From f74037439255a310bdbde640e051c41f81fb81e2 Mon Sep 17 00:00:00 2001 From: Ian Barwick Date: Tue, 9 Feb 2016 15:11:50 +0900 Subject: [PATCH] Add '-P/--pwprompt' option for "repmgr create witness" Optionally prompt for superuser and repmgr user when creating a witness. This ensures a password can be provided if the primary's pg_hba.conf mandates it. This deprecates '--initdb-no-pwprompt'; and changes the default behaviour of "repmgr create witness", which previously required a superuser password unless '--initdb-no-pwprompt' was supplied. This behaviour is more consistent with other PostgreSQL utilities such as createuser. Partial fix for GitHub issue #145. --- HISTORY | 5 ++++- repmgr.c | 24 +++++++++++++++++++----- repmgr.h | 7 ++++--- 3 files changed, 27 insertions(+), 9 deletions(-) diff --git a/HISTORY b/HISTORY index 0b4b8747..e9a27ec3 100644 --- a/HISTORY +++ b/HISTORY @@ -1,4 +1,7 @@ -3.1.0 2016-01- +3.1.1 2016-02- + Add '-P/--pwprompt' option for "repmgr create witness" (Ian) + +3.1.0 2016-02-01 Add "repmgr standby switchover" command (Ian) Revised README file (Ian) Remove requirement for 'archive_mode' to be enabled (Ian) diff --git a/repmgr.c b/repmgr.c index dcd16a70..32967560 100644 --- a/repmgr.c +++ b/repmgr.c @@ -175,12 +175,14 @@ main(int argc, char **argv) {"terse", required_argument, NULL, 't'}, {"mode", required_argument, NULL, 'm'}, {"remote-config-file", required_argument, NULL, 'C'}, + /* deprecated from 3.2; replaced with -P/----pwprompt */ {"initdb-no-pwprompt", no_argument, NULL, 1}, {"check-upstream-config", no_argument, NULL, 2}, {"recovery-min-apply-delay", required_argument, NULL, 3}, {"ignore-external-config-files", no_argument, NULL, 4}, {"config-archive-dir", required_argument, NULL, 5}, {"pg_rewind", optional_argument, NULL, 6}, + {"pwprompt", optional_argument, NULL, 7}, {"help", no_argument, NULL, '?'}, {"version", no_argument, NULL, 'V'}, {NULL, 0, NULL, 0} @@ -405,6 +407,9 @@ main(int argc, char **argv) } pg_rewind_supplied = true; break; + case 7: + runtime_options.witness_pwprompt = true; + break; default: { @@ -3454,7 +3459,7 @@ do_witness_create(void) maxlen_snprintf(script, "%s %s -D %s init -o \"%s-U %s\"", make_pg_path("pg_ctl"), options.pg_ctl_options, runtime_options.dest_dir, - runtime_options.initdb_no_pwprompt ? "" : "-W ", + runtime_options.witness_pwprompt ? "-W " : "", runtime_options.superuser); log_info(_("initializing cluster for witness: %s.\n"), script); @@ -3555,10 +3560,13 @@ do_witness_create(void) /* check if we need to create a user */ if (runtime_options.username[0] && runtime_options.localport[0] && strcmp(runtime_options.username,"postgres") != 0) { - /* create required user; needs to be superuser to create untrusted language function in c */ - maxlen_snprintf(script, "%s -p %s --superuser --login -U %s %s", + /* create required user; needs to be superuser to create untrusted language function in C */ + maxlen_snprintf(script, "%s -p %s --superuser --login %s-U %s %s", make_pg_path("createuser"), - runtime_options.localport, runtime_options.superuser, runtime_options.username); + runtime_options.localport, + runtime_options.witness_pwprompt ? "-P " : "", + runtime_options.superuser, + runtime_options.username); log_info(_("creating user for witness db: %s.\n"), script); r = system(script); @@ -3829,7 +3837,8 @@ do_help(void) printf(_(" --pg_rewind[=VALUE] (standby switchover) 9.3/9.4 only - use pg_rewind if available,\n" \ " optionally providing a path to the binary\n")); printf(_(" -k, --keep-history=VALUE (cluster cleanup) retain indicated number of days of history (default: 0)\n")); - printf(_(" --initdb-no-pwprompt (witness server) no superuser password prompt during initdb\n")); +/* printf(_(" --initdb-no-pwprompt (witness server) no superuser password prompt during initdb\n"));*/ + printf(_(" -P, --pwprompt (witness server) prompt for password when creating users\n")); printf(_(" -S, --superuser=USERNAME (witness server) superuser username for witness database\n" \ " (default: postgres)\n")); printf(_("\n")); @@ -4275,6 +4284,11 @@ check_parameters_for_action(const int action) config_file_required = false; break; case WITNESS_CREATE: + /* Require data directory */ + if (strcmp(runtime_options.dest_dir, "") == 0) + { + error_list_append(&cli_errors, _("-D/--data-dir required when executing WITNESS CREATE")); + } /* allow all parameters to be supplied */ break; case CLUSTER_SHOW: diff --git a/repmgr.h b/repmgr.h index da16a10c..ad8a34d7 100644 --- a/repmgr.h +++ b/repmgr.h @@ -67,7 +67,7 @@ typedef struct bool force; bool wait_for_master; bool ignore_rsync_warn; - bool initdb_no_pwprompt; + bool witness_pwprompt; bool rsync_only; bool fast_checkpoint; bool ignore_external_config_files; @@ -91,11 +91,12 @@ typedef struct char recovery_min_apply_delay[MAXLEN]; - /* deprecated command line option */ + /* deprecated command line options */ char localport[MAXLEN]; + bool initdb_no_pwprompt; } t_runtime_options; -#define T_RUNTIME_OPTIONS_INITIALIZER { "", "", "", "", "", "", "", DEFAULT_WAL_KEEP_SEGMENTS, false, false, false, false, false, false, false, false, false, "smart", "", "", "", "", "", 0, "", "", "" } +#define T_RUNTIME_OPTIONS_INITIALIZER { "", "", "", "", "", "", "", DEFAULT_WAL_KEEP_SEGMENTS, false, false, false, false, false, false, false, false, false, "smart", "", "", "", "", "", 0, "", "", "", false } extern char repmgr_schema[MAXLEN]; extern bool config_file_found;