--system
sudo usermod --home /home/mysql mysql
sudo adduser mysql mysql-data
- sudo install -m 644 -o mysql -g mysql \
- "$tool"/etc/mysql/my.cnf \
- /etc/mysql/my.cnf
sudo install -d -m 751 -o mysql -g mysql \
/home/mysql
sudo rm -rf /etc/mysql
sudo install -d -m 750 -o mysql -g mysql \
/etc/mysql \
+ /etc/mysql/conf.d \
/home/mysql/etc
sudo ln -fns \
/etc/mysql \
/home/mysql/etc/mysql
+ sudo install -m 644 -o mysql -g mysql \
+ "$tool"/etc/mysql/my.cnf \
+ /etc/mysql/my.cnf
if sudo test ! -d /home/mysql/data
then
sudo install -d -m 750 -o mysql -g mysql-data \
sudo chmod ugo-x /etc/init.d/mysql
case $(sudo sv status mysql || true) in
(''|run:*|*"s, normally up;"*)
- sudo sv restart mysql
- case $(sudo inotifywait -e create -- /run/mysqld/sock/) in
- ("/run/mysqld/sock/ CREATE mysql")
+ rule runit_sv_restart mysql
+ (
+ cd /
+ while ! sudo -u mysql mysql -u mysql </dev/null
+ do sleep 0.3; done
# NOTE:
# - ajoute l'accès par socket Unix à mysql
# - ajoute les droits de super-utilisateur à mysql
DELETE FROM mysql.user WHERE user = '';
FLUSH PRIVILEGES;
EOF
- ;;
- esac
+ )
+ ;;
esac
}
rule_mysql_db_add () { # SYNTAX: $user $db
"$tool"/etc/php5/fpm/php.ini \
/etc/php5/fpm/php.ini
case $(sudo sv status php5-"$pool" || true) in
- (''|run:*) sudo sv restart php5-"$pool"
+ (''|run:*) rule runit_sv_restart php5-"$pool"
esac
done
rule tmpfs_configure
sudo chmod ugo-x /etc/init.d/postgresql
case $(sudo sv status postgres || true) in
(''|run:*|*"s, normally up;"*)
- sudo sv restart postgres
- while case $(sudo inotifywait -e create -- /run/postgresql/) in
- ("/run/postgresql/ CREATE .s.PGSQL.5432") true;;
- (*) false;;
- esac
- do true; done
+ rule runit_sv_restart postgres
(
cd /
+ while ! sudo -u postgres psql </dev/null
+ do sleep 0.3; done
# NOTE: supprime l'accès au schéma public depuis public,
# de sorte à ce que les différents utilisateurices
# ne voient pas leurs bases de données entre-elleux ;
;;
esac
}
-rule_postgresql_db_add () { # SYNTAX: $db $db_user
- local db="$1" db_user="$2"
+rule_postgresql_db_add () { # SYNTAX: $db $owner
+ local db="$1"
+ local owner="${2:-$db}"
sudo -u postgres psql template1 -a -f - <<-EOF
\set ON_ERROR_STOP on
DO LANGUAGE plpgsql \$\$
BEGIN
IF NOT EXISTS (
SELECT *
- FROM pg_catalog.pg_roles
- WHERE rolname = '${db}_role'
+ FROM pg_catalog.pg_user
+ WHERE usename = '$owner'
LIMIT 1
) THEN
- CREATE ROLE ${db}_role
- NOCREATEDB
- NOCREATEROLE
- NOINHERIT
- NOLOGIN
- NOSUPERUSER;
- END IF;
- IF NOT EXISTS (
- SELECT *
- FROM pg_catalog.pg_user
- WHERE usename = '$db_user'
- LIMIT 1
- ) THEN
- CREATE ROLE $db_user
+ CREATE ROLE $owner
LOGIN
NOCREATEDB
NOCREATEROLE
(*)
sudo -u postgres psql template1 -a -f - <<-EOF
\set ON_ERROR_STOP on
- CREATE DATABASE $db WITH OWNER=$db_user;
+ CREATE DATABASE $db WITH OWNER=$owner;
EOF
;;
esac
sudo -u postgres psql template1 -a -f - <<-EOF
\set ON_ERROR_STOP on
- GRANT ${db}_role TO $db_user;
REVOKE ALL ON DATABASE $db FROM public;
EOF
+ sudo -u postgres psql "$db" -a -f - <<-EOF
+ \set ON_ERROR_STOP on
+ GRANT ALL ON SCHEMA public TO $owner WITH GRANT OPTION;
+ EOF
}
rule_postgresql_db_user_add () { # SYNTAX: $db $user
local db="$1" user="$2"
- sudo -u postgres psql template1 -a -f - <<-EOF
+ sudo -u postgres psql "$db" -a -f - <<-EOF
\set ON_ERROR_STOP on
DO LANGUAGE plpgsql \$\$
BEGIN
\$\$;
GRANT USAGE ON SCHEMA public TO $user;
GRANT CONNECT,TEMPORARY ON DATABASE $db TO $user;
- GRANT $db TO $user;
EOF
}
rule_openerp_configure () {
case $sv_status in
("") true;;
(fail:*) sleep 1 && sudo sv start "$sv";;
- (run:*)
- while true
- do case $(sudo sv restart "$sv") in
- ("fail: $sv: runsv not running") sleep 1;;
- (*) break;;
- esac
- done
+ (run:*) rule runit_sv_restart "$sv";;
esac
done
done
}
+rule_runit_sv_restart () { # SYNTAX: $sv
+ local sv="$1"
+ while true
+ do case $(sudo sv restart "$sv") in
+ ("fail: $sv: runsv not running") sleep 1;;
+ (*) break;;
+ esac
+ done
+ }
rule_ssh_configure () {
ssh-keygen -F "$vm_fqdn" -f "$tool"/etc/openssh/known_hosts |
( while IFS= read -r line