Merge pull request #273 from NyakudyaA/user-create

Fix passwords to use all characters
pull/291/head
mazano 2020-12-09 17:54:00 +02:00 zatwierdzone przez GitHub
commit e6bc0fb17d
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: 4AEE18F83AFDEB23
2 zmienionych plików z 32 dodań i 9 usunięć

Wyświetl plik

@ -148,7 +148,7 @@ In addition to that, we have another parameter: `RECREATE_DATADIR` that can be u
If this parameter is specified as `TRUE` it will act as explicit consent to delete `DATADIR` and create If this parameter is specified as `TRUE` it will act as explicit consent to delete `DATADIR` and create
new db cluster. new db cluster.
* `RECREATE_DATADIR`: Force database reinitializations in the location `DATADIR` * `RECREATE_DATADIR`: Force database reinitialization in the location `DATADIR`
If you used `RECREATE_DATADIR` and successfully created new cluster. Remember If you used `RECREATE_DATADIR` and successfully created new cluster. Remember
that you should remove this parameter afterwards. Because, if it was not omitted, that you should remove this parameter afterwards. Because, if it was not omitted,
@ -190,6 +190,9 @@ user name, password and/or default database name(or multiple databases comma sep
* `-e POSTGRES_USER=<PGUSER>` * `-e POSTGRES_USER=<PGUSER>`
* `-e POSTGRES_PASS=<PGPASSWORD>` * `-e POSTGRES_PASS=<PGPASSWORD>`
**NB** You should use a strong passwords. If you are using docker-compose make sure
docker can interpolate the password. Example using a password with a `$` you will
need to escape it ie `$$`
* `-e POSTGRES_DBNAME=<PGDBNAME>` * `-e POSTGRES_DBNAME=<PGDBNAME>`
* `-e POSTGRES_MULTIPLE_EXTENSIONS=postgis,hstore,postgis_topology,postgis_raster,pgrouting` * `-e POSTGRES_MULTIPLE_EXTENSIONS=postgis,hstore,postgis_topology,postgis_raster,pgrouting`

Wyświetl plik

@ -14,24 +14,44 @@ source /scripts/env-data.sh
# Only create credentials if this is a master database # Only create credentials if this is a master database
# Slave database will just mirror from master users # Slave database will just mirror from master users
echo "Setup postgres User:Password"
echo "postgresql user: $POSTGRES_USER" > /tmp/PGPASSWORD.txt
echo "postgresql password: $POSTGRES_PASS" >> /tmp/PGPASSWORD.txt
# Check user already exists echo "$POSTGRES_PASS" >> /tmp/PGPASSWORD.txt
echo "Creating superuser $POSTGRES_USER" # Check super user already exists
RESULT=`su - postgres -c "psql postgres -t -c \"SELECT 1 FROM pg_roles WHERE rolname = '$POSTGRES_USER'\""` RESULT=`su - postgres -c "psql postgres -t -c \"SELECT 1 FROM pg_roles WHERE rolname = '$POSTGRES_USER'\""`
COMMAND="ALTER" COMMAND="ALTER"
if [ -z "$RESULT" ]; then if [ -z "$RESULT" ]; then
COMMAND="CREATE" COMMAND="CREATE"
fi fi
su - postgres -c "psql postgres -c \"$COMMAND USER $POSTGRES_USER WITH SUPERUSER ENCRYPTED PASSWORD '$POSTGRES_PASS';\""
echo "Creating replication user $REPLICATION_USER" echo "Creating superuser user $POSTGRES_USER using $PASSWORD_AUTHENTICATION authentication "
if [ PASSWORD_AUTHENTICATION="md5" ]; then
PG_PASS=$(U=$POSTGRES_USER; P=$(cat /tmp/PGPASSWORD.txt); echo -n md5; echo -n $P$U | md5sum | cut -d' ' -f1)
su - postgres -c "psql postgres -c \"$COMMAND USER $POSTGRES_USER WITH SUPERUSER PASSWORD '$PG_PASS';\""
elif [ PASSWORD_AUTHENTICATION="scram-sha-256" ]; then
PG_PASS=$(U=$POSTGRES_USER; P=$(cat /tmp/PGPASSWORD.txt); echo -n sha256; echo -n $P$U | sha256sum | cut -d' ' -f1)
su - postgres -c "psql postgres -c \"$COMMAND USER $POSTGRES_USER WITH SUPERUSER PASSWORD '$PG_PASS';\""
fi
echo "$REPLICATION_PASS" >> /tmp/REPLICATION_PASS.txt
# Check replication user already exists
RESULT_REPLICATION=`su - postgres -c "psql postgres -t -c \"SELECT 1 FROM pg_roles WHERE rolname = '$REPLICATION_USER'\""` RESULT_REPLICATION=`su - postgres -c "psql postgres -t -c \"SELECT 1 FROM pg_roles WHERE rolname = '$REPLICATION_USER'\""`
COMMANDS="ALTER" COMMANDS="ALTER"
if [ -z "$RESULT_REPLICATION" ]; then if [ -z "$RESULT_REPLICATION" ]; then
COMMANDS="CREATE" COMMANDS="CREATE"
fi fi
su - postgres -c "psql postgres -c \"$COMMANDS USER $REPLICATION_USER WITH REPLICATION ENCRYPTED PASSWORD '$REPLICATION_PASS';\""
if [ -z "$RESULT" ]; then
COMMAND="CREATE"
fi
echo "Creating replication user $REPLICATION_USER using $PASSWORD_AUTHENTICATION authentication "
if [ PASSWORD_AUTHENTICATION="md5" ]; then
REP_PASS=$(U=$REPLICATION_USER; P=$(cat /tmp/REPLICATION_PASS.txt); echo -n md5; echo -n $P$U | md5sum | cut -d' ' -f1)
su - postgres -c "psql postgres -c \"$COMMANDS USER $REPLICATION_USER WITH REPLICATION PASSWORD '$REP_PASS';\""
elif [ PASSWORD_AUTHENTICATION="scram-sha-256" ]; then
REP_PASS=$(U=$REPLICATION_USER; P=$(cat /tmp/REPLICATION_PASS.txt); echo -n sha256; echo -n $P$U | sha256sum | cut -d' ' -f1)
su - postgres -c "psql postgres -c \"$COMMANDS USER $REPLICATION_USER WITH REPLICATION PASSWORD '$REP_PASS';\""
fi
rm /tmp/PGPASSWORD.txt /tmp/REPLICATION_PASS.txt