def get_current_admin_user(self):
if self._current_admin_user is not None:
return self._current_admin_user
if self.status.is_installed:
return models.PostgreSQLUser(self.ADMIN_USER)
return models.PostgreSQLUser(self.default_superuser_name)
def _get_or_create_replication_user(self, service):
"""There are three scenarios we need to deal with here:
- This is a fresh master, with no replicator user created.
Generate a new u/p
- We are attaching a new slave and need to give it the login creds
Send the creds we have stored in PGDATA/.replpass
- This is a failed-over-to slave, who will have the replicator user
but not the credentials file. Recreate the repl user in this case
"""
LOG.debug("Checking for replicator user")
pwfile = os.path.join(service.pgsql_data_dir, ".replpass")
admin = service.build_admin()
if admin.user_exists(REPL_USER):
if operating_system.exists(pwfile, as_root=True):
LOG.debug("Found existing .replpass, returning pw")
pw = operating_system.read_file(pwfile, as_root=True)
else:
LOG.debug("Found user but not .replpass, recreate")
u = models.PostgreSQLUser(REPL_USER)
admin._drop_user(context=None, user=u)
pw = self._create_replication_user(service, admin, pwfile)
else:
LOG.debug("Found no replicator user, create one")
pw = self._create_replication_user(service, admin, pwfile)
repl_user_info = {
'name': REPL_USER,
'password': pw
}
return repl_user_info
def secure(self, context):
"""Create an administrative user for Trove.
Force password encryption.
Also disable the built-in superuser
"""
password = utils.generate_random_password()
os_admin_db = models.PostgreSQLSchema(self.ADMIN_USER)
os_admin = models.PostgreSQLUser(self.ADMIN_USER, password)
os_admin.databases.append(os_admin_db.serialize())
postgres = models.PostgreSQLUser(self.default_superuser_name)
admin = PgSqlAdmin(postgres)
admin._create_database(context, os_admin_db)
admin._create_admin_user(context, os_admin, encrypt_password=True)
PgSqlAdmin(os_admin).alter_user(context, postgres, None, 'NOSUPERUSER',
'NOLOGIN')
self.set_current_admin_user(os_admin)
def _build_user(self, context, username, acl=None):
"""Build a model representation of a Postgres user.
Include all databases it has access to.
"""
user = models.PostgreSQLUser(username)
if acl:
dbs = [
models.PostgreSQLSchema(row[1].strip(),
character_set=row[2],
collate=row[3]) for row in acl
if row[0] == username and row[1] is not None
]
for d in dbs:
user.databases.append(d.serialize())
return user
def _create_replication_user(self, service, admin, pwfile):
"""Create the replication user. Unfortunately, to be able to
run pg_rewind, we need SUPERUSER, not just REPLICATION privilege
"""
pw = utils.generate_random_password()
operating_system.write_file(pwfile, pw, as_root=True)
operating_system.chown(pwfile, user=service.pgsql_owner,
group=service.pgsql_owner, as_root=True)
operating_system.chmod(pwfile, FileMode.SET_USR_RWX(),
as_root=True)
repl_user = models.PostgreSQLUser(name=REPL_USER, password=pw)
admin._create_user(context=None, user=repl_user)
admin.alter_user(None, repl_user, True,
'REPLICATION', 'SUPERUSER', 'LOGIN')
return pw
def _create_replication_user(self, service, adm_mgr, pwfile):
"""Create the replication user and password file.
Unfortunately, to be able to run pg_rewind, we need SUPERUSER, not just
REPLICATION privilege
"""
pw = utils.generate_random_password()
operating_system.write_file(pwfile, pw, as_root=True)
operating_system.chown(pwfile, user=CONF.database_service_uid,
group=CONF.database_service_uid, as_root=True)
operating_system.chmod(pwfile, FileMode.SET_USR_RWX(),
as_root=True)
LOG.debug(f"File {pwfile} created")
LOG.debug(f"Creating replication user {REPL_USER}")
repl_user = models.PostgreSQLUser(name=REPL_USER, password=pw)
adm_mgr.create_user(repl_user, None,
*('REPLICATION', 'SUPERUSER', 'LOGIN'))
return pw
def do_prepare(self, context, packages, databases, memory_mb, users,
device_path, mount_point, backup_info, config_contents,
root_password, overrides, cluster_config, snapshot):
self.app.install(context, packages)
LOG.debug("Waiting for database first boot.")
if (self.app.status.wait_for_real_status_to_change_to(
trove_instance.ServiceStatuses.RUNNING,
CONF.state_change_wait_time, False)):
LOG.debug("Stopping database prior to initial configuration.")
self.app.stop_db()
if device_path:
device = volume.VolumeDevice(device_path)
device.format()
if os.path.exists(mount_point):
device.migrate_data(mount_point)
device.mount(mount_point)
self.configuration_manager.save_configuration(config_contents)
self.app.apply_initial_guestagent_configuration()
os_admin = models.PostgreSQLUser(self.app.ADMIN_USER)
if backup_info:
backup.restore(context, backup_info, '/tmp')
self.app.set_current_admin_user(os_admin)
if snapshot:
LOG.info("Found snapshot info: " + str(snapshot))
self.attach_replica(context, snapshot, snapshot['config'])
self.app.start_db()
if not backup_info:
self.app.secure(context)
self._admin = PgSqlAdmin(os_admin)
if not cluster_config and self.is_root_enabled(context):
self.status.report_root(context, self.app.default_superuser_name)
