diff --git a/install_pg1c.sh b/install_pg1c.sh index 4046198..39117c0 100644 --- a/install_pg1c.sh +++ b/install_pg1c.sh @@ -29,6 +29,10 @@ require_root() { [[ "$(id -u)" -eq 0 ]] || fail "Скрипт нужно запускать от root" } +sql_escape_literal() { + printf "%s" "$1" | sed "s/'/''/g" +} + load_env() { [[ -f "$ENV_FILE" ]] || fail "Файл окружения не найден: $ENV_FILE" @@ -48,31 +52,27 @@ load_env() { INSTALL_MODE="${INSTALL_MODE:-standalone}" PG_ADMIN_SUPERUSER="$(bool_norm "${PG_ADMIN_SUPERUSER:-true}")" - PG_CREATE_DB="$(bool_norm "${PG_CREATE_DB:-false}")" - + PG_CREATE_DB="$(bool_norm "${PG_CREATE_DB:-true}")" PG_SERVICE_ENABLE="$(bool_norm "${PG_SERVICE_ENABLE:-true}")" PG_SERVICE_START="$(bool_norm "${PG_SERVICE_START:-true}")" ENFORCE_PASSWORD_AUTH="$(bool_norm "${ENFORCE_PASSWORD_AUTH:-true}")" CREATE_HBA_BACKUP="$(bool_norm "${CREATE_HBA_BACKUP:-true}")" + PRESERVE_POSTGRES_PEER_LOCAL="$(bool_norm "${PRESERVE_POSTGRES_PEER_LOCAL:-true}")" + + SET_POSTGRES_ROLE_PASSWORD="$(bool_norm "${SET_POSTGRES_ROLE_PASSWORD:-false}")" + POSTGRES_ROLE_PASSWORD="${POSTGRES_ROLE_PASSWORD:-}" POSTGRES_SOCKET_DIR="${POSTGRES_SOCKET_DIR:-/var/run/postgresql}" PG_DB_NAME="${PG_DB_NAME:-}" REPO_ADD_TMP="${REPO_ADD_TMP:-/tmp/pgpro-repo-add.sh}" + PG_CLUSTER_DIR="${PG_CLUSTER_DIR:-/var/lib/pgpro/1c-18/data}" - # Точечные правила для прикладного доступа APP_LOCAL_AUTH_METHOD="${APP_LOCAL_AUTH_METHOD:-scram-sha-256}" APP_HOST_AUTH_METHOD="${APP_HOST_AUTH_METHOD:-scram-sha-256}" APP_HOST_IPV4_CIDR="${APP_HOST_IPV4_CIDR:-127.0.0.1/32}" APP_HOST_IPV6_CIDR="${APP_HOST_IPV6_CIDR:-::1/128}" - # Оставить ли peer для локального системного postgres - PRESERVE_POSTGRES_PEER_LOCAL="$(bool_norm "${PRESERVE_POSTGRES_PEER_LOCAL:-true}")" - - # Нужно ли задать пароль роли postgres тоже - SET_POSTGRES_ROLE_PASSWORD="$(bool_norm "${SET_POSTGRES_ROLE_PASSWORD:-false}")" - POSTGRES_ROLE_PASSWORD="${POSTGRES_ROLE_PASSWORD:-}" - case "$INSTALL_MODE" in standalone|parallel) ;; *) fail "INSTALL_MODE должен быть standalone или parallel" ;; @@ -113,7 +113,7 @@ check_os() { ensure_base_packages() { export DEBIAN_FRONTEND=noninteractive apt-get update - apt-get install -y wget ca-certificates gnupg apt-transport-https sed grep coreutils + apt-get install -y wget ca-certificates gnupg apt-transport-https sed grep coreutils gawk } ensure_repo() { @@ -141,7 +141,7 @@ install_pgpro() { apt-get install -y "$PACKAGE_PARALLEL" [[ -x "$PGSETUP" ]] || fail "Не найден $PGSETUP" - if [[ ! -d /var/lib/pgpro/1c-18/data/base ]]; then + if [[ ! -d "${PG_CLUSTER_DIR}/base" ]]; then log "Инициализирую новый кластер Postgres Pro 1C 18" "$PGSETUP" initdb else @@ -150,19 +150,48 @@ install_pgpro() { fi } +service_unit_exists() { + systemctl list-unit-files --type=service --no-legend 2>/dev/null | awk '{print $1}' | grep -Fxq "${SERVICE_NAME}.service" +} + +service_enable() { + if [[ -x "$PGSETUP" ]]; then + "$PGSETUP" service enable + else + systemctl enable "$SERVICE_NAME" + fi +} + +service_start() { + if [[ -x "$PGSETUP" ]]; then + "$PGSETUP" service start + else + systemctl start "$SERVICE_NAME" + fi +} + +service_restart() { + if [[ -x "$PGSETUP" ]]; then + if "$PGSETUP" service condrestart >/dev/null 2>&1; then + return 0 + fi + fi + systemctl restart "$SERVICE_NAME" +} + enable_and_start_service() { - if ! systemctl list-unit-files | grep -q "^${SERVICE_NAME}\.service"; then + if ! service_unit_exists; then fail "Не найден unit-файл ${SERVICE_NAME}.service" fi if [[ "$PG_SERVICE_ENABLE" == "true" ]]; then log "Включаю автозапуск ${SERVICE_NAME}" - systemctl enable "$SERVICE_NAME" + service_enable fi if [[ "$PG_SERVICE_START" == "true" ]]; then log "Запускаю ${SERVICE_NAME}" - systemctl restart "$SERVICE_NAME" + service_start fi } @@ -186,10 +215,6 @@ psql_postgres() { runuser -u postgres -- "$PSQL" -v ON_ERROR_STOP=1 -h "$POSTGRES_SOCKET_DIR" -d postgres "$@" } -sql_escape_literal() { - printf "%s" "$1" | sed "s/'/''/g" -} - configure_role() { [[ -x "$PSQL" ]] || fail "Не найден $PSQL" @@ -288,9 +313,9 @@ prepend_managed_hba_block() { echo "local all postgres peer" fi - echo "local all ${PG_ADMIN_USER} ${APP_LOCAL_AUTH_METHOD}" - echo "host all ${PG_ADMIN_USER} ${APP_HOST_IPV4_CIDR} ${APP_HOST_AUTH_METHOD}" - echo "host all ${PG_ADMIN_USER} ${APP_HOST_IPV6_CIDR} ${APP_HOST_AUTH_METHOD}" + printf 'local all %s %s\n' "$PG_ADMIN_USER" "$APP_LOCAL_AUTH_METHOD" + printf 'host all %s %s %s\n' "$PG_ADMIN_USER" "$APP_HOST_IPV4_CIDR" "$APP_HOST_AUTH_METHOD" + printf 'host all %s %s %s\n' "$PG_ADMIN_USER" "$APP_HOST_IPV6_CIDR" "$APP_HOST_AUTH_METHOD" echo "# END MANAGED BY install_pg1c.sh" echo @@ -319,7 +344,7 @@ configure_pg_hba() { prepend_managed_hba_block "$hba_file" log "Перезапускаю ${SERVICE_NAME} после правки pg_hba.conf" - systemctl restart "$SERVICE_NAME" + service_restart wait_for_postgres } @@ -341,8 +366,8 @@ show_summary() { Проверки: systemctl status ${SERVICE_NAME} - sudo -u postgres ${PSQL} -h ${POSTGRES_SOCKET_DIR} -d postgres -c "\du" - sudo -u postgres ${PSQL} -h ${POSTGRES_SOCKET_DIR} -d postgres -c "\l" + sudo -u postgres ${PSQL} -h ${POSTGRES_SOCKET_DIR} -d postgres -c "\\du" + sudo -u postgres ${PSQL} -h ${POSTGRES_SOCKET_DIR} -d postgres -c "\\l" Подключение под новым пользователем: ${PSQL} -h 127.0.0.1 -U ${PG_ADMIN_USER} -d ${PG_DB_NAME:-postgres} -W @@ -376,4 +401,4 @@ main() { show_summary } -main "$@" \ No newline at end of file +main "$@"