a little nicer wrt pep8

[sfa.git] / systemd / sfa-setup.sh

#!/bin/bash

set -e

####################
PGDATA=/var/lib/pgsql/data/
PGLOG=/var/log/pgsql

postgresql_conf=$PGDATA/postgresql.conf
pg_hba_conf=$PGDATA/pg_hba.conf

# SFA consolidated (merged) config file
sfa_whole_config=/etc/sfa/sfa_config
# SFA default config (read-only template)
sfa_default_config=/etc/sfa/default_config.xml
# SFA local (site-dependent) file
sfa_local_config=/etc/sfa/configs/site_config
sfa_local_config_xml=/etc/sfa/configs/site_config.xml
sfa_local_config_sh=/etc/sfa/sfa_config.sh

# Regenerate configuration files - almost verbatim from plc.init
function reload () {

    # Regenerate the main configuration file from default values
    # overlaid with site-specific and current values.
    files=( $sfa_default_config $sfa_local_config )
    tmp=$(mktemp /tmp/sfa_config.XXXXXX)
    sfa-config --python "${files[@]}" > $tmp
    if [ $? -eq 0 ] ; then
                mv $tmp $sfa_whole_config
                chmod 444 $sfa_whole_config
    else
                echo "SFA: Warning: Invalid configuration file(s) detected"
            rm -f $tmp
        exit 1
    fi

    # Convert configuration to various formats
    if [ -f $sfa_local_config_xml ] ; then
        sfa-config --python $sfa_local_config_xml > $sfa_local_config
        rm $sfa_local_config_xml
    fi
    if [ -n "$force" -o $sfa_local_config -nt $sfa_whole_config ] ; then
        sfa-config --python $sfa_default_config $sfa_local_config > $sfa_whole_config
    fi
    if [ -n "$force" -o $sfa_whole_config -nt /etc/sfa/sfa_config.sh ] ; then
        sfa-config --shell $sfa_default_config $sfa_local_config > /etc/sfa/sfa_config.sh
    fi

    # reload the shell version
    source $sfa_local_config_sh

}

function postgresql_setting() {
    param="$1"; shift
    value="$1"; shift

    # is that setting already present in file ?
    if grep --extended-regexp -q "#?${param} *=.*" $postgresql_conf; then
        sed --regexp-extended --in-place \
            --expression="s|#?${param} = .*|${param} = ${value}|" \
            $postgresql_conf
    else
        echo "${param} = ${value}" >> $postgresql_conf
    fi
}

function start-db () {

    # source shell config if present
    # but it might not be present the very first time
    [ ! -f $sfa_local_config_sh ] && reload

    source $sfa_local_config_sh

    # Export so that we do not have to specify -p to psql invocations
    export PGPORT=$SFA_DB_PORT

    # only if enabled
    # this is because the DB can run on a separate box as well
    [ "$SFA_DB_ENABLED" == 1 -o "$SFA_DB_ENABLED" == True ] || return

    postgresql_setting port "'$SFA_DB_PORT'"
    mkdir -p $PGLOG
    chown postgres:postgres $PGLOG
    postgresql_setting log_directory "'$PGLOG'"

    ######## /var/lib/pgsql/data
    # Fix ownership (rpm installation may have changed it)
    chown -R -H postgres:postgres $(dirname $PGDATA)

    # PostgreSQL must be started at least once to bootstrap
    # /var/lib/pgsql/data
    if [ ! -f $postgresql_conf ] ; then
        /usr/bin/postgresql-setup --initdb --unit postgresql
    fi

    ######## /var/lib/pgsql/data/postgresql.conf
    registry_ip=""
    foo=$(python -c "import socket; print socket.gethostbyname('$SFA_REGISTRY_HOST')") && registry_ip="$foo"
    db_ip=""
    foo=$(python -c "import socket; print socket.gethostbyname('$SFA_DB_HOST')") && db_ip="$foo"
    # Enable DB server. drop Postgresql<=7.x
    # PostgreSQL >=8.0 defines listen_addresses
    # listen on a specific IP + localhost, more robust when run within a vserver
    sed -i -e '/^listen_addresses/d' $postgresql_conf
    case "$db_ip" in
        ""|127.0.0.1|localhost*)
            postgresql_setting listen_addresses "'localhost'" ;;
        *)
            postgresql_setting listen_addresses "'${db_ip},localhost'" ;;
    esac
    postgresql_setting timezone "'UTC'"
    postgresql_setting log_timezone "'UTC'"

    ######## /var/lib/pgsql/data/pg_hba.conf
    # remove/recreate passwordless localhost entry
    sed -i -e "/^local/d" $pg_hba_conf
    echo "local all all trust" >> $pg_hba_conf

    # Disable access to our DB from all hosts
    sed -i -e "/^host ${SFA_DB_NAME}/d" $pg_hba_conf
    # grant access
    {
        echo "host $SFA_DB_NAME $SFA_DB_USER 127.0.0.1/32 password"
        [ -n "$registry_ip" ] && echo "host $SFA_DB_NAME $SFA_DB_USER ${registry_ip}/32 password"
    } >> $pg_hba_conf

    # Fix ownership (sed -i changes it)
    chown postgres:postgres $postgresql_conf $pg_hba_conf

    ######## compute a password if needed
    if [ -z "$SFA_DB_PASSWORD" ] ; then
        SFA_DB_PASSWORD=$(uuidgen)
        sfa-config --category=sfa_db --variable=password --value="$SFA_DB_PASSWORD" --save=$sfa_local_config $sfa_local_config >& /dev/null
        reload
    fi

    # tell postgresql that settings have changed
    # note that changes to listen_addresses do require a full restart
    # but it's too intrusive to do this each time, as it would in turn
    # require a restart of the plc service
    su - postgres bash -c "pg_ctl reload"

    ######## make sure we have the user and db created
    # user
    if ! psql -U $SFA_DB_USER -c "" template1 >/dev/null 2>&1 ; then
        psql -U postgres -c "CREATE USER $SFA_DB_USER PASSWORD '$SFA_DB_PASSWORD'" template1 >& /dev/null
    else
        psql -U postgres -c "ALTER USER $SFA_DB_USER WITH PASSWORD '$SFA_DB_PASSWORD'" template1 >& /dev/null
    fi

    # db
    if ! psql -U $SFA_DB_USER -c "" $SFA_DB_NAME >/dev/null 2>&1 ; then
        createdb -U postgres --template=template0 --encoding=UNICODE --owner=$SFA_DB_USER $SFA_DB_NAME
    fi

    # create schema; sfaadmin.py is safer than just sfaadmin
    sfaadmin.py reg sync_db

}

usage="$0 start-db|reload
  start-db: configure postgresql database and restart postgresql
  reload: recompute miscell configuration files after changes are made in master config
"

func="$1"; shift

case "$func" in
    start-db|reload) $func;;
    *) echo "$usage"; exit 1;;
esac