Yedidyah Bar David has uploaded a new change for review. Change subject: packaging: engine-backup: support dwh and reports ......................................................................
packaging: engine-backup: support dwh and reports TODO: bzip2 Bug-Url: https://bugzilla.redhat.com/1068979 Change-Id: I188a1823686b211fefb18ceb41e1a80afd9c5de5 Signed-off-by: Yedidyah Bar David <[email protected]> --- M packaging/bin/engine-backup.sh 1 file changed, 456 insertions(+), 69 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/50/25850/1 diff --git a/packaging/bin/engine-backup.sh b/packaging/bin/engine-backup.sh index 305aff9..c397a9d 100755 --- a/packaging/bin/engine-backup.sh +++ b/packaging/bin/engine-backup.sh @@ -19,23 +19,78 @@ # Load the prolog: . "$(dirname "$(readlink -f "$0")")"/engine-prolog.sh +# Load dwh conf +DWH_CONFIG=/etc/ovirt-engine-dwh/ovirt-engine-dwhd.conf +for f in "${DWH_CONFIG}" "${DWH_CONFIG}".d/*.conf; do + [ -e "${f}" ] && . "${f}" +done + +# Load jasper reports db credentials +get_jasper_db_cred() { + local key="$1" + + python -c " +import ConfigParser +import io +import os + +config = ConfigParser.ConfigParser() + +config.optionxform = str + +with open('${JASPER_PROPERTIES}') as f: + config.readfp( + io.StringIO( + '[default]' + f.read().decode('utf-8') + ) + ) + +print config.get('default', '${key}') +" +} + +load_jasper_reports_db_creds() { + REPORTS_DB_HOST="$(get_jasper_db_cred 'dbHost')" + REPORTS_DB_PORT="$(get_jasper_db_cred 'dbPort')" + REPORTS_DB_USER="$(get_jasper_db_cred 'dbUsername')" + REPORTS_DB_PASSWORD="$(get_jasper_db_cred 'dbPassword')" + REPORTS_DB_DATABASE="$(get_jasper_db_cred 'js.dbName')" +} + +JASPER_PROPERTIES=/var/lib/ovirt-engine-reports/build-conf/master.properties +if [ -e "${JASPER_PROPERTIES}" ]; then + load_jasper_reports_db_creds +else + JASPER_PROPERTIES= +fi + # Globals BACKUP_PATHS="/etc/ovirt-engine +/etc/ovirt-engine-dwh +/etc/ovirt-engine-reports /etc/pki/ovirt-engine /etc/ovirt-engine-setup.conf.d -/var/lib/ovirt-engine +/var/lib/ovirt-engine-reports/build-conf /etc/httpd/conf.d/ovirt-engine-root-redirect.conf /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/z-ovirt-engine-proxy.conf +/etc/httpd/conf.d/z-ovirt-engine-reports-proxy.conf /etc/yum/pluginconf.d/versionlock.list /etc/firewalld/services/ovirt-https.xml /etc/firewalld/services/ovirt-http.xml /etc/firewalld/services/ovirt-postgres.xml" +# Add /var/lib/ovirt-engine except backups +for p in /var/lib/ovirt-engine/*; do + [ "${p}" != /var/lib/ovirt-engine/backups ] && BACKUP_PATHS="${BACKUP_PATHS} +${p}" +done + MYPGPASS="" TEMP_FOLDER="" FILE="" DB_BACKUP_FILE_NAME="engine_backup.db" -FILES="files" +DWHDB_BACKUP_FILE_NAME="dwh_backup.db" +REPORTSDB_BACKUP_FILE_NAME="reports_backup.db" cleanup() { [ -n "${TEMP_FOLDER}" ] && rm -rf "${TEMP_FOLDER}" @@ -49,30 +104,57 @@ USAGE: $0 [--mode=MODE] [--scope=SCOPE] [--file=FILE] [--log=FILE] MODE is one of the following: - backup backup system into FILE - restore restore system from FILE + backup backup system into FILE + restore restore system from FILE SCOPE is one of the following: - all complete backup/restore (default) - db database only - --file=FILE file to use during backup or restore - --log=FILE log file to use - --change-db-credentials activate the following options, to restore - the database to a different location etc. - If used, existing credentials are ignored. - --db-host=host set database host - --db-port=port set database port - --db-user=user set database user - --db-passfile=file set database password - read from file - --db-password=pass set database password - --db-password set database password - interactively - --db-name=name set database name - --db-secured set a secured connection - --db-secured-validation validate host + all complete backup/restore (default) + files files only + db engine database only + dwhdb dwh database only + reportsdb reports database only + --file=FILE file to use during backup or restore + --log=FILE log file to use + --change-db-credentials activate the following options, to restore + the database to a different location etc. + If used, existing credentials are ignored. + --db-host=host set database host + --db-port=port set database port + --db-user=user set database user + --db-passfile=file set database password - read from file + --db-password=pass set database password + --db-password set database password - interactively + --db-name=name set database name + --db-secured set a secured connection + --db-secured-validation validate host + --change-dwh-db-credentials activate the following options, to restore + --dwh-db-host=host set dwh database host + --dwh-db-port=port set dwh database port + --dwh-db-user=user set dwh database user + --dwh-db-passfile=file set dwh database password - read from file + --dwh-db-password=pass set dwh database password + --dwh-db-password set dwh database password - interactively + --dwh-db-name=name set dwh database name + --dwh-db-secured set a secured connection for dwh + --dwh-db-secured-validation validate host for dwh + --change-reports-db-credentials activate the following options, to restore + --reports-db-host=host set reports database host + --reports-db-port=port set reports database port + --reports-db-user=user set reports database user + --reports-db-passfile=file set reports database password - read from file + --reports-db-password=pass set reports database password + --reports-db-password set reports database password - interactively + --reports-db-name=name set reports database name + --reports-db-secured set a secured connection for reports + --reports-db-secured-validation validate host for reports ENVIRONMENT VARIABLES OVIRT_ENGINE_DATABASE_PASSWORD Database password as if provided by --db-password=pass option. + OVIRT_DWH_DATABASE_PASSWORD + Database password as if provided by --dwh-db-password=pass option. + OVIRT_REPORTS_DATABASE_PASSWORD + Database password as if provided by --reports-db-password=pass option. Wiki @@ -99,6 +181,7 @@ host <database> <user> ::0/0 md5 Replace <user>, <password>, <database> with appropriate values. + Repeat for engine, dwh, reports as required. __EOF__ return 0 @@ -106,6 +189,10 @@ MODE= SCOPE=all +SCOPE_FILES= +SCOPE_ENGINE_DB= +SCOPE_DWH_DB= +SCOPE_REPORTS_DB= CHANGE_DB_CREDENTIALS= MY_DB_HOST= MY_DB_PORT=5432 @@ -115,8 +202,28 @@ MY_DB_SECURED=False MY_DB_SECURED_VALIDATION=False MY_DB_CREDS= +CHANGE_DWH_DB_CREDENTIALS= +MY_DWH_DB_HOST= +MY_DWH_DB_PORT=5432 +MY_DWH_DB_USER= +MY_DWH_DB_PASSWORD="${OVIRT_DWH_DATABASE_PASSWORD}" +MY_DWH_DB_DATABASE= +MY_DWH_DB_SECURED=False +MY_DWH_DB_SECURED_VALIDATION=False +MY_DWH_DB_CREDS= +CHANGE_REPORTS_DB_CREDENTIALS= +MY_REPORTS_DB_HOST= +MY_REPORTS_DB_PORT=5432 +MY_REPORTS_DB_USER= +MY_REPORTS_DB_PASSWORD="${OVIRT_REPORTS_DATABASE_PASSWORD}" +MY_REPORTS_DB_DATABASE= +MY_REPORTS_DB_SECURED=False +MY_REPORTS_DB_SECURED_VALIDATION=False +MY_REPORTS_DB_CREDS= parseArgs() { + local DB_PASSFILE + while [ -n "$1" ]; do local x="$1" local v="${x#*=}" @@ -132,7 +239,7 @@ --scope=*) SCOPE="${v}" case "${SCOPE}" in - all|db) ;; + all|files|db|dwhdb|reportsdb) ;; *) die "invalid scope '${SCOPE}'" esac ;; @@ -158,7 +265,7 @@ DB_PASSFILE="${v}" [ -r "${DB_PASSFILE}" ] || \ die "Can not read password file ${DB_PASSFILE}" - read MY_DB_PASSWORD < "${DB_PASSFILE}" + read -r MY_DB_PASSWORD < "${DB_PASSFILE}" ;; --db-password=*) MY_DB_PASSWORD="${v}" @@ -175,6 +282,72 @@ --db-sec-validation) MY_DB_SECURED_VALIDATION="True" ;; + --change-dwh-db-credentials) + CHANGE_DWH_DB_CREDENTIALS=1 + ;; + --dwh-db-host=*) + MY_DWH_DB_HOST="${v}" + ;; + --dwh-db-port=*) + MY_DWH_DB_PORT="${v}" + ;; + --dwh-db-user=*) + MY_DWH_DB_USER="${v}" + ;; + --dwh-db-passfile=*) + DB_PASSFILE="${v}" + [ -r "${DB_PASSFILE}" ] || \ + die "Can not read password file ${DB_PASSFILE}" + read -r MY_DWH_DB_PASSWORD < "${DB_PASSFILE}" + ;; + --dwh-db-password=*) + MY_DWH_DB_PASSWORD="${v}" + ;; + --dwh-db-password) + MY_DWH_DB_PASSWORD="$(readdbpassword)" || exit 1 + ;; + --dwh-db-name=*) + MY_DWH_DB_DATABASE="${v}" + ;; + --dwh-db-secured) + MY_DWH_DB_SECURED="True" + ;; + --dwh-db-sec-validation) + MY_DWH_DB_SECURED_VALIDATION="True" + ;; + --change-reports-db-credentials) + CHANGE_REPORTS_DB_CREDENTIALS=1 + ;; + --reports-db-host=*) + MY_REPORTS_DB_HOST="${v}" + ;; + --reports-db-port=*) + MY_REPORTS_DB_PORT="${v}" + ;; + --reports-db-user=*) + MY_REPORTS_DB_USER="${v}" + ;; + --reports-db-passfile=*) + DB_PASSFILE="${v}" + [ -r "${DB_PASSFILE}" ] || \ + die "Can not read password file ${DB_PASSFILE}" + read -r MY_REPORTS_DB_PASSWORD < "${DB_PASSFILE}" + ;; + --reports-db-password=*) + MY_REPORTS_DB_PASSWORD="${v}" + ;; + --reports-db-password) + MY_REPORTS_DB_PASSWORD="$(readdbpassword)" || exit 1 + ;; + --reports-db-name=*) + MY_REPORTS_DB_DATABASE="${v}" + ;; + --reports-db-secured) + MY_REPORTS_DB_SECURED="True" + ;; + --reports-db-sec-validation) + MY_REPORTS_DB_SECURED_VALIDATION="True" + ;; --help) usage exit 0 @@ -185,6 +358,28 @@ ;; esac done + + case "${SCOPE}" in + all) + SCOPE_FILES=1 + SCOPE_ENGINE_DB=1 + SCOPE_DWH_DB=1 + SCOPE_REPORTS_DB=1 + ;; + files) + SCOPE_FILES=1 + ;; + db) + SCOPE_ENGINE_DB=1 + ;; + dwhdb) + SCOPE_DWH_DB=1 + ;; + reportsdb) + SCOPE_REPORTS_DB=1 + ;; + *) die "invalid scope '${SCOPE}'" + esac } verifyArgs() { @@ -201,6 +396,20 @@ die "--db-passfile or --db-password is missing" [ -n "${MY_DB_DATABASE}" ] || die "--db-name is missing" fi + if [ -n "${CHANGE_DWH_DB_CREDENTIALS}" ]; then + [ -n "${MY_DWH_DB_HOST}" ] || die "--dwh-db-host is missing" + [ -n "${MY_DWH_DB_USER}" ] || die "--dwh-db-user is missing" + [ -n "${MY_DWH_DB_PASSWORD}" ] || \ + die "--dwh-db-passfile or --dwh-db-password is missing" + [ -n "${MY_DWH_DB_DATABASE}" ] || die "--dwh-db-name is missing" + fi + if [ -n "${CHANGE_REPORTS_DB_CREDENTIALS}" ]; then + [ -n "${MY_REPORTS_DB_HOST}" ] || die "--reports-db-host is missing" + [ -n "${MY_REPORTS_DB_USER}" ] || die "--reports-db-user is missing" + [ -n "${MY_REPORTS_DB_PASSWORD}" ] || \ + die "--reports-db-passfile or --reports-db-password is missing" + [ -n "${MY_REPORTS_DB_DATABASE}" ] || die "--reports-db-name is missing" + fi } dobackup() { @@ -212,16 +421,26 @@ local tardir="${TEMP_FOLDER}/tar" log "Creating temp folder ${tardir}" mkdir "${tardir}" || logdie "Cannot create '${tardir}'" - mkdir "${tardir}/${FILES}" || logdie "Cannot create '${tardir}/files'" + mkdir "${tardir}/files" || logdie "Cannot create '${tardir}/files" mkdir "${tardir}/db" || logdie "Cannot create '${tardir}/db'" - if [ "${SCOPE}" != "db" ] ; then + if [ -n "${SCOPE_FILES}" ] ; then log "Backing up files to ${tardir}/files" backupFiles "${BACKUP_PATHS}" "${tardir}/files" fi - log "Backing up database to ${tardir}/db/${DB_BACKUP_FILE_NAME}" - backupDB "${tardir}/db/${DB_BACKUP_FILE_NAME}" + if [ -n "${SCOPE_ENGINE_DB}" -a -n "${ENGINE_DB_USER}" ]; then + log "Backing up database to ${tardir}/db/${DB_BACKUP_FILE_NAME}" + backupDB "${tardir}/db/${DB_BACKUP_FILE_NAME}" "${ENGINE_DB_USER}" "${ENGINE_DB_HOST}" "${ENGINE_DB_PORT}" "${ENGINE_DB_DATABASE}" + fi + if [ -n "${SCOPE_DWH_DB}" -a -n "${DWH_DB_USER}" ]; then + log "Backing up dwh database to ${tardir}/db/${DWHDB_BACKUP_FILE_NAME}" + backupDB "${tardir}/db/${DWHDB_BACKUP_FILE_NAME}" "${DWH_DB_USER}" "${DWH_DB_HOST}" "${DWH_DB_PORT}" "${DWH_DB_DATABASE}" + fi + if [ -n "${SCOPE_REPORTS_DB}" -a -n "${REPORTS_DB_USER}" ]; then + log "Backing up reports database to ${tardir}/db/${REPORTSDB_BACKUP_FILE_NAME}" + backupDB "${tardir}/db/${REPORTSDB_BACKUP_FILE_NAME}" "${REPORTS_DB_USER}" "${REPORTS_DB_HOST}" "${REPORTS_DB_PORT}" "${REPORTS_DB_DATABASE}" + fi echo "${PACKAGE_VERSION}" > "${tardir}/version" || logdie "Can't create ${tardir}/version" log "Creating md5sum at ${tardir}/md5sum" createmd5 "${tardir}" "${tardir}/md5sum" @@ -238,7 +457,7 @@ createmd5() { local tardir="$1" local md5file="$2" - find "${tardir}" -type f -printf "%P\n" | while read file; do + find "${tardir}" -type f -printf "%P\n" | while read -r file; do ( cd "${tardir}" && md5sum "${file}" ) >> "${md5file}" || logdie "Cannot create checksum for '${file}'" done || logdie "Find execution failed" } @@ -252,7 +471,7 @@ backupFiles() { local paths="$1" local target="$2" - echo "${paths}" | while read path; do + echo "${paths}" | while read -r path; do [ -e "${path}" ] || continue local dirname="$(dirname ${path})" mkdir -p "${tardir}/files/${dirname}" || logdie "Cannot create '${tardir}/files/${dirname}" @@ -262,18 +481,22 @@ backupDB() { local file="$1" + local user="$2" + local host="$3" + local port="$4" + local database="$5" PGPASSFILE="${MYPGPASS}" pg_dump \ -E "UTF8" \ --disable-dollar-quoting \ --disable-triggers \ --format=p \ -w \ - -U "${ENGINE_DB_USER}" \ - -h "${ENGINE_DB_HOST}" \ - -p "${ENGINE_DB_PORT}" \ + -U "${user}" \ + -h "${host}" \ + -p "${port}" \ -f "${file}" \ - "${ENGINE_DB_DATABASE}" \ - || logdie "Database backup failed" + "${database}" \ + || logdie "Database ${database} backup failed" } dorestore() { @@ -282,10 +505,21 @@ logdie "Engine service is active - can not restore backup" fi if [ -n "${CHANGE_DB_CREDENTIALS}" ]; then - setMyDBCredentials + setMyEngineDBCredentials generatePgPass - verifyConnection + verifyConnection "${ENGINE_DB_USER}" "${ENGINE_DB_HOST}" "${ENGINE_DB_PORT}" "${ENGINE_DB_DATABASE}" fi + if [ -n "${CHANGE_DWH_DB_CREDENTIALS}" ]; then + setMyDwhDBCredentials + generatePgPass + verifyConnection "${DWH_DB_USER}" "${DWH_DB_HOST}" "${DWH_DB_PORT}" "${DWH_DB_DATABASE}" + fi + if [ -n "${CHANGE_REPORTS_DB_CREDENTIALS}" ]; then + setMyReportsDBCredentials + generatePgPass + verifyConnection "${REPORTS_DB_USER}" "${REPORTS_DB_HOST}" "${REPORTS_DB_PORT}" "${REPORTS_DB_DATABASE}" + fi + output "Restoring..." log "Opening tarball ${FILE} to ${TEMP_FOLDER}" tar -C "${TEMP_FOLDER}" -pSsxf "${FILE}" || logdie "cannot open ${TEMP_FOLDER}" @@ -294,24 +528,38 @@ log "Verifying version" verifyVersion - if [ "${SCOPE}" != "db" ] ; then + if [ -n "${SCOPE_FILES}" ] ; then log "Restoring files" restoreFiles "${BACKUP_PATHS}" fi - if [ -z "${CHANGE_DB_CREDENTIALS}" ]; then - log "Reloading configuration" - load_config - fi + log "Reloading configuration" + load_config + [ -n "${CHANGE_DB_CREDENTIALS}" ] && setMyEngineDBCredentials + [ -n "${CHANGE_DWH_DB_CREDENTIALS}" ] && setMyDwhDBCredentials + [ -n "${CHANGE_REPORTS_DB_CREDENTIALS}" ] && setMyReportsDBCredentials log "Generating pgpass" generatePgPass # Must run after configuration reload log "Verifying connection" - verifyConnection - log "Restoring database backup at ${TEMP_FOLDER}/db/${DB_BACKUP_FILE_NAME}" - restoreDB "${TEMP_FOLDER}/db/${DB_BACKUP_FILE_NAME}" + [ -n "${SCOPE_ENGINE_DB}" -a -n "${ENGINE_DB_USER}" ] && verifyConnection "${ENGINE_DB_USER}" "${ENGINE_DB_HOST}" "${ENGINE_DB_PORT}" "${ENGINE_DB_DATABASE}" + [ -n "${SCOPE_DWH_DB}" -a -n "${DWH_DB_USER}" ] && verifyConnection "${DWH_DB_USER}" "${DWH_DB_HOST}" "${DWH_DB_PORT}" "${DWH_DB_DATABASE}" + [ -n "${SCOPE_REPORTS_DB}" -a -n "${REPORTS_DB_USER}" ] && verifyConnection "${REPORTS_DB_USER}" "${REPORTS_DB_HOST}" "${REPORTS_DB_PORT}" "${REPORTS_DB_DATABASE}" + + if [ -n "${SCOPE_ENGINE_DB}" -n "${ENGINE_DB_USER}" ]; then + log "Restoring engine database backup at ${TEMP_FOLDER}/db/${DB_BACKUP_FILE_NAME}" + restoreDB "${TEMP_FOLDER}/db/${DB_BACKUP_FILE_NAME}" "${ENGINE_DB_USER}" "${ENGINE_DB_HOST}" "${ENGINE_DB_PORT}" "${ENGINE_DB_DATABASE}" + fi + if [ -n "${SCOPE_DWH_DB}" -a -n "${DWH_DB_USER}" ]; then + log "Restoring dwh database backup at ${TEMP_FOLDER}/db/${DWHDB_BACKUP_FILE_NAME}" + restoreDB "${TEMP_FOLDER}/db/${DWHDB_BACKUP_FILE_NAME}" "${DWH_DB_USER}" "${DWH_DB_HOST}" "${DWH_DB_PORT}" "${DWH_DB_DATABASE}" + fi + if [ -n "${SCOPE_REPORTS_DB}" -a -n "${REPORTS_DB_USER}" ]; then + log "Restoring REPORTS database backup at ${TEMP_FOLDER}/db/${REPORTSDB_BACKUP_FILE_NAME}" + restoreDB "${TEMP_FOLDER}/db/${REPORTSDB_BACKUP_FILE_NAME}" "${REPORTS_DB_USER}" "${REPORTS_DB_HOST}" "${REPORTS_DB_PORT}" "${REPORTS_DB_DATABASE}" + fi if [ -n "${CHANGE_DB_CREDENTIALS}" ]; then - changeDBConf + changeEngineDBConf fi output "Note: you might need to manually fix:" output "- iptables/firewalld configuration" @@ -320,15 +568,19 @@ } verifyConnection() { + local user="$1" + local host="$2" + local port="$3" + local database="$4" PGPASSFILE="${MYPGPASS}" psql \ -w \ - -U "${ENGINE_DB_USER}" \ - -h "${ENGINE_DB_HOST}" \ - -p "${ENGINE_DB_PORT}" \ - -d "${ENGINE_DB_DATABASE}" \ + -U "${user}" \ + -h "${host}" \ + -p "${port}" \ + -d "${database}" \ -c "select 1" \ >> "${LOG}" 2>&1 \ - || logdie "Can't connect to the database. Please see '${0} --help'." + || logdie "Can't connect to database '${database}'. Please see '${0} --help'." local IGNORED_PATTERN=$(cat << __EOF | tr '\012' '|' | sed 's/|$//' ^create extension @@ -337,13 +589,13 @@ ) PGPASSFILE="${MYPGPASS}" pg_dump \ - -U "${ENGINE_DB_USER}" \ - -h "${ENGINE_DB_HOST}" \ - -p "${ENGINE_DB_PORT}" \ - "${ENGINE_DB_DATABASE}" | \ + -U "${user}" \ + -h "${host}" \ + -p "${port}" \ + "${database}" | \ grep -Evi "${IGNORED_PATTERN}" | \ grep -iq '^create' && \ - logdie "Database is not empty" + logdie "Database '${database}' is not empty" } verifyVersion() { @@ -355,16 +607,20 @@ restoreDB() { local backupfile="$1" + local user="$2" + local host="$3" + local port="$4" + local database="$5" local psqllog="${TEMP_FOLDER}/psql-restore-log" PGPASSFILE="${MYPGPASS}" psql \ -w \ - -U "${ENGINE_DB_USER}" \ - -h "${ENGINE_DB_HOST}" \ - -p "${ENGINE_DB_PORT}" \ - -d "${ENGINE_DB_DATABASE}" \ + -U "${user}" \ + -h "${host}" \ + -p "${port}" \ + -d "${database}" \ -f "${backupfile}" \ >> "${psqllog}" 2>&1 \ - || logdie "Database restore failed" + || logdie "Database ${database} restore failed" cat "${psqllog}" >> "${LOG}" 2>&1 \ || logdie "Failed to append psql log to restore log" @@ -375,12 +631,12 @@ __EOF ) local numerrors=$(grep 'ERROR: ' "${psqllog}" | grep -Ev "${IGNORED_ERRORS}" | wc -l) - [ ${numerrors} -ne 0 ] && logdie "Errors while restoring database ${ENGINE_DB_DATABASE}" + [ ${numerrors} -ne 0 ] && logdie "Errors while restoring database ${database}" } restoreFiles() { local paths="$1" - echo "${paths}" | while read path; do + echo "${paths}" | while read -r path; do local dirname="$(dirname ${path})" local backup="${TEMP_FOLDER}/files/${path}" [ -e "${backup}" ] || continue @@ -391,7 +647,7 @@ done || logdie "Cannot read ${paths}" } -setMyDBCredentials() { +setMyEngineDBCredentials() { local options [ "${MY_DB_SECURED}" = "True" ] && \ @@ -421,20 +677,143 @@ eval "${MY_DB_CREDS}" } -changeDBConf() { +setMyDwhDBCredentials() { + local options + + [ "${MY_DWH_DB_SECURED}" = "True" ] && \ + options="${options}&ssl=true" + [ "${MY_DWH_DB_SECURED_VALIDATION}" != "True" ] && \ + options="${options}&sslfactory=org.postgresql.ssl.NonValidatingFactory" + + [ -n "${options}" ] && options="${options#&}" + + local encpass="$(sed 's;\(["\$]\);\\\1;g' << __EOF__ +${MY_DWH_DB_PASSWORD} +__EOF__ +)" + + MY_DWH_DB_CREDS="$(cat << __EOF__ +DWH_DB_HOST="${MY_DWH_DB_HOST}" +DWH_DB_PORT="${MY_DWH_DB_PORT}" +DWH_DB_USER="${MY_DWH_DB_USER}" +DWH_DB_PASSWORD="${encpass}" +DWH_DB_DATABASE="${MY_DWH_DB_DATABASE}" +DWH_DB_SECURED="${MY_DWH_DB_SECURED}" +DWH_DB_SECURED_VALIDATION="${MY_DWH_DB_SECURED_VALIDATION}" +DWH_DB_DRIVER="org.postgresql.Driver" +DWH_DB_URL="jdbc:postgresql://\${DWH_DB_HOST}:\${DWH_DB_PORT}/\${DWH_DB_DATABASE}?${options}" +__EOF__ +)" + eval "${MY_DWH_DB_CREDS}" +} + +setMyReportsDBCredentials() { + local options + + [ "${MY_REPORTS_DB_SECURED}" = "True" ] && \ + options="${options}&ssl=true" + [ "${MY_REPORTS_DB_SECURED_VALIDATION}" != "True" ] && \ + options="${options}&sslfactory=org.postgresql.ssl.NonValidatingFactory" + + [ -n "${options}" ] && options="${options#&}" + + local encpass="$(sed 's;\(["\$]\);\\\1;g' << __EOF__ +${MY_REPORTS_DB_PASSWORD} +__EOF__ +)" + + MY_REPORTS_DB_CREDS="$(cat << __EOF__ +REPORTS_DB_HOST="${MY_REPORTS_DB_HOST}" +REPORTS_DB_PORT="${MY_REPORTS_DB_PORT}" +REPORTS_DB_USER="${MY_REPORTS_DB_USER}" +REPORTS_DB_PASSWORD="${encpass}" +REPORTS_DB_DATABASE="${MY_REPORTS_DB_DATABASE}" +REPORTS_DB_SECURED="${MY_REPORTS_DB_SECURED}" +REPORTS_DB_SECURED_VALIDATION="${MY_REPORTS_DB_SECURED_VALIDATION}" +REPORTS_DB_DRIVER="org.postgresql.Driver" +REPORTS_DB_URL="jdbc:postgresql://\${REPORTS_DB_HOST}:\${REPORTS_DB_PORT}/\${REPORTS_DB_DATABASE}?${options}" +__EOF__ +)" + eval "${MY_REPORTS_DB_CREDS}" +} + +changeEngineDBConf() { local conf="${ENGINE_ETC}/engine.conf.d/10-setup-database.conf" [ -f "${conf}" ] || logdie "Can not find ${conf}" - local options local backup="${conf}.$(date +"%Y%m%d%H%M%S")" log "Backing up ${conf} to ${backup}" cp -a "${conf}" "${backup}" || die "Failed to backup ${conf}" output "Rewriting ${conf}" - echo "${MY_DB_CREDS}" > "${conf}" + printf "%s\n" "${MY_DB_CREDS}" > "${conf}" +} + +changeDwhDBConf() { + local conf="${DWH_CONFIG}.d/10-setup-database.conf" + [ -f "${conf}" ] || logdie "Can not find ${conf}" + + local backup="${conf}.$(date +"%Y%m%d%H%M%S")" + log "Backing up ${conf} to ${backup}" + cp -a "${conf}" "${backup}" || die "Failed to backup ${conf}" + output "Rewriting ${conf}" + if [ -z "${MY_DB_CREDS}" ]; then + MY_DB_HOST="${ENGINE_DB_HOST}" + MY_DB_PORT="${ENGINE_DB_PORT}" + MY_DB_USER="${ENGINE_DB_USER}" + MY_DB_PASSWORD="${ENGINE_DB_PASSWORD}" + MY_DB_DATABASE="${ENGINE_DB_DATABASE}" + MY_DB_SECURED="${ENGINE_DB_SECURED}" + MY_DB_SECURED_VALIDATION="${ENGINE_DB_SECURED_VALIDATION}" + setMyEngineDBCredentials + fi + printf "%s\n" "${MY_DB_CREDS}" > "${conf}" + printf "%s\n" "${MY_DWH_DB_CREDS}" >> "${conf}" +} + +changeReportsDBConf() { + local conf="${JASPER_PROPERTIES}" + [ -f "${conf}" ] || logdie "Can not find ${conf}" + + local backup="${conf}.$(date +"%Y%m%d%H%M%S")" + log "Backing up ${conf} to ${backup}" + cp -a "${conf}" "${backup}" || die "Failed to backup ${conf}" + output "Rewriting ${conf}" + cat << __EOF__ > "${conf}" +# File locations +reportsHome=/var/lib/ovirt-engine-reports +reportsWar=/var/lib/ovirt-engine-reports/ovirt-engine-reports.war +currentConf=/var/lib/ovirt-engine-reports/build-conf +appServerDir=/var/lib/ovirt-engine-reports + +appServerType=jboss7 + +# database type +dbType=postgresql + +# database location and connection settings +dbHost=${REPORTS_DB_HOST} +dbPort=${REPORTS_DB_PORT} +dbUsername=${REPORTS_DB_USER} +dbPassword=${REPORTS_DB_PASSWORD} +js.dbName=${REPORTS_DB_DATABASE} + +# web app name +# (set one of these to deploy to a non-default war file name) +webAppNameCE=ovirt-engine-reports +webAppNamePro=ovirt-engine-reports + +# Database +maven.jdbc.groupId=postgresql +maven.jdbc.artifactId=postgresql +maven.jdbc.version=9.2-1002.jdbc4 +deployJDBCDriver=false +__EOF__ } generatePgPass() { local password="${ENGINE_DB_PASSWORD}" + local dwh_password="${DWH_DB_PASSWORD}" + local reports_password="${REPORTS_DB_PASSWORD}" MYPGPASS="${TEMP_FOLDER}/.pgpass" touch "${MYPGPASS}" || logdie "Can't touch ${MYPGPASS}" @@ -449,11 +828,19 @@ # utility version. # if ! psql -V | grep -q ' 8\.'; then - password="$(echo "${password}" | sed -e 's/\\/\\\\/g' -e 's/:/\\:/g')" + password="$(printf "%s" "${password}" | sed -e 's/\\/\\\\/g' -e 's/:/\\:/g')" + dwh_password="$(printf "%s" "${dwh_password}" | sed -e 's/\\/\\\\/g' -e 's/:/\\:/g')" + reports_password="$(printf "%s" "${reports_password}" | sed -e 's/\\/\\\\/g' -e 's/:/\\:/g')" fi cat > "${MYPGPASS}" << __EOF__ ${ENGINE_DB_HOST}:${ENGINE_DB_PORT}:${ENGINE_DB_DATABASE}:${ENGINE_DB_USER}:${password} +__EOF__ + [ -n "${DWH_DB_USER}" ] && cat >> "${MYPGPASS}" << __EOF__ +${DWH_DB_HOST}:${DWH_DB_PORT}:${DWH_DB_DATABASE}:${DWH_DB_USER}:${dwh_password} +__EOF__ + [ -n "${REPORTS_DB_USER}" ] && cat >> "${MYPGPASS}" << __EOF__ +${REPORTS_DB_HOST}:${REPORTS_DB_PORT}:${REPORTS_DB_DATABASE}:${REPORTS_DB_USER}:${reports_password} __EOF__ } @@ -461,7 +848,7 @@ local m="$1" local date="$(date '+%Y-%m-%d %H:%M:%S')" local pid="$$" - echo "${date} ${pid}: ${m}" >> "${LOG}" + printf "%s\n" "${date} ${pid}: ${m}" >> "${LOG}" } logdie() { @@ -473,7 +860,7 @@ output() { local m="$1" log "${m}" - echo "${m}" + printf "%s\n" "${m}" } readdbpassword() { @@ -488,7 +875,7 @@ STTY_ORIG="$(stty -g)" stty -echo || die "Failed to disable terminal input echo" echo -n "Enter database password: " >&2 - read dbpass + read -r dbpass echo >&2 cat << __EOF__ ${dbpass} -- To view, visit http://gerrit.ovirt.org/25850 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I188a1823686b211fefb18ceb41e1a80afd9c5de5 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yedidyah Bar David <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
