mirror
/
docker-postgis
kopia lustrzana https://github.com/kartoza/docker-postgis
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

add multiple super users

multiple
Admire Nyakudya 2023-01-14 23:16:20 +02:00
rodzic f124d2349c
commit 3b5b0090d0
3 zmienionych plików z 79 dodań i 32 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

40
scripts/env-data.sh
Wyświetl plik

@ -376,6 +376,21 @@ list=(`echo ${POSTGRES_DBNAME} | tr ',' ' '`)
arr=(${list}) arr=(${list})
SINGLE_DB=${arr[0]} SINGLE_DB=${arr[0]}
pass_list=(`echo ${POSTGRES_PASS} | tr ',' ' '`)
pass_arr=(${pass_list})
SINGLE_PASS=${pass_arr[0]}
user_list=(`echo ${POSTGRES_USER} | tr ',' ' '`)
arr_val=(${user_list})
SINGLE_USER=${arr_val[0]}
function env_array() {
ENV_NAME=$1
IFS=','
read -a strarr <<< "$ENV_NAME"
}
if [ -z "${TIMEZONE}" ]; then if [ -z "${TIMEZONE}" ]; then
TIMEZONE='Etc/UTC' TIMEZONE='Etc/UTC'
fi fi
@ -421,22 +436,24 @@ function entry_point_script {
if [[ ! -f "${SETUP_LOCKFILE}" ]] || [[ "${IGNORE_INIT_HOOK_LOCKFILE}" =~ [Tt][Rr][Uu][Ee] ]]; then if [[ ! -f "${SETUP_LOCKFILE}" ]] || [[ "${IGNORE_INIT_HOOK_LOCKFILE}" =~ [Tt][Rr][Uu][Ee] ]]; then
if find "/docker-entrypoint-initdb.d" -mindepth 1 -print -quit 2>/dev/null | grep -q .; then if find "/docker-entrypoint-initdb.d" -mindepth 1 -print -quit 2>/dev/null | grep -q .; then
for f in /docker-entrypoint-initdb.d/*; do for f in /docker-entrypoint-initdb.d/*; do
export PGPASSWORD=${POSTGRES_PASS} export PGPASSWORD=${SINGLE_PASS}
case "$f" in case "$f" in
*.sql) echo "$0: running $f"; *.sql) echo "$0: running $f";
if [[ "${ALL_DATABASES}" =~ [Ff][Aa][Ll][Ss][Ee] ]]; then if [[ "${ALL_DATABASES}" =~ [Ff][Aa][Ll][Ss][Ee] ]]; then
psql ${SINGLE_DB} -U ${POSTGRES_USER} -p 5432 -h localhost -f ${f} || true psql ${SINGLE_DB} -U ${SINGLE_USER} -p 5432 -h localhost -f ${f} || true
else else
for db in $(echo ${POSTGRES_DBNAME} | tr ',' ' '); do env_array ${POSTGRES_DBNAME}
psql ${db} -U ${POSTGRES_USER} -p 5432 -h localhost -f ${f} || true for db in "${strarr[@]}";do
psql ${db} -U ${SINGLE_USER} -p 5432 -h localhost -f ${f} || true
done done
fi;; fi;;
*.sql.gz) echo "$0: running $f"; *.sql.gz) echo "$0: running $f";
if [[ "${ALL_DATABASES}" =~ [Ff][Aa][Ll][Ss][Ee] ]]; then if [[ "${ALL_DATABASES}" =~ [Ff][Aa][Ll][Ss][Ee] ]]; then
gunzip < "$f" | psql ${SINGLE_DB} -U ${POSTGRES_USER} -p 5432 -h localhost || true gunzip < "$f" | psql ${SINGLE_DB} -U ${SINGLE_USER} -p 5432 -h localhost || true
else else
for db in $(echo ${POSTGRES_DBNAME} | tr ',' ' '); do env_array ${POSTGRES_DBNAME}
gunzip < "$f" | psql ${db} -U ${POSTGRES_USER} -p 5432 -h localhost || true for db in "${strarr[@]}";do
gunzip < "$f" | psql ${db} -U ${SINGLE_USER} -p 5432 -h localhost || true
done done
fi;; fi;;
*.sh) echo "$0: running $f"; . $f || true;; *.sh) echo "$0: running $f"; . $f || true;;
@ -494,21 +511,24 @@ function over_write_conf() {
} }
function extension_install() { function extension_install() {
DATABASE=$1 DATABASE=$1
DB_EXTENSION=$2
IFS=':' IFS=':'
read -a strarr <<< "$ext" read -a strarr <<< "${DB_EXTENSION}"
EXTENSION_NAME=${strarr[0]} EXTENSION_NAME=${strarr[0]}
EXTENSION_VERSION=${strarr[1]} EXTENSION_VERSION=${strarr[1]}
if [[ -z ${EXTENSION_VERSION} ]];then if [[ -z ${EXTENSION_VERSION} ]];then
if [[ ${EXTENSION_NAME} != 'pg_cron' ]]; then if [[ ${EXTENSION_NAME} != 'pg_cron' ]]; then
echo -e "\e[32m [Entrypoint] Enabling extension \e[1;31m ${EXTENSION_NAME} \e[32m in the database : \e[1;31m ${DATABASE} \033[0m" echo -e "\e[32m [Entrypoint] Enabling extension \e[1;31m ${EXTENSION_NAME} \e[32m in the database : \e[1;31m ${DATABASE} \033[0m"
psql ${DATABASE} -U ${POSTGRES_USER} -p 5432 -h localhost -c "CREATE EXTENSION IF NOT EXISTS \"${EXTENSION_NAME}\" cascade;" psql ${DATABASE} -U ${SINGLE_USER} -p 5432 -h localhost -c "CREATE EXTENSION IF NOT EXISTS \"${EXTENSION_NAME}\" cascade;"
fi fi
else else
echo -e "\e[32m [Entrypoint] Installing extension \e[1;31m ${EXTENSION_NAME} \e[32m with version \e[1;31m ${EXTENSION_VERSION} \e[32m in the database : \e[1;31m ${DATABASE} \033[0m" echo -e "\e[32m [Entrypoint] Installing extension \e[1;31m ${EXTENSION_NAME} \e[32m with version \e[1;31m ${EXTENSION_VERSION} \e[32m in the database : \e[1;31m ${DATABASE} \033[0m"
if [[ ${EXTENSION_NAME} != 'pg_cron' ]]; then if [[ ${EXTENSION_NAME} != 'pg_cron' ]]; then
psql ${DATABASE} -U ${POSTGRES_USER} -p 5432 -h localhost -c "CREATE EXTENSION IF NOT EXISTS \"${EXTENSION_NAME}\" WITH VERSION '${EXTENSION_VERSION}' cascade;" psql ${DATABASE} -U ${SINGLE_USER} -p 5432 -h localhost -c "CREATE EXTENSION IF NOT EXISTS \"${EXTENSION_NAME}\" WITH VERSION '${EXTENSION_VERSION}' cascade;"
fi fi
fi fi

35
scripts/setup-database.sh
Wyświetl plik

@ -40,7 +40,7 @@ if [[ -z "$(ls -A ${DATADIR} 2> /dev/null)" || "${RECREATE_DATADIR}" =~ [Tt][Rr]
create_dir "${DATADIR}" create_dir "${DATADIR}"
rm -rf ${DATADIR}/* rm -rf ${DATADIR}/*
chown -R postgres:postgres "${DATADIR}" chown -R postgres:postgres "${DATADIR}"
command="$INITDB -U postgres --pwfile=<(echo "$POSTGRES_PASS") -E ${DEFAULT_ENCODING} --lc-collate=${DEFAULT_COLLATION} --lc-ctype=${DEFAULT_CTYPE} --wal-segsize=${WAL_SEGSIZE} --auth=${PASSWORD_AUTHENTICATION} -D ${DATADIR} ${INITDB_WALDIR_FLAG} ${INITDB_EXTRA_ARGS}" command="$INITDB -U postgres --pwfile=<(echo "$SINGLE_PASS") -E ${DEFAULT_ENCODING} --lc-collate=${DEFAULT_COLLATION} --lc-ctype=${DEFAULT_CTYPE} --wal-segsize=${WAL_SEGSIZE} --auth=${PASSWORD_AUTHENTICATION} -D ${DATADIR} ${INITDB_WALDIR_FLAG} ${INITDB_EXTRA_ARGS}"
echo -e "\e[32m [Entrypoint] Initializing Cluster with the following commands Postgres Database at \e[1;31m $command \033[0m" echo -e "\e[32m [Entrypoint] Initializing Cluster with the following commands Postgres Database at \e[1;31m $command \033[0m"
su - postgres -c "$command" su - postgres -c "$command"
else else
@ -90,33 +90,35 @@ echo "postgres ready"
# Setup user # Setup user
source /scripts/setup-user.sh source /scripts/setup-user.sh
export PGPASSWORD=${POSTGRES_PASS} export PGPASSWORD=${SINGLE_PASS}
# Create a default db called 'gis' or $POSTGRES_DBNAME that you can use to get up and running quickly # Create a default db called 'gis' or $POSTGRES_DBNAME that you can use to get up and running quickly
# It will be owned by the docker db user # It will be owned by the docker db user
# Since we now pass a comma separated list in database creation we need to search for all databases as a test # Since we now pass a comma separated list in database creation we need to search for all databases as a test
for db in $(echo ${POSTGRES_DBNAME} | tr ',' ' '); do IFS=','
read -a dbarr <<< "$POSTGRES_DBNAME"
for db in "${dbarr[@]}";do
RESULT=`su - postgres -c "psql -t -c \"SELECT count(1) from pg_database where datname='${db}';\""` RESULT=`su - postgres -c "psql -t -c \"SELECT count(1) from pg_database where datname='${db}';\""`
if [[ ${RESULT} -eq 0 ]]; then if [[ ${RESULT} -eq 0 ]]; then
echo -e "\e[32m [Entrypoint] Create database \e[1;31m ${db} \033[0m" echo -e "\e[32m [Entrypoint] Create database \e[1;31m ${db} \033[0m"
DB_CREATE=$(createdb -h localhost -p 5432 -U ${POSTGRES_USER} ${db}) DB_CREATE=$(createdb -h localhost -p 5432 -U ${SINGLE_USER} ${db})
eval ${DB_CREATE} eval ${DB_CREATE}
psql ${SINGLE_DB} -U ${POSTGRES_USER} -p 5432 -h localhost -c 'CREATE EXTENSION IF NOT EXISTS pg_cron cascade;' psql ${SINGLE_DB} -U ${SINGLE_USER} -p 5432 -h localhost -c 'CREATE EXTENSION IF NOT EXISTS pg_cron cascade;'
# Loop through extensions # Loop through extensions
IFS=',' IFS=','
read -a strarr <<< "$POSTGRES_MULTIPLE_EXTENSIONS" read -a strarr <<< "$POSTGRES_MULTIPLE_EXTENSIONS"
for ext in "${strarr[@]}";do for ext in "${strarr[@]}";do
extension_install ${db} extension_install ${db} ${ext}
# enable extensions in template1 if env variable set to true # enable extensions in template1 if env variable set to true
if [[ "$(boolean ${POSTGRES_TEMPLATE_EXTENSIONS})" =~ [Tt][Rr][Uu][Ee] ]] ; then if [[ "$(boolean ${POSTGRES_TEMPLATE_EXTENSIONS})" =~ [Tt][Rr][Uu][Ee] ]] ; then
extension_install template1 extension_install template1
fi fi
done done
echo -e "\e[32m [Entrypoint] loading legacy sql in database \e[1;31m ${db} \033[0m" echo -e "\e[32m [Entrypoint] loading legacy sql in database \e[1;31m ${db} \033[0m"
psql ${db} -U ${POSTGRES_USER} -p 5432 -h localhost -f ${SQLDIR}/legacy_minimal.sql || true psql ${db} -U ${SINGLE_USER} -p 5432 -h localhost -f ${SQLDIR}/legacy_minimal.sql || true
psql ${db} -U ${POSTGRES_USER} -p 5432 -h localhost -f ${SQLDIR}/legacy_gist.sql || true psql ${db} -U ${SINGLE_USER} -p 5432 -h localhost -f ${SQLDIR}/legacy_gist.sql || true
if [[ "$WAL_LEVEL" =~ [Ll][Oo][Gg][Ii][Cc][Aa][Ll] ]];then if [[ "$WAL_LEVEL" =~ [Ll][Oo][Gg][Ii][Cc][Aa][Ll] ]];then
psql ${db} -U ${POSTGRES_USER} -p 5432 -h localhost -c "CREATE PUBLICATION logical_replication;" psql ${db} -U ${SINGLE_USER} -p 5432 -h localhost -c "CREATE PUBLICATION logical_replication;"
fi fi
else else
@ -128,15 +130,20 @@ done
# Create schemas in the DB # Create schemas in the DB
for db in $(echo ${POSTGRES_DBNAME} | tr ',' ' '); do
for schema in $(echo ${SCHEMA_NAME} | tr ',' ' '); do IFS=','
SCHEMA_RESULT=$(psql -t ${db} -U ${POSTGRES_USER} -p 5432 -h localhost -c "select count(1) from information_schema.schemata where schema_name = '${schemas}' and catalog_name = '${db}';") read -a dbarr <<< "$POSTGRES_DBNAME"
for db in "${dbarr[@]}";do
IFS=','
read -a schemaarr <<< "$SCHEMA_NAME"
for schema in "${schemaarr[@]}";do
SCHEMA_RESULT=$(psql -t ${db} -U ${SINGLE_USER} -p 5432 -h localhost -c "select count(1) from information_schema.schemata where schema_name = '${schema}' and catalog_name = '${db}';")
if [[ ${SCHEMA_RESULT} -eq 0 ]] && [[ "${ALL_DATABASES}" =~ [Ff][Aa][Ll][Ss][Ee] ]]; then if [[ ${SCHEMA_RESULT} -eq 0 ]] && [[ "${ALL_DATABASES}" =~ [Ff][Aa][Ll][Ss][Ee] ]]; then
echo -e "\e[32m [Entrypoint] Creating schema \e[1;31m ${schema} \e[32m in database \e[1;31m ${SINGLE_DB} \033[0m" echo -e "\e[32m [Entrypoint] Creating schema \e[1;31m ${schema} \e[32m in database \e[1;31m ${SINGLE_DB} \033[0m"
psql ${SINGLE_DB} -U ${POSTGRES_USER} -p 5432 -h localhost -c " CREATE SCHEMA IF NOT EXISTS ${schema};" psql ${SINGLE_DB} -U ${SINGLE_USER} -p 5432 -h localhost -c " CREATE SCHEMA IF NOT EXISTS ${schema};"
elif [[ ${SCHEMA_RESULT} -eq 0 ]] && [[ "${ALL_DATABASES}" =~ [Tt][Rr][Uu][Ee] ]]; then elif [[ ${SCHEMA_RESULT} -eq 0 ]] && [[ "${ALL_DATABASES}" =~ [Tt][Rr][Uu][Ee] ]]; then
echo -e "\e[32m [Entrypoint] Creating schema \e[1;31m ${schema} \e[32m in database \e[1;31m ${db} \033[0m" echo -e "\e[32m [Entrypoint] Creating schema \e[1;31m ${schema} \e[32m in database \e[1;31m ${db} \033[0m"
psql ${db} -U ${POSTGRES_USER} -p 5432 -h localhost -c " CREATE SCHEMA IF NOT EXISTS ${schema};" psql ${db} -U ${SINGLE_USER} -p 5432 -h localhost -c " CREATE SCHEMA IF NOT EXISTS ${schema};"
fi fi
done done
done done

34
scripts/setup-user.sh
Wyświetl plik

@ -16,13 +16,33 @@ source /scripts/env-data.sh
# Slave database will just mirror from master users # Slave database will just mirror from master users
# Check user already exists # Check user already exists
echo "Creating superuser $POSTGRES_USER"
RESULT=`su - postgres -c "psql postgres -t -c \"SELECT 1 FROM pg_roles WHERE rolname = '$POSTGRES_USER'\""` # TODO - Fragile check if a password already contains a comma
COMMAND="ALTER" SUPER_USERS=$(echo "$POSTGRES_USER" | awk -F "," '{print NF-1}')
if [ -z "$RESULT" ]; then SUPER_USERS_PASSWORD=$(echo "$POSTGRES_PASS" | awk -F "," '{print NF-1}')
COMMAND="CREATE"
# check if the number of super users match the number of passwords defined
if [[ ${SUPER_USERS} != ${SUPER_USERS_PASSWORD} ]];then
echo -e "\e[1;31m Number of passwords and users should match \033[0m"
exit 1
else
env_array ${POSTGRES_USER}
for db_user in "${strarr[@]}"; do
env_array ${POSTGRES_PASS}
for db_pass in "${strarr[@]}"; do
echo -e "\e[32m [Entrypoint] creating superuser \e[1;31m ${db_user} \033[0m"
RESULT=`su - postgres -c "psql postgres -t -c \"SELECT 1 FROM pg_roles WHERE rolname = '$db_user'\""`
COMMAND="ALTER"
if [ -z "$RESULT" ]; then
COMMAND="CREATE"
fi
su - postgres -c "psql postgres -c \"$COMMAND USER $db_user WITH SUPERUSER ENCRYPTED PASSWORD '$db_pass';\""
done
done
fi fi
su - postgres -c "psql postgres -c \"$COMMAND USER $POSTGRES_USER WITH SUPERUSER ENCRYPTED PASSWORD '$POSTGRES_PASS';\""
echo "Creating replication user $REPLICATION_USER" echo "Creating replication user $REPLICATION_USER"
@ -32,4 +52,4 @@ if [ -z "$RESULT_REPLICATION" ]; then
COMMANDS="CREATE" COMMANDS="CREATE"
fi fi
su - postgres -c "psql postgres -c \"$COMMANDS USER $REPLICATION_USER WITH REPLICATION ENCRYPTED PASSWORD '$REPLICATION_PASS';\"" su - postgres -c "psql postgres -c \"$COMMANDS USER $REPLICATION_USER WITH REPLICATION ENCRYPTED PASSWORD '$REPLICATION_PASS';\""
su - postgres -c "psql postgres -c \"GRANT pg_read_all_data TO $REPLICATION_USER;\"" #su - postgres -c "psql postgres -c \"GRANT pg_read_all_data TO $REPLICATION_USER;\""