From 9ba5c613360d4d8e4ecae4da383819464a10d5fd Mon Sep 17 00:00:00 2001 From: Thierry Parmentelat Date: Fri, 25 May 2018 16:51:40 +0200 Subject: [PATCH] very rough systemd services and script --- systemd/sfa-aggregate.service | 12 +++ systemd/sfa-db-init.sh | 147 ++++++++++++++++++++++++++++++++++ systemd/sfa-db.service | 17 ++++ systemd/sfa-registry.service | 12 +++ 4 files changed, 188 insertions(+) create mode 100644 systemd/sfa-aggregate.service create mode 100755 systemd/sfa-db-init.sh create mode 100644 systemd/sfa-db.service create mode 100644 systemd/sfa-registry.service diff --git a/systemd/sfa-aggregate.service b/systemd/sfa-aggregate.service new file mode 100644 index 00000000..1174bb76 --- /dev/null +++ b/systemd/sfa-aggregate.service @@ -0,0 +1,12 @@ +# this is meant to be installed under /etc/systemd/system +[Unit] +Description=SFA Aggregate Manager (AM) + +[Service] +#Environment=PYTHONPATH=/root/nbhosting/nbhosting +ExecStart=/bin/bash -c "/usr/bin/sfa-start.py -a" +Requires=sfa-db +After=sfa-db + +[Install] +WantedBy=multi-user.target diff --git a/systemd/sfa-db-init.sh b/systemd/sfa-db-init.sh new file mode 100755 index 00000000..01de2cbf --- /dev/null +++ b/systemd/sfa-db-init.sh @@ -0,0 +1,147 @@ +#!/bin/bash + +set -e + +#################### +PGDATA=/var/lib/pgsql/data/ +PGLOG=/var/log/pgsql + +postgresql_conf=$PGDATA/postgresql.conf +pg_hba_conf=$PGDATA/pg_hba.conf + +# SFA consolidated (merged) config file +sfa_whole_config=/etc/sfa/sfa_config +# SFA default config (read-only template) +sfa_default_config=/etc/sfa/default_config.xml +# SFA local (site-dependent) file +sfa_local_config=/etc/sfa/configs/site_config +sfa_local_config_xml=/etc/sfa/configs/site_config.xml +sfa_local_config_sh=/etc/sfa/sfa_config.sh + +# source shell config if present; might not be the very first time +[ -f $sfa_local_config_sh ] && source $sfa_local_config_sh + +# Export so that we do not have to specify -p to psql invocations +export PGPORT=$SFA_DB_PORT + +# Regenerate configuration files - almost verbatim from plc.init +function reconfigure () { + + # Regenerate the main configuration file from default values + # overlaid with site-specific and current values. + files=( $sfa_default_config $sfa_local_config ) + tmp=$(mktemp /tmp/sfa_config.XXXXXX) + sfa-config --python "${files[@]}" > $tmp + if [ $? -eq 0 ] ; then + mv $tmp $sfa_whole_config + chmod 444 $sfa_whole_config + else + echo "SFA: Warning: Invalid configuration file(s) detected" + rm -f $tmp + exit 1 + fi + + # Convert configuration to various formats + if [ -f $sfa_local_config_xml ] ; then + sfa-config --python $sfa_local_config_xml > $sfa_local_config + rm $sfa_local_config_xml + fi + if [ -n "$force" -o $sfa_local_config -nt $sfa_whole_config ] ; then + sfa-config --python $sfa_default_config $sfa_local_config > $sfa_whole_config + fi + if [ -n "$force" -o $sfa_whole_config -nt /etc/sfa/sfa_config.sh ] ; then + sfa-config --shell $sfa_default_config $sfa_local_config > /etc/sfa/sfa_config.sh + fi + + # reload the shell version + source $sfa_local_config_sh + +} + +function postgresql_setting() { + param="$1"; shift + value="$1"; shift + + sed --regexp-extended --in-place \ + --expression="s|#?${param} = .*|${param} = ${value}|" \ + $postgresql_conf +} + +function start () { + + # only if enabled + [ "$SFA_DB_ENABLED" == 1 -o "$SFA_DB_ENABLED" == True ] || return + + postgresql_setting port "'$SFA_DB_PORT'" + mkdir -p $PGLOG + chown postgres:postgres $PGLOG + postgresql_setting log_directory "'$PGLOG'" + + ######## /var/lib/pgsql/data + # Fix ownership (rpm installation may have changed it) + chown -R -H postgres:postgres $(dirname $PGDATA) + + # PostgreSQL must be started at least once to bootstrap + # /var/lib/pgsql/data + if [ ! -f $postgresql_conf ] ; then + /usr/bin/postgresql-setup --initdb --unit postgresql + fi + + ######## /var/lib/pgsql/data/postgresql.conf + registry_ip="" + foo=$(python -c "import socket; print socket.gethostbyname('$SFA_REGISTRY_HOST')") && registry_ip="$foo" + # Enable DB server. drop Postgresql<=7.x + # PostgreSQL >=8.0 defines listen_addresses + # listen on a specific IP + localhost, more robust when run within a vserver + sed -i -e '/^listen_addresses/d' $postgresql_conf + if [ -z "$registry_ip" ] ; then + postgresql_setting listen_addresses "'localhost'" + else + postgresql_setting listen_addresses "'${registry_ip},localhost'" + fi + postgresql_setting timezone "'UTC'" + postgresql_setting log_timezone "'UTC'" + + ######## /var/lib/pgsql/data/pg_hba.conf + # Disable access to all DBs from all hosts + sed -i -e '/^\(host\|local\)/d' $pg_hba_conf + + # Enable passwordless localhost access + echo "local all all trust" >>$pg_hba_conf + # grant access + { + echo "host $SFA_DB_NAME $SFA_DB_USER 127.0.0.1/32 password" + [ -n "$registry_ip" ] && echo "host $SFA_DB_NAME $SFA_DB_USER ${registry_ip}/32 password" + } >> $pg_hba_conf + + # Fix ownership (sed -i changes it) + chown postgres:postgres $postgresql_conf $pg_hba_conf + + ######## compute a password if needed + if [ -z "$SFA_DB_PASSWORD" ] ; then + SFA_DB_PASSWORD=$(uuidgen) + sfa-config --category=sfa_db --variable=password --value="$SFA_DB_PASSWORD" --save=$sfa_local_config $sfa_local_config >& /dev/null + reconfigure + fi + + systemctl restart postgresql + + ######## make sure we have the user and db created + # user + if ! psql -U $SFA_DB_USER -c "" template1 >/dev/null 2>&1 ; then + psql -U postgres -c "CREATE USER $SFA_DB_USER PASSWORD '$SFA_DB_PASSWORD'" template1 >& /dev/null + else + psql -U postgres -c "ALTER USER $SFA_DB_USER WITH PASSWORD '$SFA_DB_PASSWORD'" template1 >& /dev/null + fi + + # db + if ! psql -U $SFA_DB_USER -c "" $SFA_DB_NAME >/dev/null 2>&1 ; then + createdb -U postgres --template=template0 --encoding=UNICODE --owner=$SFA_DB_USER $SFA_DB_NAME + fi + + # create schema; sfaadmin.py is safer than just sfaadmin + sfaadmin.py reg sync_db + +} + +start diff --git a/systemd/sfa-db.service b/systemd/sfa-db.service new file mode 100644 index 00000000..f2d7d2c1 --- /dev/null +++ b/systemd/sfa-db.service @@ -0,0 +1,17 @@ +[Unit] +Description=SFA Database service +#After=network.target + +[Service] +Type=oneshot +ExecStart=/bin/bash -c "/usr/bin/sfa-db-init.sh" +RemainAfterExit=true +# systemd insists that we define this one +# that does not seem useful in our case +ExecStop=/bin/true +StandardOutput=journal +Requires=postgresql +After=postgresql + +[Install] +WantedBy=multi-user.target diff --git a/systemd/sfa-registry.service b/systemd/sfa-registry.service new file mode 100644 index 00000000..fec12f58 --- /dev/null +++ b/systemd/sfa-registry.service @@ -0,0 +1,12 @@ +# this is meant to be installed under /etc/systemd/system +[Unit] +Description=SFA Registry Service + +[Service] +#Environment=PYTHONPATH=/root/nbhosting/nbhosting +ExecStart=/bin/bash -c "/usr/bin/sfa-start.py -r" +Requires=sfa-db +After=sfa-db + +[Install] +WantedBy=multi-user.target -- 2.43.0