6 PGDATA=/var/lib/pgsql/data/
9 postgresql_conf=$PGDATA/postgresql.conf
10 pg_hba_conf=$PGDATA/pg_hba.conf
12 # SFA consolidated (merged) config file
13 sfa_whole_config=/etc/sfa/sfa_config
14 # SFA default config (read-only template)
15 sfa_default_config=/etc/sfa/default_config.xml
16 # SFA local (site-dependent) file
17 sfa_local_config=/etc/sfa/configs/site_config
18 sfa_local_config_xml=/etc/sfa/configs/site_config.xml
19 sfa_local_config_sh=/etc/sfa/sfa_config.sh
21 # Regenerate configuration files - almost verbatim from plc.init
22 function reconfigure () {
24 # Regenerate the main configuration file from default values
25 # overlaid with site-specific and current values.
26 files=( $sfa_default_config $sfa_local_config )
27 tmp=$(mktemp /tmp/sfa_config.XXXXXX)
28 sfa-config --python "${files[@]}" > $tmp
29 if [ $? -eq 0 ] ; then
30 mv $tmp $sfa_whole_config
31 chmod 444 $sfa_whole_config
33 echo "SFA: Warning: Invalid configuration file(s) detected"
38 # Convert configuration to various formats
39 if [ -f $sfa_local_config_xml ] ; then
40 sfa-config --python $sfa_local_config_xml > $sfa_local_config
41 rm $sfa_local_config_xml
43 if [ -n "$force" -o $sfa_local_config -nt $sfa_whole_config ] ; then
44 sfa-config --python $sfa_default_config $sfa_local_config > $sfa_whole_config
46 if [ -n "$force" -o $sfa_whole_config -nt /etc/sfa/sfa_config.sh ] ; then
47 sfa-config --shell $sfa_default_config $sfa_local_config > /etc/sfa/sfa_config.sh
50 # reload the shell version
51 source $sfa_local_config_sh
55 function postgresql_setting() {
59 sed --regexp-extended --in-place \
60 --expression="s|#?${param} = .*|${param} = ${value}|" \
67 [ "$SFA_DB_ENABLED" == 1 -o "$SFA_DB_ENABLED" == True ] || return
69 postgresql_setting port "'$SFA_DB_PORT'"
71 chown postgres:postgres $PGLOG
72 postgresql_setting log_directory "'$PGLOG'"
74 ######## /var/lib/pgsql/data
75 # Fix ownership (rpm installation may have changed it)
76 chown -R -H postgres:postgres $(dirname $PGDATA)
78 # PostgreSQL must be started at least once to bootstrap
80 if [ ! -f $postgresql_conf ] ; then
81 /usr/bin/postgresql-setup --initdb --unit postgresql
84 ######## /var/lib/pgsql/data/postgresql.conf
86 foo=$(python -c "import socket; print socket.gethostbyname('$SFA_REGISTRY_HOST')") && registry_ip="$foo"
87 # Enable DB server. drop Postgresql<=7.x
88 # PostgreSQL >=8.0 defines listen_addresses
89 # listen on a specific IP + localhost, more robust when run within a vserver
90 sed -i -e '/^listen_addresses/d' $postgresql_conf
91 if [ -z "$registry_ip" ] ; then
92 postgresql_setting listen_addresses "'localhost'"
94 postgresql_setting listen_addresses "'${registry_ip},localhost'"
96 postgresql_setting timezone "'UTC'"
97 postgresql_setting log_timezone "'UTC'"
99 ######## /var/lib/pgsql/data/pg_hba.conf
100 # remove/recreate passwordless localhost entry
101 sed -i -e "/^local/d" $pg_hba_conf
102 echo "local all all trust" >> $pg_hba_conf
104 # Disable access to our DB from all hosts
105 sed -i -e "/^host ${SFA_DB_NAME}/d" $pg_hba_conf
108 echo "host $SFA_DB_NAME $SFA_DB_USER 127.0.0.1/32 password"
109 [ -n "$registry_ip" ] && echo "host $SFA_DB_NAME $SFA_DB_USER ${registry_ip}/32 password"
112 # Fix ownership (sed -i changes it)
113 chown postgres:postgres $postgresql_conf $pg_hba_conf
115 ######## compute a password if needed
116 if [ -z "$SFA_DB_PASSWORD" ] ; then
117 SFA_DB_PASSWORD=$(uuidgen)
118 sfa-config --category=sfa_db --variable=password --value="$SFA_DB_PASSWORD" --save=$sfa_local_config $sfa_local_config >& /dev/null
122 systemctl restart postgresql
124 ######## make sure we have the user and db created
126 if ! psql -U $SFA_DB_USER -c "" template1 >/dev/null 2>&1 ; then
127 psql -U postgres -c "CREATE USER $SFA_DB_USER PASSWORD '$SFA_DB_PASSWORD'" template1 >& /dev/null
129 psql -U postgres -c "ALTER USER $SFA_DB_USER WITH PASSWORD '$SFA_DB_PASSWORD'" template1 >& /dev/null
133 if ! psql -U $SFA_DB_USER -c "" $SFA_DB_NAME >/dev/null 2>&1 ; then
134 createdb -U postgres --template=template0 --encoding=UNICODE --owner=$SFA_DB_USER $SFA_DB_NAME
137 # create schema; sfaadmin.py is safer than just sfaadmin
138 sfaadmin.py reg sync_db
142 # source shell config if present
143 # but it might not be present the very first time
144 [ ! -f $sfa_local_config_sh ] && reconfigure
146 source $sfa_local_config_sh
148 # Export so that we do not have to specify -p to psql invocations
149 export PGPORT=$SFA_DB_PORT