def get_current_admin_user(self): if self._current_admin_user is not None: return self._current_admin_user if self.status.is_installed: return models.PostgreSQLUser(self.ADMIN_USER) return models.PostgreSQLUser(self.default_superuser_name)
def _get_or_create_replication_user(self, service): """There are three scenarios we need to deal with here: - This is a fresh master, with no replicator user created. Generate a new u/p - We are attaching a new slave and need to give it the login creds Send the creds we have stored in PGDATA/.replpass - This is a failed-over-to slave, who will have the replicator user but not the credentials file. Recreate the repl user in this case """ LOG.debug("Checking for replicator user") pwfile = os.path.join(service.pgsql_data_dir, ".replpass") admin = service.build_admin() if admin.user_exists(REPL_USER): if operating_system.exists(pwfile, as_root=True): LOG.debug("Found existing .replpass, returning pw") pw = operating_system.read_file(pwfile, as_root=True) else: LOG.debug("Found user but not .replpass, recreate") u = models.PostgreSQLUser(REPL_USER) admin._drop_user(context=None, user=u) pw = self._create_replication_user(service, admin, pwfile) else: LOG.debug("Found no replicator user, create one") pw = self._create_replication_user(service, admin, pwfile) repl_user_info = {'name': REPL_USER, 'password': pw} return repl_user_info
def _create_admin_user(self, context, databases=None): """Create an administrative user for Trove. Force password encryption. """ password = utils.generate_random_password() os_admin = models.PostgreSQLUser(self.ADMIN_USER, password) if databases: os_admin.databases.extend([db.serialize() for db in databases]) self._create_user(context, os_admin, True, *self.ADMIN_OPTIONS)
def _build_user(self, context, username): """Build a model representation of a Postgres user. Include all databases it has access to. """ user = models.PostgreSQLUser(username) dbs = self.list_access(context, username, None) for d in dbs: user.databases.append(d) return user
def _build_user(self, context, username): """Build a model representation of a Postgres user. Include all databases it has access to. """ user = models.PostgreSQLUser(username) # The setter for DatastoreScema.databases is broken; manually # rebuild the list of dbs this user has access to dbs = self.list_access(context, username, None) for d in dbs: user.databases.append(d) return user
def secure(self, context): """Create an administrative user for Trove. Force password encryption. Also disable the built-in superuser """ password = utils.generate_random_password() os_admin_db = models.PostgreSQLSchema(self.ADMIN_USER) os_admin = models.PostgreSQLUser(self.ADMIN_USER, password) os_admin.databases.append(os_admin_db.serialize()) postgres = models.PostgreSQLUser(self.default_superuser_name) admin = PgSqlAdmin(postgres) admin._create_database(context, os_admin_db) admin._create_admin_user(context, os_admin, encrypt_password=True) PgSqlAdmin(os_admin).alter_user(context, postgres, None, 'NOSUPERUSER', 'NOLOGIN') self.set_current_admin_user(os_admin)
def _build_user(self, context, username, acl=None): """Build a model representation of a Postgres user. Include all databases it has access to. """ user = models.PostgreSQLUser(username) if acl: dbs = [ models.PostgreSQLSchema(row[1].strip(), character_set=row[2], collate=row[3]) for row in acl if row[0] == username and row[1] is not None ] for d in dbs: user.databases.append(d.serialize()) return user
def _create_replication_user(self, service, admin, pwfile): """Create the replication user. Unfortunately, to be able to run pg_rewind, we need SUPERUSER, not just REPLICATION privilege """ pw = utils.generate_random_password() operating_system.write_file(pwfile, pw, as_root=True) operating_system.chown(pwfile, user=service.pgsql_owner, group=service.pgsql_owner, as_root=True) operating_system.chmod(pwfile, FileMode.OCTAL_MODE("0600"), as_root=True) repl_user = models.PostgreSQLUser(name=REPL_USER, password=pw) admin._create_user(context=None, user=repl_user) admin.alter_user(None, repl_user, True, 'REPLICATION', 'LOGIN') return pw
def do_prepare(self, context, packages, databases, memory_mb, users, device_path, mount_point, backup_info, config_contents, root_password, overrides, cluster_config, snapshot): self.app.install(context, packages) LOG.debug("Waiting for database first boot.") if (self.app.status.wait_for_real_status_to_change_to( trove_instance.ServiceStatuses.RUNNING, CONF.state_change_wait_time, False)): LOG.debug("Stopping database prior to initial configuration.") self.app.stop_db() if device_path: device = volume.VolumeDevice(device_path) device.format() if os.path.exists(mount_point): device.migrate_data(mount_point) device.mount(mount_point) self.configuration_manager.save_configuration(config_contents) self.app.apply_initial_guestagent_configuration() os_admin = models.PostgreSQLUser(self.app.ADMIN_USER) if backup_info: backup.restore(context, backup_info, '/tmp') self.app.set_current_admin_user(os_admin) if snapshot: LOG.info("Found snapshot info: " + str(snapshot)) self.attach_replica(context, snapshot, snapshot['config']) self.app.start_db() if not backup_info: self.app.secure(context) self._admin = PgSqlAdmin(os_admin) if not cluster_config and self.is_root_enabled(context): self.status.report_root(context, self.app.default_superuser_name)
def _get_or_create_replication_user(self): # There are three scenarios we need to deal with here: # - This is a fresh master, with no replicator user created. # Generate a new u/p # - We are attaching a new slave and need to give it the login creds # Send the creds we have stored in PGDATA/.replpass # - This is a failed-over-to slave, who will have the replicator user # but not the credentials file. Recreate the repl user in this case pwfile = os.path.join(self.pgsql_data_dir, ".replpass") if self.user_exists(REPL_USER): if operating_system.exists(pwfile, as_root=True): pw = operating_system.read_file(pwfile, as_root=True) else: u = models.PostgreSQLUser(REPL_USER) self._drop_user(context=None, user=u) pw = self._create_replication_user(pwfile) else: pw = self._create_replication_user(pwfile) repl_user_info = {'name': REPL_USER, 'password': pw} return repl_user_info