTC (rev 5481)
+++ trunk/cumin/etc/cumin.conf 2012-09-26 21:48:37 UTC (rev 5482)
@@ -15,7 +15,7 @@
# to the common section.
[common]
-# database: dbname=cumin user=cumin host=localhost
+# database: dbname=cumin
# brokers: localhost:5672
# sasl-mech-list: [default, 'anonymous' or 'plain digest-md5' with
usr/passw]
# wallaby-broker: [default, first item in 'brokers' list]
Modified: trunk/cumin/python/cumin/admin.py
===================================================================
--- trunk/cumin/python/cumin/admin.py 2012-09-26 21:35:31 UTC (rev 5481)
+++ trunk/cumin/python/cumin/admin.py 2012-09-26 21:48:37 UTC (rev 5482)
@@ -25,6 +25,46 @@
return writer.getvalue()
def create_schema(self, cursor):
+
+ # Check for meta scripts in the upgrade
+ # dir associated with the schema version.
+ # This lets us associate external tasks
+ # with schema version numbers.
+ upgrade_dir = os.path.join(self.app.home, "model/upgrades")
+ try:
+ target = None
+ scripts = os.listdir(upgrade_dir)
+ for s in scripts:
+ if s == "create_%s" % schema_version:
+ target = os.path.join(upgrade_dir, s)
+ break
+ except:
+ # nothing, we assume
+ pass
+
+ conn = None
+ if target:
+ res = subprocess.Popen(target, shell=True).wait()
+ if res != 0:
+ print "Executed script %s" % target
+ print "Script exited with error code %s" % res
+ raise Exception("Schema not created")
+ else:
+ # Well, some scripts might restart the server
+ # Get the connection back. Try multiple, the server
+ # may be in the process of starting
+ for i in range(20):
+ try:
+ conn = self.app.database.get_connection()
+ break
+ except:
+ import time
+ time.sleep(0.5)
+ if conn is None:
+ print "Can't connect to the database."
+ raise Exception("Schema not created")
+ cursor = conn.cursor()
+
cursor.execute(self.get_schema())
cls = self.app.model.com_redhat_cumin.Info
@@ -33,6 +73,7 @@
obj.schema_version = schema_version
obj.fake_qmf_values()
obj.save(cursor)
+ return conn, cursor
def update_schema_version(self, cursor, version):
cls = self.app.model.com_redhat_cumin.Info
Modified: trunk/cumin/python/cumin/config.py
===================================================================
--- trunk/cumin/python/cumin/config.py 2012-09-26 21:35:31 UTC (rev 5481)
+++ trunk/cumin/python/cumin/config.py 2012-09-26 21:48:37 UTC (rev 5482)
@@ -126,7 +126,7 @@
super(CuminConfigSection, self).__init__(config, name, strict_section)
param = ConfigParameter(self, "database", str)
- param.default = "dbname=cumin user=cumin host=localhost"
+ param.default = "dbname=cumin"
# Put this here, because authentication is something that
# might need to be done commonly
Modified: trunk/cumin/python/cumin/database.py
===================================================================
--- trunk/cumin/python/cumin/database.py 2012-09-26 21:35:31 UTC (rev 5481)
+++ trunk/cumin/python/cumin/database.py 2012-09-26 21:48:37 UTC (rev 5482)
@@ -68,45 +68,3 @@
def __repr__(self):
return self.__class__.__name__
-def modify_pghba_conf(path, database_name, user_name):
- comment_or_empty_line_pattern = re.compile('^\w*#|^\w*$')
- record_pattern = re.compile('^\w*(local|host|hostssl|hostnossl)')
-
- file = open(path, "r")
-
- lines = list()
- first_record_index = None
-
- for i, line in enumerate(file):
- lines.append(line)
-
- if record_pattern.match(line):
- if first_record_index is None:
- first_record_index = i
-
- tokens = line.split()
-
- if tokens[1] == database_name:
- raise Exception("This file already contains a " + \
- "%s record" % database_name)
- elif comment_or_empty_line_pattern.match(line):
- pass
- else:
- raise Exception("This doesn't look like a pg_hba.conf file")
-
- file.close()
-
- if first_record_index is None:
- first_record_index = len(lines)
-
- line = "host %s %s ::1/128 trust\n" % (database_name, user_name)
- lines.insert(first_record_index, line)
- line = "host %s %s 127.0.0.1/32 trust\n" % (database_name, user_name)
- lines.insert(first_record_index, line)
-
- file = open(path, "w")
-
- for line in lines:
- file.write(line)
-
- file.close()