diff options
Diffstat (limited to 'contrib/taler-exchange-dbconfig')
-rwxr-xr-x | contrib/taler-exchange-dbconfig | 186 |
1 files changed, 186 insertions, 0 deletions
diff --git a/contrib/taler-exchange-dbconfig b/contrib/taler-exchange-dbconfig new file mode 100755 index 000000000..eb90ee721 --- /dev/null +++ b/contrib/taler-exchange-dbconfig @@ -0,0 +1,186 @@ +#!/bin/bash +# This file is part of GNU TALER. +# Copyright (C) 2023 Taler Systems SA +# +# TALER is free software; you can redistribute it and/or modify it under the +# terms of the GNU Lesser General Public License as published by the Free Software +# Foundation; either version 2.1, or (at your option) any later version. +# +# TALER is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License along with +# TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> +# +# @author Christian Grothoff +# +# +# Error checking on +set -eu + +RESET_DB=0 +SKIP_DBINIT=0 +FORCE_PERMS=0 +DBUSER="taler-exchange-httpd" +DBGROUP="taler-exchange-db" +CFGFILE="/etc/taler/taler.conf" + +# Parse command-line options +while getopts 'c:g:hprsu:' OPTION; do + case "$OPTION" in + c) + CFGFILE="$OPTARG" + ;; + h) + echo 'Supported options:' + echo " -c FILENAME -- use configuration FILENAME (default: $CFGFILE)" + echo " -g GROUP -- taler-exchange to be run by GROUP (default: $DBGROUP)" + echo " -h -- print this help text" + echo " -r -- reset database (dangerous)" + echo " -p -- force permission setup even without database initialization" + echo " -s -- skip database initialization" + echo " -u USER -- taler-exchange to be run by USER (default: $DBUSER)" + exit 0 + ;; + p) + FORCE_PERMS="1" + ;; + r) + RESET_DB="1" + ;; + s) + SKIP_DBINIT="1" + ;; + u) + DBUSER="$OPTARG" + ;; + ?) + echo "Unrecognized command line option" 1>&2 + exit 1 + ;; + esac +done + +if ! id postgres > /dev/null +then + echo "Could not find 'postgres' user. Please install Postgresql first" + exit 1 +fi + +if [ "$(id -u)" -ne 0 ] +then + echo "This script must be run as root" + exit 1 +fi + +if [ 0 = "$SKIP_DBINIT" ] +then + if ! taler-exchange-dbinit -v 2> /dev/null + then + echo "Required 'taler-exchange-dbinit' not found. Please fix your installation." + exit 1 + fi + DBINIT=$(which taler-exchange-dbinit) +fi + +if ! id "$DBUSER" > /dev/null +then + echo "Could not find '$DBUSER' user. Please set it up first" + exit 1 +fi + +echo "Setting up database user '$DBUSER'." 1>&2 + +if ! sudo -i -u postgres createuser "$DBUSER" 2> /dev/null +then + echo "Database user '$DBUSER' already existed. Continuing anyway." 1>&2 +fi + +DBPATH=$(taler-config \ + -c "$CFGFILE" \ + -s exchangedb-postgres \ + -o CONFIG) + +if ! echo "$DBPATH" | grep "postgres://" > /dev/null +then + echo "Invalid database configuration value '$DBPATH'." 1>&2 + exit 1 +fi + +DBNAME=$(echo "$DBPATH" \ + | sed \ + -e "s/postgres:\/\/.*\///" \ + -e "s/?.*//") + +if sudo -i -u postgres psql "$DBNAME" < /dev/null 2> /dev/null +then + if [ 1 = "$RESET_DB" ] + then + echo "Deleting existing database '$DBNAME'." 1>&2 + if ! sudo -i -u postgres dropdb "$DBNAME" + then + echo "Failed to delete existing database '$DBNAME'" + exit 1 + fi + DO_CREATE=1 + else + echo "Database '$DBNAME' already exists, continuing anyway." + DO_CREATE=0 + fi +else + DO_CREATE=1 +fi + +if [ 1 = "$DO_CREATE" ] +then + echo "Creating database '$DBNAME'." 1>&2 + + if ! sudo -i -u postgres createdb -O "$DBUSER" "$DBNAME" + then + echo "Failed to create database '$DBNAME'" + exit 1 + fi +fi + +if [ 0 = "$SKIP_DBINIT" ] +then + echo "Initializing database '$DBNAME'." 1>&2 + if ! sudo -u "$DBUSER" "$DBINIT" -c "$CFGFILE" + then + echo "Failed to initialize database schema" + exit 1 + fi +fi + +if [ 0 = "$SKIP_DBINIT" ] || [ 1 = "$FORCE_PERMS" ] +then + DB_GRP="$(getent group "$DBGROUP" | sed -e "s/.*://g" -e "s/,/ /g")" + echo "Initializing permissions for '$DB_GRP'." 1>&2 + for GROUPIE in $DB_GRP + do + if [ "$GROUPIE" != "$DBUSER" ] + then + if ! sudo -i -u postgres createuser "$GROUPIE" 2> /dev/null + then + echo "Database user '$GROUPIE' already existed. Continuing anyway." 1>&2 + fi + echo -e 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO "'"$GROUPIE"'";\n' \ + 'GRANT USAGE ON ALL SEQUENCES IN SCHEMA exchange TO "'"$GROUPIE"'";\n' \ + | sudo -u "$DBUSER" psql "$DBNAME" + echo -e 'GRANT USAGE ON SCHEMA exchange TO "'"$GROUPIE"'"' \ + | sudo -u "$DBUSER" psql "$DBNAME" + # FIXME: double-check the following GRANTs + echo -e 'GRANT USAGE ON SCHEMA _v TO "'"$GROUPIE"'"' \ + | sudo -u "$DBUSER" psql "$DBNAME" + echo -e 'GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA _v TO "'"$GROUPIE"'"' \ + | sudo -u "$DBUSER" psql "$DBNAME" + + + fi + done +fi + +echo "Database configuration finished." 1>&2 + +exit 0 |