commit 336c56fabead0b2eb242efb8849b79961f322d1c
parent d42eb3fd52ce410442a8eb7900cbc9b81dd42362
Author: Antoine A <>
Date: Fri, 16 Aug 2024 14:24:45 +0200
common: support only nexus or bank in libeufin-dbconfig
Diffstat:
1 file changed, 130 insertions(+), 123 deletions(-)
diff --git a/contrib/libeufin-dbconfig b/contrib/libeufin-dbconfig
@@ -1,6 +1,6 @@
#!/bin/bash
# This file is part of GNU TALER.
-# Copyright (C) 2023 Taler Systems SA
+# Copyright (C) 2023-2024 Taler Systems SA
#
# TALER is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
@@ -21,8 +21,10 @@ set -eu
# 1 is true, 0 is false
RESET_DB=0
-SKIP_DBINIT=0
FORCE_PERMS=0
+SKIP_INIT=0
+SKIP_NEXUS=0
+SKIP_BANK=0
NEXUS_DBUSER="libeufin-nexus"
BANK_DBUSER="libeufin-bank"
NEXUS_CFGFILE="/etc/libeufin/libeufin-nexus.conf"
@@ -33,34 +35,43 @@ function exit_fail() {
exit 1
}
+VALID_ARGS=`getopt -o hrspu:v: -l help,reset,skip,permissions,nexus-user:,bank-user:,only-nexus,only-bank -n 'libeufin-dbconfig' -- "$@"`
+
+if [ $? != 0 ] ;
+then
+ exit 1 ;
+fi
+eval set -- "$VALID_ARGS"
+
+function usage {
+ cat - <<EOF
+libeufin-dbconfig
+Setup databases for libeufin components.
+Arguments mandatory for long options are also mandatory for short options.
+ -h, --help print this help
+ -r, --reset reset database (dangerous)
+ -s, --skip skip database initialization
+ -p, --permissions force permission setup even without database initialization
+ -u, --nexus-user=NEXUS_USER libeufin-nexus to be run by USER (default: $NEXUS_DBUSER)
+ -v, --bank-user=BANK_USER libeufin-bank to be run by USER (default: $BANK_DBUSER)
+ --only-nexus run only for libeufin-nexus db
+ --only-bank run only for libeufin-bank db
+EOF
+}
+
# Parse command-line options
-while getopts ':hn:b:d:rsu:v:' OPTION; do
- case "$OPTION" in
- h)
- echo 'Supported options:'
- echo " -r -- reset database (dangerous)"
- echo " -s -- skip database initialization"
- echo " -p -- force permission setup even without database initialization"
- echo " -u NEXUS_USER -- libeufin-nexus to be run by USER (default: $NEXUS_DBUSER)"
- echo " -v BANK_USER -- libeufin-bank to be run by USER (default: $BANK_DBUSER)"
- exit 0
- ;;
- r)
- RESET_DB="1"
- ;;
- s)
- SKIP_DBINIT="1"
- ;;
- u)
- NEXUS_DBUSER="$OPTARG"
- ;;
- v)
- BANK_DBUSER="$OPTARG"
- ;;
-
- ?)
- exit_fail "Unrecognized command line option"
- ;;
+while true; do
+ case "$1" in
+ -h | --help) usage; exit 0 ;;
+ -r | --reset) RESET_DB="1"; shift ;;
+ -s | --skip) SKIP_INIT="1"; shift ;;
+ -p | --permissions) FORCE_PERMS="1"; shift ;;
+ --only-nexus) SKIP_BANK="1"; shift ;;
+ --only-bank) SKIP_NEXUS="1"; shift ;;
+ -u | --nexus-user) NEXUS_DBUSER="$1"; shift 2 ;;
+ -v | --bank-user) BANK_DBUSER="$1"; shift 2 ;;
+ --) shift; break ;;
+ *) usage; exit 1 ;;
esac
done
@@ -72,77 +83,75 @@ if [ "$(id -u)" -ne 0 ]; then
exit_fail "This script must be run as root"
fi
-# If dbinit, then check if the tools are available.
-if [ 0 = "$SKIP_DBINIT" ]; then
- if ! libeufin-nexus-dbinit --help 1>/dev/null; then
- exit_fail "Required 'libeufin-nexus-dbinit' not found. Please fix your installation."
+# Check tools availability if they are going to be used
+function check_availability {
+ if ! $1 --help 1>/dev/null; then
+ exit_fail "Required '$1' not found. Please fix your installation."
+ fi
+ echo $(which $1)
+}
+if [ 0 = "$SKIP_INIT" ]; then
+ if [ 0 = "$SKIP_BANK" ]; then
+ BANK_DBINIT=$(check_availability libeufin-bank-dbinit)
fi
- NEXUS_DBINIT=$(which libeufin-nexus-dbinit)
- if ! libeufin-bank-dbinit --help 1>/dev/null; then
- exit_fail "Required 'libeufin-bank-dbinit' not found. Please fix your installation."
+ if [ 0 = "$SKIP_NEXUS" ]; then
+ NEXUS_DBINIT=$(check_availability libeufin-nexus-dbinit)
fi
- BANK_DBINIT=$(which libeufin-bank-dbinit)
fi
-# Before running the tools, check if the OS users exist.
-if ! id "$NEXUS_DBUSER" >/dev/null; then
- echo "Could not find '$NEXUS_DBUSER' user. Cannot continue"
-fi
-if ! id "$BANK_DBUSER" >/dev/null; then
- exit_fail "Could not find '$BANK_DBUSER' user. Cannot continue"
-fi
+# Check OS users exist
+function check_os_user {
+ if ! id "$1" >/dev/null; then
+ exit_fail "Could not find '$1' user. Cannot continue"
+ fi
+}
+if [ 0 = "$SKIP_BANK" ]; then check_os_user "$BANK_DBUSER"; fi
+if [ 0 = "$SKIP_NEXUS" ]; then check_os_user "$NEXUS_DBUSER"; fi
+
+# Create DB users matching OS users names
+function create_db_user {
+ echo "Setting up database user '$1'." 1>&2
+ if ! sudo -i -u postgres createuser "$1" 2>/dev/null; then
+ echo "Database user '$1' already existed. Continuing anyway." 1>&2
+ fi
+}
+if [ 0 = "$SKIP_BANK" ]; then create_db_user "$BANK_DBUSER"; fi
+if [ 0 = "$SKIP_NEXUS" ]; then create_db_user "$NEXUS_DBUSER"; fi
-# Now provide the DB users, whose names match the OS users.
-echo "Setting up database user $NEXUS_DBUSER." 1>&2
-if ! sudo -i -u postgres createuser "$NEXUS_DBUSER" 2>/dev/null; then
- echo "Database user '$NEXUS_DBUSER' already existed. Continuing anyway." 1>&2
-fi
+# Check database name
+function get_db_name {
+ if ! echo "$1" | grep "postgres://" >/dev/null; then
+ exit_fail "Invalid libeufin-$2 database configuration value '$1'."
+ fi
-echo "Setting up database user $BANK_DBUSER." 1>&2
-if ! sudo -i -u postgres createuser "$BANK_DBUSER" 2>/dev/null; then
- echo "Database user '$BANK_DBUSER' already existed. Continuing anyway." 1>&2
+ # Remove URI, host and query from postgres URI.
+ echo $(echo "$1" | sed -e 's|postgres://.*/||' -e 's|?.*||')
+}
+if [ 0 = "$SKIP_BANK" ]; then
+ BANK_DBNAME=$(get_db_name $(libeufin-bank config get libeufin-bankdb-postgres CONFIG) "bank")
fi
-
-# When using this dbconfig script, the libeufin-bank and libeufin-nexus
-# databases *must* match.
-
-NEXUS_DBPATH=$(libeufin-nexus config get nexus-postgres CONFIG | libeufin-nexus config get libeufin-nexusdb-postgres CONFIG)
-
-if ! echo "$NEXUS_DBPATH" | grep "postgres://" >/dev/null; then
- echo "Invalid libeufin-nexus database configuration value '$NEXUS_DBPATH'." 1>&2
- exit 1
+if [ 0 = "$SKIP_NEXUS" ]; then
+ NEXUS_DBNAME=$(get_db_name $(libeufin-nexus config get nexus-postgres CONFIG 2> /dev/null | libeufin-nexus config get libeufin-nexusdb-postgres CONFIG) "nexus")
fi
-# Remove URI, host and query from postgres URI.
-NEXUS_DBNAME=$(echo "$NEXUS_DBPATH" | sed -e 's|postgres://.*/||' -e 's|?.*||')
-
-BANK_DBPATH=$(libeufin-bank config get libeufin-bankdb-postgres CONFIG)
-
-if ! echo "$BANK_DBPATH" | grep "postgres://" >/dev/null; then
- echo "Invalid libeufin-bank database configuration value '$BANK_DBPATH'." 1>&2
- exit 1
+# If using both components they must use the same database
+if [[ 0 = "$SKIP_BANK" && 0 = "$SKIP_NEXUS" && "$NEXUS_DBNAME" != "$BANK_DBNAME" ]]; then
+ exit_fail "Database names for libeufin-bank and libeufin-nexus must match ($NEXUS_DBNAME vs $BANK_DBNAME)"
fi
-# Remove URI, host and query from postgres URI.
-BANK_DBNAME=$(echo "$BANK_DBPATH" | sed -e 's|postgres://.*/||' -e 's|?.*||')
-
-if [[ $NEXUS_DBNAME != "$BANK_DBNAME" ]]; then
- echo "Database names for libeufin-bank and libeufin-nexus must match ($NEXUS_DBNAME vs $BANK_DBNAME)" 1>&2
- exit 1
+if [ 0 = "$SKIP_BANK" ]; then
+ DBNAME=$BANK_DBNAME
+ DBUSER=$BANK_DBUSER
+else
+ DBNAME=$NEXUS_DBNAME
+ DBUSER=$NEXUS_DBUSER
fi
-# Both are the same now!
-DBNAME=$BANK_DBNAME
-# The DB is created by the nexus user.
-# This is an arbitrary choice we make here.
-DBUSER=$NEXUS_DBUSER
-
if sudo -i -u postgres psql "$DBNAME" </dev/null 2>/dev/null; then
if [ 1 = "$RESET_DB" ]; then
echo "Deleting existing database '$DBNAME'." 1>&2
if ! sudo -i -u postgres dropdb "$DBNAME"; then
- echo "Failed to delete existing database '$DBNAME'"
- exit 1
+ exit_fail "Failed to delete existing database '$DBNAME'"
fi
DO_CREATE=1
else
@@ -156,60 +165,57 @@ fi
if [ 1 = "$DO_CREATE" ]; then
echo "Creating database '$DBNAME'." 1>&2
if ! sudo -i -u postgres createdb -O "$DBUSER" "$DBNAME"; then
- echo "Failed to create database '$DBNAME'"
- exit 1
+ exit_fail "Failed to create database '$DBNAME'"
fi
fi
-# We first initialize the libeufin-nexus DB
-# and then adjust permissions for the _v schema,
-# so that libeufin-bank can properly initialize
-# its DB without running into permission problems.
-
-if [ 0 = "$SKIP_DBINIT" ]; then
- echo "Initializing database '$DBNAME' for libeufin-nexus." 1>&2
- sudo -u "$NEXUS_DBUSER" "$NEXUS_DBINIT" -c "$NEXUS_CFGFILE"
-fi
+# TODO: add a command to only init the _v schema for a simpler init logic
-if [ 0 = "$SKIP_DBINIT" ] || [ 1 = "$FORCE_PERMS" ]; then
- echo "Setting postgres permissions for $BANK_DBUSER" 1>&2
- if ! echo "GRANT ALL PRIVILEGES ON DATABASE $DBNAME TO \"$BANK_DBUSER\"" |
+function grant_db_access {
+ if ! echo "GRANT ALL PRIVILEGES ON DATABASE $DBNAME TO \"$1\"" |
sudo -i -u postgres psql "$DBNAME"; then
- exit_fail "Failed to grant access to database '$DBNAME' to '$BANK_DBUSER'."
+ exit_fail "Failed to grant access to database '$DBNAME' to '$1'."
fi
- if ! echo "GRANT USAGE ON SCHEMA _v TO \"$BANK_DBUSER\"" |
- sudo -i -u postgres psql "$DBNAME"; then
- exit_fail "Failed to grant usage privilege on schema '_v' to '$BANK_DBUSER'."
- fi
- if ! echo "GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA _v TO \"$BANK_DBUSER\"" |
+}
+function grant_schema_access {
+ if ! echo "GRANT USAGE ON SCHEMA $2 TO \"$1\"" |
sudo -i -u postgres psql "$DBNAME"; then
- exit_fail "Failed to grant access to schema '_v' to '$BANK_DBUSER'."
+ exit_fail "Failed to grant usage privilege on schema '$2' to '$1'."
fi
- if ! echo "GRANT USAGE ON SCHEMA libeufin_nexus TO \"$BANK_DBUSER\"" |
+ if ! echo "GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA $2 TO \"$1\"" |
sudo -i -u postgres psql "$DBNAME"; then
- exit_fail "Failed to grant usage privilege on schema 'libeufin_nexus' to '$BANK_DBUSER'."
+ exit_fail "Failed to grant access to schema '$2' to '$1'."
fi
- if ! echo "GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA libeufin_nexus TO \"$BANK_DBUSER\"" |
- sudo -i -u postgres psql "$DBNAME"; then
- exit_fail "Failed to grant all privileges on schema 'libeufin_nexus' to '$BANK_DBUSER'."
+}
+
+# Init database with one of the users to create the _v schema
+if [ 0 = "$SKIP_INIT" ]; then
+ if [ 0 = "$SKIP_BANK" ]; then
+ echo "Initializing database '$DBNAME' for libeufin-bank." 1>&2
+ sudo -u "$BANK_DBUSER" "$BANK_DBINIT" -c "$BANK_CFGFILE"
+ else
+ echo "Initializing database '$DBNAME' for libeufin-nexus." 1>&2
+ sudo -u "$NEXUS_DBUSER" "$NEXUS_DBINIT" -c "$NEXUS_CFGFILE"
fi
fi
-if [ 0 = "$SKIP_DBINIT" ]; then
- echo "Initializing database '$DBNAME' for libeufin-bank." 1>&2
- sudo -u "$BANK_DBUSER" "$BANK_DBINIT" -c "$BANK_CFGFILE"
+# nexus permission to access db and _v schema if bank init the database
+if [[ 0 = "$SKIP_INIT" || 1 = "$FORCE_PERMS" ]] && [[ 0 = "$SKIP_BANK" && 0 = "$SKIP_NEXUS" ]]; then
+ echo "Setting postgres permissions for '$NEXUS_DBUSER'" 1>&2
+ grant_db_access "$NEXUS_DBUSER"
+ grant_schema_access "$NEXUS_DBUSER" "_v"
fi
-if [ 0 = "$SKIP_DBINIT" ] || [ 1 = "$FORCE_PERMS" ]; then
- echo "Setting postgres permissions for $NEXUS_DBUSER" 1>&2
- if ! echo "GRANT USAGE ON SCHEMA libeufin_bank TO \"$NEXUS_DBUSER\"" |
- sudo -i -u postgres psql "$DBNAME"; then
- exit_fail "Failed to grant usage privilege on schema 'libeufin_bank' to '$NEXUS_DBUSER'."
- fi
- if ! echo "GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA libeufin_bank TO \"$NEXUS_DBUSER\"" |
- sudo -i -u postgres psql "$DBNAME"; then
- exit_fail "Failed to grant all privileges on schema 'libeufin_bank' to '$NEXUS_DBUSER'."
- fi
+# DB initalization for nexus if both component are setup
+if [[ 0 = "$SKIP_INIT" && 0 = "$SKIP_BANK" && 0 = "$SKIP_NEXUS" ]]; then
+ echo "Initializing database '$DBNAME' for libeufin-nexus." 1>&2
+ sudo -u "$NEXUS_DBUSER" "$NEXUS_DBINIT" -c "$NEXUS_CFGFILE"
+fi
+
+# bank permission to access nexus schema if both component are setup
+if [[ 0 = "$SKIP_INIT" || 1 = "$FORCE_PERMS" ]] && [[ 0 = "$SKIP_BANK" && 0 = "$SKIP_NEXUS" ]]; then
+ echo "Setting postgres permissions for '$BANK_DBUSER'" 1>&2
+ grant_schema_access "$BANK_DBUSER" "libeufin_nexus"
fi
-echo "Database configuration finished." 1>&2
+echo "Database configuration finished." 1>&2
+\ No newline at end of file
