#!/bin/bash PSQL_ROOT_PWD_FILE=/etc/yunohost/psql PSQL_VERSION=11 # Open a connection as a user # # usage: ynh_psql_connect_as --user=user --password=password [--database=database] # | arg: -u, --user= - the user name to connect as # | arg: -p, --password= - the user password # | arg: -d, --database= - the database to connect to # # examples: # ynh_psql_connect_as 'user' 'pass' <<< "UPDATE ...;" # ynh_psql_connect_as 'user' 'pass' < /path/to/file.sql # # Requires YunoHost version 3.5.0 or higher. ynh_psql_connect_as() { # Declare an array to define the options of this helper. local legacy_args=upd local -A args_array=([u]=user= [p]=password= [d]=database=) local user local password local database # Manage arguments with getopts ynh_handle_getopts_args "$@" database="${database:-}" sudo --login --user=postgres PGUSER="$user" PGPASSWORD="$password" psql "$database" } # Execute a command as root user # # usage: ynh_psql_execute_as_root --sql=sql [--database=database] # | arg: -s, --sql= - the SQL command to execute # | arg: -d, --database= - the database to connect to # # Requires YunoHost version 3.5.0 or higher. ynh_psql_execute_as_root() { # Declare an array to define the options of this helper. local legacy_args=sd local -A args_array=([s]=sql= [d]=database=) local sql local database # Manage arguments with getopts ynh_handle_getopts_args "$@" database="${database:-}" if [ -n "$database" ] then database="--database=$database" fi ynh_psql_connect_as --user="postgres" --password="$(cat $PSQL_ROOT_PWD_FILE)" \ $database <<<"$sql" } # Execute a command from a file as root user # # usage: ynh_psql_execute_file_as_root --file=file [--database=database] # | arg: -f, --file= - the file containing SQL commands # | arg: -d, --database= - the database to connect to # # Requires YunoHost version 3.5.0 or higher. ynh_psql_execute_file_as_root() { # Declare an array to define the options of this helper. local legacy_args=fd local -A args_array=([f]=file= [d]=database=) local file local database # Manage arguments with getopts ynh_handle_getopts_args "$@" database="${database:-}" if [ -n "$database" ] then database="--database=$database" fi ynh_psql_connect_as --user="postgres" --password="$(cat $PSQL_ROOT_PWD_FILE)" \ $database <"$file" } # Create a database and grant optionnaly privilegies to a user # # [internal] # # usage: ynh_psql_create_db db [user] # | arg: db - the database name to create # | arg: user - the user to grant privilegies # # Requires YunoHost version 3.5.0 or higher. ynh_psql_create_db() { local db=$1 local user=${2:-} local sql="CREATE DATABASE ${db};" # grant all privilegies to user if [ -n "$user" ]; then sql+="ALTER DATABASE ${db} OWNER TO ${user};" sql+="GRANT ALL PRIVILEGES ON DATABASE ${db} TO ${user} WITH GRANT OPTION;" fi ynh_psql_execute_as_root --sql="$sql" } # Drop a database # # [internal] # # If you intend to drop the database *and* the associated user, # consider using ynh_psql_remove_db instead. # # usage: ynh_psql_drop_db db # | arg: db - the database name to drop # # Requires YunoHost version 3.5.0 or higher. ynh_psql_drop_db() { local db=$1 # First, force disconnection of all clients connected to the database # https://stackoverflow.com/questions/17449420/postgresql-unable-to-drop-database-because-of-some-auto-connections-to-db ynh_psql_execute_as_root --sql="REVOKE CONNECT ON DATABASE $db FROM public;" --database="$db" ynh_psql_execute_as_root --sql="SELECT pg_terminate_backend (pg_stat_activity.pid) FROM pg_stat_activity WHERE pg_stat_activity.datname = '$db' AND pid <> pg_backend_pid();" --database="$db" sudo --login --user=postgres dropdb $db } # Dump a database # # usage: ynh_psql_dump_db --database=database # | arg: -d, --database= - the database name to dump # | ret: the psqldump output # # example: ynh_psql_dump_db 'roundcube' > ./dump.sql # # Requires YunoHost version 3.5.0 or higher. ynh_psql_dump_db() { # Declare an array to define the options of this helper. local legacy_args=d local -A args_array=([d]=database=) local database # Manage arguments with getopts ynh_handle_getopts_args "$@" sudo --login --user=postgres pg_dump "$database" } # Create a user # # [internal] # # usage: ynh_psql_create_user user pwd # | arg: user - the user name to create # | arg: pwd - the password to identify user by # # Requires YunoHost version 3.5.0 or higher. ynh_psql_create_user() { local user=$1 local pwd=$2 ynh_psql_execute_as_root --sql="CREATE USER $user WITH ENCRYPTED PASSWORD '$pwd'" } # Check if a psql user exists # # usage: ynh_psql_user_exists --user=user # | arg: -u, --user= - the user for which to check existence # | exit: Return 1 if the user doesn't exist, 0 otherwise # # Requires YunoHost version 3.5.0 or higher. ynh_psql_user_exists() { # Declare an array to define the options of this helper. local legacy_args=u local -A args_array=([u]=user=) local user # Manage arguments with getopts ynh_handle_getopts_args "$@" if ! sudo --login --user=postgres PGUSER="postgres" PGPASSWORD="$(cat $PSQL_ROOT_PWD_FILE)" psql -tAc "SELECT rolname FROM pg_roles WHERE rolname='$user';" | grep --quiet "$user" then return 1 else return 0 fi } # Check if a psql database exists # # usage: ynh_psql_database_exists --database=database # | arg: -d, --database= - the database for which to check existence # | exit: Return 1 if the database doesn't exist, 0 otherwise # # Requires YunoHost version 3.5.0 or higher. ynh_psql_database_exists() { # Declare an array to define the options of this helper. local legacy_args=d local -A args_array=([d]=database=) local database # Manage arguments with getopts ynh_handle_getopts_args "$@" if ! sudo --login --user=postgres PGUSER="postgres" PGPASSWORD="$(cat $PSQL_ROOT_PWD_FILE)" psql -tAc "SELECT datname FROM pg_database WHERE datname='$database';" | grep --quiet "$database" then return 1 else return 0 fi } # Drop a user # # [internal] # # usage: ynh_psql_drop_user user # | arg: user - the user name to drop # # Requires YunoHost version 3.5.0 or higher. ynh_psql_drop_user() { ynh_psql_execute_as_root --sql="DROP USER ${1};" } # Create a database, an user and its password. Then store the password in the app's config # # usage: ynh_psql_setup_db --db_user=user --db_name=name [--db_pwd=pwd] # | arg: -u, --db_user= - Owner of the database # | arg: -n, --db_name= - Name of the database # | arg: -p, --db_pwd= - Password of the database. If not provided, a password will be generated # # After executing this helper, the password of the created database will be available in $db_pwd # It will also be stored as "psqlpwd" into the app settings. # # Requires YunoHost version 2.7.13 or higher. ynh_psql_setup_db() { # Declare an array to define the options of this helper. local legacy_args=unp local -A args_array=([u]=db_user= [n]=db_name= [p]=db_pwd=) local db_user local db_name db_pwd="" # Manage arguments with getopts ynh_handle_getopts_args "$@" if ! ynh_psql_user_exists --user=$db_user; then local new_db_pwd=$(ynh_string_random) # Generate a random password # If $db_pwd is not provided, use new_db_pwd instead for db_pwd db_pwd="${db_pwd:-$new_db_pwd}" ynh_psql_create_user "$db_user" "$db_pwd" elif [ -z $db_pwd ]; then ynh_die --message="The user $db_user exists, please provide his password" fi ynh_psql_create_db "$db_name" "$db_user" # Create the database ynh_app_setting_set --app=$app --key=psqlpwd --value=$db_pwd # Store the password in the app's config } # Remove a database if it exists, and the associated user # # usage: ynh_psql_remove_db --db_user=user --db_name=name # | arg: -u, --db_user= - Owner of the database # | arg: -n, --db_name= - Name of the database # # Requires YunoHost version 2.7.13 or higher. ynh_psql_remove_db() { # Declare an array to define the options of this helper. local legacy_args=un local -A args_array=([u]=db_user= [n]=db_name=) local db_user local db_name # Manage arguments with getopts ynh_handle_getopts_args "$@" if ynh_psql_database_exists --database=$db_name then # Check if the database exists ynh_psql_drop_db $db_name # Remove the database else ynh_print_warn --message="Database $db_name not found" fi # Remove psql user if it exists if ynh_psql_user_exists --user=$db_user then ynh_psql_drop_user $db_user else ynh_print_warn --message="User $db_user not found" fi } # Create a master password and set up global settings # # usage: ynh_psql_test_if_first_run # # It also make sure that postgresql is installed and running # Please always call this script in install and restore scripts # # Requires YunoHost version 2.7.13 or higher. ynh_psql_test_if_first_run() { # Make sure postgresql is indeed installed dpkg --list | grep -q "ii postgresql-$PSQL_VERSION" || ynh_die --message="postgresql-$PSQL_VERSION is not installed !?" # Check for some weird issue where postgresql could be installed but etc folder would not exist ... [ -e "/etc/postgresql/$PSQL_VERSION" ] || ynh_die --message="It looks like postgresql was not properly configured ? /etc/postgresql/$PSQL_VERSION is missing ... Could be due to a locale issue, c.f.https://serverfault.com/questions/426989/postgresql-etc-postgresql-doesnt-exist" # Make sure postgresql is started and enabled # (N.B. : to check the active state, we check the cluster state because # postgresql could be flagged as active even though the cluster is in # failed state because of how the service is configured..) systemctl is-active postgresql@$PSQL_VERSION-main -q || ynh_systemd_action --service_name=postgresql --action=restart systemctl is-enabled postgresql -q || systemctl enable postgresql --quiet # If this is the very first time, we define the root password # and configure a few things if [ ! -f "$PSQL_ROOT_PWD_FILE" ] then local pg_hba=/etc/postgresql/$PSQL_VERSION/main/pg_hba.conf local psql_root_password="$(ynh_string_random)" echo "$psql_root_password" >$PSQL_ROOT_PWD_FILE sudo --login --user=postgres psql -c"ALTER user postgres WITH PASSWORD '$psql_root_password'" postgres # force all user to connect to local databases using hashed passwords # https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html#EXAMPLE-PG-HBA.CONF # Note: we can't use peer since YunoHost create users with nologin # See: https://github.com/YunoHost/yunohost/blob/unstable/data/helpers.d/user ynh_replace_string --match_string="local\(\s*\)all\(\s*\)all\(\s*\)peer" --replace_string="local\1all\2all\3md5" --target_file="$pg_hba" # Integrate postgresql service in yunohost yunohost service add postgresql --log "/var/log/postgresql/" ynh_systemd_action --service_name=postgresql --action=reload fi }