diff --git a/containers/doc/rds.sh b/containers/doc/rds.sh new file mode 100644 index 000000000000..f3e833629627 --- /dev/null +++ b/containers/doc/rds.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +# Prepare the internal database +echo "CREATE DATABASE $MANAGER_DB_NAME ENCODING = UTF8 ;" | ( export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -h $MANAGER_DB_HOST -U $EXTERNALDB_ADMIN_USER) +echo "CREATE ROLE $MANAGER_USER PASSWORD '$MANAGER_PASS' NOCREATEDB NOCREATEROLE INHERIT LOGIN;" | ( export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -h $MANAGER_DB_HOST -U $EXTERNALDB_ADMIN_USER) +echo "GRANT rds_superuser to $MANAGER_USER;" | ( export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -h $MANAGER_DB_HOST -U $EXTERNALDB_ADMIN_USER) +echo "GRANT create on database $MANAGER_DB_NAME to $MANAGER_USER;" | ( export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -h $MANAGER_DB_HOST -U $EXTERNALDB_ADMIN_USER) + +# Prepare the report database +echo "CREATE DATABASE $PGNAME ENCODING = UTF8 ;" | ( export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -h $HOST -U $EXTERNALDB_ADMIN_USER) +echo "CREATE EXTENSION IF NOT EXISTS plpgsql;" | ( export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -h $HOST -U $EXTERNALDB_ADMIN_USER -d $PGNAME) +echo "CREATE ROLE $PGUSER PASSWORD '$PGPASSWORD' NOCREATEDB NOCREATEROLE INHERIT LOGIN;" | ( export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -h $HOST -U $EXTERNALDB_ADMIN_USER) +echo "GRANT rds_superuser to $PGUSER;" | ( export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -h $HOST -U $EXTERNALDB_ADMIN_USER) +echo "GRANT create on database $PGNAME to $PGUSER;" | ( export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -h $HOST -U $EXTERNALDB_ADMIN_USER) diff --git a/containers/server-image/Dockerfile b/containers/server-image/Dockerfile index 7b4575bda0fb..7b4edaabec99 100644 --- a/containers/server-image/Dockerfile +++ b/containers/server-image/Dockerfile @@ -20,8 +20,6 @@ RUN echo "rpm.install.excludedocs = yes" >>/etc/zypp/zypp.conf && \ ${PRODUCT_PATTERN_PREFIX}_retail \ spacewalk-backend-sql-postgresql \ spacewalk-java-postgresql \ - postgresql16-contrib \ - postgresql16-server \ postgresql16 \ billing-data-service \ grub2-x86_64-efi \ diff --git a/containers/server-image/server-image.changes.cbosdo.postgresql b/containers/server-image/server-image.changes.cbosdo.postgresql new file mode 100644 index 000000000000..218561d4b35f --- /dev/null +++ b/containers/server-image/server-image.changes.cbosdo.postgresql @@ -0,0 +1 @@ +- Move the database to a separate container diff --git a/python/spacewalk/satellite_tools/spacewalk-debug b/python/spacewalk/satellite_tools/spacewalk-debug index 6f93d08d8f51..b8684427c3b4 100755 --- a/python/spacewalk/satellite_tools/spacewalk-debug +++ b/python/spacewalk/satellite_tools/spacewalk-debug @@ -329,11 +329,6 @@ rpm -qa | sort > $DIR/rpm-manifest-clean echo " * querying schema version, database charactersets and database" /usr/bin/rhn-schema-version > $DIR/database-schema-version /usr/bin/rhn-charsets > $DIR/database-character-sets -if [ "$(spacewalk-cfg-get externaldb)" = "0" ] ; then - if [ -f /usr/bin/smdba ] ; then - /usr/bin/smdba space-overview > $DIR/db-control-report - fi -fi if [ -f /usr/bin/spacewalk-sql ] ; then USERS_TZ_LC_SQL=""" diff --git a/schema/spacewalk/postgres/class/evr_t.sql b/schema/spacewalk/postgres/class/evr_t.sql deleted file mode 100644 index e83058060d33..000000000000 --- a/schema/spacewalk/postgres/class/evr_t.sql +++ /dev/null @@ -1,199 +0,0 @@ --- --- Copyright (c) 2008--2013 Red Hat, Inc. --- --- This software is licensed to you under the GNU General Public License, --- version 2 (GPLv2). There is NO WARRANTY for this software, express or --- implied, including the implied warranties of MERCHANTABILITY or FITNESS --- FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 --- along with this software; if not, see --- http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. --- --- Red Hat trademarks are not licensed under GPLv2. No permission is --- granted to use or replicate Red Hat trademarks that are incorporated --- in this software or its documentation. --- - -create type evr_t as ( - epoch varchar(16), - version varchar(512), - release varchar(512), - type varchar(10) -); - -create or replace function evr_t(e varchar, v varchar, r varchar, t varchar) -returns evr_t as $$ -select row($1,$2,$3,$4)::evr_t -$$ language sql; - -create or replace function evr_t_compare( a evr_t, b evr_t ) -returns int as $$ -begin - if a.type = b.type then - if a.type = 'rpm' then - return rpm.vercmp(a.epoch, a.version, a.release, b.epoch, b.version, b.release); - elsif a.type = 'deb' then - return deb.debvercmp(a.epoch, a.version, a.release, b.epoch, b.version, b.release); - else - raise EXCEPTION 'unknown evr type (using rpm) -> %', a.type; - end if; - else - raise NOTICE 'comparing incompatible evr types. Using %', a.type; - if a.type = 'deb' then - return -1; - else - return 1; - end if; - end if; -end; -$$ language plpgsql immutable strict; - -create or replace function evr_t_lt( a evr_t, b evr_t ) -returns boolean as $$ -begin - return evr_t_compare( a, b ) < 0; -end; -$$ language plpgsql immutable strict; - -create or replace function evr_t_le( a evr_t, b evr_t ) -returns boolean as $$ -begin - return evr_t_compare( a, b ) <= 0; -end; -$$ language plpgsql immutable strict; - -create or replace function evr_t_eq( a evr_t, b evr_t ) -returns boolean as $$ -begin - return evr_t_compare( a, b ) = 0; -end; -$$ language plpgsql immutable strict; - -create or replace function evr_t_ne( a evr_t, b evr_t ) -returns boolean as $$ -begin - return evr_t_compare( a, b ) != 0; -end; -$$ language plpgsql immutable strict; - -create or replace function evr_t_ge( a evr_t, b evr_t ) -returns boolean as $$ -begin - return evr_t_compare( a, b ) >= 0; -end; -$$ language plpgsql immutable strict; - -create or replace function evr_t_gt( a evr_t, b evr_t ) -returns boolean as $$ -begin - return evr_t_compare( a, b ) > 0; -end; -$$ language plpgsql immutable strict; - -create operator < ( - leftarg = evr_t, - rightarg = evr_t, - procedure = evr_t_lt, - commutator = >, - negator = >=, - restrict = scalarltsel, - join = scalarltjoinsel -); - -create operator <= ( - leftarg = evr_t, - rightarg = evr_t, - procedure = evr_t_le, - commutator = >=, - negator = >, - restrict = scalarltsel, - join = scalarltjoinsel -); - -create operator = ( - leftarg = evr_t, - rightarg = evr_t, - procedure = evr_t_eq, - commutator = =, - negator = <>, - restrict = eqsel, - join = eqjoinsel -); - -create operator >= ( - leftarg = evr_t, - rightarg = evr_t, - procedure = evr_t_ge, - commutator = <=, - negator = <, - restrict = scalargtsel, - join = scalargtjoinsel -); - -create operator > ( - leftarg = evr_t, - rightarg = evr_t, - procedure = evr_t_gt, - commutator = <, - negator = <=, - restrict = scalargtsel, - join = scalargtjoinsel -); - -create operator <> ( - leftarg = evr_t, - rightarg = evr_t, - procedure = evr_t_ne, - commutator = <>, - negator = =, - restrict = eqsel, - join = eqjoinsel -); - - -create operator class evr_t_ops -default for type evr_t using btree as - operator 1 <, - operator 2 <=, - operator 3 =, - operator 4 >=, - operator 5 >, - function 1 evr_t_compare( evr_t, evr_t ) -; - -create or replace function evr_t_as_vre( a evr_t ) returns varchar as $$ -begin - return a.version || '-' || a.release || ':' || coalesce(a.epoch, ''); -end; -$$ language plpgsql immutable strict; - -create or replace function evr_t_as_vre_simple( a evr_t ) returns varchar as $$ -declare - vre_out VARCHAR(256); -begin - vre_out := a.version || '-' || a.release; - if a.epoch is not null - then - vre_out := vre_out || ':' || a.epoch; - end if; - return vre_out; -end; -$$ language plpgsql immutable strict; - -create or replace function evr_t_larger(a evr_t, b evr_t) -returns evr_t -as $$ -begin - if a > b - then - return a; - else - return b; - end if; -end; -$$ language plpgsql immutable strict; - -create aggregate max ( - sfunc=evr_t_larger, - basetype=evr_t, - stype=evr_t -); diff --git a/schema/spacewalk/spacewalk-sql b/schema/spacewalk/spacewalk-sql index 447dedd36a70..fc700da38c4f 100755 --- a/schema/spacewalk/spacewalk-sql +++ b/schema/spacewalk/spacewalk-sql @@ -55,12 +55,6 @@ if ($reportdb) { $options{$n} = $options{'report_'.$n} if (defined $options{'report_'.$n}); } } -if ($options{'externaldb_admin_user'}) { - $options{'db_user'} = $options{'externaldb_admin_user'} -} -if ($options{'externaldb_admin_password'}) { - $options{'db_password'} = $options{'externaldb_admin_password'} -} my @missing; for my $n (qw( db_backend db_name db_user db_password )) { if (not defined $options{$n}) { diff --git a/spacewalk/admin/spacewalk-startup-helper b/spacewalk/admin/spacewalk-startup-helper index 607c2f0275c3..b6edece52127 100755 --- a/spacewalk/admin/spacewalk-startup-helper +++ b/spacewalk/admin/spacewalk-startup-helper @@ -114,26 +114,6 @@ check_database() { # Check, if the report DB was already setup if egrep -m1 "^report_db_host[[:space:]]*=[[:space:]]*[a-zA-Z0-9_-]+" /etc/rhn/rhn.conf; then REPORTDB_EXISTS='y' - else - # Check, if the DB is local and we should setup the reporting DB automated - if egrep -m1 "^db_host[[:space:]]*=[[:space:]]*localhost" /etc/rhn/rhn.conf; then - # Do not use 'md5' auth anymore, migrate to 'scram-sha-256' if needed - db_migrate_md5_to_scram - - # if the main database is local, we setup the report DB automatically - /usr/bin/uyuni-setup-reportdb create --db reportdb --user pythia_susemanager --autogenpw \ - --address '*' --remote '0.0.0.0/0,::/0' && { - REPORTDB_EXISTS='y' - } - - if [ $? -ne 0 ]; then - echo "Report Database creation has failed. Please check the logs." - exit 1 - fi - - else - logger -p user.notice "Database not local - skipping setup of report database" - fi fi if [ $REPORTDB_EXISTS == 'y' ]; then diff --git a/spacewalk/certs-tools/mgr_ssl_cert_setup.py b/spacewalk/certs-tools/mgr_ssl_cert_setup.py index f3a10b4e459c..bd93d8a40861 100755 --- a/spacewalk/certs-tools/mgr_ssl_cert_setup.py +++ b/spacewalk/certs-tools/mgr_ssl_cert_setup.py @@ -558,23 +558,6 @@ def deployApache(apache_cert_content, server_key_content): ) -# pylint: disable-next=invalid-name -def deployPg(server_key_content): - pg_uid, pg_gid = getUidGid("postgres", "postgres") - if pg_uid and pg_gid: - # deploy only the key with different permissions - # the certificate is the same as for apache - if os.path.exists(PG_KEY_FILE): - os.remove(PG_KEY_FILE) - # pylint: disable-next=unspecified-encoding - with open(PG_KEY_FILE, "w", encoding="utf-8") as f: - f.write(server_key_content) - os.chmod(PG_KEY_FILE, int("0600", 8)) - os.chown(PG_KEY_FILE, pg_uid, pg_gid) - - log("""$> systemctl restart postgresql.service """) - - # pylint: disable-next=invalid-name def deployCAInDB(certData): if not os.path.exists("/usr/bin/rhn-ssl-dbstore"): @@ -716,7 +699,6 @@ def _main(): sys.exit(1) deployApache(apache_cert_content, files_content.server_key) - deployPg(files_content.server_key) deployCAUyuni(certData) if not options.skip_db: deployCAInDB(certData) diff --git a/spacewalk/config/var/lib/rhn/rhn-satellite-prep/etc/rhn/rhn.conf b/spacewalk/config/var/lib/rhn/rhn-satellite-prep/etc/rhn/rhn.conf index 13f57d72489e..20bd760e49e2 100644 --- a/spacewalk/config/var/lib/rhn/rhn-satellite-prep/etc/rhn/rhn.conf +++ b/spacewalk/config/var/lib/rhn/rhn-satellite-prep/etc/rhn/rhn.conf @@ -36,16 +36,7 @@ report_db_port = @@report_db_port@@ report_db_ssl_enabled = @@report_db_ssl_enabled@@ report_db_sslrootcert = @@report_db_sslrootcert@@ -externaldb = @@externaldb@@ -externaldb_admin_user = @@externaldb_admin_user@@ -externaldb_admin_password = @@externaldb_admin_password@@ - -server.nls_lang = @@serverDOTnls_lang@@ - -hibernate.dialect=@@hibernate_dialect@@ -hibernate.connection.driver_class=@@hibernate_driver@@ -hibernate.connection.driver_proto=@@hibernate_driver_proto@@ - +server.nls_lang = english.UTF8 web.satellite = 1 web.satellite_install = @@satellite_install@@ @@ -62,7 +53,7 @@ session_secret_4 = @@session_secret_4@@ server.secret_key = @@server_secret_key@@ -encrypted_passwords = @@encrypted_passwords@@ +encrypted_passwords = 1 web.restrict_mail_domains = @@ -70,7 +61,7 @@ web.restrict_mail_domains = enable_snapshots = 1 #cobbler host name -cobbler.host = @@cobblerDOThost@@ +cobbler.host = localhost # Web UI hostname java.hostname = @@javaDOThostname@@ diff --git a/spacewalk/setup/bin/spacewalk-setup b/spacewalk/setup/bin/spacewalk-setup index cb55d0db60f7..e84259dd15a9 100755 --- a/spacewalk/setup/bin/spacewalk-setup +++ b/spacewalk/setup/bin/spacewalk-setup @@ -77,8 +77,6 @@ setup_cc(\%opts, \%answers); setup_default_proxy(\%answers); -Spacewalk::Setup::postgresql_setup_db(\%opts, \%answers); - if ($opts{'db-only'}) { exit; } @@ -104,9 +102,6 @@ if(not $opts{"skip-initial-configuration"}) { print Spacewalk::Setup::loc("* Configuring apache SSL virtual host.\n"); setup_mod_ssl(\%opts, \%answers); -Spacewalk::Setup::postgresql_reportdb_setup(\%opts, \%answers); -print Spacewalk::Setup::loc("* Report DB Configured. \n"); - print Spacewalk::Setup::loc("* Update configuration in database.\n"); final_db_config(\%opts, \%answers); @@ -282,13 +277,6 @@ sub populate_initial_configs { my $opts = shift; my $answers = shift; - # TODO: This may need to be addressed. Can query this for postgresql with - # "show client_encoding;": - my $charset = 'UTF8'; - - # Define some db specific settings: - Spacewalk::Setup::set_hibernate_conf($answers); - # Set the document root depending on OS. my $DOC_ROOT = $Spacewalk::Setup::SUSE_DOC_ROOT; @@ -300,7 +288,6 @@ sub populate_initial_configs { serverDOTsatelliteDOThttp_proxy_username => $answers->{'rhn-http-proxy-username'} || '', serverDOTsatelliteDOThttp_proxy_password => $answers->{'rhn-http-proxy-password'} || '', javaDOThostname => $answers->{hostname}, - encrypted_passwords => 1, db_backend => $answers->{'db-backend'}, db_user => $answers->{'db-user'}, db_password => $answers->{'db-password'}, @@ -308,17 +295,9 @@ sub populate_initial_configs { db_host => $answers->{'db-host'}, db_port => $answers->{'db-port'}, db_ssl_enabled => $answers->{'db-ssl-enabled'}, - externaldb => $answers->{'externaldb'}, - externaldb_admin_user => $answers->{'externaldb-admin-user'}, - externaldb_admin_password => $answers->{'externaldb-admin-password'}, db_sslrootcert => $answers->{'db-ca-cert'}, - hibernate_dialect => $answers->{'hibernate.dialect'}, - hibernate_driver => $answers->{'hibernate.connection.driver_class'}, - hibernate_driver_proto => $answers->{'hibernate.connection.driver_proto'}, traceback_mail => $answers->{'admin-email'}, - serverDOTnls_lang => 'english.' . $charset, server_secret_key => generate_secret(), - cobblerDOThost => 'localhost', report_db_backend => $answers->{'db-backend'}, report_db_user => $answers->{'report-db-user'}, report_db_password => $answers->{'report-db-password'}, @@ -496,27 +475,3 @@ sub valid_multiple_email { return $valid; } - -sub wait_for_tomcat { - - for (my $i = 0; $i < 20; $i++) { - IO::Socket::INET->new( - PeerAddr => 'localhost', - PeerPort => '8009', - Proto => 'tcp' - ) and last; - sleep 5; - } - - for (my $i = 0; $i < 20; $i++) { - my $retval = system("/usr/bin/curl -fkIL http://localhost/ > /dev/null 2>&1"); - if ($retval) { - sleep 5; - } - else { - return 1; - } - } - print "Tomcat failed to start properly or the installer ran out of tries. Please check /var/log/tomcat/catalina.out or /var/log/tomcat/catalina.\$(date +%Y-%m-%d).log for errors.\n"; - return 0; -} diff --git a/spacewalk/setup/lib/Spacewalk/Setup.pm b/spacewalk/setup/lib/Spacewalk/Setup.pm index 64f9f681871e..c1e869ac7310 100644 --- a/spacewalk/setup/lib/Spacewalk/Setup.pm +++ b/spacewalk/setup/lib/Spacewalk/Setup.pm @@ -572,169 +572,11 @@ sub postgresql_get_database_answers { return; } -sub postgresql_get_reportdb_answers { - my $opts = shift; - my $answers = shift; - - my %config = (); - read_config(DEFAULT_RHN_CONF_LOCATION, \%config); - - ask( - -question => "Hostname (leave empty for local)", - -test => sub { 1 }, - -answer => \$answers->{'report-db-host'}); - - if ($answers->{'report-db-host'} ne '') { - $answers->{'report-db-host'} = idn_to_ascii($answers->{'report-db-host'}, "utf8"); - ask( - -question => "Port", - -test => qr/\d+/, - -default => 5432, - -answer => \$answers->{'report-db-port'}); - } else { - $answers->{'report-db-port'} = ''; - } - - ask( - -question => "Database", - -test => qr/\S+/, - -default => $config{'report_db_name'}, - -answer => \$answers->{'report-db-name'}); - - ask( - -question => "Username", - -test => qr/\S+/, - -default => $config{'report_db_user'}, - -answer => \$answers->{'report-db-user'}); - - ask( - -question => "Password (leave empty for autogenerated password)", - -test => sub { 1 }, - -answer => \$answers->{'report-db-password'}); - - ask( - -question => "Path to CA certificate to connect to the reporting database", - -test => sub { return (-f shift) }, - -default => "/etc/pki/trust/anchors/LOCAL-RHN-ORG-TRUSTED-SSL-CERT", - -answer => \$answers->{'report-db-ca-cert'}); - $answers->{'report-db-ssl-enabled'} = '1'; - return; -} ############################ # PostgreSQL Specific Code # ############################ -# Parent PostgreSQL setup function: -sub postgresql_setup_db { - my $opts = shift; - my $answers = shift; - - print Spacewalk::Setup::loc("** Database: Setting up database connection for PostgreSQL backend.\n"); - my $connected; - - while (not $connected) { - postgresql_get_database_answers($opts, $answers); - - my $dbh; - - eval { - $dbh = get_dbh($answers); - $dbh->disconnect(); - }; - if ($@) { - print Spacewalk::Setup::loc("Could not connect to the database. Your connection information may be incorrect. Error: %s\n", $@); - - delete @{$answers}{qw/db-host db-port db-name db-user db-password/}; - } - else { - $connected = 1; - } - } - - set_hibernate_conf($answers); - write_rhn_conf($answers, 'db-backend', 'db-host', 'db-port', 'db-name', 'db-user', 'db-password', 'db-ssl-enabled'); - return 1; -} - -sub postgresql_reportdb_setup { - my $opts = shift; - my $answers = shift; - - print Spacewalk::Setup::loc("** Database: Setting up report database.\n"); - # check for answers, but use defaults in case the values are not specified - - postgresql_get_reportdb_answers($opts, $answers); - - if ($opts->{"clear-db"}) { - print Spacewalk::Setup::loc("** Database: --clear-db option used. Clearing report database.\n"); - postgresql_drop_reportdb($answers); - } - - $ENV{PGSSLROOTCERT} = $answers->{'report-db-ca-cert'}; - if ($answers->{'report-db-host'} ne 'localhost') { - $ENV{PGSSLMODE} = "verify-full"; - } - - write_rhn_conf($answers, 'externaldb-admin-user','externaldb-admin-password', 'report-db-backend', 'report-db-host', 'report-db-port', 'report-db-name', 'report-db-user', 'report-db-password', 'report-db-ssl-enabled'); - - my @cmd = ('/usr/bin/uyuni-setup-reportdb', 'create', '--db', $answers->{'report-db-name'}, - '--user', $answers->{'report-db-user'}, '--host', $answers->{'report-db-host'}); - - if ($answers->{'externaldb'}) { - push @cmd, "--externaldb-admin-user", $answers->{'externaldb-admin-user'}, - "--externaldb-admin-password", $answers->{'externaldb-admin-password'}, - "--externaldb-root-cert", $answers->{'report-db-ca-cert'}; - - if ($answers->{'externaldb-provider'} ne '') { - push @cmd, "--externaldb-provider", $answers->{'externaldb-provider'}; - } - } - else { - push @cmd, "--address", '*', "--remote", '0.0.0.0/0,::/0'; - } - - if ($answers->{'report-db-password'} ne '') { - push @cmd, "--password", $answers->{'report-db-password'}; - } - else { - push @cmd, "--autogenpw"; - } - - system(@cmd) == 0 or die "Could not install report database"; - - if (-e Spacewalk::Setup::DEFAULT_RHN_CONF_LOCATION) { - my %dbOptions = (); - ### uyuni-setup-reportdb writes param in rhn.conf. We need to read them and persists them in satellite-local-rules.conf - read_config(Spacewalk::Setup::DEFAULT_RHN_CONF_LOCATION, \%dbOptions); - ### here we need _ instead of - cause we read them from rhn.conf - write_rhn_conf(\%dbOptions, 'report_db_backend', 'report_db_host', 'report_db_port', 'report_db_name', 'report_db_user', 'report_db_password', 'report_db_ssl_enabled','report_db_sslrootcert'); - } - print loc("** Database: Installation complete.\n"); - - return 1; -} - -sub postgresql_start { - my $pgservice=`systemctl list-unit-files | grep postgresql | cut -f1 -d. | tr -d '\n'`; - system("service $pgservice status >&/dev/null"); - system("service $pgservice start >&/dev/null") if ($? >> 8); - return ($? >> 8); -} - -sub postgresql_drop_reportdb { - my $answers = shift; - my @cmd = ('/usr/bin/uyuni-setup-reportdb', 'remove', '--db', $answers->{'report-db-name'}, - '--user', $answers->{'report-db-user'}, '--host', $answers->{'report-db-host'}); - - if ($answers->{'externaldb'}) { - push @cmd, "--externaldb-admin-user", $answers->{'externaldb-admin-user'}, - "--externaldb-admin-password", $answers->{'externaldb-admin-password'}; - } - system_debug(@cmd); - return 1; -} - sub get_dbh { my $answers = shift; my $reportdb = shift || 0; @@ -827,18 +669,6 @@ sub write_rhn_conf { write_config(\%config, Spacewalk::Setup::DEFAULT_SATCON_DICT); } -# Set hibernate strings into answers according to DB backend. -sub set_hibernate_conf { - my $answers = shift; - - if ($answers->{'db-backend'} eq 'postgresql'){ - $answers->{'hibernate.dialect'} = "org.hibernate.dialect.PostgreSQLDialect"; - $answers->{'hibernate.connection.driver_class'} = "org.postgresql.Driver"; - $answers->{'hibernate.connection.driver_proto'} = "jdbc:postgresql"; - } - write_rhn_conf($answers, 'hibernate.dialect', 'hibernate.connection.driver_class', 'hibernate.connection.driver_proto'); -} - =head1 DESCRIPTION Spacewalk::Setup is a module which provides the guts of the diff --git a/spacewalk/setup/spacewalk-setup.changes.cbosdo.postgresql b/spacewalk/setup/spacewalk-setup.changes.cbosdo.postgresql new file mode 100644 index 000000000000..f2eebb0e4657 --- /dev/null +++ b/spacewalk/setup/spacewalk-setup.changes.cbosdo.postgresql @@ -0,0 +1 @@ +- Remove unused code related to the database move to a separate container diff --git a/spacewalk/uyuni-setup-reportdb/bin/uyuni-setup-reportdb b/spacewalk/uyuni-setup-reportdb/bin/uyuni-setup-reportdb deleted file mode 100755 index ae7c2cdb9424..000000000000 --- a/spacewalk/uyuni-setup-reportdb/bin/uyuni-setup-reportdb +++ /dev/null @@ -1,610 +0,0 @@ -#!/bin/bash - -set -e - -help() { - echo "Usage: $(basename $0) create [options]" >&2 - echo " $(basename $0) remove [options]" >&2 - echo " $(basename $0) check [options]" >&2 - echo "" - echo "Options for the 'create' command:" - echo " --db Name of the database to create" - echo " --user Database user to create" - echo " --password Password for the database user" - echo " --autogenpw Auto generate a password for the database user" - echo " --standalone Configure the database server independent of Uyuni or SUSE Manager Server Database" - echo " --host The database host" - echo " --externaldb-admin-user The db admin user when configuring the report database using an external database server" - echo " --externaldb-admin-password The db admin password when configuring the report database using an external database server" - echo " --externaldb-root-cert The root certificate to use when connecting to the external database server" - echo " --externaldb-provider The Cloud provider that is hosting the external report database" - echo " --address Comma-separated list of local addresses to listen on" - echo " Use '*' for all addresses" - echo " --remote Comma-separated list of remote addresses to allow connections from" - echo " Use address/netmask format" - echo "" - echo "Options for the 'remove' command:" - echo " --db Name of the database to remove" - echo " --user Name of the user to remove" - echo "" - echo "Options for the 'check' command:" - echo " --db Name of the database to check for" - echo " --user Name of the user to check for" -} - -ask() { - if $1; then - read -e -p "$2" $3 - else - read -e -s -p "$2" $3 && echo - fi -} - -isSUSE() { - if [ ! -e '/etc/os-release' ]; then - return 1 - fi - if `grep -iq '^ID_LIKE=.*suse' /etc/os-release`; then - return 0 - fi - return 1 -} - -ask_check() { - while true; do - ask "$1" "$2" $3 || echo - [[ "${!3}" =~ $4 ]] && break - done -} - -def_regexes() { - local digit seqence n - local IPv4_addr IPv4_mask IPv6_addr IPv6_mask - digit='([0-9]|[1-9][0-9]|1[0-9][0-9]|2([0-4][0-9]|5[0-5]))' - IPv4_addr="($digit\\.){3}$digit" - IPv4_mask='([0-9]|[12][0-9]|3[012])' - - seqence='[[:digit:]abcdefABCDEF]{1,4}' - IPv6_addr="$seqence(:$seqence){7}|::" - - # shortened - IPv6_addr+="|:(:$seqence){1,7}" - for n in 1 2 3 4 5 6; do - IPv6_addr+="|($seqence:){$n}(:|(:$seqence){1,$((7-n))})" - done - IPv6_addr+="|($seqence:){7}:" - - # with IPv4 mixed - - IPv6_addr+="|($seqence:){6}$IPv4_addr|::$IPv4_addr" - for n in 1 2 3 4 5; do - IPv6_addr+="|($seqence:){$n}(:$seqence){0,$((5-n))}:$IPv4_addr" - done - - # final wrap - IPv6_addr="($IPv6_addr)" - IPv6_mask="([0-9]|[1-9][0-9]|1[01][0-9]|12[0-8])" - - local addr="[[:space:]]*($IPv4_addr|$IPv6_addr)[[:space:]]*" - Local_RE="([[:space:]]*|($addr,)*$addr)" - local masked="[[:space:]]*($IPv4_addr/$IPv4_mask|$IPv6_addr/$IPv6_mask)[[:space:]]*" - Remote_RE="(($masked,)*$masked)" -} -def_regexes -unset -f def_regexes - -PG_DATA=$(runuser -l postgres -c env | grep PGDATA | cut -f2- -d=) -PG_HBA="$PG_DATA/pg_hba.conf" -PG_IDENT="$PG_DATA/pg_ident.conf" -POSTGRESQL="$PG_DATA/postgresql.conf" -PORT=5432 -PG_PIDFILE="/run/postmaster.$PORT.pid" -if isSUSE ; then - PG_PIDFILE="$PG_DATA/postmaster.pid" -fi -PG_SOCKET="/tmp/.s.PGSQL.$PORT" -SPACEWALK_TARGET="/usr/lib/systemd/system/spacewalk.target" -SERVICE_LIST="/etc/rhn/service-list" -RHN_CONF="/etc/rhn/rhn.conf" - -LSOF="/usr/sbin/lsof" -if [ -x /usr/bin/lsof ]; then - LSOF="/usr/bin/lsof" -fi -RUNUSER=runuser -SSL_CERT=/etc/pki/tls/certs/spacewalk.crt -SSL_KEY=/etc/pki/tls/private/pg-spacewalk.key -CA_CERT=/etc/pki/trust/anchors/LOCAL-RHN-ORG-TRUSTED-SSL-CERT -if [ ! -d /etc/pki/trust/anchors ]; then - CA_CERT=/etc/pki/ca-trust/source/anchors/LOCAL-RHN-ORG-TRUSTED-SSL-CERT -fi - - -create() { - if [ $EXTERNALDB = "0" ] ; then - if $LOCAL ; then - ADDRESS="127.0.0.1" - REMOTE="127.0.0.1/32,::1/128" - HOST="localhost" - else - [ ! -s "$SSL_CERT" ] && { - echo "SSL Certificate ($SSL_CERT) is required to setup the reporting database" >&2 - exit 1 - } - [ ! -s "$CA_CERT" ] && { - echo "The SSL CA Certificate ($CA_CERT) is required to setup the reporting database" >&2 - exit 1 - } - [ ! -s "$SSL_KEY" ] && { - if [ -s /etc/pki/tls/private/spacewalk.key ]; then - # SUMA 4.2 and earlier did not create the postgresql private key file - cp /etc/pki/tls/private/spacewalk.key $SSL_KEY - chown postgres:postgres $SSL_KEY - chmod 0600 $SSL_KEY - else - echo "SSL Private Key ($SSL_KEY) not found" >&2 - exit 1 - fi - } - fi - fi - - [ -z "$PGNAME" ] && ask true "Database name: " PGNAME - [ -z "$PGUSER" ] && ask true "Database user: " PGUSER - [ -z "$PGPASSWORD" ] && ask false "Database password: " PGPASSWORD - - if [ $EXTERNALDB = "0" ] ; then - [ -z "$ADDRESS" ] && ask_check true "Local addresses to listen on (comma-separated, RETURN for all): " ADDRESS "^$Local_RE\$" - [ -z "$ADDRESS" ] && ADDRESS="*" - [ -z "$REMOTE" ] && ask_check true "Remote addresses to allow connection from (address/netmask format, comma-separated): " REMOTE "^$Remote_RE\$" - fi - - if exists_db ; then - echo "Database '$PGNAME' already exists" - exit 1 - fi - if exists_user ; then - echo "User '$PGUSER' already exists. Re-using configured password" - exit 1 - fi - - if [ $EXTERNALDB = "0" ] ; then - postgresql_service enable - - if [ ! -d "$PG_DATA/base" ]; then - PGHOME=$(getent passwd postgres | awk -F: '{print $6}') - echo -e 'LC_CTYPE=en_US.UTF-8\nexport LC_CTYPE' >$PGHOME/.i18n - postgresql_service initdb - fi - - if $STANDALONE; then - sed -i 's/^\(\s*listen_addresses.*\)$/### next line has been commented out by uyuni-setup-reportdb ###\n##\1/' $POSTGRESQL - sed -i 's/^\(\s*max_connections.*\|\s*shared_buffers.*\)$/### next line has been commented out by uyuni-setup-reportdb ###\n##\1/' $POSTGRESQL - - cat >> $POSTGRESQL < $RHN_CONF < /dev/null ; then - while [ -f "$PG_PIDFILE" ] ; do - # wait for postmaster to be ready - pg_isready -q -U $(grep -oP '^db_user ?= ?\K.*' $RHN_CONF) && break - sleep 1 - done - fi - fi - - if ! exists_db ; then - if [ $EXTERNALDB = "0" ] ; then - $RUNUSER postgres -c "createdb -E UTF8 '$PGNAME'" - else - echo "CREATE DATABASE $PGNAME ENCODING = UTF8 ;" | ( export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -h $HOST -U $EXTERNALDB_ADMIN_USER) - fi - fi - if ! exists_plpgsql ; then - if [ $EXTERNALDB = "0" ] ; then - EXTENSION=$($RUNUSER postgres -c 'psql -c "CREATE EXTENSION IF NOT EXISTS plpgsql;" -d '$PGNAME'') - else - echo "CREATE EXTENSION IF NOT EXISTS plpgsql;" | ( export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -h $HOST -U $EXTERNALDB_ADMIN_USER -d $PGNAME) - fi - fi - if ! exists_user ; then - if [ $EXTERNALDB = "0" ] ; then - $RUNUSER postgres -c "yes '$PGPASSWORD' | createuser -P -sDR '$PGUSER'" 2>/dev/null - else - if [[ -n $EXTERNALDB_PROVIDER && "${EXTERNALDB_PROVIDER,,}" == "aws" ]] ; then - echo "CREATE ROLE $PGUSER PASSWORD '$PGPASSWORD' NOCREATEDB NOCREATEROLE INHERIT LOGIN;" | ( export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -h $HOST -U $EXTERNALDB_ADMIN_USER) - echo "GRANT rds_superuser to $PGUSER;" | ( export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -h $HOST -U $EXTERNALDB_ADMIN_USER) - echo "GRANT create on database $PGNAME to $PGUSER;" | ( export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -h $HOST -U $EXTERNALDB_ADMIN_USER) - else - echo "CREATE ROLE $PGUSER PASSWORD '$PGPASSWORD' SUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;" | ( export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -h $HOST -U $EXTERNALDB_ADMIN_USER) - fi - fi - fi - - if [ $EXTERNALDB = "0" ] ; then - postgresql_service reload - fi - - if ! exists_schema ; then - /usr/bin/spacewalk-sql --reportdb /usr/share/susemanager/db/reportdb/main.sql - else - /usr/bin/spacewalk-schema-upgrade --reportdb -y - fi -} - -remove() { - if [ -z "$PGUSER" -a -z "$PGNAME" ] ; then - help - exit 1 - fi - if exists_db ; then - if [ $EXTERNALDB = "0" ] ; then - $RUNUSER postgres -c "dropdb '$PGNAME'" - else - echo "DROP DATABASE $PGNAME;" | ( export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -h $HOST -U $EXTERNALDB_ADMIN_USER) - fi - fi - if exists_user ; then - if [ $EXTERNALDB = "0" ] ; then - $RUNUSER postgres -c "dropuser '$PGUSER'" - else - echo "DROP ROLE $PGUSER;" | ( export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -h $HOST -U $EXTERNALDB_ADMIN_USER) - fi - fi - rhn_reconfig "report_db_backend" "" - rhn_reconfig "report_db_user" "" - rhn_reconfig "report_db_password" "" - rhn_reconfig "report_db_name" "" - - if [ EXTERNALDB = 0 ] ; then - pg_hba_remove "host" "$PGNAME" "all" - pg_hba_remove "local" "$PGNAME" "all" - fi - -} - -check() { - if [ -z "$PGUSER" -a -z "$PGNAME" ] ; then - help - exit 1 - fi - - postgresql_service status >& /dev/null || postgresql_service start - - RET=0 - if [ -n "$PGUSER" ] ; then - if exists_user ; then - echo "User \"$PGUSER\" already exists" - else - echo "User \"$PGUSER\" does not exist" - RET=1 - fi - fi - if [ -n "$PGNAME" ] ; then - if exists_db ; then - echo "Database \"$PGNAME\" already exists" - else - echo "Database \"$PGNAME\" does not exist" - RET=1 - fi - fi - exit $RET -} - -is_postgres10() { - NUM=$($RUNUSER postgres -c 'psql -t -c "SHOW server_version_num;"') - if (( $NUM > 100000 )) ; then - return 0 - else - return 1 - fi -} - -exists_db() { - if [ $EXTERNALDB = "0" ] ; then - EXISTS=$($RUNUSER postgres -c 'psql -t -c "select datname from pg_database where datname='"'$PGNAME'"';"') - else - EXISTS=$(echo "select datname from pg_database where datname='$PGNAME';" | (export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -t -U $EXTERNALDB_ADMIN_USER -h $HOST )) - fi - if [ "x$EXISTS" == "x $PGNAME" ] ; then - return 0 - else - return 1 - fi -} - -exists_plpgsql() { - if [ $EXTERNALDB = "0" ] ; then - EXISTS=$($RUNUSER postgres -c 'psql -At -c "select lanname from pg_catalog.pg_language where lanname='"'plpgsql'"';"'" $PGNAME") - else - EXISTS=$(echo "select lanname from pg_catalog.pg_language where lanname='plpgsql';" | (export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -t -U $EXTERNALDB_ADMIN_USER -h $HOST )) - fi - if [ "x$EXISTS" == "xplpgsql" ] ; then - return 0 - else - return 1 - fi -} - -exists_user() { - if [ $EXTERNALDB = "0" ] ; then - EXISTS=$($RUNUSER postgres -c 'psql -t -c "select usename from pg_user where usename='"'$PGUSER'"';"') - else - EXISTS=$(echo "select usename from pg_user where usename='$PGUSER';" | (export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -t -U $EXTERNALDB_ADMIN_USER -h $HOST )) - fi - if [ "x$EXISTS" == "x $PGUSER" ] ; then - return 0 - else - return 1 - fi -} - -exists_schema() { - EXISTS=$(spacewalk-sql --reportdb --select-mode - <<< "select 1 from VersionInfo;" 2>/dev/null) - return $? -} - -rhn_reconfig() { - if grep -E "^$1[[:space:]]*=" $RHN_CONF >/dev/null; then - sed -i "s|^$1[[:space:]]*=.*|$1 = $2|" $RHN_CONF - else - echo "$1 = $2" >> $RHN_CONF - fi -} - -postgres_reconfig() { - if grep -E "^$1[[:space:]]*=" $POSTGRESQL >/dev/null; then - sed -i "s|^$1[[:space:]]*=.*|$1 = $2|" $POSTGRESQL - else - echo "$1 = $2" >> $POSTGRESQL - fi -} - -pg_hba_set() { - if ! grep -E "^$1[[:space:]]+$2[[:space:]]+$3[[:space:]]+$4[[:space:]]*$5" $PG_HBA >/dev/null; then - echo -e "$1\t$2\t$3\t$4\t$5" >> $PG_HBA - fi -} - -pg_hba_remove() { - sed -i "s|^$1[[:space:]]\+$2[[:space:]]\+$3[[:space:]].*||g" $PG_HBA -} - -postgresql_service() { - POSTGRESQL_SERVICE=$(systemctl list-unit-files | grep -m 1 postgresql | cut -f1 -d. | tr -d '\n') - case $1 in - initdb) - if isSUSE ; then - # the start script initialize the DB - if ! test -e $PG_PIDFILE; then - $RUNUSER postgres -c "/usr/share/postgresql/postgresql-script start" - fi - else - ${POSTGRESQL_SERVICE}-setup initdb - fi - ;; - status) - if $LOCAL ; then - pgrep -x postgresql >/dev/null && return 1 || return 0 - else - systemctl $1 ${POSTGRESQL_SERVICE} - fi - ;; - enable) - if ! $LOCAL ; then - systemctl $1 ${POSTGRESQL_SERVICE} - fi - ;; - *) - echo ">> $1" - $RUNUSER postgres -c "/usr/share/postgresql/postgresql-script $1" - ;; - esac -} - -test_postgres_user() { - set +e - su postgres -c /bin/true - if [ $? != "0" ] ; then - echo "Cannot use postgres user. Terminating" >&2 - exit 1 - fi - set -e -} - -OPTS=$(getopt --longoptions=db:,user:,password:,autogenpw,standalone,local,help,address:,remote:,host:,externaldb-admin-user:,externaldb-admin-password:,externaldb-root-cert:,externaldb-provider: -n ${0##*/} -- d:u:p:gsha:r:l: "$@") - -if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi - -test_postgres_user - -eval set -- "$OPTS" - -PGNAME="" -PGUSER="" -PGPASSWORD="" -STANDALONE=false -ADDRESS="" -REMOTE="" -LOCAL=false -HOST="" -EXTERNALDB_ADMIN_USER="" -EXTERNALDB_ADMIN_PASS="" -EXTERNALDB_ROOT_CERT="" -EXTERNALDB_PROVIDER="" - -while true ; do - case "$1" in - -d|--db) - PGNAME=$2 - shift - ;; - -u|--user) - PGUSER=$2 - shift - ;; - -p|--password) - if [ -n "$PGPASSWORD" ]; then - echo "Invalid options: do not use --password together with --autgenpw!" >&2 - exit 1 - fi - PGPASSWORD=$2 - shift - ;; - -g|--autogenpw) - if [ -n "$PGPASSWORD" ]; then - echo "Invalid options: do not use --password together with --autgenpw!" >&2 - exit 1 - fi - PGPASSWORD=$(dd status=none bs=18 count=1 < /dev/random | base64) - ;; - -s|--standalone) - STANDALONE=true - ;; - -a|--address) - ADDRESS=$2 - shift - ;; - -r|--remote) - REMOTE=$2 - shift - ;; - -h|--help) - help; - exit 0; - ;; - -l|--local) - LOCAL=true - ;; - --host) - HOST=$2 - shift - ;; - --externaldb-admin-user) - EXTERNALDB_ADMIN_USER=$2 - shift - ;; - --externaldb-admin-password) - EXTERNALDB_ADMIN_PASS=$2 - shift - ;; - --externaldb-provider) - EXTERNALDB_PROVIDER=$2 - shift - ;; - --externaldb-root-cert) - EXTERNALDB_ROOT_CERT=$2 - shift - ;; - --) - shift - break - ;; - *) - echo "Internal error [$1]!" >&2 - exit 1 - ;; - esac - shift -done - -EXTERNALDB=0 -if [ -n "$EXTERNALDB_ADMIN_USER" ]; then - EXTERNALDB=1 -fi - -if [ -z "$HOST" ]; then - HOST=$(hostname -f) -fi - -case $1 in - create) create - ;; - remove) remove - ;; - check) check - ;; - *) help - ;; -esac diff --git a/spacewalk/uyuni-setup-reportdb/bin/uyuni-setup-reportdb-user b/spacewalk/uyuni-setup-reportdb/bin/uyuni-setup-reportdb-user index 0abbfd1b1557..3b0ee0ef5789 100755 --- a/spacewalk/uyuni-setup-reportdb/bin/uyuni-setup-reportdb-user +++ b/spacewalk/uyuni-setup-reportdb/bin/uyuni-setup-reportdb-user @@ -230,7 +230,12 @@ case "$ACTION" in REVOKE CONNECT ON DATABASE ${DBNAME} FROM ${DBUSER}; DROP ROLE ${DBUSER};" else - QUERY="DROP OWNED BY ${DBUSER}; DROP ROLE ${DBUSER};" + parse_properties "report_db_host" DBHOST + parse_properties "report_db_port" DBPORT + TEMP_PASSWORD=$(dd status=none bs=18 count=1 < /dev/random | base64) + echo "ALTER USER ${DBUSER} PASSWORD '${TEMP_PASSWORD}';" | spacewalk-sql --reportdb --select-mode - + echo "DROP OWNED BY current_user;" | (PGPASSWORD=${TEMP_PASSWORD} psql -U ${DBUSER} -h ${DBHOST} -p ${DBPORT} -d ${DBNAME}) + QUERY="REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM ${DBUSER}; DROP ROLE ${DBUSER};" fi ;; esac diff --git a/spacewalk/uyuni-setup-reportdb/uyuni-setup-reportdb.changes.cbosdo.postgresql b/spacewalk/uyuni-setup-reportdb/uyuni-setup-reportdb.changes.cbosdo.postgresql new file mode 100644 index 000000000000..7fa39f73e8fb --- /dev/null +++ b/spacewalk/uyuni-setup-reportdb/uyuni-setup-reportdb.changes.cbosdo.postgresql @@ -0,0 +1,2 @@ +- Remove unused code related to the database move to a separate + container diff --git a/spacewalk/uyuni-setup-reportdb/uyuni-setup-reportdb.spec b/spacewalk/uyuni-setup-reportdb/uyuni-setup-reportdb.spec index 3f0257b42d0f..2916406e0ee1 100644 --- a/spacewalk/uyuni-setup-reportdb/uyuni-setup-reportdb.spec +++ b/spacewalk/uyuni-setup-reportdb/uyuni-setup-reportdb.spec @@ -25,18 +25,6 @@ License: GPL-2.0-only Group: Applications/System URL: https://github.com/uyuni-project/uyuni Source0: https://github.com/uyuni-project/uyuni/archive/%{name}-%{version}.tar.gz -%if 0%{?suse_version} -# Actual version set by prjconf, default is 14 -%{!?postgresql_version_min: %global postgresql_version_min 14} -%{!?postgresql_version_max: %global postgresql_version_max 15} -Requires: postgresql-contrib-implementation >= %{postgresql_version_min} -Requires: postgresql-server-implementation >= %{postgresql_version_min} -Conflicts: postgresql-contrib-implementation > %{postgresql_version_max} -Conflicts: postgresql-server-implementation > %{postgresql_version_max} -%else -Requires: postgresql-contrib >= 12 -Requires: postgresql-server > 12 -%endif Requires: lsof Requires: susemanager-schema-utility Requires: uyuni-reportdb-schema @@ -57,7 +45,6 @@ install -m 0755 bin/* %{buildroot}%{_bindir} %files %defattr(-,root,root,-) %license LICENSE -%attr(755,root,root) %{_bindir}/uyuni-setup-reportdb %attr(755,root,root) %{_bindir}/uyuni-setup-reportdb-user %attr(755,root,root) %{_bindir}/uyuni-sort-pg_hba #%{_mandir}/man1/* diff --git a/susemanager-utils/testing/docker/scripts/reset_pgsql_database.sh b/susemanager-utils/testing/docker/scripts/reset_pgsql_database.sh index 513f67a3f0da..38865d010cc2 100755 --- a/susemanager-utils/testing/docker/scripts/reset_pgsql_database.sh +++ b/susemanager-utils/testing/docker/scripts/reset_pgsql_database.sh @@ -26,12 +26,20 @@ spacewalk-setup --clear-db --db-only --answer-file=clear-db-answers-pgsql.txt || } spacewalk-sql /usr/share/susemanager/db/postgres/main.sql +cat >>/etc/rhn/rhn.conf </tmp/clear_schema.sql <>/tmp/clear_schema.sql - fi - - if [ $EXTERNALDB = 0 ] ; then - PGPASSWORD=$MANAGER_PASS PGOPTIONS='--client-min-messages=error -c standard_conforming_strings=on' \ - runuser postgres -c "psql -U $MANAGER_USER -p $MANAGER_DB_PORT -d $MANAGER_DB_NAME -v ON_STOP_ERROR=ON -q -b /dev/null 2>&1 - if [ $? = 0 ]; then - sed -i -e "s/^POSTGRES_LANG.*$/POSTGRES_LANG=\"en_US.UTF-8\"/" /etc/sysconfig/postgresql - else - echo "POSTGRES_LANG=\"en_US.UTF-8\"" >> /etc/sysconfig/postgresql - fi - fi - su postgres -c "/usr/share/postgresql/postgresql-script start" - if ! exists_db $MANAGER_DB_NAME; then - su postgres -c "createdb -E UTF8 $MANAGER_DB_NAME ; echo \"CREATE ROLE $MANAGER_USER PASSWORD '$MANAGER_PASS' SUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;\" | psql" - - INT_NET=$(ip -o -4 addr show up scope global | head -1 | awk '{print $4}') - echo "local $MANAGER_DB_NAME postgres peer - local $MANAGER_DB_NAME $MANAGER_USER scram-sha-256 - host $MANAGER_DB_NAME $MANAGER_USER 127.0.0.1/32 scram-sha-256 - host $MANAGER_DB_NAME $MANAGER_USER ::1/128 scram-sha-256 - host $MANAGER_DB_NAME $MANAGER_USER $INT_NET scram-sha-256" > "${DATADIR}/pg_hba.conf.new" - cat "${DATADIR}/pg_hba.conf" >> "${DATADIR}/pg_hba.conf.new" - mv "${DATADIR}/pg_hba.conf" "${DATADIR}/pg_hba.conf.bak" - mv "${DATADIR}/pg_hba.conf.new" "${DATADIR}/pg_hba.conf" - chmod 600 "${DATADIR}/pg_hba.conf" - chown postgres:postgres "${DATADIR}/pg_hba.conf" - su postgres -c "/usr/share/postgresql/postgresql-script reload" - else - echo "Database exists. Preparing for resetup. All data will be removed." - fi - else - if ! exists_db $MANAGER_DB_NAME; then - echo "CREATE DATABASE $MANAGER_DB_NAME ENCODING = UTF8 ;" | ( export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -h $MANAGER_DB_HOST -U $EXTERNALDB_ADMIN_USER) - fi - if ! exists_user $MANAGER_USER; then - if [[ -n $EXTERNALDB_PROVIDER && "${EXTERNALDB_PROVIDER,,}" == "aws" ]] ; then - echo "CREATE ROLE $MANAGER_USER PASSWORD '$MANAGER_PASS' NOCREATEDB NOCREATEROLE INHERIT LOGIN;" | ( export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -h $MANAGER_DB_HOST -U $EXTERNALDB_ADMIN_USER) - echo "GRANT rds_superuser to $MANAGER_USER;" | ( export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -h $MANAGER_DB_HOST -U $EXTERNALDB_ADMIN_USER) - echo "GRANT create on database $MANAGER_DB_NAME to $MANAGER_USER;" | ( export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -h $MANAGER_DB_HOST -U $EXTERNALDB_ADMIN_USER) - else - echo "CREATE ROLE $MANAGER_USER PASSWORD '$MANAGER_PASS' SUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;" | ( export PGPASSWORD=$EXTERNALDB_ADMIN_PASS; exec psql -h $MANAGER_DB_HOST -U $EXTERNALDB_ADMIN_USER) - fi - fi - fi - - if db_schema_exists; then + if db_schema_exists $MANAGER_DB_NAME; then echo "Clearing the database" db_clear fi echo "Populating the database" - if [ $EXTERNALDB = 0 ] ; then - PGPASSWORD=$MANAGER_PASS PGOPTIONS='--client-min-messages=error -c standard_conforming_strings=on' \ - runuser postgres -c "psql -U $MANAGER_USER -p $MANAGER_DB_PORT -d $MANAGER_DB_NAME -v ON_STOP_ERROR=ON -q -b >/etc/rhn/rhn.conf <>/var/lib/rhn/rhn-satellite-prep/satellite-local-rules.conf <>/etc/rhn/rhn.conf <>/var/lib/rhn/rhn-satellite-prep/satellite-local-rules.conf < $MANAGER_COMPLETE setup_mail setup_db_postgres + setup_reportdb setup_spacewalk @@ -404,9 +360,6 @@ done do_setup -if [ "$EXTERNALDB" = "0" ]; then - /usr/bin/smdba system-check autotuning --max_connections=400 -fi systemctl --quiet enable spacewalk-diskcheck.timer 2>&1 # vim: set expandtab: diff --git a/susemanager/susemanager.changes.cbosdo.postgresql b/susemanager/susemanager.changes.cbosdo.postgresql new file mode 100644 index 000000000000..7fa39f73e8fb --- /dev/null +++ b/susemanager/susemanager.changes.cbosdo.postgresql @@ -0,0 +1,2 @@ +- Remove unused code related to the database move to a separate + container diff --git a/testsuite/features/step_definitions/command_steps.rb b/testsuite/features/step_definitions/command_steps.rb index 29840c0d0632..e7b0caeca384 100644 --- a/testsuite/features/step_definitions/command_steps.rb +++ b/testsuite/features/step_definitions/command_steps.rb @@ -1154,8 +1154,7 @@ "TRACEBACK_EMAIL=galaxy-noise@suse.de\n" \ "INSTALL_MONITORING=n\n" \ "POPULATE_CONFIG_CHANNEL=y\n" \ - "RHN_USER=admin\n" \ - "ACTIVATE_SLP=y\n" + "RHN_USER=admin\n" settings += if running_k3s? "USE_EXISTING_CERTS=y\n" \ diff --git a/testsuite/podman_runner/07_server_setup.sh b/testsuite/podman_runner/07_server_setup.sh index 85f6b563090b..c14bf1bcf244 100755 --- a/testsuite/podman_runner/07_server_setup.sh +++ b/testsuite/podman_runner/07_server_setup.sh @@ -69,7 +69,6 @@ sudo -i podman run --cap-add AUDIT_CONTROL --rm \ -e MANAGER_DB_PORT="5432" \ -e MANAGER_DB_USER="manager" \ -e MANAGER_DB_PASS="manager" \ - -e MANAGER_DB_PROTOCOL="TCP" \ -e REPORT_DB_NAME="reportdb" \ -e REPORT_DB_USER="pythia_susemanager" \ -e REPORT_DB_PASS="pythia_susemanager" \ @@ -77,7 +76,6 @@ sudo -i podman run --cap-add AUDIT_CONTROL --rm \ -e EXTERNALDB_ADMIN_PASS="" \ -e EXTERNALDB_PROVIDER="" \ -e ISS_PARENT="" \ - -e ACTIVATE_SLP="" \ -e SCC_USER="test" \ -e SCC_PASS="test" \ --cgroupns=host \ diff --git a/utils/spacewalk-hostname-rename b/utils/spacewalk-hostname-rename index 27b5a55c32fe..da39b9cbf89e 100755 --- a/utils/spacewalk-hostname-rename +++ b/utils/spacewalk-hostname-rename @@ -227,12 +227,6 @@ function update_rhn_conf { --option=javaDOThostname=$HOSTNAME \ --option=cobblerDOThost=localhost \ >> $LOG 2>&1 - # but do not deploy (we'd lose actual configuration) - # /usr/bin/satcon-deploy-tree.pl \ - # --source=/var/lib/rhn/rhn-satellite-prep/etc - # --dest=/etc - # --conf=$SAT_LOCAL_RULES_CONF - # >> $LOG 2>&1 /usr/bin/rhn-config-satellite.pl \ --target=${RHN_CONF_FILE} \ --option=java.hostname=$HOSTNAME \