From 2e5bb0ff5df2b7a5d527a4f896b802df31d3c6bc Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Fri, 12 Apr 2013 01:20:39 +0200 Subject: [PATCH] Modification : vm_hosted -> etc/sv/*/{,log/}run . --- etc/postgresql/bin/createdb | 41 ++++ etc/postgresql/bin/createuser | 25 +++ etc/sv/cyclo_paris_est__openerp/configure.sh | 98 --------- etc/sv/cyclo_paris_est__openerp/log/run | 15 +- etc/sv/cyclo_paris_est__openerp/run | 90 ++++++++- etc/sv/git-daemon/configure.sh | 28 --- etc/sv/git-daemon/log/run | 17 +- etc/sv/git-daemon/run | 29 ++- etc/sv/gitweb/configure.sh | 57 ------ etc/sv/gitweb/log/run | 15 +- etc/sv/gitweb/run | 61 ++++++ etc/sv/lhc-remorque/configure.sh | 17 -- etc/sv/lhc-remorque/log/run | 15 +- etc/sv/lhc-remorque/run | 13 ++ etc/sv/mysql/configure.sh | 9 - etc/sv/mysql/log/run | 15 +- etc/sv/postgres/configure.sh | 115 ++++++++++- etc/sv/postgres/log/run | 17 +- etc/sv/postgres/run | 6 +- vm_hosted | 199 ++----------------- 20 files changed, 474 insertions(+), 408 deletions(-) create mode 100755 etc/postgresql/bin/createdb create mode 100755 etc/postgresql/bin/createuser delete mode 100644 etc/sv/cyclo_paris_est__openerp/configure.sh delete mode 100644 etc/sv/git-daemon/configure.sh delete mode 100644 etc/sv/gitweb/configure.sh delete mode 100644 etc/sv/lhc-remorque/configure.sh delete mode 100644 etc/sv/mysql/configure.sh diff --git a/etc/postgresql/bin/createdb b/etc/postgresql/bin/createdb new file mode 100755 index 0000000..d26b80d --- /dev/null +++ b/etc/postgresql/bin/createdb @@ -0,0 +1,41 @@ +#!/bin/sh -eux +db="$1" +owner="${2:-$db}" +sudo -u postgres psql template1 -a -f - <<-EOF + \set ON_ERROR_STOP on + DO LANGUAGE plpgsql \$\$ + BEGIN + IF NOT EXISTS ( + SELECT * + FROM pg_catalog.pg_user + WHERE usename = '$owner' + LIMIT 1 + ) THEN + CREATE ROLE $owner + LOGIN + NOCREATEDB + NOCREATEROLE + NOINHERIT + NOSUPERUSER; + END IF; + END; + \$\$; + EOF +case $(sudo -u postgres psql template1 -t -c \ + "SELECT datname FROM pg_catalog.pg_database WHERE datname = '$db' LIMIT 1") in + (" $db") true;; + (*) + sudo -u postgres psql template1 -a -f - <<-EOF + \set ON_ERROR_STOP on + CREATE DATABASE $db WITH OWNER=$owner; + EOF + ;; + esac +sudo -u postgres psql template1 -a -f - <<-EOF + \set ON_ERROR_STOP on + REVOKE ALL ON DATABASE $db FROM public; + EOF +sudo -u postgres psql "$db" -a -f - <<-EOF + \set ON_ERROR_STOP on + GRANT ALL ON SCHEMA public TO $owner WITH GRANT OPTION; + EOF diff --git a/etc/postgresql/bin/createuser b/etc/postgresql/bin/createuser new file mode 100755 index 0000000..16e5e04 --- /dev/null +++ b/etc/postgresql/bin/createuser @@ -0,0 +1,25 @@ +#!/bin/sh -eux +db="$1" +owner="${2:-$db}" +sudo -u postgres psql "$db" -a -f - <<-EOF + \set ON_ERROR_STOP on + DO LANGUAGE plpgsql \$\$ + BEGIN + IF NOT EXISTS ( + SELECT * + FROM pg_catalog.pg_user + WHERE usename = '$user' + LIMIT 1 + ) THEN + CREATE ROLE $user + LOGIN + NOCREATEDB + NOCREATEROLE + NOINHERIT + NOSUPERUSER; + END IF; + END; + \$\$; + GRANT USAGE ON SCHEMA public TO $user; + GRANT CONNECT,TEMPORARY ON DATABASE $db TO $user; + EOF diff --git a/etc/sv/cyclo_paris_est__openerp/configure.sh b/etc/sv/cyclo_paris_est__openerp/configure.sh deleted file mode 100644 index 2aaa891..0000000 --- a/etc/sv/cyclo_paris_est__openerp/configure.sh +++ /dev/null @@ -1,98 +0,0 @@ -eval "local home=/home/$sv" -cd / -case $(sudo sv status postgres || true) in - (run:*) - while ! sudo -u postgres psql /dev/null || +adduser log-"$sv"\ + --disabled-login \ + --disabled-password \ + --group \ + --home "$home" \ + --shell /bin/false \ + --system + +install -d -m 770 -o log-"$sv" -g log-"$sv" \ + "$home" + cd "$home" exec chpst -u log-"$sv":log-"$sv" \ svlogd -v -tt "$home" diff --git a/etc/sv/cyclo_paris_est__openerp/run b/etc/sv/cyclo_paris_est__openerp/run index f930bc6..4074f4d 100755 --- a/etc/sv/cyclo_paris_est__openerp/run +++ b/etc/sv/cyclo_paris_est__openerp/run @@ -1,9 +1,95 @@ #!/bin/sh -eux exec 2>&1 sv=${PWD#/etc/sv/} +home=/home/"$sv" +cd / + /usr/bin/sv -w 3 start postgres -eval "home=~$sv" +~postgres/bin/createdb "$sv" + +getent passwd "$sv" >/dev/null || +adduser "$sv" \ + --disabled-login \ + --disabled-password \ + --group \ + --home "$home" \ + --shell /bin/false \ + --system +getent passwd "$sv" >/dev/null || +adduser "$sv"-addon \ + --disabled-login \ + --disabled-password \ + --group \ + --home "$home"/addon.d \ + --shell /bin/false \ + --system + +install -d -m 710 -o root -g "$sv" \ + /etc/sv/"$sv" \ + /etc/sv/"$sv"/supervise +install -d -m 3771 -o "$sv" -g "$sv" \ + "$home" +install -d -m 2770 -o "$sv" -g "$sv"-addon \ + "$home"/addon.d +install -d -m 750 -o "$sv" -g "$sv" \ + "$home"/etc \ + /etc/openerp/"$sv" +ln -fns \ + /etc/openerp/"$sv" \ + "$home"/etc/openerp + +adduser git "$sv"-addon +adduser "$sv" "$sv"-addon +adduser "$sv" postgres-data + +for addon in \ + bikecoop \ + bikecoop_l10n_fr \ + pos_membership \ + remembership \ + cyclofficine_paris_est + do + sudo install -d -m 2771 -o "$sv" -g "$sv"-addon \ + "$home"/addon.d/"$addon" + sudo -u git git \ + --git-dir ~git-data/burette/"$addon".git \ + --work-tree="$home"/addon.d/"$addon" \ + checkout -f master + #sudo -u git git \ + # --git-dir ~git-data/burette/"$addon".git \ + # --work-tree="$home"/addon.d/"$addon" \ + # clean -d -f -f -x + sudo install -m 550 -o git -g git /dev/stdin \ + /home/git/pub/burette/"$addon".git/hooks/post-update <<-EOF + git \ + --git-dir ~git-data/burette/"$addon".git \ + --work-tree="$home"/addon.d/"$addon" \ + checkout -f master + #git \ + # --git-dir ~git-data/burette/"$addon".git \ + # --work-tree="$home"/addon.d/"$addon" \ + # clean -d -f -f -x + #sv restart "$sv" + EOF + done + +test -e "$home"/etc/openerp/server.conf || +/usr/bin/chpst \ + -u "$sv":"$sv":"$sv"-addon:postgres-data \ + /usr/bin/openerp-server \ + --addons-path="$home"/addon.d \ + --config "$home"/etc/openerp/server.conf \ + --database="$sv" \ + --db_user="$sv" \ + --debug \ + --init=remembership,pos_membership,bikecoop \ + --load-language=fr_FR \ + --save \ + --stop-after-init \ + --without-demo=base \ + --workers=2 + exec /usr/bin/chpst \ -u "$sv":"$sv":"$sv"-addon:postgres-data \ - openerp-server \ + /usr/bin/openerp-server \ --config "$home"/etc/openerp/server.conf diff --git a/etc/sv/git-daemon/configure.sh b/etc/sv/git-daemon/configure.sh deleted file mode 100644 index a4bdca0..0000000 --- a/etc/sv/git-daemon/configure.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh -eux -rule adduser git-daemon\ - --disabled-login \ - --disabled-password \ - --group \ - --home /home/git/daemon \ - --shell /bin/false \ - --system -rule adduser log-git-daemon\ - --disabled-login \ - --disabled-password \ - --group \ - --home /home/git/log/git-daemon \ - --shell /bin/false \ - --system -sudo adduser git-daemon git-data -sudo adduser log-git log-git-daemon -sudo install -d -m 770 -o log-"$sv" -g log-"$sv" \ - /home/git/log/"$sv" -sudo install -d -m 770 -o git -g "$sv" \ - /home/git/daemon -sudo ln -fns \ - ../pub \ - /home/git/daemon/git.$vm_domainname -sudo ln -fns \ - ../pub \ - /home/git/daemon/burette.$vm_domainname - # NOTE : rétro-compatibilité diff --git a/etc/sv/git-daemon/log/run b/etc/sv/git-daemon/log/run index 96866cb..ce0d8d5 100755 --- a/etc/sv/git-daemon/log/run +++ b/etc/sv/git-daemon/log/run @@ -1,7 +1,22 @@ #!/bin/sh -eux sv=${PWD%/log} sv=${sv#/etc/sv/} -eval "home=~log-$sv" +home=~git/log/daemon + +getent passwd log-"$sv" >/dev/null || +adduser log-"$sv" \ + --disabled-login \ + --disabled-password \ + --group \ + --home "$home" \ + --shell /bin/false \ + --system + +install -d -m 770 -o log-"$sv" -g log-"$sv" \ + "$home" + +adduser log-git "$sv" + cd "$home" exec chpst -u log-"$sv":log-"$sv" \ svlogd -v -tt "$home" diff --git a/etc/sv/git-daemon/run b/etc/sv/git-daemon/run index d0086a2..9b627bf 100755 --- a/etc/sv/git-daemon/run +++ b/etc/sv/git-daemon/run @@ -1,7 +1,34 @@ #!/bin/sh -eux exec 2>&1 sv=${PWD#/etc/sv/} -eval "home=~$sv" +home=~git/daemon +domainname=$(domainname) +case ${domainname-} in + (""|"(none)") false;; + esac + +getent passwd "$sv" >/dev/null || +adduser "$sv"\ + --disabled-login \ + --disabled-password \ + --group \ + --home "$home" \ + --shell /bin/false \ + --system + +install -d -m 770 -o git -g "$sv" \ + "$home" + +adduser "$sv" git-data + +ln -fns \ + ../pub \ + "$home"/git.$domainname +ln -fns \ + ../pub \ + "$home"/burette.$domainname + # NOTE : rétro-compatibilité + exec /usr/bin/chpst \ -u "$sv":"$sv":git-data \ /usr/lib/git-core/git-daemon \ diff --git a/etc/sv/gitweb/configure.sh b/etc/sv/gitweb/configure.sh deleted file mode 100644 index 84c846f..0000000 --- a/etc/sv/gitweb/configure.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/sh -eux -rule adduser fcgi-"$sv" \ - --disabled-login \ - --disabled-password \ - --group \ - --home /home/www/pub/"$sv" \ - --shell /bin/false \ - --system -rule adduser log-fcgi-"$sv" \ - --disabled-login \ - --disabled-password \ - --group \ - --home /home/www/log/"$sv"/spawn-fcgi \ - --shell /bin/false \ - --system -sudo adduser fcgi-"$sv" www-"$sv" -sudo adduser fcgi-"$sv" git-data -sudo install -d -m 770 -o log-fcgi-"$sv" -g log-fcgi-"$sv" \ - /home/www/log/"$sv"/spawn-fcgi -sudo install -d -m 2750 -o git -g fcgi-"$sv" \ - /etc/gitweb -sudo ln -fns /etc/gitweb /home/git/etc/gitweb -sudo install -m 400 -o fcgi-"$sv" -g fcgi-"$sv" /dev/stdin \ - /etc/gitweb/gitweb.conf <<-EOF - \$commit_oneline_message_width = 70; - \$default_projects_order = 'project'; - \$default_text_plain_charset = 'UTF-8'; - @diff_opts = (); - \$favicon = "static/git-favicon.png"; - \$feature{'highlight'}{'default'} = [1]; - \$git_temp = "/run/shm/tmp/gitweb"; - \$home_text = "/etc/gitweb/home_text.html"; - \$home_link = "/"; - \$home_link_str = 'dépôts'; - \$home_th_age = 'activité'; - \$home_th_descr = 'description'; - \$home_th_owner = 'contact'; - \$home_th_project = 'dépôt'; - \$javascript = "static/gitweb.js"; - \$logo = "static/git-logo.png"; - \$my_uri = ""; - \$projectroot = "/home/git/pub"; - \$projects_list = "/etc/gitweb/projects.list"; - \$projects_list_description_width = 42; - \$projects_list_owner_width = 15; - \$search_str = "Filtre :"; - \$site_footer = "/etc/gitweb/site_footer.html"; - \$site_header = "/etc/gitweb/site_header.html"; - \$site_name = "git.$vm_domainname"; - @stylesheets = ("static/gitweb.css");# - EOF -sudo install -m 400 -o fcgi-"$sv" -g fcgi-"$sv" /dev/stdin \ - /etc/gitweb/home_text.html <<-EOF -

Forge logicielle publique de l'Heureux Cyclage

-

Pour récupérer un dépôt public :

- 
git clone git://git.heureux-cyclage.org/<projet>
- EOF diff --git a/etc/sv/gitweb/log/run b/etc/sv/gitweb/log/run index 500b8ad..92290b3 100755 --- a/etc/sv/gitweb/log/run +++ b/etc/sv/gitweb/log/run @@ -1,7 +1,20 @@ #!/bin/sh -eux sv=${PWD%/log} sv=${sv#/etc/sv/} -eval "home=~log-fcgi-$sv" +home=~www/log/"$sv"/spawn-fcgi + +getent passwd log-fcgi-"$sv" >/dev/null || +adduser log-fcgi-"$sv" \ + --disabled-login \ + --disabled-password \ + --group \ + --home "$home" \ + --shell /bin/false \ + --system + +install -d -m 770 -o log-fcgi-"$sv" -g log-fcgi-"$sv" \ + "$home" + cd "$home" exec chpst -u log-fcgi-"$sv":log-fcgi-"$sv" \ svlogd -v -tt "$home" diff --git a/etc/sv/gitweb/run b/etc/sv/gitweb/run index 150854d..48f26ec 100755 --- a/etc/sv/gitweb/run +++ b/etc/sv/gitweb/run @@ -1,10 +1,71 @@ #!/bin/sh -eux exec 2>&1 sv=${PWD#/etc/sv/} +home=~git-data +domainname=$(domainname) +case ${domainname-} in + (""|"(none)") false;; + esac + +getent passwd fcgi-"$sv" >/dev/null || +adduser fcgi-"$sv" \ + --disabled-login \ + --disabled-password \ + --group \ + --home "$home" \ + --shell /bin/false \ + --system + +adduser fcgi-"$sv" www-"$sv" +adduser fcgi-"$sv" git-data + +install -d -m 2750 -o git -g fcgi-"$sv" \ + /etc/gitweb +install -m 400 -o fcgi-"$sv" -g fcgi-"$sv" /dev/stdin \ + /etc/gitweb/gitweb.conf <<-EOF + \$commit_oneline_message_width = 70; + \$default_projects_order = 'project'; + \$default_text_plain_charset = 'UTF-8'; + @diff_opts = (); + \$favicon = "static/git-favicon.png"; + \$feature{'highlight'}{'default'} = [1]; + \$git_temp = "/run/shm/tmp/gitweb"; + \$home_text = "/etc/gitweb/home_text.html"; + \$home_link = "/"; + \$home_link_str = 'dépôts'; + \$home_th_age = 'activité'; + \$home_th_descr = 'description'; + \$home_th_owner = 'contact'; + \$home_th_project = 'dépôt'; + \$javascript = "static/gitweb.js"; + \$logo = "static/git-logo.png"; + \$my_uri = ""; + \$projectroot = "/home/git/pub"; + \$projects_list = "/etc/gitweb/projects.list"; + \$projects_list_description_width = 42; + \$projects_list_owner_width = 15; + \$search_str = "Filtre :"; + \$site_footer = "/etc/gitweb/site_footer.html"; + \$site_header = "/etc/gitweb/site_header.html"; + \$site_name = "git.$domainname"; + @stylesheets = ("static/gitweb.css");# + EOF +sudo install -m 400 -o fcgi-"$sv" -g fcgi-"$sv" /dev/stdin \ + /etc/gitweb/home_text.html <<-EOF +

Forge logicielle publique de l'Heureux Cyclage

+

Pour récupérer un dépôt public :

+ 
git clone git://git.heureux-cyclage.org/<projet>
+ EOF + +ln -fns \ + /etc/gitweb \ + ~git/etc/gitweb + install -d -m 1771 -o root -g root \ /run/spawn-fcgi install -d -m 1771 -o fcgi-gitweb -g fcgi-gitweb \ /run/shm/tmp/gitweb + exec /usr/bin/spawn-fcgi \ -u fcgi-"$sv" \ -g fcgi-"$sv" \ diff --git a/etc/sv/lhc-remorque/configure.sh b/etc/sv/lhc-remorque/configure.sh deleted file mode 100644 index 67c6d37..0000000 --- a/etc/sv/lhc-remorque/configure.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh -eux -rule adduser fcgi-"$sv" \ - --disabled-login \ - --disabled-password \ - --group \ - --home /home/www/pub/"$sv" \ - --shell /bin/false \ - --system -rule adduser log-fcgi-"$sv" \ - --disabled-login \ - --disabled-password \ - --group \ - --home /home/www/log/spawn-fcgi/"$sv" \ - --shell /bin/false \ - --system -sudo install -d -m 770 -o log-fcgi-"$sv" -g log-fcgi-"$sv" \ - /home/www/log/"$sv"/spawn-fcgi diff --git a/etc/sv/lhc-remorque/log/run b/etc/sv/lhc-remorque/log/run index 500b8ad..92290b3 100755 --- a/etc/sv/lhc-remorque/log/run +++ b/etc/sv/lhc-remorque/log/run @@ -1,7 +1,20 @@ #!/bin/sh -eux sv=${PWD%/log} sv=${sv#/etc/sv/} -eval "home=~log-fcgi-$sv" +home=~www/log/"$sv"/spawn-fcgi + +getent passwd log-fcgi-"$sv" >/dev/null || +adduser log-fcgi-"$sv" \ + --disabled-login \ + --disabled-password \ + --group \ + --home "$home" \ + --shell /bin/false \ + --system + +install -d -m 770 -o log-fcgi-"$sv" -g log-fcgi-"$sv" \ + "$home" + cd "$home" exec chpst -u log-fcgi-"$sv":log-fcgi-"$sv" \ svlogd -v -tt "$home" diff --git a/etc/sv/lhc-remorque/run b/etc/sv/lhc-remorque/run index 0f2c6bb..0241c21 100755 --- a/etc/sv/lhc-remorque/run +++ b/etc/sv/lhc-remorque/run @@ -1,9 +1,22 @@ #!/bin/sh -eux exec 2>&1 sv=${PWD#/etc/sv/} +home=~www/pub/"$sv" + /usr/bin/sv -w 3 start sshd + +getent passwd fcgi-"$sv" >/dev/null || +adduser fcgi-"$sv" \ + --disabled-login \ + --disabled-password \ + --group \ + --home "$home" \ + --shell /bin/false \ + --system + install -d -m 1771 -o root -g root \ /run/spawn-fcgi + exec /usr/bin/spawn-fcgi \ -u fcgi-"$sv" \ -g fcgi-"$sv" \ diff --git a/etc/sv/mysql/configure.sh b/etc/sv/mysql/configure.sh deleted file mode 100644 index 729bdef..0000000 --- a/etc/sv/mysql/configure.sh +++ /dev/null @@ -1,9 +0,0 @@ -rule adduser log-"$sv"\ - --disabled-login \ - --disabled-password \ - --group \ - --home /home/mysql/log \ - --shell /bin/false \ - --system -sudo install -d -m 770 -o log-"$sv" -g log-"$sv" \ - /home/mysql/log diff --git a/etc/sv/mysql/log/run b/etc/sv/mysql/log/run index 96866cb..7390b03 100755 --- a/etc/sv/mysql/log/run +++ b/etc/sv/mysql/log/run @@ -1,7 +1,20 @@ #!/bin/sh -eux sv=${PWD%/log} sv=${sv#/etc/sv/} -eval "home=~log-$sv" +eval "home=~$sv/log" + +getent passwd log-"$sv" >/dev/null || +adduser log-"$sv" \ + --disabled-login \ + --disabled-password \ + --group \ + --home "$home" \ + --shell /bin/false \ + --system + +install -d -m 770 -o log-"$sv" -g log-"$sv" \ + "$home" + cd "$home" exec chpst -u log-"$sv":log-"$sv" \ svlogd -v -tt "$home" diff --git a/etc/sv/postgres/configure.sh b/etc/sv/postgres/configure.sh index 165df68..4b33f11 100644 --- a/etc/sv/postgres/configure.sh +++ b/etc/sv/postgres/configure.sh @@ -1,9 +1,116 @@ -rule adduser log-"$sv"\ + # DOC: http://wiki.postgresql.org/wiki/Shared_Database_Hosting +rule apt_get_install postgresql-9.1 +rule insserv_remove postgresql +rule adduser postgres \ --disabled-login \ --disabled-password \ --group \ - --home /home/postgresql/log/9.1/main \ + --home /home/postgresql \ --shell /bin/false \ --system -sudo install -d -m 770 -o log-"$sv" -g log-"$sv" \ - /home/postgresql/log +rule adduser postgres-data \ + --disabled-login \ + --disabled-password \ + --group \ + --home /home/postgresql/data \ + --no-create-home \ + --shell /bin/false \ + --system +sudo usermod --home /home/postgresql postgres +sudo adduser postgres postgres-data +sudo rm -rf \ + /etc/postgresql +sudo install -d -m 1751 -o postgres -g postgres-data \ + /home/postgresql \ + /home/postgresql/etc \ + /home/postgresql/bin \ + /etc/postgresql \ + /etc/postgresql/9.1 \ + /etc/postgresql/9.1/main +sudo ln -fns \ + /etc/postgresql \ + /home/postgresql/etc/postgresql + +if sudo test ! -d /home/postgresql/data + then + sudo install -d -m 750 -o postgres -g postgres \ + /home/postgresql/data + sudo -u postgres pg_createcluster \ + --datadir=/home/postgresql/data \ + --logfile=/home/postgresql/log/9.1/main/cluster.log \ + --socketdir=/run/postgresql \ + 9.1 main + fi + +sudo install -m 640 -o postgres -g postgres /dev/stdin \ + /etc/postgresql/9.1/main/pg_ctl.conf <<-EOF + pg_ctl_options = '' + EOF +sudo install -m 640 -o postgres -g postgres /dev/stdin \ + /etc/postgresql/9.1/main/pg_ident.conf <<-EOF + # MAPNAME SYSTEM-USERNAME PG-USERNAME + EOF +sudo install -m 640 -o postgres -g postgres /dev/stdin \ + /etc/postgresql/9.1/main/start.conf <<-EOF + EOF +sudo install -m 640 -o postgres -g postgres /dev/stdin \ + /etc/postgresql/9.1/main/pg_hba.conf <<-EOF + local all postgres peer + local all all peer + EOF +sudo install -m 640 -o postgres -g postgres-data \ + "$tool"/etc/postgresql/9.1/main/postgresql.conf \ + /etc/postgresql/9.1/main/postgresql.conf +sudo find "$tool"/etc/postgresql/bin/ -type f -perm /+x -exec \ + install -m 755 -o root -g root \ + -t /home/postgresql/bin/ {} + + +sudo sv -w 1 start /etc/sv/postgres +while ! sudo -u postgres psql /dev/null || +adduser log-"$sv" \ + --disabled-login \ + --disabled-password \ + --group \ + --home "$home" \ + --shell /bin/false \ + --system + +sudo install -d -m 2770 -o postgres -g log-postgres \ + "$home" \ + "$home"/9.1 \ + "$home"/9.1/main + cd "$home" exec chpst -u log-"$sv":log-"$sv" \ svlogd -v -tt "$home" diff --git a/etc/sv/postgres/run b/etc/sv/postgres/run index addd8eb..a65e1c0 100755 --- a/etc/sv/postgres/run +++ b/etc/sv/postgres/run @@ -1,9 +1,11 @@ #!/bin/sh -eux exec 2>&1 sv=${PWD#/etc/sv/} -install -d -m 710 -o postgres -g postgres-data \ +home="/home/postgresql" + +install -d -m 710 -o "$sv" -g "$sv"-data \ /run/postgresql -eval "home=~$sv" + exec /usr/bin/chpst \ -u "$sv":"$sv":"$sv"-data \ /usr/lib/postgresql/9.1/bin/postgres \ diff --git a/vm_hosted b/vm_hosted index 3259ef1..54e7257 100755 --- a/vm_hosted +++ b/vm_hosted @@ -622,7 +622,21 @@ rule_mysql_configure () { # DELETE FROM mysql.user WHERE user = 'root' AND host NOT IN ('localhost', '127.0.0.1', '::1'); sudo mysql -u root --batch --verbose <<-EOF DELETE FROM mysql.user WHERE user = 'root' and plugin = ''; - GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost' IDENTIFIED WITH auth_socket; + DROP PROCEDURE IF EXISTS mysql.create_user_mysql; + DELIMITER // + CREATE PROCEDURE mysql.create_user_mysql () + BEGIN + IF NOT (EXISTS (SELECT User + FROM mysql.user + WHERE User='mysql' + AND Host='localhost' + LIMIT 1)) + THEN GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost' IDENTIFIED WITH auth_socket; + END IF; + END; + // + CALL mysql.create_user_mysql(); + DROP PROCEDURE mysql.create_user_mysql; UPDATE mysql.user SET grant_priv='Y',super_priv='Y' WHERE user='mysql'; DELETE FROM mysql.db WHERE user = ''; DELETE FROM mysql.user WHERE user = ''; @@ -995,189 +1009,6 @@ rule_postfix_configure () { sudo postmap hash:/etc/postfix/$vm_domainname/virtual_alias rule runit_configure postfix } -rule_postgresql_configure () { - # DOC: http://wiki.postgresql.org/wiki/Shared_Database_Hosting - rule apt_get_install postgresql-9.1 - rule insserv_remove postgresql - rule adduser postgres \ - --disabled-login \ - --disabled-password \ - --group \ - --home /home/postgresql \ - --shell /bin/false \ - --system - rule adduser postgres-data \ - --disabled-login \ - --disabled-password \ - --group \ - --home /home/postgresql/data \ - --no-create-home \ - --shell /bin/false \ - --system - sudo usermod --home /home/postgresql postgres - sudo adduser postgres postgres-data - sudo rm -rf \ - /etc/postgresql - sudo install -d -m 1751 -o postgres -g postgres-data \ - /home/postgresql \ - /home/postgresql/etc \ - /etc/postgresql \ - /etc/postgresql/9.1 \ - /etc/postgresql/9.1/main - sudo ln -fns \ - /etc/postgresql \ - /home/postgresql/etc/postgresql - sudo install -d -m 2770 -o postgres -g log-postgres \ - /home/postgresql/log \ - /home/postgresql/log/9.1 \ - /home/postgresql/log/9.1/main - if sudo test ! -d /home/postgresql/data - then - sudo install -d -m 750 -o postgres -g postgres \ - /home/postgresql/data - sudo -u postgres pg_createcluster \ - --datadir=/home/postgresql/data \ - --logfile=/home/postgresql/log/9.1/main/cluster.log \ - --socketdir=/run/postgresql \ - 9.1 main - fi - - sudo install -m 640 -o postgres -g postgres /dev/stdin \ - /etc/postgresql/9.1/main/pg_ctl.conf <<-EOF - pg_ctl_options = '' - EOF - sudo install -m 640 -o postgres -g postgres /dev/stdin \ - /etc/postgresql/9.1/main/pg_ident.conf <<-EOF - # MAPNAME SYSTEM-USERNAME PG-USERNAME - EOF - sudo install -m 640 -o postgres -g postgres /dev/stdin \ - /etc/postgresql/9.1/main/start.conf <<-EOF - EOF - sudo install -m 640 -o postgres -g postgres /dev/stdin \ - /etc/postgresql/9.1/main/pg_hba.conf <<-EOF - local all postgres peer - local all all peer - EOF - sudo install -m 640 -o postgres -g postgres-data \ - "$tool"/etc/postgresql/9.1/main/postgresql.conf \ - /etc/postgresql/9.1/main/postgresql.conf - rule runit_configure postgres - while ! sudo -u postgres psql