dokku/dokku-postgres
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
233a261a3f353854800f19d049555343d917f7d9
dokku-postgres/functions
Jose Diaz-Gonzalez 233a261a3f fix: Strictly validate service names 
We previously allowed a wide range of service names. As the service name is sometimes used to name databases, the name was actually more restricted than any character, resulting in services that wouldn't start. Going forward, only alphanumeric and underscore characters are allowed.

This only impacts service creation. Any services with invalid names should be migrated to a new service, with the data exported and imported as normal.

Closes dokku/dokku-redis#99
Closes dokku/dokku-mysql#47
Closes dokku/dokku-mongo#86
Closes dokku/dokku-redis#81
2019-03-09 15:54:23 -05:00

155 lines
6.3 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/config"
set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x
source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/common-functions"
source "$PLUGIN_BASE_PATH/common/functions"
source "$PLUGIN_AVAILABLE_PATH/config/functions"
if [[ -f "$PLUGIN_AVAILABLE_PATH/docker-options/functions" ]]; then
source "$PLUGIN_AVAILABLE_PATH/docker-options/functions"
fi
service_connect() {
local SERVICE="$1"
local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
local SERVICE_NAME="$(get_service_name "$SERVICE")"
local DATABASE_NAME="$(get_database_name "$SERVICE")"
local SERVICE_TTY_OPTS
has_tty && SERVICE_TTY_OPTS="-t"
docker exec -i $SERVICE_TTY_OPTS "$SERVICE_NAME" psql -h localhost -U postgres "$DATABASE_NAME"
}
service_create() {
local SERVICE="$1"
is_valid_service_name "$SERVICE" || dokku_log_fail "Please specify a valid name for the service. Valid characters are: [A-Za-z0-9_]+"
[[ -z "$SERVICE" ]] && dokku_log_fail "Please specify a name for the service"
[[ ! -d "$PLUGIN_DATA_ROOT/$SERVICE" ]] || dokku_log_fail "$PLUGIN_SERVICE service $SERVICE already exists"
SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"; LINKS_FILE="$SERVICE_ROOT/LINKS"
service_parse_args "${@:2}"
if ! service_image_exists "$SERVICE"; then
if [[ "$PLUGIN_DISABLE_PULL" == "true" ]]; then
dokku_log_warn "${PLUGIN_DISABLE_PULL_VARIABLE} environment variable detected. Not running pull command." 1>&2
dokku_log_warn " docker pull ${IMAGE}" 1>&2
dokku_log_warn "$PLUGIN_SERVICE service creation failed"
exit 1
fi
docker pull "$PLUGIN_IMAGE:$PLUGIN_IMAGE_VERSION" || dokku_log_fail "$PLUGIN_SERVICE image $PLUGIN_IMAGE:$PLUGIN_IMAGE_VERSION pull failed"
fi
mkdir -p "$SERVICE_ROOT" || dokku_log_fail "Unable to create service directory"
mkdir -p "$SERVICE_ROOT/data" || dokku_log_fail "Unable to create service data directory"
touch "$LINKS_FILE"
PASSWORD=$(openssl rand -hex 16)
if [[ -n "$SERVICE_PASSWORD" ]]; then
PASSWORD="$SERVICE_PASSWORD"
dokku_log_warn "Specified password may not be as secure as the auto-generated password"
fi
echo "$PASSWORD" > "$SERVICE_ROOT/PASSWORD"
chmod 640 "$SERVICE_ROOT/PASSWORD"
[[ -n "$SERVICE_CUSTOM_ENV" ]] && POSTGRES_CUSTOM_ENV="$SERVICE_CUSTOM_ENV"
if [[ -n $POSTGRES_CUSTOM_ENV ]]; then
echo "$POSTGRES_CUSTOM_ENV" | tr ';' "\n" > "$SERVICE_ROOT/ENV"
else
echo "" > "$SERVICE_ROOT/ENV"
fi
service_create_container "$SERVICE"
}
service_create_container() {
local SERVICE="$1"
local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
local SERVICE_HOST_ROOT="$PLUGIN_DATA_HOST_ROOT/$SERVICE"
local SERVICE_NAME="$(get_service_name "$SERVICE")"
local PASSWORD="$(cat "$SERVICE_ROOT/PASSWORD")"
local PREVIOUS_ID
ID=$(docker run --name "$SERVICE_NAME" -v "$SERVICE_HOST_ROOT/data:/var/lib/postgresql/data" -e "POSTGRES_PASSWORD=$PASSWORD" --env-file="$SERVICE_ROOT/ENV" -d --restart always --label dokku=service --label dokku.service=postgres "$PLUGIN_IMAGE:$PLUGIN_IMAGE_VERSION")
echo "$ID" > "$SERVICE_ROOT/ID"
dokku_log_verbose_quiet "Waiting for container to be ready"
docker run --rm --link "$SERVICE_NAME:$PLUGIN_COMMAND_PREFIX" dokkupaas/wait:0.2 -p "$PLUGIN_DATASTORE_WAIT_PORT" > /dev/null
dokku_log_verbose_quiet "Creating container database"
DATABASE_NAME="$(get_database_name "$SERVICE")"
docker exec "$SERVICE_NAME" su - postgres -c "createdb -E utf8 $DATABASE_NAME" 2> /dev/null || dokku_log_verbose_quiet 'Already exists'
dokku_log_verbose_quiet "Securing connection to database"
service_stop "$SERVICE" > /dev/null
docker run --rm -i -v "$SERVICE_HOST_ROOT/data:/var/lib/postgresql/data" "$PLUGIN_IMAGE:$PLUGIN_IMAGE_VERSION" bash -s < "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/scripts/enable_ssl.sh" &> /dev/null
PREVIOUS_ID=$(docker ps -f status=exited --no-trunc | grep -e "$SERVICE_NAME$" | awk '{print $1}') || true
docker start "$PREVIOUS_ID" > /dev/null
service_port_unpause "$SERVICE"
dokku_log_info2 "$PLUGIN_SERVICE container created: $SERVICE"
service_info "$SERVICE"
}
service_export() {
local SERVICE="$1"
local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
local SERVICE_NAME="$(get_service_name "$SERVICE")"
local DATABASE_NAME="$(get_database_name "$SERVICE")"
local PASSWORD="$(cat "$SERVICE_ROOT/PASSWORD")"
[[ -n $SSH_TTY ]] && stty -opost
docker exec "$SERVICE_NAME" env PGPASSWORD="$PASSWORD" pg_dump -Fc --no-acl --no-owner -h localhost -U postgres -w "$DATABASE_NAME"
status=$?
[[ -n $SSH_TTY ]] && stty opost
exit $status
}
service_import() {
local SERVICE="$1"
local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
local SERVICE_HOST_ROOT="$PLUGIN_DATA_HOST_ROOT/$SERVICE"
local SERVICE_NAME="$(get_service_name "$SERVICE")"
local DATABASE_NAME="$(get_database_name "$SERVICE")"
local PASSWORD="$(cat "$SERVICE_ROOT/PASSWORD")"
if [[ -t 0 ]]; then
dokku_log_fail "No data provided on stdin."
fi
docker exec -i "$SERVICE_NAME" env PGPASSWORD="$PASSWORD" pg_restore -h localhost -cO --if-exists -d "$DATABASE_NAME" -U postgres -w
}
service_start() {
local SERVICE="$1"
local QUIET="$2"
local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
local SERVICE_NAME="$(get_service_name "$SERVICE")"
local ID=$(docker ps -f status=running --no-trunc | grep -e "$SERVICE_NAME$" | awk '{print $1}') || true
if [[ -n $ID ]]; then
[[ -z $QUIET ]] && dokku_log_warn "Service is already started"
return 0
fi
dokku_log_info2_quiet "Starting container"
local PREVIOUS_ID=$(docker ps -f status=exited --no-trunc | grep -e "$SERVICE_NAME$" | awk '{print $1}') || true
local PASSWORD="$(cat "$SERVICE_ROOT/PASSWORD")"
if [[ -n $PREVIOUS_ID ]]; then
docker start "$PREVIOUS_ID" > /dev/null
service_port_unpause "$SERVICE"
dokku_log_info2 "Container started"
elif service_image_exists "$SERVICE" && [[ -n "$PASSWORD" ]]; then
service_create_container "$SERVICE"
else
dokku_log_verbose_quiet "Neither container nor valid configuration exists for $SERVICE"
fi
}
service_url() {
local SERVICE="$1"
local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
local PASSWORD="$(cat "$SERVICE_ROOT/PASSWORD")"
local DATABASE_NAME="$(get_database_name "$SERVICE")"
local SERVICE_DNS_HOSTNAME="$(service_dns_hostname "$SERVICE")"
echo "$PLUGIN_SCHEME://postgres:$PASSWORD@$SERVICE_DNS_HOSTNAME:${PLUGIN_DATASTORE_PORTS[0]}/$DATABASE_NAME"
}
Reference in New Issue View Git Blame Copy Permalink