From bba655c1119a50cb79ea2cf2398c40d5cf3f070e Mon Sep 17 00:00:00 2001 From: "Karl O. Pinc" Date: Sun, 1 Oct 2023 15:44:12 -0500 Subject: [PATCH] Put cluster creation stuff in it's own file --- Makefile | 5 + make_files/make_cluster.mk | 411 +++++++++++++++++++++++++++++++++++++ make_files/make_db.mk | 392 ----------------------------------- 3 files changed, 416 insertions(+), 392 deletions(-) create mode 100644 make_files/make_cluster.mk diff --git a/Makefile b/Makefile index 35f2265..42543b2 100644 --- a/Makefile +++ b/Makefile @@ -56,6 +56,11 @@ clean: clean-docs clean-db # Defaults for variable values # Have a look as you'll probably want to set some of them. include $(MAKE_FILES)/defaults.mk + +# The cluster setup part +include $(MAKE_FILES)/make_cluster.mk + +# The database part include $(MAKE_FILES)/make_db.mk # diff --git a/make_files/make_cluster.mk b/make_files/make_cluster.mk new file mode 100644 index 0000000..882ba30 --- /dev/null +++ b/make_files/make_cluster.mk @@ -0,0 +1,411 @@ +# Copyright (C) 2023 The Meme Factory, Inc. http://www.karlpinc.com/ +# Copyright (C) 2004, 2005, 2008, 2011 Karl O. Pinc +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +# Makefile for cluster +# +# Karl O. Pinc +# + +## +## ######################################################################## +## CLUSTER INITIALIZATION +## (and initial db creation) +## +## The following targets are used to setup the database cluster; +## do things like create a database and properly initialize it. +## In the case of Azure hosting, you can also create a postgres +## instance. +## +## Variables (in addition to the DATABASE TARGET variables above): +## +## TARGET_ROLE +## The role (user or group) to be created or otherwise modified. +## NEW_PASSWORD +## The password to assign. +## NEW_DESCRIPTION +## The description of the new object (database). +## RESOURCEGROUP +## The name of the Azure resource group to use when creating the +## cluster in Microsoft Azure. +## TARGET_SERVER +## The unqualified host name of the Azure postgres (flexible-server) +## to create. To fully qualify this host name append +## ".postgres.database.azure.com". The default is "sokwe-dbs". +## +## Usage: +## +## If you are on Azure: +## +## You must first prepare your Azure environment by running: +## +## az login +## +## If you have more than one "subscription" you will need to use +## `az account list` followed by +## `az account set --subscription=SUBSCRIPTIONID` to set the default +## subscription to that you wish to use. +## +## Use `az group list` to list your "resource group" names. Use the +## desired name to set the RESOURCEGROUP variable when invoking make. +## +## 1) Create the cluster with the "az-init" target. +## Be sure to note the ADMINUSER's password in the output and +## keep it in a secure location. The ADMINUSER is the +## "administrative user" of this document. +## +## 2) Drop the "throwawaydb" database with the "az-drop-throwawaydb" +## target. +## +## 3) Skip step 1 of the "not on Azure" instructions below and +## finish the cluster installation by starting at step 2. +## (You have an administrative user.) +## +## If you are not on Azure and have a PostgreSQL installation: +## +## 1) If you already have a Postgres role that can login, create +## roles, and create databases then that role should be used as +## the administrative user. Otherwise, first create an +## administrative user (while logged in to Unix as root) with +## "create-adminuser". +## +## 2) Use the administrative user to create the "group" roles +## ("create-groups") and then the database ("init-database"). +## Hint: Use TARGET_DB=postgres for all of this, since your new +## database won't yet exist. +## +## 3) Drop the "public" schema. If you are using PG v15 or later use +## the "drop-public" target. If you have an administrative user +## it can be used with the "drop-public" target. Otherwise use +## the "drop-public-root" target while logged in to Unix as the +## root user. +## +## The "init-database" target creates a database owned by the admin group. +## +## After cluster initialization create at least one login for an +## individual using the administrative user. Give the logins +## elevated priviliges with the INHERIT, CREATEUSER, and CREATEDB +## attributes, and all available Postgres "pre-defined roles" +## (https://www.postgresql.org/docs/current/predefined-roles.html), +## and by putting them into the admin group. It is easiest to do all +## of this using the SokweDB user administration tools. +## +## When this is done the administrative user is no longer needed and +## should be deleted, unless it is the only role available having the +## PG SUPERUSER attribute. Per-person roles, the individual login(s) +## created above, have all available permissions. +## +## Additional databases may be created using individual logins. Creating +## them with "make" will properly initialize them for use with SokweDB. + +export NEW_DESCRIPTION +TARGET_SERVER ?= sokwe-dbs + +# Azure related variables +# The (one) IP that that firewall allows to access the db server. +# TODO: We would like to be able to resolve the sokwe.janegoodall.org name +# but that's not happening right now. +WEBSERVER_IP := 20.119.86.26 +# The name of a database to throw away. +# Azure requires we create a db when we create the server, but we want +# to specify our own settings when creating the db so we delete +# the one Azure makes. +THROWAWAY_DB := throwawaydb + +# Have m4 generate some shell scripts which contain expanded macro constants. +GENERATED_SHELL := db/set_timezone.sh \ + db/run_createdb.sh \ + db/psql_setup.sh + +# Build the statements used to setup dbs. +CREATE_DB := db/run_createdb.sh +# (Note which contain double and which single quotes, which affects how the +# printf statement using them is executed.) +# ($$user because make otherwise interprets the $.) +SET_SEARCH_PATH := ALTER DATABASE $(TARGET_DB) \ + SET search_path = sokwedb, lookup, upload, "$$user"; +SET_DATESTYLE := ALTER DATABASE $(TARGET_DB) \ + SET DATESTYLE = 'ISO,MDY'; +SET_ISOLATION_LEVEL := ALTER DATABASE $(TARGET_DB) \ + SET default_transaction_isolation = serializable; +CREATE_SUPERUSER := CREATE ROLE $(TARGET_ROLE) LOGIN SUPERUSER \ + PASSWORD '$(NEW_PASSWORD)'; +CREATE_ADMINUSER := CREATE ROLE $(TARGET_ROLE) LOGIN CREATEDB CREATEROLE \ + PASSWORD '$(NEW_PASSWORD)'; +DROP_PUBLIC := DROP SCHEMA public RESTRICT; +DROP_THROWAWAYDB := DROP DATABASE $(THROWAWAY_DB); +SET_PASSWORD := ALTER ROLE $(TARGET_ROLE) PASSWORD '$(NEW_PASSWORD)' +GET_PG_SETTINGS := SELECT name, setting, unit, pending_restart \ + FROM pg_settings \ + ORDER BY name; +GET_AZ_SERVER_SETTINGS := az postgres flexible-server parameter list \ + --resource-group $(RESOURCEGROUP) \ + --server $(TARGET_SERVER) +SORT := LC_COLLATE=C sort --stable +## +## The available targets for make (make TARGET) are: +## +## az-init Create a Postgres Azure server. See above for +## prerequisite actions. Create the server named +## TARGET_SERVER in the RESOURCEGROUP resource group +## creating the administrator user ADMINUSER. +.PHONY: az-init +az-init: + [ -n "$(TARGET_SERVER)" ] \ + || { printf 'The TARGET_SERVER variable must be set\n' >&2 ; \ + exit 1 ; } + [ -n "$(RESOURCEGROUP)" ] \ + || { printf 'The RESOURCEGROUP variable must be set\n' >&2 ; \ + exit 1 ; } + az postgres flexible-server create \ + --public-access $(WEBSERVER_IP) \ + --database-name $(THROWAWAY_DB) \ + --name $(TARGET_SERVER) \ + --resource-group $(RESOURCEGROUP) \ + --storage-size 32 \ + --version 15 \ + --admin-user $(ADMINUSER) + +## az-drop-throwawaydb +## Drop the database which is required to be created +## when creating an Azure cluster. +.PHONY: az-drop-throwawaydb +az-drop-throwawaydb: + printf '$(DROP_THROWAWAYDB)\n' \ + | psql -U $(ADMINUSER) -h $(HOST) postgres --set=ON_ERROR_STOP=y + +## create-adminuser This target only works when the PostgreSQL cluster +## with which you are interacting is on the local host. +## If your cluster was created on a remote host you are +## expected to have access credentials to an role with +## the necessary permissions, per "Usage" above. +## Create the role, TARGET_ROLE, used to create the +## first database and otherwise initialize the cluster. +## It is not necessary to have an existing PostgreSQL +## user to use to login. This is expected to be +## executed as the Unix "root" user. +.PHONY: create-adminuser +create-adminuser: $(PSQL_DEPENDS) + [ -n "$(NEW_PASSWORD)" ] \ + || { printf 'The NEW_PASSWORD variable must be set\n' >&2 ; \ + exit 1 ; } + [ -n "$(TARGET_ROLE)" ] \ + || { printf 'The TARGET_ROLE variable must be set\n' >&2 ; \ + exit 1 ; } + ( $(PSQL_SETUP) \ + printf "$(CREATE_ADMINUSER)\n" ; \ + ) \ + | su postgres -c 'psql -h $(HOST) -d postgres -U postgres' + +## create-groups Create the roles SokweDB uses for permission groups. +## (See the db/README.) The ADMINUSER is used to +## create the new roles. +.PHONY: create-groups +create-groups: db/creategroups.sql + cat db/creategroups.sql \ + | psql $(PSQL_ARGS) $(PSQL_SINGLE_TRANS) --set=ON_ERROR_STOP=y + +## init-database Create and initialize the database named by the +## TARGET_DB variable. This target may be used by a +## regular, non-root, Unix user. To create the db the +## ADMINUSER variable is used. Note: Does not run in a +## transaction. Can create the database and then fail, +## leaving the cluster in an unusual state. +.PHONY: init-database +init-database: $(GENERATED_SHELL) $(PSQL_DEPENDS) + [ -n "$(TARGET_DB)" ] \ + || { printf 'The TARGET_DB variable must be set\n' >&2 ; \ + exit 1 ; } + [ -n "$${NEW_DESCRIPTION}" ] \ + || { printf 'The NEW_DESCRIPTION variable must be set\n' >&2 ; \ + exit 1 ; } + $(CREATE_DB) + ( $(PSQL_SETUP) \ + printf "$(SET_ISOLATION_LEVEL)\n" ; \ + printf '$(SET_SEARCH_PATH)\n' ; \ + printf "$(SET_DATESTYLE)\n" ; \ + db/set_timezone.sh ; \ + ) \ + | psql $(PSQL_ARGS) $(PSQL_SINGLE_TRANS) --set=ON_ERROR_STOP=y + +## drop-public Drop the public schema in TARGET_DB after connecting +## to the database as the ADMINUSER. +.PHONY: drop-public +drop-public: + printf '$(DROP_PUBLIC)\n' \ + | psql $(PSQL_ARGS) $(PSQL_SINGLE_TRANS) --set=ON_ERROR_STOP=y + +## drop-public-root This target only works when the PostgreSQL cluster +## with which you are interacting is on the local +## host. Drop the public schema in TARGET_DB +## while logged in to Unix as the root user. +# As of PG v15 this target is no longer necessary. The problem is +# that PUBLIC is owned by postgres, so can only be dropped by a pg +# SUPERUSER or by the postgres user. PG v15 introduced the +# pg_database_owner pre-defined role and database owners can drop the +# public schema. +.PHONY: drop-public-root +drop-public-root: + printf '$(DROP_PUBLIC)\n' \ + | su postgres -c 'psql -h $(HOST) -d $(TARGET_DB) -q -U postgres' + +## db/pg_settings.new +## Save a file of all the configuration settings +## of the TARGET_DB. See the "compare-db" target. +## After changing a setting, create "db/pg_settings.new", +## rename it to "db/pg_settings", and commit the +## change to revision control. +.PHONY: db/pg_settings.new +db/pg_settings.new: + tfile=$$(mktemp) ; \ + cleanup () { rm -rf $${tfile} ; } ; \ + trap cleanup EXIT ; \ + printf '$(GET_PG_SETTINGS)\n' \ + | psql $(PSQL_ARGS_MINIMAL) --tuples-only \ + > $${tfile} \ + || exit $? ; \ + $(SORT) $${tfile} \ + > db/pg_settings.new + +## compare-db-settings +## Diff the configuration settings of the TARGET_DB +## with those in the "db/pg_settings" file. +## This ensures your TARGET_DB is configured as expected. +## Before changing database settings run this target. +.PHONY: compare-db-settings +compare-db-settings: + printf '$(GET_PG_SETTINGS)\n' \ + | psql $(PSQL_ARGS_MINIMAL) --tuples-only \ + | $(SORT) \ + | diff --ignore-space-change -U 0 db/pg_settings /dev/stdin + +## db/az_server_info.new +## Save a file of all configuration and other +## information about an MS Azure Postgres +## flexible-serve named TARGET_SERVER in the +## RESOURCEGROUP resource group. See the +## "compare-az-server" target. Azure must be logged +## into and defaults established in order to use this +## target. See "Usage" above. After changing a +## setting, create "db/az_server_info.new", rename it +## to "db/az_server_info", and commit the change to +## revision control. +.PHONY: db/az_server_info.new +db/az_server_info.new: + [ -n "$(TARGET_SERVER)" ] \ + || { printf 'The TARGET_SERVER variable must be set\n' >&2 ; \ + exit 1 ; } + [ -n "$(RESOURCEGROUP)" ] \ + || { printf 'The RESOURCEGROUP variable must be set\n' >&2 ; \ + exit 1 ; } + tfile=$$(mktemp) ; \ + cleanup () { rm -rf $${tfile} ; } ; \ + trap cleanup EXIT ; \ + $(GET_AZ_SERVER_SETTINGS) \ + > $${tfile} \ + || exit $? ; \ + jq --sort-keys < $${tfile} \ + > db/az_server_info.new + +## compare-az-server Diff the configuration settings of the MS Azure +## Postgres flexible-serve named TARGET_SERVER in the +## RESOURCEGROUP resource group. Azure must be +## logged into and defaults established in order to +## use this target. See "Usage" above. This ensures +## that your TARGET_SERVER is configured as expected. +## Before changing server settings run this target. +.PHONY: compare-az-server +compare-az-server: + [ -n "$(TARGET_SERVER)" ] \ + || { printf 'The TARGET_SERVER variable must be set\n' >&2 ; \ + exit 1 ; } + [ -n "$(RESOURCEGROUP)" ] \ + || { printf 'The RESOURCEGROUP variable must be set\n' >&2 ; \ + exit 1 ; } + $(GET_AZ_SERVER_SETTINGS) \ + | db/compare-az-server.sh + +## +## Lesser used targets: +## + +## set-password Set the password of TARGET_ROLE to NEW_PASSWORD +.PHONY: set-password +set-password: $(PSQL_DEPENDS) + [ -n "$(NEW_PASSWORD)" ] \ + || { printf 'The NEW_PASSWORD variable must be set\n' >&2 ; \ + exit 1 ; } + ( $(PSQL_SETUP) \ + printf "$(SET_PASSWORD)\n" ; \ + ) \ + | psql $(PSQL_ARGS) $(PSQL_SINGLE_TRANS) --set=ON_ERROR_STOP=y + +## create-superuser Create a Postgres role with SUPERUSER permissions. +## This role can be used in place of the adminuser. +## This target otherwise works like create-adminuser, +## above. +.PHONY: create-superuser +create-superuser: $(PSQL_DEPENDS) + [ -n "$(NEW_PASSWORD)" ] \ + || { printf 'The NEW_PASSWORD variable must be set\n' >&2 ; \ + exit 1 ; } + [ -n "$(TARGET_ROLE)" ] \ + || { printf 'The TARGET_ROLE variable must be set\n' >&2 ; \ + exit 1 ; } + ( $(PSQL_SETUP) \ + printf "$(CREATE_SUPERUSER)\n" ; \ + ) \ + | su postgres -c 'psql -h $(HOST) -d postgres -U postgres' + +## set-search_path Set the default search_path the database named +## by the TARGET_DB variable. +.PHONY: set-search_path +set-search_path: $(PSQL_DEPENDS) + ( $(PSQL_SETUP) \ + printf '$(SET_SEARCH_PATH)\n' ; \ + ) \ + | psql $(PSQL_ARGS) $(PSQL_SINGLE_TRANS) --set=ON_ERROR_STOP=y + +## set-datestyle Set the default DATESTYLE in the database named +## by the TARGET_DB variable. +.PHONY: set-datestyle +set-datestyle: $(PSQL_DEPENDS) + ( $(PSQL_SETUP) \ + printf "$(SET_DATESTYLE)\n" ; \ + ) \ + | psql $(PSQL_ARGS) $(PSQL_SINGLE_TRANS) --set=ON_ERROR_STOP=y + +## set-isolation Set the default transaction_isolation_level in the +## database named by the TARGET_DB variable. +.PHONY: set-isolation +set-isolation: $(PSQL_DEPENDS) + ( $(PSQL_SETUP) \ + printf "$(SET_ISOLATION_LEVEL)\n" ; \ + ) \ + | psql $(PSQL_ARGS) $(PSQL_SINGLE_TRANS) --set=ON_ERROR_STOP=y + +## set-timezone Set the default TimeZone in the database named +## by the TARGET_DB variable. +.PHONY: set-timezone +set-timezone: $(PSQL_DEPENDS) db/set_timezone.sh + ( $(PSQL_SETUP) \ + db/set_timezone.sh ; \ + ) \ + | psql $(PSQL_ARGS) $(PSQL_SINGLE_TRANS) --set=ON_ERROR_STOP=y + +# The generated shell scripts +$(GENERATED_SHELL): %.sh: %.m4 + m4 $(M4_DB_INCLUDE_ARGS) $< > $@ + chmod a+x $@ diff --git a/make_files/make_db.mk b/make_files/make_db.mk index cc64750..ae41b4f 100644 --- a/make_files/make_db.mk +++ b/make_files/make_db.mk @@ -504,395 +504,3 @@ db/schemas/gen_func_comment_tmpl.sql: ## ## WARNING: Dropping database objects can drop related objects from the ## user's private schemas. - - -## -## ######################################################################## -## CLUSTER INITIALIZATION -## (and initial db creation) -## -## The following targets are used to setup the database cluster; -## do things like create a database and properly initialize it. -## In the case of Azure hosting, you can also create a postgres -## instance. -## -## Variables (in addition to the DATABASE TARGET variables above): -## -## TARGET_ROLE -## The role (user or group) to be created or otherwise modified. -## NEW_PASSWORD -## The password to assign. -## NEW_DESCRIPTION -## The description of the new object (database). -## RESOURCEGROUP -## The name of the Azure resource group to use when creating the -## cluster in Microsoft Azure. -## TARGET_SERVER -## The unqualified host name of the Azure postgres (flexible-server) -## to create. To fully qualify this host name append -## ".postgres.database.azure.com". The default is "sokwe-dbs". -## -## Usage: -## -## If you are on Azure: -## -## You must first prepare your Azure environment by running: -## -## az login -## -## If you have more than one "subscription" you will need to use -## `az account list` followed by -## `az account set --subscription=SUBSCRIPTIONID` to set the default -## subscription to that you wish to use. -## -## Use `az group list` to list your "resource group" names. Use the -## desired name to set the RESOURCEGROUP variable when invoking make. -## -## 1) Create the cluster with the "az-init" target. -## Be sure to note the ADMINUSER's password in the output and -## keep it in a secure location. The ADMINUSER is the -## "administrative user" of this document. -## -## 2) Drop the "throwawaydb" database with the "az-drop-throwawaydb" -## target. -## -## 3) Skip step 1 of the "not on Azure" instructions below and -## finish the cluster installation by starting at step 2. -## (You have an administrative user.) -## -## If you are not on Azure and have a PostgreSQL installation: -## -## 1) If you already have a Postgres role that can login, create -## roles, and create databases then that role should be used as -## the administrative user. Otherwise, first create an -## administrative user (while logged in to Unix as root) with -## "create-adminuser". -## -## 2) Use the administrative user to create the "group" roles -## ("create-groups") and then the database ("init-database"). -## Hint: Use TARGET_DB=postgres for all of this, since your new -## database won't yet exist. -## -## 3) Drop the "public" schema. If you are using PG v15 or later use -## the "drop-public" target. If you have an administrative user -## it can be used with the "drop-public" target. Otherwise use -## the "drop-public-root" target while logged in to Unix as the -## root user. -## -## The "init-database" target creates a database owned by the admin group. -## -## After cluster initialization create at least one login for an -## individual using the administrative user. Give the logins -## elevated priviliges with the INHERIT, CREATEUSER, and CREATEDB -## attributes, and all available Postgres "pre-defined roles" -## (https://www.postgresql.org/docs/current/predefined-roles.html), -## and by putting them into the admin group. It is easiest to do all -## of this using the SokweDB user administration tools. -## -## When this is done the administrative user is no longer needed and -## should be deleted, unless it is the only role available having the -## PG SUPERUSER attribute. Per-person roles, the individual login(s) -## created above, have all available permissions. -## -## Additional databases may be created using individual logins. Creating -## them with "make" will properly initialize them for use with SokweDB. - -export NEW_DESCRIPTION -TARGET_SERVER ?= sokwe-dbs - -# Azure related variables -# The (one) IP that that firewall allows to access the db server. -# TODO: We would like to be able to resolve the sokwe.janegoodall.org name -# but that's not happening right now. -WEBSERVER_IP := 20.119.86.26 -# The name of a database to throw away. -# Azure requires we create a db when we create the server, but we want -# to specify our own settings when creating the db so we delete -# the one Azure makes. -THROWAWAY_DB := throwawaydb - -# Have m4 generate some shell scripts which contain expanded macro constants. -GENERATED_SHELL := db/set_timezone.sh \ - db/run_createdb.sh \ - db/psql_setup.sh - -# Build the statements used to setup dbs. -CREATE_DB := db/run_createdb.sh -# (Note which contain double and which single quotes, which affects how the -# printf statement using them is executed.) -# ($$user because make otherwise interprets the $.) -SET_SEARCH_PATH := ALTER DATABASE $(TARGET_DB) \ - SET search_path = sokwedb, lookup, upload, "$$user"; -SET_DATESTYLE := ALTER DATABASE $(TARGET_DB) \ - SET DATESTYLE = 'ISO,MDY'; -SET_ISOLATION_LEVEL := ALTER DATABASE $(TARGET_DB) \ - SET default_transaction_isolation = serializable; -CREATE_SUPERUSER := CREATE ROLE $(TARGET_ROLE) LOGIN SUPERUSER \ - PASSWORD '$(NEW_PASSWORD)'; -CREATE_ADMINUSER := CREATE ROLE $(TARGET_ROLE) LOGIN CREATEDB CREATEROLE \ - PASSWORD '$(NEW_PASSWORD)'; -DROP_PUBLIC := DROP SCHEMA public RESTRICT; -DROP_THROWAWAYDB := DROP DATABASE $(THROWAWAY_DB); -SET_PASSWORD := ALTER ROLE $(TARGET_ROLE) PASSWORD '$(NEW_PASSWORD)' -GET_PG_SETTINGS := SELECT name, setting, unit, pending_restart \ - FROM pg_settings \ - ORDER BY name; -GET_AZ_SERVER_SETTINGS := az postgres flexible-server parameter list \ - --resource-group $(RESOURCEGROUP) \ - --server $(TARGET_SERVER) -SORT := LC_COLLATE=C sort --stable -## -## The available targets for make (make TARGET) are: -## -## az-init Create a Postgres Azure server. See above for -## prerequisite actions. Create the server named -## TARGET_SERVER in the RESOURCEGROUP resource group -## creating the administrator user ADMINUSER. -.PHONY: az-init -az-init: - [ -n "$(TARGET_SERVER)" ] \ - || { printf 'The TARGET_SERVER variable must be set\n' >&2 ; \ - exit 1 ; } - [ -n "$(RESOURCEGROUP)" ] \ - || { printf 'The RESOURCEGROUP variable must be set\n' >&2 ; \ - exit 1 ; } - az postgres flexible-server create \ - --public-access $(WEBSERVER_IP) \ - --database-name $(THROWAWAY_DB) \ - --name $(TARGET_SERVER) \ - --resource-group $(RESOURCEGROUP) \ - --storage-size 32 \ - --version 15 \ - --admin-user $(ADMINUSER) - -## az-drop-throwawaydb -## Drop the database which is required to be created -## when creating an Azure cluster. -.PHONY: az-drop-throwawaydb -az-drop-throwawaydb: - printf '$(DROP_THROWAWAYDB)\n' \ - | psql -U $(ADMINUSER) -h $(HOST) postgres --set=ON_ERROR_STOP=y - -## create-adminuser This target only works when the PostgreSQL cluster -## with which you are interacting is on the local host. -## If your cluster was created on a remote host you are -## expected to have access credentials to an role with -## the necessary permissions, per "Usage" above. -## Create the role, TARGET_ROLE, used to create the -## first database and otherwise initialize the cluster. -## It is not necessary to have an existing PostgreSQL -## user to use to login. This is expected to be -## executed as the Unix "root" user. -.PHONY: create-adminuser -create-adminuser: $(PSQL_DEPENDS) - [ -n "$(NEW_PASSWORD)" ] \ - || { printf 'The NEW_PASSWORD variable must be set\n' >&2 ; \ - exit 1 ; } - [ -n "$(TARGET_ROLE)" ] \ - || { printf 'The TARGET_ROLE variable must be set\n' >&2 ; \ - exit 1 ; } - ( $(PSQL_SETUP) \ - printf "$(CREATE_ADMINUSER)\n" ; \ - ) \ - | su postgres -c 'psql -h $(HOST) -d postgres -U postgres' - -## create-groups Create the roles SokweDB uses for permission groups. -## (See the db/README.) The ADMINUSER is used to -## create the new roles. -.PHONY: create-groups -create-groups: db/creategroups.sql - cat db/creategroups.sql \ - | psql $(PSQL_ARGS) $(PSQL_SINGLE_TRANS) --set=ON_ERROR_STOP=y - -## init-database Create and initialize the database named by the -## TARGET_DB variable. This target may be used by a -## regular, non-root, Unix user. To create the db the -## ADMINUSER variable is used. Note: Does not run in a -## transaction. Can create the database and then fail, -## leaving the cluster in an unusual state. -.PHONY: init-database -init-database: $(GENERATED_SHELL) $(PSQL_DEPENDS) - [ -n "$(TARGET_DB)" ] \ - || { printf 'The TARGET_DB variable must be set\n' >&2 ; \ - exit 1 ; } - [ -n "$${NEW_DESCRIPTION}" ] \ - || { printf 'The NEW_DESCRIPTION variable must be set\n' >&2 ; \ - exit 1 ; } - $(CREATE_DB) - ( $(PSQL_SETUP) \ - printf "$(SET_ISOLATION_LEVEL)\n" ; \ - printf '$(SET_SEARCH_PATH)\n' ; \ - printf "$(SET_DATESTYLE)\n" ; \ - db/set_timezone.sh ; \ - ) \ - | psql $(PSQL_ARGS) $(PSQL_SINGLE_TRANS) --set=ON_ERROR_STOP=y - -## drop-public Drop the public schema in TARGET_DB after connecting -## to the database as the ADMINUSER. -.PHONY: drop-public -drop-public: - printf '$(DROP_PUBLIC)\n' \ - | psql $(PSQL_ARGS) $(PSQL_SINGLE_TRANS) --set=ON_ERROR_STOP=y - -## drop-public-root This target only works when the PostgreSQL cluster -## with which you are interacting is on the local -## host. Drop the public schema in TARGET_DB -## while logged in to Unix as the root user. -# As of PG v15 this target is no longer necessary. The problem is -# that PUBLIC is owned by postgres, so can only be dropped by a pg -# SUPERUSER or by the postgres user. PG v15 introduced the -# pg_database_owner pre-defined role and database owners can drop the -# public schema. -.PHONY: drop-public-root -drop-public-root: - printf '$(DROP_PUBLIC)\n' \ - | su postgres -c 'psql -h $(HOST) -d $(TARGET_DB) -q -U postgres' - -## db/pg_settings.new -## Save a file of all the configuration settings -## of the TARGET_DB. See the "compare-db" target. -## After changing a setting, create "db/pg_settings.new", -## rename it to "db/pg_settings", and commit the -## change to revision control. -.PHONY: db/pg_settings.new -db/pg_settings.new: - tfile=$$(mktemp) ; \ - cleanup () { rm -rf $${tfile} ; } ; \ - trap cleanup EXIT ; \ - printf '$(GET_PG_SETTINGS)\n' \ - | psql $(PSQL_ARGS_MINIMAL) --tuples-only \ - > $${tfile} \ - || exit $? ; \ - $(SORT) $${tfile} \ - > db/pg_settings.new - -## compare-db-settings -## Diff the configuration settings of the TARGET_DB -## with those in the "db/pg_settings" file. -## This ensures your TARGET_DB is configured as expected. -## Before changing database settings run this target. -.PHONY: compare-db-settings -compare-db-settings: - printf '$(GET_PG_SETTINGS)\n' \ - | psql $(PSQL_ARGS_MINIMAL) --tuples-only \ - | $(SORT) \ - | diff --ignore-space-change -U 0 db/pg_settings /dev/stdin - -## db/az_server_info.new -## Save a file of all configuration and other -## information about an MS Azure Postgres -## flexible-serve named TARGET_SERVER in the -## RESOURCEGROUP resource group. See the -## "compare-az-server" target. Azure must be logged -## into and defaults established in order to use this -## target. See "Usage" above. After changing a -## setting, create "db/az_server_info.new", rename it -## to "db/az_server_info", and commit the change to -## revision control. -.PHONY: db/az_server_info.new -db/az_server_info.new: - [ -n "$(TARGET_SERVER)" ] \ - || { printf 'The TARGET_SERVER variable must be set\n' >&2 ; \ - exit 1 ; } - [ -n "$(RESOURCEGROUP)" ] \ - || { printf 'The RESOURCEGROUP variable must be set\n' >&2 ; \ - exit 1 ; } - tfile=$$(mktemp) ; \ - cleanup () { rm -rf $${tfile} ; } ; \ - trap cleanup EXIT ; \ - $(GET_AZ_SERVER_SETTINGS) \ - > $${tfile} \ - || exit $? ; \ - jq --sort-keys < $${tfile} \ - > db/az_server_info.new - -## compare-az-server Diff the configuration settings of the MS Azure -## Postgres flexible-serve named TARGET_SERVER in the -## RESOURCEGROUP resource group. Azure must be -## logged into and defaults established in order to -## use this target. See "Usage" above. This ensures -## that your TARGET_SERVER is configured as expected. -## Before changing server settings run this target. -.PHONY: compare-az-server -compare-az-server: - [ -n "$(TARGET_SERVER)" ] \ - || { printf 'The TARGET_SERVER variable must be set\n' >&2 ; \ - exit 1 ; } - [ -n "$(RESOURCEGROUP)" ] \ - || { printf 'The RESOURCEGROUP variable must be set\n' >&2 ; \ - exit 1 ; } - $(GET_AZ_SERVER_SETTINGS) \ - | db/compare-az-server.sh - -## -## Lesser used targets: -## - -## set-password Set the password of TARGET_ROLE to NEW_PASSWORD -.PHONY: set-password -set-password: $(PSQL_DEPENDS) - [ -n "$(NEW_PASSWORD)" ] \ - || { printf 'The NEW_PASSWORD variable must be set\n' >&2 ; \ - exit 1 ; } - ( $(PSQL_SETUP) \ - printf "$(SET_PASSWORD)\n" ; \ - ) \ - | psql $(PSQL_ARGS) $(PSQL_SINGLE_TRANS) --set=ON_ERROR_STOP=y - -## create-superuser Create a Postgres role with SUPERUSER permissions. -## This role can be used in place of the adminuser. -## This target otherwise works like create-adminuser, -## above. -.PHONY: create-superuser -create-superuser: $(PSQL_DEPENDS) - [ -n "$(NEW_PASSWORD)" ] \ - || { printf 'The NEW_PASSWORD variable must be set\n' >&2 ; \ - exit 1 ; } - [ -n "$(TARGET_ROLE)" ] \ - || { printf 'The TARGET_ROLE variable must be set\n' >&2 ; \ - exit 1 ; } - ( $(PSQL_SETUP) \ - printf "$(CREATE_SUPERUSER)\n" ; \ - ) \ - | su postgres -c 'psql -h $(HOST) -d postgres -U postgres' - -## set-search_path Set the default search_path the database named -## by the TARGET_DB variable. -.PHONY: set-search_path -set-search_path: $(PSQL_DEPENDS) - ( $(PSQL_SETUP) \ - printf '$(SET_SEARCH_PATH)\n' ; \ - ) \ - | psql $(PSQL_ARGS) $(PSQL_SINGLE_TRANS) --set=ON_ERROR_STOP=y - -## set-datestyle Set the default DATESTYLE in the database named -## by the TARGET_DB variable. -.PHONY: set-datestyle -set-datestyle: $(PSQL_DEPENDS) - ( $(PSQL_SETUP) \ - printf "$(SET_DATESTYLE)\n" ; \ - ) \ - | psql $(PSQL_ARGS) $(PSQL_SINGLE_TRANS) --set=ON_ERROR_STOP=y - -## set-isolation Set the default transaction_isolation_level in the -## database named by the TARGET_DB variable. -.PHONY: set-isolation -set-isolation: $(PSQL_DEPENDS) - ( $(PSQL_SETUP) \ - printf "$(SET_ISOLATION_LEVEL)\n" ; \ - ) \ - | psql $(PSQL_ARGS) $(PSQL_SINGLE_TRANS) --set=ON_ERROR_STOP=y - -## set-timezone Set the default TimeZone in the database named -## by the TARGET_DB variable. -.PHONY: set-timezone -set-timezone: $(PSQL_DEPENDS) db/set_timezone.sh - ( $(PSQL_SETUP) \ - db/set_timezone.sh ; \ - ) \ - | psql $(PSQL_ARGS) $(PSQL_SINGLE_TRANS) --set=ON_ERROR_STOP=y - -# The generated shell scripts -$(GENERATED_SHELL): %.sh: %.m4 - m4 $(M4_DB_INCLUDE_ARGS) $< > $@ - chmod a+x $@ -- 2.34.1