From 75a4c8d709bb06904ecdaa06401277fcd3f26c33 Mon Sep 17 00:00:00 2001 From: Digimer Date: Thu, 25 Nov 2021 01:47:55 -0500 Subject: [PATCH] * Moved the logic to add the local database to a Striker's anvil.conf from striker-prep-database to Database->_add_to_local_config(). * Updated striker-prep-database to always set the user's password, independent of whether the database user was created. Signed-off-by: Digimer --- Anvil/Tools/Database.pm | 90 +++++++++++++++++++++++++++++++ tools/striker-prep-database | 102 +++++++++++------------------------- 2 files changed, 120 insertions(+), 72 deletions(-) diff --git a/Anvil/Tools/Database.pm b/Anvil/Tools/Database.pm index 479bb386..0d274766 100644 --- a/Anvil/Tools/Database.pm +++ b/Anvil/Tools/Database.pm @@ -93,6 +93,7 @@ my $THIS_FILE = "Database.pm"; # resync_databases # update_host_status # write +# _add_to_local_config # _age_out_data # _archive_table # _find_column @@ -778,6 +779,7 @@ If the method completes, C<< 0 >> is returned. If this method is called without This method takes no parameters. =cut +### TODO: Much of this logic is in striker-prep-database, consolidate! sub configure_pgsql { my $self = shift; @@ -798,6 +800,23 @@ sub configure_pgsql $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => $debug, priority => "alert", key => "log_0113"}); return(1); } + + # Make sure we have an entry in our own anvil.conf. + my $local_uuid = $anvil->Database->get_local_uuid(); + $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { local_uuid => $local_uuid }}); + + # If we didn't get the $local_uuid, then there is no entry for this system in anvil.conf yet, so we'll add it. + if (not $local_uuid) + { + $local_uuid = $anvil->Database->_add_to_local_config({debug => 2}); + $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { local_uuid => $local_uuid }}); + + if ($local_uuid eq "!!error!!") + { + # Already logged the error, return. + return('!!error!!'); + } + } # First, is it running and is it initialized? my $initialized = 0; @@ -16415,6 +16434,77 @@ sub write # Private functions # ############################################################################################################# +=head2 _add_to_local_config + +This adds this machine to the local C<< /etc/anvil/anvil.conf >> file. + +If successful, the host's UUID will be returned. If there's a problem, C<< !!error!! >> will be returned. + +=cut +sub _add_to_local_config +{ + my $self = shift; + my $parameter = shift; + my $anvil = $self->parent; + my $debug = defined $parameter->{debug} ? $parameter->{debug} : 3; + $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => $debug, key => "log_0125", variables => { method => "Database->_add_to_local_config()" }}); + + my $host_uuid = $anvil->Get->host_uuid(); + $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { host_uuid => $host_uuid }}); + if ((not exists $anvil->data->{database}{$host_uuid}{password}) or (not $anvil->data->{database}{$host_uuid}{password})) + { + # Use the default password used in kickstart scripts. + $anvil->data->{database}{$host_uuid}{password} = $anvil->data->{defaults}{kickstart}{password}; + $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, secure => 1, level => $debug, list => { + "database::${host_uuid}::password" => $anvil->data->{database}{$host_uuid}{password}, + }}); + } + + # Write the password to a file. + my $password_file = "/tmp/striker-manage-peers.".$anvil->Get->uuid; + $anvil->Storage->write_file({ + debug => $debug, + secure => 1, + file => $password_file, + body => $anvil->data->{database}{$host_uuid}{password}, + mode => "0600", + overwrite => 1, + }); + + # Make the shell call, and parse the output looking for our own entry + my $shell_call = $anvil->data->{path}{exe}{'striker-manage-peers'}." --add --host-uuid ".$anvil->Get->host_uuid." --host localhost --port 5432 --password-file ".$password_file." --ping 0".$anvil->Log->switches; + $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { + host_uuid => $host_uuid, + shell_call => $shell_call, + }}); + my ($output, $return_code) = $anvil->System->call({shell_call => $shell_call, source => $THIS_FILE, line => __LINE__}); + $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { + output => $output, + return_code => $return_code, + }}); + + # Remove the password. + unlink $password_file; + + # Re-read the config and make sure we have our own entry. + $anvil->refresh(); + + # If we still don't have a local_uuid, something went wrong. + $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { + "database::${host_uuid}::host" => $anvil->data->{database}{$host_uuid}{host}, + "database::${host_uuid}::port" => $anvil->data->{database}{$host_uuid}{port}, + "database::${host_uuid}::password" => $anvil->Log->is_secure($anvil->data->{database}{$host_uuid}{password}), + "database::${host_uuid}::ping" => $anvil->data->{database}{$host_uuid}{ping}, + }}); + if (not $anvil->data->{database}{$host_uuid}{host}) + { + $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, 'print' => 1, key => "error_0010"}); + return('!!error!!'); + } + + return($host_uuid); +} + =head2 _age_out_data diff --git a/tools/striker-prep-database b/tools/striker-prep-database index 22c3db58..abbb4034 100755 --- a/tools/striker-prep-database +++ b/tools/striker-prep-database @@ -10,6 +10,9 @@ # 3 = ScanCore user not set in the local ID in anvil.conf # 4 = Failed to create the database user. # 5 = PostgreSQL not installed. +# +# TODO: Much of this logic is duplicated in Database->configure_pgsql(), we should remove this tool entirely +# and use that. use strict; use warnings; @@ -41,8 +44,14 @@ $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list # If we didn't get the $local_uuid, then there is no entry for this system in anvil.conf yet, so we'll add it. if (not $local_uuid) { - $local_uuid = add_to_local_config($anvil); + $local_uuid = $anvil->Database->_add_to_local_config({debug => 2}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { local_uuid => $local_uuid }}); + + if ($local_uuid eq "!!error!!") + { + # Already logged the error, exit. + $anvil->nice_exit({exit_code => 1}); + } } # Now configure! @@ -61,7 +70,7 @@ if ($local_uuid) my $shell_call = $anvil->data->{path}{exe}{rpm}." -q postgresql-server"; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 1, list => { shell_call => $shell_call }}); - my ($output, $return_code) = $anvil->System->call({shell_call => $shell_call, debug => 2, source => $THIS_FILE, line => __LINE__}); + my ($output, $return_code) = $anvil->System->call({shell_call => $shell_call, debug => 3, source => $THIS_FILE, line => __LINE__}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 1, list => { output => $output, return_code => $return_code, @@ -336,28 +345,28 @@ if ($local_uuid) $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, priority => "err", key => "log_0096", variables => { user => $database_user }}); $anvil->nice_exit({exit_code => 4}); } - - # Update/set the passwords. - $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, secure => 1, list => { "database::${local_uuid}::password" => $anvil->data->{database}{$local_uuid}{password} }}); - if ($anvil->data->{database}{$local_uuid}{password}) + } + + # Update/set the passwords. + $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, secure => 1, list => { "database::${local_uuid}::password" => $anvil->data->{database}{$local_uuid}{password} }}); + if ($anvil->data->{database}{$local_uuid}{password}) + { + foreach my $user ("postgres", $database_user) { - foreach my $user ("postgres", $database_user) + my $shell_call = $anvil->data->{path}{exe}{su}." - postgres -c \"".$anvil->data->{path}{exe}{psql}." template1 -c \\\"ALTER ROLE $user WITH PASSWORD '".$anvil->data->{database}{$local_uuid}{password}."';\\\"\""; + $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { shell_call => $shell_call }}); + my ($update_output, $return_code) = $anvil->System->call({secure => 1, shell_call => $shell_call, debug => 2, source => $THIS_FILE, line => __LINE__}); + $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, secure => 1, list => { + update_output => $update_output, + return_code => $return_code, + }}); + foreach my $line (split/\n/, $user_list) { - my $shell_call = $anvil->data->{path}{exe}{su}." - postgres -c \"".$anvil->data->{path}{exe}{psql}." template1 -c \\\"ALTER ROLE $user WITH PASSWORD '".$anvil->data->{database}{$local_uuid}{password}."';\\\"\""; - $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { shell_call => $shell_call }}); - my ($update_output, $return_code) = $anvil->System->call({secure => 1, shell_call => $shell_call, debug => 2, source => $THIS_FILE, line => __LINE__}); - $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, secure => 1, list => { - update_output => $update_output, - return_code => $return_code, - }}); - foreach my $line (split/\n/, $user_list) + $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { line => $line }}); + if ($line =~ /ALTER ROLE/) { - $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { line => $line }}); - if ($line =~ /ALTER ROLE/) - { - # Password set - $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 1, key => "log_0100", variables => { user => $user }}); - } + # Password set + $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 1, key => "log_0100", variables => { user => $user }}); } } } @@ -636,54 +645,3 @@ sub configure_firewall return(0); } -# This adds this machine to the local anvil.conf file. -sub add_to_local_config -{ - my ($anvil) = @_; - - # Write the password to a file. - my $password_file = "/tmp/striker-manage-peers.".$anvil->Get->uuid; - $anvil->Storage->write_file({ - debug => 3, - secure => 1, - file => $password_file, - body => "Initial1", - mode => "0600", - overwrite => 1, - }); - - # Make the shell call, and parse the output looking for our own entry - my $host_uuid = $anvil->Get->host_uuid(); - my $shell_call = $anvil->data->{path}{exe}{'striker-manage-peers'}." --add --host-uuid ".$anvil->Get->host_uuid." --host localhost --port 5432 --password-file ".$password_file." --ping 0".$anvil->Log->switches; - $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { - host_uuid => $host_uuid, - shell_call => $shell_call, - }}); - my ($output, $return_code) = $anvil->System->call({shell_call => $shell_call, source => $THIS_FILE, line => __LINE__}); - $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { - output => $output, - return_code => $return_code, - }}); - - # Remove the password. - unlink $password_file; - - # Re-read the config and make sure we have our own entry. - $anvil->refresh(); - - # If we still don't have a local_uuid, something went wrong. - $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { - "database::${host_uuid}::host" => $anvil->data->{database}{$host_uuid}{host}, - "database::${host_uuid}::port" => $anvil->data->{database}{$host_uuid}{port}, - "database::${host_uuid}::password" => $anvil->Log->is_secure($anvil->data->{database}{$host_uuid}{password}), - "database::${host_uuid}::ping" => $anvil->data->{database}{$host_uuid}{ping}, - }}); - if (not $anvil->data->{database}{$host_uuid}{host}) - { - $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, 'print' => 1, key => "error_0010"}); - $anvil->nice_exit({exit_code => 1}); - } - - return($host_uuid); -} -