Commit 41857414 authored by Michał 'rysiek' Woźniak's avatar Michał 'rysiek' Woźniak
Browse files

not using display_error_and_quit in functions anymore, allowing for more graceful error handling

parent 72841420
......@@ -18,7 +18,8 @@ check_properly_sourced || ( echo 'Utils not properly sourced!' && exit 1 )
# - optionally, databases to dump
#
# ...and all of this is in $SSH_ORIGINAL_COMMAND
# TODO: also get this from envvars (so that )
# TODO: also get this from envvars
# TODO: (so that this can be set directly in, say, docker-compose.yml)
IFS=' ' read -r -a SSH_ORIGINAL_COMMAND_ARR <<< "$SSH_ORIGINAL_COMMAND"
DB_TYPE="${SSH_ORIGINAL_COMMAND_ARR[0]}"
DB_HOST="${SSH_ORIGINAL_COMMAND_ARR[1]}"
......
......@@ -121,13 +121,13 @@ function create_readonly_mysql_user() {
echo " +-- password: (provided on the command line)"
# otherwise, create a random one
else
RUSER_PW="$( pwgen -s 24 1 )" || display_error_and_quit "Error generating password; is pwgen installed and in \$PATH?"
RUSER_PW="$( pwgen -s 24 1 )" || ( display_error "Error generating password; is pwgen installed and in \$PATH?" && return 1 )
echo " +-- password: $RUSER_PW"
fi
# do the magic
mysql -h "$1" -u "$2" --password="$3" --batch -e "GRANT SELECT, SHOW DATABASES, LOCK TABLES, EXECUTE, SHOW VIEW ON *.* TO '$RUSER_NAME'@'$RUSER_HOST' IDENTIFIED BY '$RUSER_PW';" \
|| display_error_and_quit "Error creating a read-only user."
|| ( display_error "Error creating a read-only user." && return 1 )
}
export -f create_readonly_mysql_user
......@@ -167,7 +167,7 @@ function dump_mysql_dbs {
DATABASES="$( mysql -h "$1" -u "$2" --password="$3" --batch -e "SHOW DATABASES $DATABASES_WHERE;" | egrep -v '(Database|information_schema|performance_schema)' )"
# either the code is 0, or the command failed; act accordingly.
[ $? -eq 0 ] || display_error_and_quit
[ $? -eq 0 ] || ( display_error && return 1 )
# did we find anything?
if [[ "$DATABASES" == "" ]]; then
......@@ -183,7 +183,8 @@ function dump_mysql_dbs {
DATABASES_MISSING="$( echo "${@:5} $DATABASES" | tr ' ' '\n' | sort | uniq -u | tr '\n' ' ' )"
if [[ "$DATABASES_MISSING" != "" ]]; then
# if not, complain and exit
display_error_and_quit "Not all databases found; missing: $DATABASES_MISSING"
display_error "Not all databases found; missing: $DATABASES_MISSING"
return 2
fi
fi
......@@ -201,7 +202,7 @@ function dump_mysql_dbs {
# get the list of users
DBUSERS="$( mysql -h "$1" -u "$2" --password="$3" --batch --skip-column-names -e "SELECT CONCAT('',QUOTE(user),'@',QUOTE(host),':',$PWCOL) FROM mysql.user WHERE user<>'';")"
[ $? -eq 0 ] || display_error_and_quit
[ $? -eq 0 ] || ( display_error && return 3 )
echo " +-- found `echo "$DBUSERS" | wc -l` users..."
# get all grants for said users
......@@ -215,7 +216,7 @@ function dump_mysql_dbs {
DBUSERPW="$( echo "$user_host_pass" | cut -d ':' -f 2 )"
# get the grants # add IDENTIFIED BY <password>, but only when there was no IDENTIFIED BY there already
DBGRANTS=`echo -ne "$DBGRANTS\n$( mysql -h "$1" -u "$2" --password="$3" --batch --skip-column-names -e "SHOW GRANTS FOR $DBUSER;" | sed -r -e "s/(IDENTIFIED BY.*)$/ IDENTIFIED BY PASSWORD '$DBUSERPW'/g" )"`
[ $? -eq 0 ] || display_error_and_quit
[ $? -eq 0 ] || ( display_error && return 4 )
done
# iterate through databases
......@@ -231,7 +232,7 @@ function dump_mysql_dbs {
# schema
echo " +-- schema..."
mysqldump -h "$1" -u "$2" --password="$3" --add-drop-database --no-data --databases "$db" > "$SCHEMA_FILE"
[ $? -eq 0 ] || display_error_and_quit
[ $? -eq 0 ] || display_error_and_continue
# grants
echo " +-- grants..."
......@@ -243,16 +244,16 @@ function dump_mysql_dbs {
# SET PASSWORD FOR ... = HASH_STRING
echo "${DBGRANTS}" | grep "ON \*." | sed -r -e 's/$/;/' >> "$SCHEMA_FILE"
[ $? -lt 2 ] || display_error_and_quit # less than 2 here, because 0 on "found", 1 on "not found", 2 and above on "error"
[ $? -lt 2 ] || display_error_and_continue # less than 2 here, because 0 on "found", 1 on "not found", 2 and above on "error"
echo "${DBGRANTS}" | grep "ON \`${db}\`" | sed -r -e 's/$/;/' >> "$SCHEMA_FILE"
[ $? -lt 2 ] || display_error_and_quit # less than 2 here, because 0 on "found", 1 on "not found", 2 and above on "error"
[ $? -lt 2 ] || display_error_and_continue # less than 2 here, because 0 on "found", 1 on "not found", 2 and above on "error"
# we need this for the privs to work after restore
echo "FLUSH PRIVILEGES;" >> "$SCHEMA_FILE"
# dump
echo " +-- dump..."
mysqldump -h "$1" -u "$2" --password="$3" --no-create-info --no-create-db --databases "$db" | gzip -c > "$DUMP_FILE"
[ $? -eq 0 ] || display_error_and_quit
[ $? -eq 0 ] || display_error_and_continue
echo " +-- done."
done
......@@ -311,11 +312,11 @@ function create_readonly_postgres_user() {
PGPASSWORD="$PG_PASS" psql -h "$PG_HOST" -U "$PG_USER" -c "
CREATE ROLE $RUSER_NAME NOSUPERUSER NOCREATEDB NOCREATEROLE LOGIN NOREPLICATION PASSWORD '$RUSER_PW';
GRANT SELECT ON pg_authid TO $RUSER_NAME;" postgres \
|| display_error_and_quit "Error creating the $RUSER_NAME role and granting SELECT on pg_authid."
|| ( display_error "Error creating the $RUSER_NAME role and granting SELECT on pg_authid." && return 1 )
# get the list of roles
ROLES="$( PGPASSWORD="$PG_PASS" psql -h "$PG_HOST" -U "$PG_USER" -Aqt -c '\dg' postgres | grep '|' | cut -d '|' -f 1 )" \
|| display_error_and_quit "Error getting list of roles"
|| ( display_error "Error getting list of roles" && return 2 )
# and for each role
for ROLE in $ROLES; do
......@@ -324,13 +325,13 @@ function create_readonly_postgres_user() {
ALTER DEFAULT PRIVILEGES FOR ROLE $ROLE GRANT SELECT ON TABLES TO $RUSER_NAME;
ALTER DEFAULT PRIVILEGES FOR ROLE $ROLE GRANT SELECT ON SEQUENCES TO $RUSER_NAME;
ALTER DEFAULT PRIVILEGES FOR ROLE $ROLE GRANT EXECUTE ON FUNCTIONS TO $RUSER_NAME;" postgres \
|| display_error_and_quit "Error altering default privileges for role $ROLE"
|| ( display_error "Error altering default privileges for role $ROLE" && return 3 )
done
# get the list of databases
DATABASES="$( PGPASSWORD="$PG_PASS" psql -h "$PG_HOST" -U "$PG_USER" -lAqt postgres | grep '|' | cut -d '|' -f 1 | egrep -v "template[0-9]" )" \
|| display_error_and_quit "Error getting list of databases"
|| ( display_error "Error getting list of databases" && return 4 )
# do we have any databases?
if [[ "$DATABASES" == "" ]]; then
......@@ -343,24 +344,24 @@ function create_readonly_postgres_user() {
# grant CONNECT
PGPASSWORD="$PG_PASS" psql -h "$PG_HOST" -U "$PG_USER" -c "GRANT CONNECT ON DATABASE $DATABASE TO $RUSER_NAME;" postgres \
|| display_error_and_quit "Error granting CONNECT on database $DATABASE"
|| ( display_error "Error granting CONNECT on database $DATABASE" && return 5 )
# get all schemas
SCHEMAS="$( PGPASSWORD="$PG_PASS" psql -h "$PG_HOST" -U "$PG_USER" -Aqt -c '\dn' postgres | grep '|' | cut -d '|' -f 1 )" \
|| display_error_and_quit "Error getting list of schemas"
|| ( display_error "Error getting list of schemas" && return 6 )
# let's go through the schemas, then
for SCHEMA in $SCHEMAS; do
# grant USAGE on the schema
PGPASSWORD="$PG_PASS" psql -h "$PG_HOST" -U "$PG_USER" -c "GRANT USAGE ON SCHEMA $SCHEMA TO $RUSER_NAME;" "$DATABASE" \
|| display_error_and_quit "Error granting USAGE on schema $SCHEMA"
|| ( display_error "Error granting USAGE on schema $SCHEMA" && return 7 )
# grant SELECT on all tables and sequences, and EXECUTE on all functions, in the schema
PGPASSWORD="$PG_PASS" psql -h "$PG_HOST" -U "$PG_USER" -c "
GRANT SELECT ON ALL TABLES IN SCHEMA $SCHEMA TO $RUSER_NAME;
GRANT SELECT ON ALL SEQUENCES IN SCHEMA $SCHEMA TO $RUSER_NAME;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA $SCHEMA TO $RUSER_NAME;" "$DATABASE" \
|| display_error_and_quit "Error granting USAGE on schema $SCHEMA"
|| ( display_error "Error granting USAGE on schema $SCHEMA" && return 8 )
done
done
......@@ -399,7 +400,7 @@ function dump_postgres_dbs {
DATABASES="$( PGPASSWORD="$3" psql -h "$1" -U "$2" -lAqt | grep '|' | cut -d '|' -f 1 | egrep -v "template[0-9]" )"
# either the code is 0, or the command failed; act accordingly.
[ $? -eq 0 ] || display_error_and_quit
[ $? -eq 0 ] || ( display_error && return 1 )
# do we have any databases?
if [[ "$DATABASES" == "" ]]; then
......@@ -415,13 +416,14 @@ function dump_postgres_dbs {
DATABASES_MISSING="$( echo "${@:5} $DATABASES" | tr ' ' '\n' | sort | uniq -u | tr '\n' ' ' )"
if [[ "$DATABASES_MISSING" != "" ]]; then
# if not, complain and exit
display_error_and_quit "Not all databases found; missing: $DATABASES_MISSING"
display_error "Not all databases found; missing: $DATABASES_MISSING"
return 2
fi
fi
# list of users
DBUSERS="$( PGPASSWORD="$3" pg_dumpall -h "$1" --globals-only -U "$2" | egrep '(CREATE|ALTER) ROLE' )"
[ $? -eq 0 ] || display_error_and_quit
[ $? -eq 0 ] || ( display_error && return 3 )
echo " +-- found `echo "$DBUSERS" | egrep "^CREATE" | wc -l` users..."
......@@ -438,7 +440,7 @@ function dump_postgres_dbs {
# schema
echo " +-- schema..."
PGPASSWORD="$3" pg_dump -h "$1" --create --clean --schema-only -U "$2" "$db" > "$SCHEMA_FILE"
[ $? -eq 0 ] || display_error_and_quit
[ $? -eq 0 ] || display_error_and_continue
# grants
echo " +-- grants..."
......@@ -453,7 +455,7 @@ function dump_postgres_dbs {
# dump
echo " +-- dump..."
PGPASSWORD="$3" pg_dump -h "$1" --data-only --format plain --compress 9 -U "$2" "$db" > "$DUMP_FILE"
[ $? -eq 0 ] || display_error_and_quit
[ $? -eq 0 ] || display_error_and_continue
echo " +-- done."
done
......@@ -527,19 +529,19 @@ function dump_elasticsearch_dbs {
# create a snapshot, blocking until it's done
echo " +-- dump..."
curl -X PUT "http://$1:9200/_snapshot/$BACKUP_NAME/snapshot?wait_for_completion=true" || display_error_and_quit 'Error while generating the snapshot!'
curl -X PUT "http://$1:9200/_snapshot/$BACKUP_NAME/snapshot?wait_for_completion=true" || ( display_error 'Error while generating the snapshot!' && return 1 )
echo
# copy the backup to a less temporary location
cp -a "$BACKUP_TEMP_DIR"/* "$2/" || display_error_and_quit 'Error while copying the snapshot data to the target directory!'
cp -a "$BACKUP_TEMP_DIR"/* "$2/" || ( display_error 'Error while copying the snapshot data to the target directory!' && return 2 )
# cleanup
echo " +-- cleanup..."
curl -X DELETE "http://$1:9200/_snapshot/$BACKUP_NAME/snapshot" || display_error_and_quit 'Error while cleaning up the snapshot!'
curl -X DELETE "http://$1:9200/_snapshot/$BACKUP_NAME/snapshot" || ( display_error 'Error while cleaning up the snapshot!' && return 3 )
echo
curl -X DELETE "http://$1:9200/_snapshot/$BACKUP_NAME/" || display_error_and_quit 'Error while cleaning up the backup repository!'
curl -X DELETE "http://$1:9200/_snapshot/$BACKUP_NAME/" || ( display_error 'Error while cleaning up the backup repository!' && return 4 )
echo
rm -rf "$BACKUP_TEMP_DIR/*"
echo " +-- done..."
}
export -f dump_elasticsearch_dbs
\ No newline at end of file
export -f dump_elasticsearch_dbs
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment