def set_db_to_listen(self, context):
"""Allow remote connections with encrypted passwords."""
LOG.debug(
"{guest_id}: Writing hba file to /tmp/pgsql_hba_config.".format(
guest_id=CONF.guest_id, ))
# Local access from administrative users is implicitly trusted.
#
# Remote access from the Trove's account is always rejected as
# it is not needed and could be used by malicious users to hijack the
# instance.
#
# Connections from other accounts always require a hashed password.
with open('/tmp/pgsql_hba_config', 'w+') as config_file:
config_file.write("local all postgres,os_admin trust\n")
config_file.write("local all all md5\n")
config_file.write(
"host all postgres,os_admin 127.0.0.1/32 trust\n")
config_file.write("host all postgres,os_admin ::1/128 trust\n")
config_file.write(
"host all postgres,os_admin localhost trust\n")
config_file.write("host all os_admin 0.0.0.0/0 reject\n")
config_file.write("host all os_admin ::/0 reject\n")
config_file.write("host all all 0.0.0.0/0 md5\n")
config_file.write("host all all ::/0 md5\n")
operating_system.chown('/tmp/pgsql_hba_config',
'postgres',
None,
recursive=False,
as_root=True)
operating_system.move('/tmp/pgsql_hba_config',
PGSQL_HBA_CONFIG.format(
version=self._get_psql_version(), ),
timeout=30,
as_root=True)
def update_spfile(self):
"""Checks if there is a new SPFILE and replaces the old.
The database must be shutdown before running this.
"""
if operating_system.exists(self.new_spfile, as_root=True):
LOG.debug('Found a new SPFILE.')
operating_system.move(self.new_spfile, self.spfile, force=True)
def set_db_to_listen(self, context):
"""Allow remote connections with encrypted passwords."""
# Using cat to read file due to read permissions issues.
out, err = utils.execute_with_timeout(
'sudo',
'cat',
PGSQL_HBA_CONFIG.format(version=self._get_psql_version(), ),
timeout=30,
)
LOG.debug(
"{guest_id}: Writing hba file to /tmp/pgsql_hba_config.".format(
guest_id=CONF.guest_id, ))
with open('/tmp/pgsql_hba_config', 'w+') as config_file:
config_file.write(out)
config_file.write("host all all 0.0.0.0/0 md5\n")
utils.execute_with_timeout(
'sudo',
'chown',
'postgres',
'/tmp/pgsql_hba_config',
timeout=30,
)
operating_system.move('/tmp/pgsql_hba_config',
PGSQL_HBA_CONFIG.format(
version=self._get_psql_version(), ),
timeout=30,
as_root=True)
def _run_pre_backup(self):
try:
for cmd in self.pre_backup_commands:
utils.execute_with_timeout(*cmd)
root = service.CouchbaseRootAccess()
pw = root.get_password()
self._save_buckets_config(pw)
with open(OUTFILE, "r") as f:
out = f.read()
if out != "[]":
d = json.loads(out)
all_memcached = True
for i in range(len(d)):
bucket_type = d[i]["bucketType"]
if bucket_type != "memcached":
all_memcached = False
break
if not all_memcached:
self._backup(pw)
else:
LOG.info(
_("All buckets are memcached. "
"Skipping backup."))
operating_system.move(OUTFILE, system.COUCHBASE_DUMP_DIR)
if pw != "password":
# Not default password, backup generated root password
operating_system.copy(system.pwd_file,
system.COUCHBASE_DUMP_DIR,
preserve=True,
as_root=True)
except exception.ProcessExecutionError as p:
LOG.error(p)
raise p
def _write_mycnf(self, admin_password, config_contents, overrides=None):
"""
Install the set of mysql my.cnf templates.
Update the os_admin user and password to the my.cnf
file for direct login from localhost.
"""
LOG.info(_("Writing my.cnf templates."))
if admin_password is None:
admin_password = get_auth_password()
try:
with open(TMP_MYCNF, 'w') as t:
t.write(config_contents)
operating_system.move(TMP_MYCNF, MYSQL_CONFIG, as_root=True)
self._write_temp_mycnf_with_admin_account(MYSQL_CONFIG,
TMP_MYCNF,
admin_password)
operating_system.move(TMP_MYCNF, MYSQL_CONFIG, as_root=True)
except Exception:
os.unlink(TMP_MYCNF)
raise
self.wipe_ib_logfiles()
# write configuration file overrides
if overrides:
self._write_config_overrides(overrides)
def _rewind_against_master(self):
"""Call pg_rewind to resync datadir against state of new master
We should already have a recovery.conf file in PGDATA
"""
rconf = operating_system.read_file(self.pgsql_recovery_config,
as_root=True)
regex = re.compile("primary_conninfo = (.*)")
m = regex.search(rconf)
conninfo = m.group(1)
# The recovery.conf file we want should already be there, but pg_rewind
# will delete it, so copy it out first
rec = self.pgsql_recovery_config
tmprec = "/tmp/recovery.conf.bak"
operating_system.move(rec, tmprec, as_root=True)
cmd_full = " ".join([
"pg_rewind", "-D", self.pgsql_data_dir,
'--source-server=' + conninfo
])
out, err = utils.execute("sudo",
"su",
"-",
self.PGSQL_OWNER,
"-c",
"%s" % cmd_full,
check_exit_code=0)
LOG.debug("Got stdout %s and stderr %s from pg_rewind" %
(str(out), str(err)))
operating_system.move(tmprec, rec, as_root=True)
def _rewind_against_master(self, service):
"""Call pg_rewind to resync datadir against state of new master
We should already have a recovery.conf file in PGDATA
"""
rconf = operating_system.read_file(
service.pgsql_recovery_config, codec=stream_codecs.KeyValueCodec(line_terminator="\n"), as_root=True
)
conninfo = rconf["primary_conninfo"].strip()
# The recovery.conf file we want should already be there, but pg_rewind
# will delete it, so copy it out first
rec = service.pgsql_recovery_config
tmprec = "/tmp/recovery.conf.bak"
operating_system.move(rec, tmprec, as_root=True)
cmd_full = " ".join(
[
"pg_rewind",
"-D",
service.pgsql_data_dir,
"--source-pgdata=" + service.pgsql_data_dir,
"--source-server=" + conninfo,
]
)
out, err = utils.execute("sudo", "su", "-", service.pgsql_owner, "-c", "%s" % cmd_full, check_exit_code=0)
LOG.debug("Got stdout %s and stderr %s from pg_rewind" % (str(out), str(err)))
operating_system.move(tmprec, rec, as_root=True)
def _run_pre_backup(self):
try:
for cmd in self.pre_backup_commands:
utils.execute_with_timeout(*cmd)
root = service.CouchbaseRootAccess()
pw = root.get_password()
self._save_buckets_config(pw)
with open(OUTFILE, "r") as f:
out = f.read()
if out != "[]":
d = json.loads(out)
all_memcached = True
for i in range(len(d)):
bucket_type = d[i]["bucketType"]
if bucket_type != "memcached":
all_memcached = False
break
if not all_memcached:
self._backup(pw)
else:
LOG.info(_("All buckets are memcached. "
"Skipping backup."))
operating_system.move(OUTFILE, system.COUCHBASE_DUMP_DIR)
if pw != "password":
# Not default password, backup generated root password
operating_system.copy(system.pwd_file,
system.COUCHBASE_DUMP_DIR,
preserve=True, as_root=True)
except exception.ProcessExecutionError as p:
LOG.error(p)
raise p
def _rewind_against_master(self, service):
"""Call pg_rewind to resync datadir against state of new master
We should already have a recovery.conf file in PGDATA
"""
rconf = operating_system.read_file(
service.pgsql_recovery_config,
codec=stream_codecs.KeyValueCodec(line_terminator='\n'),
as_root=True)
conninfo = rconf['primary_conninfo'].strip()
# The recovery.conf file we want should already be there, but pg_rewind
# will delete it, so copy it out first
rec = service.pgsql_recovery_config
tmprec = "/tmp/recovery.conf.bak"
operating_system.move(rec, tmprec, as_root=True)
cmd_full = " ".join([
"pg_rewind", "-D", service.pgsql_data_dir,
'--source-pgdata=' + service.pgsql_data_dir,
'--source-server=' + conninfo
])
out, err = utils.execute("sudo",
"su",
"-",
service.pgsql_owner,
"-c",
"%s" % cmd_full,
check_exit_code=0)
LOG.debug("Got stdout %s and stderr %s from pg_rewind" %
(str(out), str(err)))
operating_system.move(tmprec, rec, as_root=True)
def _write_mycnf(self, admin_password, config_contents, overrides=None):
"""
Install the set of mysql my.cnf templates.
Update the os_admin user and password to the my.cnf
file for direct login from localhost.
"""
LOG.info(_("Writing my.cnf templates."))
if admin_password is None:
admin_password = get_auth_password()
try:
with open(TMP_MYCNF, 'w') as t:
t.write(config_contents)
operating_system.move(TMP_MYCNF, MYSQL_CONFIG, as_root=True)
self._write_temp_mycnf_with_admin_account(MYSQL_CONFIG, TMP_MYCNF,
admin_password)
operating_system.move(TMP_MYCNF, MYSQL_CONFIG, as_root=True)
except Exception:
os.unlink(TMP_MYCNF)
raise
self.wipe_ib_logfiles()
# write configuration file overrides
if overrides:
self._write_config_overrides(overrides)
def write_config(
self,
config_contents,
execute_function=utils.execute_with_timeout,
mkstemp_function=tempfile.mkstemp,
unlink_function=os.unlink,
):
# first securely create a temp file. mkstemp() will set
# os.O_EXCL on the open() call, and we get a file with
# permissions of 600 by default.
(conf_fd, conf_path) = mkstemp_function()
LOG.debug("Storing temporary configuration at %s." % conf_path)
# write config and close the file, delete it if there is an
# error. only unlink if there is a problem. In normal course,
# we move the file.
try:
os.write(conf_fd, config_contents)
operating_system.move(conf_path, system.CASSANDRA_CONF, as_root=True)
# TODO(denis_makogon): figure out the dynamic way to discover
# configs owner since it can cause errors if there is
# no cassandra user in operating system
operating_system.chown(system.CASSANDRA_CONF, "cassandra", "cassandra", recursive=False, as_root=True)
operating_system.chmod(system.CASSANDRA_CONF, FileMode.ADD_READ_ALL, as_root=True)
except Exception:
LOG.exception(_("Exception generating Cassandra configuration %s.") % conf_path)
unlink_function(conf_path)
raise
finally:
os.close(conf_fd)
LOG.info(_("Wrote new Cassandra configuration."))
def remove_last(self, num_revisions):
count = self.count_revisions()
revision_files = self._delete_revisions(min(count, num_revisions) - 1)
if revision_files:
operating_system.move(revision_files[-1],
self._base_config_path,
force=True,
as_root=self._requires_root)
def write_config(self, config_contents):
"""
Write the redis config.
"""
LOG.debug("Writing Redis config.")
with open(TMP_REDIS_CONF, "w") as fd:
fd.write(config_contents)
operating_system.move(TMP_REDIS_CONF, system.REDIS_CONFIG, as_root=True)
def _write_replication_overrides(self, overrideValues, cnf_file):
LOG.info(_("Writing replication.cnf file."))
with open(MYCNF_REPLCONFIG_TMP, 'w') as overrides:
overrides.write(overrideValues)
LOG.debug("Moving temp replication.cnf into correct location.")
operating_system.move(MYCNF_REPLCONFIG_TMP, cnf_file, as_root=True)
LOG.debug("Setting permissions on replication.cnf.")
operating_system.chmod(cnf_file, FileMode.SET_GRP_RW_OTH_R,
as_root=True)
def write_config(self, config_contents):
"""
Write the redis config.
"""
LOG.debug("Writing Redis config.")
with open(TMP_REDIS_CONF, 'w') as fd:
fd.write(config_contents)
operating_system.move(TMP_REDIS_CONF,
system.REDIS_CONFIG,
as_root=True)
def update_spfile(self):
"""Checks if there is a new SPFILE and replaces the old.
The database must be shutdown before running this.
"""
if operating_system.exists(self.new_spfile, as_root=True):
LOG.debug('Found a new SPFILE.')
operating_system.move(
self.new_spfile,
self.spfile,
force=True
)
def _write_config_overrides(self, overrideValues):
LOG.info(_("Writing new temp overrides.cnf file."))
with open(MYCNF_OVERRIDES_TMP, 'w') as overrides:
overrides.write(overrideValues)
LOG.info(_("Moving overrides.cnf into correct location."))
operating_system.move(MYCNF_OVERRIDES_TMP, MYCNF_OVERRIDES,
as_root=True)
LOG.info(_("Setting permissions on overrides.cnf."))
operating_system.chmod(MYCNF_OVERRIDES, FileMode.SET_GRP_RW_OTH_R,
as_root=True)
def write_mongos_upstart(self):
upstart_contents = system.MONGOS_UPSTART_CONTENTS.format(config_file_placeholder=CONFIG_FILE)
LOG.info(_("Writing %s.") % system.TMP_MONGOS_UPSTART)
with open(system.TMP_MONGOS_UPSTART, "w") as t:
t.write(upstart_contents)
LOG.info(_("Moving %(a)s to %(b)s.") % {"a": system.TMP_MONGOS_UPSTART, "b": system.MONGOS_UPSTART})
operating_system.move(system.TMP_MONGOS_UPSTART, system.MONGOS_UPSTART, as_root=True)
operating_system.remove("/etc/init/mongodb.conf", force=True, as_root=True)
def _write_replication_overrides(self, overrideValues, cnf_file):
LOG.info(_("Writing replication.cnf file."))
with open(MYCNF_REPLCONFIG_TMP, 'w') as overrides:
overrides.write(overrideValues)
LOG.debug("Moving temp replication.cnf into correct location.")
operating_system.move(MYCNF_REPLCONFIG_TMP, cnf_file, as_root=True)
LOG.debug("Setting permissions on replication.cnf.")
operating_system.chmod(cnf_file,
FileMode.SET_GRP_RW_OTH_R,
as_root=True)
def _clear_mysql_config(self):
"""Clear old configs, which can be incompatible with new version."""
LOG.debug("Clearing old MySQL config.")
random_uuid = str(uuid.uuid4())
configs = ["/etc/my.cnf", "/etc/mysql/conf.d", "/etc/mysql/my.cnf"]
for config in configs:
try:
old_conf_backup = "%s_%s" % (config, random_uuid)
operating_system.move(config, old_conf_backup, as_root=True)
LOG.debug("%s saved to %s_%s." % (config, config, random_uuid))
except exception.ProcessExecutionError:
pass
def reset_configuration(self, context, configuration):
"""Reset the PgSql configuration file to the one given.
The configuration parameter is a string containing the full
configuration file that should be used.
"""
config_location = PGSQL_CONFIG.format(version=self._get_psql_version())
LOG.debug("{guest_id}: Writing configuration file to /tmp/pgsql_config.".format(guest_id=CONF.guest_id))
with open("/tmp/pgsql_config", "w+") as config_file:
config_file.write(configuration)
operating_system.chown("/tmp/pgsql_config", "postgres", None, recursive=False, as_root=True)
operating_system.move("/tmp/pgsql_config", config_location, timeout=30, as_root=True)
def _write_config_overrides(self, overrideValues):
LOG.info(_("Writing new temp overrides.cnf file."))
with open(MYCNF_OVERRIDES_TMP, 'w') as overrides:
overrides.write(overrideValues)
LOG.info(_("Moving overrides.cnf into correct location."))
operating_system.move(MYCNF_OVERRIDES_TMP,
MYCNF_OVERRIDES,
as_root=True)
LOG.info(_("Setting permissions on overrides.cnf."))
operating_system.chmod(MYCNF_OVERRIDES,
FileMode.SET_GRP_RW_OTH_R,
as_root=True)
def _clear_mysql_config(self):
"""Clear old configs, which can be incompatible with new version."""
LOG.debug("Clearing old MySQL config.")
random_uuid = str(uuid.uuid4())
configs = ["/etc/my.cnf", "/etc/mysql/conf.d", "/etc/mysql/my.cnf"]
for config in configs:
try:
old_conf_backup = "%s_%s" % (config, random_uuid)
operating_system.move(config, old_conf_backup, as_root=True)
LOG.debug("%s saved to %s_%s." %
(config, config, random_uuid))
except exception.ProcessExecutionError:
pass
def set_db_to_listen(self, context):
"""Allow remote connections with encrypted passwords."""
# Using cat to read file due to read permissions issues.
out, err = utils.execute_with_timeout(
"sudo", "cat", PGSQL_HBA_CONFIG.format(version=self._get_psql_version()), timeout=30
)
LOG.debug("{guest_id}: Writing hba file to /tmp/pgsql_hba_config.".format(guest_id=CONF.guest_id))
with open("/tmp/pgsql_hba_config", "w+") as config_file:
config_file.write(out)
config_file.write("host all all 0.0.0.0/0 md5\n")
operating_system.chown("/tmp/pgsql_hba_config", "postgres", None, recursive=False, as_root=True)
operating_system.move(
"/tmp/pgsql_hba_config", PGSQL_HBA_CONFIG.format(version=self._get_psql_version()), timeout=30, as_root=True
)
def _write_config(self, config_contents):
"""
Update contents of MongoDB configuration file
"""
LOG.info(_("Updating MongoDB config."))
if config_contents:
LOG.info(_("Writing %s.") % system.TMP_CONFIG)
try:
with open(system.TMP_CONFIG, "w") as t:
t.write(config_contents)
LOG.info(_("Moving %(a)s to %(b)s.") % {"a": system.TMP_CONFIG, "b": CONFIG_FILE})
operating_system.move(system.TMP_CONFIG, CONFIG_FILE, as_root=True)
except Exception:
os.unlink(system.TMP_CONFIG)
raise
else:
LOG.debug("Empty config_contents. Do nothing.")
def write_password_to_file(self, root_password):
operating_system.create_directory(system.COUCHBASE_CONF_DIR,
as_root=True)
try:
tempfd, tempname = tempfile.mkstemp()
os.fchmod(tempfd, stat.S_IRUSR | stat.S_IWUSR)
os.write(tempfd, root_password)
os.fchmod(tempfd, stat.S_IRUSR)
os.close(tempfd)
except OSError as err:
message = _("An error occurred in saving password "
"(%(errno)s). %(strerror)s.") % {
"errno": err.errno,
"strerror": err.strerror}
LOG.exception(message)
raise RuntimeError(message)
operating_system.move(tempname, system.pwd_file, as_root=True)
def write_password_to_file(self, root_password):
utils.execute_with_timeout('mkdir', '-p', system.COUCHBASE_CONF_DIR,
run_as_root=True, root_helper='sudo')
try:
tempfd, tempname = tempfile.mkstemp()
os.fchmod(tempfd, stat.S_IRUSR | stat.S_IWUSR)
os.write(tempfd, root_password)
os.fchmod(tempfd, stat.S_IRUSR)
os.close(tempfd)
except OSError as err:
message = _("An error occurred in saving password "
"(%(errno)s). %(strerror)s.") % {
"errno": err.errno,
"strerror": err.strerror}
LOG.exception(message)
raise RuntimeError(message)
operating_system.move(tempname, system.pwd_file, as_root=True)
def write_config(self,
config_contents,
execute_function=utils.execute_with_timeout,
mkstemp_function=tempfile.mkstemp,
unlink_function=os.unlink):
# first securely create a temp file. mkstemp() will set
# os.O_EXCL on the open() call, and we get a file with
# permissions of 600 by default.
(conf_fd, conf_path) = mkstemp_function()
LOG.debug('Storing temporary configuration at %s.' % conf_path)
# write config and close the file, delete it if there is an
# error. only unlink if there is a problem. In normal course,
# we move the file.
try:
os.write(conf_fd, config_contents)
operating_system.move(conf_path,
system.CASSANDRA_CONF,
as_root=True)
# TODO(denis_makogon): figure out the dynamic way to discover
# configs owner since it can cause errors if there is
# no cassandra user in operating system
operating_system.chown(system.CASSANDRA_CONF,
'cassandra',
'cassandra',
recursive=False,
as_root=True)
operating_system.chmod(system.CASSANDRA_CONF,
FileMode.ADD_READ_ALL,
as_root=True)
except Exception:
LOG.exception(
_("Exception generating Cassandra configuration %s.") %
conf_path)
unlink_function(conf_path)
raise
finally:
os.close(conf_fd)
LOG.info(_('Wrote new Cassandra configuration.'))
def _write_password_to_file(self, root_password):
operating_system.create_directory(self.couchbase_conf_dir,
as_root=True)
try:
tempfd, tempname = tempfile.mkstemp()
os.fchmod(tempfd, stat.S_IRUSR | stat.S_IWUSR)
if isinstance(root_password, six.text_type):
root_password = root_password.encode('utf-8')
os.write(tempfd, root_password)
os.fchmod(tempfd, stat.S_IRUSR)
os.close(tempfd)
except OSError as err:
message = _("An error occurred in saving password "
"(%(errno)s). %(strerror)s.") % {
"errno": err.errno,
"strerror": err.strerror}
LOG.exception(message)
raise RuntimeError(message)
operating_system.move(tempname, self.couchbase_pwd_file, as_root=True)
def write_mongos_upstart(self):
upstart_contents = (system.MONGOS_UPSTART_CONTENTS.format(
config_file_placeholder=CONFIG_FILE))
LOG.info(_("Writing %s.") % system.TMP_MONGOS_UPSTART)
with open(system.TMP_MONGOS_UPSTART, 'w') as t:
t.write(upstart_contents)
LOG.info(
_("Moving %(a)s to %(b)s.") % {
'a': system.TMP_MONGOS_UPSTART,
'b': system.MONGOS_UPSTART
})
operating_system.move(system.TMP_MONGOS_UPSTART,
system.MONGOS_UPSTART,
as_root=True)
operating_system.remove('/etc/init/mongodb.conf',
force=True,
as_root=True)
def reset_configuration(self, context, configuration):
"""Reset the PgSql configuration file to the one given.
The configuration parameter is a string containing the full
configuration file that should be used.
"""
config_location = PGSQL_CONFIG.format(
version=self._get_psql_version(),
)
LOG.debug(
"{guest_id}: Writing configuration file to /tmp/pgsql_config."
.format(
guest_id=CONF.guest_id,
)
)
with open('/tmp/pgsql_config', 'w+') as config_file:
config_file.write(configuration)
operating_system.chown('/tmp/pgsql_config', 'postgres', None,
recursive=False, as_root=True)
operating_system.move('/tmp/pgsql_config', config_location, timeout=30,
as_root=True)
def _write_password_to_file(self, root_password):
operating_system.create_directory(self.couchbase_conf_dir,
as_root=True)
try:
tempfd, tempname = tempfile.mkstemp()
os.fchmod(tempfd, stat.S_IRUSR | stat.S_IWUSR)
if isinstance(root_password, six.text_type):
root_password = root_password.encode('utf-8')
os.write(tempfd, root_password)
os.fchmod(tempfd, stat.S_IRUSR)
os.close(tempfd)
except OSError as err:
message = _("An error occurred in saving password "
"(%(errno)s). %(strerror)s.") % {
"errno": err.errno,
"strerror": err.strerror
}
LOG.exception(message)
raise RuntimeError(message)
operating_system.move(tempname, self.couchbase_pwd_file, as_root=True)
def set_db_to_listen(self, context):
"""Allow remote connections with encrypted passwords."""
LOG.debug(
"{guest_id}: Writing hba file to /tmp/pgsql_hba_config.".format(
guest_id=CONF.guest_id,
)
)
# Local access from administrative users is implicitly trusted.
#
# Remote access from the Trove's account is always rejected as
# it is not needed and could be used by malicious users to hijack the
# instance.
#
# Connections from other accounts always require a hashed password.
with open('/tmp/pgsql_hba_config', 'w+') as config_file:
config_file.write(
"local all postgres,os_admin trust\n")
config_file.write(
"local all all md5\n")
config_file.write(
"host all postgres,os_admin 127.0.0.1/32 trust\n")
config_file.write(
"host all postgres,os_admin ::1/128 trust\n")
config_file.write(
"host all postgres,os_admin localhost trust\n")
config_file.write(
"host all os_admin 0.0.0.0/0 reject\n")
config_file.write(
"host all os_admin ::/0 reject\n")
config_file.write(
"host all all 0.0.0.0/0 md5\n")
config_file.write(
"host all all ::/0 md5\n")
operating_system.chown('/tmp/pgsql_hba_config',
'postgres', None, recursive=False, as_root=True)
operating_system.move('/tmp/pgsql_hba_config', PGSQL_HBA_CONFIG.format(
version=self._get_psql_version(),
), timeout=30, as_root=True)
def write_password_to_file(self, root_password):
utils.execute_with_timeout('mkdir',
'-p',
system.COUCHBASE_CONF_DIR,
run_as_root=True,
root_helper='sudo')
try:
tempfd, tempname = tempfile.mkstemp()
os.fchmod(tempfd, stat.S_IRUSR | stat.S_IWUSR)
os.write(tempfd, root_password)
os.fchmod(tempfd, stat.S_IRUSR)
os.close(tempfd)
except OSError as err:
message = _("An error occurred in saving password "
"(%(errno)s). %(strerror)s.") % {
"errno": err.errno,
"strerror": err.strerror
}
LOG.exception(message)
raise RuntimeError(message)
operating_system.move(tempname, system.pwd_file, as_root=True)
def _write_config(self, config_contents):
"""
Update contents of MongoDB configuration file
"""
LOG.info(_("Updating MongoDB config."))
if config_contents:
LOG.info(_("Writing %s.") % system.TMP_CONFIG)
try:
with open(system.TMP_CONFIG, 'w') as t:
t.write(config_contents)
LOG.info(
_("Moving %(a)s to %(b)s.") % {
'a': system.TMP_CONFIG,
'b': CONFIG_FILE
})
operating_system.move(system.TMP_CONFIG,
CONFIG_FILE,
as_root=True)
except Exception:
os.unlink(system.TMP_CONFIG)
raise
else:
LOG.debug("Empty config_contents. Do nothing.")
def _rewind_against_master(self):
"""Call pg_rewind to resync datadir against state of new master
We should already have a recovery.conf file in PGDATA
"""
rconf = operating_system.read_file(self.PGSQL_RECOVERY_CONFIG,
as_root=True)
regex = re.compile("primary_conninfo = (.*)")
m = regex.search(rconf)
conninfo = m.group(1)
# The recovery.conf file we want should already be there, but pg_rewind
# will delete it, so copy it out first
rec = self.PGSQL_RECOVERY_CONFIG
tmprec = "/tmp/recovery.conf.bak"
operating_system.move(rec, tmprec, as_root=True)
cmd_full = " ".join(["pg_rewind", "-D", self.PGSQL_DATA_DIR,
'--source-server=' + conninfo])
out, err = utils.execute("sudo", "su", "-", self.PGSQL_OWNER, "-c",
"%s" % cmd_full, check_exit_code=0)
LOG.debug("Got stdout %s and stderr %s from pg_rewind" %
(str(out), str(err)))
operating_system.move(tmprec, rec, as_root=True)
def prepare_slave(self, service, snapshot):
"""Prepare the environment needed for starting the slave Oracle
processes.
"""
master_info = snapshot['master']
db_name = master_info['db_name']
db_unique_name = ('%(db_name)s_%(replica_label)s' % {
'db_name': db_name,
'replica_label': utils.generate_random_string(6)
})
service.paths.update_db_name(db_name)
# Create necessary directories and set necessary permissions
new_dirs = [
service.paths.db_data_dir, service.paths.db_fast_recovery_logs_dir,
service.paths.db_fast_recovery_dir, service.paths.audit_dir
]
for directory in new_dirs:
operating_system.create_directory(directory,
service.instance_owner,
service.instance_owner_group,
as_root=True)
chown_dirs = [
service.paths.fast_recovery_area, service.paths.admin_dir
]
for directory in chown_dirs:
operating_system.chown(directory,
service.instance_owner,
service.instance_owner_group,
as_root=True)
# Install on the slave files extracted from the master
# (e.g. the control, pfile, password, oracle.cnf file ... etc)
oradata_encoded = master_info['oradata']
tmp_data_path = path.join(TMP_DIR, 'oradata.tar.gz')
operating_system.write_file(tmp_data_path,
oradata_encoded,
codec=stream_codecs.Base64Codec(),
encode=False)
utils.execute_with_timeout('tar',
'-Pxzvf',
tmp_data_path,
run_as_root=True,
root_helper='sudo')
# Put the control file in place
tmp_ctlfile_path = path.join(TMP_DIR, '%s_stby.ctl' % db_name)
operating_system.move(tmp_ctlfile_path,
service.paths.ctlfile1_file,
as_root=True)
operating_system.copy(service.paths.ctlfile1_file,
service.paths.ctlfile2_file,
preserve=True,
as_root=True)
# Set the db_name and db_unique_name via the PFILE which will be
# removed later
operating_system.write_file(service.paths.pfile,
"*.db_unique_name='%s'\n"
"*.db_name='%s'\n" %
(db_unique_name, db_name),
as_root=True)
operating_system.chown(service.paths.pfile,
service.instance_owner,
service.instance_owner_group,
as_root=True,
force=True)
service.admin.delete_conf_cache()
service.admin.ora_config.db_name = db_name
service.admin.ora_config.db_unique_name = db_unique_name
# Set proper permissions on the oratab file
operating_system.chown(service.paths.oratab_file,
service.instance_owner,
service.instance_owner_group,
as_root=True,
force=True)
# Create the listener.ora file and restart
service.configure_listener()
def prepare_slave(self, snapshot):
"""Prepare the environment needed for starting the slave Oracle
processes.
"""
master_info = snapshot['master']
db_name = master_info['db_name']
tmp_dir = '/tmp'
tmp_data_path = path.join(tmp_dir, 'oradata.tar.gz')
orabase_path = CONF.get(MANAGER).oracle_base
orahome_path = CONF.get(MANAGER).oracle_home
db_data_path = path.join(orabase_path, 'oradata', db_name)
fast_recovery_path = path.join(orabase_path, 'fast_recovery_area')
db_fast_recovery_path = path.join(fast_recovery_path, db_name)
audit_path = path.join(orabase_path, 'admin', db_name, 'adump')
admin_path = path.join(orabase_path, 'admin')
# Create necessary directories and set permissions
directories = [db_data_path, db_fast_recovery_path, audit_path]
for directory in directories:
operating_system.create_directory(directory,
system.ORACLE_INSTANCE_OWNER,
system.ORACLE_GROUP_OWNER,
as_root=True)
operating_system.chown(fast_recovery_path,
system.ORACLE_INSTANCE_OWNER,
system.ORACLE_GROUP_OWNER, as_root=True)
operating_system.chown(admin_path, system.ORACLE_INSTANCE_OWNER,
system.ORACLE_GROUP_OWNER, as_root=True)
# Install on the slave files extracted from the master
# (e.g. the control, pfile, password, oracle.cnf file ... etc)
oradata = master_info['oradata']
operating_system.write_file(tmp_data_path, oradata,
codec=stream_codecs.Base64Codec())
utils.execute_with_timeout('tar', '-Pxzvf', tmp_data_path,
run_as_root=True, root_helper='sudo')
# Put the control file in place
tmp_ctlfile_path = path.join(tmp_dir, '%s_stby.ctl' % db_name)
ctlfile1_path = path.join(db_data_path, 'control01.ctl')
ctlfile2_path = path.join(db_fast_recovery_path, 'control02.ctl')
operating_system.move(tmp_ctlfile_path, ctlfile1_path, as_root=True)
operating_system.copy(ctlfile1_path, ctlfile2_path, preserve=True,
as_root=True)
db_unique_name = ('%(db_name)s_%(replica_label)s' %
{'db_name': db_name,
'replica_label': utils.generate_random_string(6)})
# Customize the pfile for slave and put it in the right place.
# The pfile that came from master is owned by the 'oracle' user,
# so we need to change ownership first before editing it.
tmp_pfile_path = path.join(tmp_dir, 'init%s_stby.ora' % db_name)
pfile_path = path.join(orahome_path, 'dbs', 'init%s.ora' % db_name)
operating_system.chown(tmp_pfile_path, getpass.getuser(), None,
as_root=True)
with open(tmp_pfile_path, 'a') as pfile:
pfile.write("*.db_unique_name='%s'\n" % db_unique_name)
# Finished editing pfile, put it in the proper directory and chown
# back to oracle user and group
operating_system.move(tmp_pfile_path, pfile_path, force=True,
as_root=True)
operating_system.chown(pfile_path, system.ORACLE_INSTANCE_OWNER,
system.ORACLE_GROUP_OWNER, as_root=True)
self.ORA_CONF.db_name = db_name
self.ORA_CONF.db_unique_name = db_unique_name
# Set proper permissions on the oratab file
operating_system.chown('/etc/oratab', system.ORACLE_INSTANCE_OWNER,
system.ORACLE_GROUP_OWNER, as_root=True)
# Create the listener.ora file
self._create_lsnr_file()
# Restart the listener
utils.execute_with_timeout("sudo", "su", "-", "oracle", "-c",
"lsnrctl reload",
timeout=CONF.usage_timeout)
def remove_last(self, num_revisions):
count = self.count_revisions()
revision_files = self._delete_revisions(min(count, num_revisions) - 1)
if revision_files:
operating_system.move(revision_files[-1], self._base_config_path, force=True, as_root=self._requires_root)
def prepare_slave(self, snapshot):
"""Prepare the environment needed for starting the slave Oracle
processes.
"""
master_info = snapshot['master']
db_name = master_info['db_name']
tmp_dir = '/tmp'
tmp_data_path = path.join(tmp_dir, 'oradata.tar.gz')
orabase_path = CONF.get(MANAGER).oracle_base
orahome_path = CONF.get(MANAGER).oracle_home
db_data_path = path.join(orabase_path, 'oradata', db_name)
fast_recovery_path = path.join(orabase_path, 'fast_recovery_area')
db_fast_recovery_path = path.join(fast_recovery_path, db_name)
audit_path = path.join(orabase_path, 'admin', db_name, 'adump')
admin_path = path.join(orabase_path, 'admin')
# Create necessary directories and set permissions
directories = [db_data_path, db_fast_recovery_path, audit_path]
for directory in directories:
operating_system.create_directory(directory,
system.ORACLE_INSTANCE_OWNER,
system.ORACLE_GROUP_OWNER,
as_root=True)
operating_system.chown(fast_recovery_path,
system.ORACLE_INSTANCE_OWNER,
system.ORACLE_GROUP_OWNER,
as_root=True)
operating_system.chown(admin_path,
system.ORACLE_INSTANCE_OWNER,
system.ORACLE_GROUP_OWNER,
as_root=True)
# Install on the slave files extracted from the master
# (e.g. the control, pfile, password, oracle.cnf file ... etc)
oradata = master_info['oradata']
operating_system.write_file(tmp_data_path,
oradata,
codec=stream_codecs.Base64Codec())
utils.execute_with_timeout('tar',
'-Pxzvf',
tmp_data_path,
run_as_root=True,
root_helper='sudo')
# Put the control file in place
tmp_ctlfile_path = path.join(tmp_dir, '%s_stby.ctl' % db_name)
ctlfile1_path = path.join(db_data_path, 'control01.ctl')
ctlfile2_path = path.join(db_fast_recovery_path, 'control02.ctl')
operating_system.move(tmp_ctlfile_path, ctlfile1_path, as_root=True)
operating_system.copy(ctlfile1_path,
ctlfile2_path,
preserve=True,
as_root=True)
db_unique_name = ('%(db_name)s_%(replica_label)s' % {
'db_name': db_name,
'replica_label': utils.generate_random_string(6)
})
# Customize the pfile for slave and put it in the right place.
# The pfile that came from master is owned by the 'oracle' user,
# so we need to change ownership first before editing it.
tmp_pfile_path = path.join(tmp_dir, 'init%s_stby.ora' % db_name)
pfile_path = path.join(orahome_path, 'dbs', 'init%s.ora' % db_name)
operating_system.chown(tmp_pfile_path,
getpass.getuser(),
None,
as_root=True)
with open(tmp_pfile_path, 'a') as pfile:
pfile.write("*.db_unique_name='%s'\n" % db_unique_name)
# Finished editing pfile, put it in the proper directory and chown
# back to oracle user and group
operating_system.move(tmp_pfile_path,
pfile_path,
force=True,
as_root=True)
operating_system.chown(pfile_path,
system.ORACLE_INSTANCE_OWNER,
system.ORACLE_GROUP_OWNER,
as_root=True)
self.ORA_CONF.db_name = db_name
self.ORA_CONF.db_unique_name = db_unique_name
# Set proper permissions on the oratab file
operating_system.chown('/etc/oratab',
system.ORACLE_INSTANCE_OWNER,
system.ORACLE_GROUP_OWNER,
as_root=True)
# Create the listener.ora file
self._create_lsnr_file()
# Restart the listener
utils.execute_with_timeout("sudo",
"su",
"-",
"oracle",
"-c",
"lsnrctl reload",
timeout=CONF.usage_timeout)
def prepare_slave(self, service, snapshot):
"""Prepare the environment needed for starting the slave Oracle
processes.
"""
master_info = snapshot['master']
db_name = master_info['db_name']
db_unique_name = ('%(db_name)s_%(replica_label)s' %
{'db_name': db_name,
'replica_label': utils.generate_random_string(6)})
service.paths.update_db_name(db_name)
# Create necessary directories and set necessary permissions
new_dirs = [service.paths.db_data_dir,
service.paths.db_fast_recovery_logs_dir,
service.paths.db_fast_recovery_dir,
service.paths.audit_dir]
for directory in new_dirs:
operating_system.create_directory(directory,
service.instance_owner,
service.instance_owner_group,
as_root=True)
chown_dirs = [service.paths.fast_recovery_area,
service.paths.admin_dir]
for directory in chown_dirs:
operating_system.chown(directory,
service.instance_owner,
service.instance_owner_group,
as_root=True)
# Install on the slave files extracted from the master
# (e.g. the control, pfile, password, oracle.cnf file ... etc)
oradata_encoded = master_info['oradata']
tmp_data_path = path.join(TMP_DIR, 'oradata.tar.gz')
operating_system.write_file(tmp_data_path, oradata_encoded,
codec=stream_codecs.Base64Codec(),
encode=False)
utils.execute_with_timeout('tar', '-Pxzvf', tmp_data_path,
run_as_root=True, root_helper='sudo')
# Put the control file in place
tmp_ctlfile_path = sorted(
operating_system.list_files_in_directory(TMP_DIR,
pattern='*.ctl.bak$',
recursive=True,
as_root=True))[0]
ctlfile_name = path.basename(tmp_ctlfile_path)[:-4]
ctlfile1_path = path.join(service.paths.ctlfile1_dir, ctlfile_name)
operating_system.create_directory(service.paths.ctlfile1_dir,
force=True, user='******',
group='oinstall', as_root=True)
operating_system.create_directory(service.paths.ctlfile2_dir,
force=True, user='******',
group='oinstall', as_root=True)
operating_system.move(
tmp_ctlfile_path, ctlfile1_path, as_root=True)
operating_system.copy(
ctlfile1_path,
service.paths.ctlfile2_dir, preserve=True, as_root=True)
# Set the db_name and db_unique_name via the PFILE which will be
# removed later
operating_system.write_file(service.paths.pfile,
"*.db_unique_name='%s'\n"
"*.db_name='%s'\n"
% (db_unique_name, db_name),
as_root=True)
operating_system.chown(service.paths.pfile,
service.instance_owner,
service.instance_owner_group,
as_root=True, force=True)
service.admin.delete_conf_cache()
service.admin.ora_config.db_name = db_name
service.admin.ora_config.db_unique_name = db_unique_name
# Set proper permissions on the oratab file
operating_system.chown(service.paths.oratab_file,
service.instance_owner,
service.instance_owner_group,
as_root=True, force=True)
# Create the listener.ora file and restart
service.configure_listener()
