#!/bin/bash set -eu if [[ ! -e "$PGDATA/db_configured" ]]; then init_db () { echo "Configuring CKAN database, PostGIS & datastore" # create CKAN user setuser postgres psql \ -c "CREATE USER $CKAN_USER WITH PASSWORD '$CKAN_PASS';" # create CKAN database setuser postgres createdb \ -O $CKAN_USER $CKAN_DB -T template0 -E utf-8 # setup PostGIS for the database setuser postgres psql \ -d $CKAN_DB -f /usr/share/postgresql/9.3/contrib/postgis-2.1/postgis.sql setuser postgres psql \ -d $CKAN_DB -f /usr/share/postgresql/9.3/contrib/postgis-2.1/spatial_ref_sys.sql setuser postgres psql \ -d $CKAN_DB -f /usr/share/postgresql/9.3/contrib/postgis-2.1/postgis_comments.sql # change the ownership of the spatial tables setuser postgres psql \ -d $CKAN_DB -c "ALTER TABLE spatial_ref_sys OWNER TO $CKAN_USER;" setuser postgres psql \ -d $CKAN_DB -c "ALTER TABLE geometry_columns OWNER TO $CKAN_USER;" # create Datastore user setuser postgres psql \ -c "CREATE USER $DATASTORE_USER WITH PASSWORD '$DATASTORE_PASS';" # create Datastore database setuser postgres createdb \ -O $CKAN_USER $DATASTORE_DB -T template0 -E utf-8 # configure the permissions for the datastore setuser postgres psql \ -q <<-EOF \connect $DATASTORE_DB -- revoke permissions for the read-only user REVOKE CREATE ON SCHEMA public FROM PUBLIC; REVOKE USAGE ON SCHEMA public FROM PUBLIC; GRANT CREATE ON SCHEMA public TO $CKAN_USER; GRANT USAGE ON SCHEMA public TO $CKAN_USER; -- take connect permissions from main db REVOKE CONNECT ON DATABASE $CKAN_DB FROM $DATASTORE_USER; -- grant select permissions for read-only user GRANT CONNECT ON DATABASE $DATASTORE_DB TO $DATASTORE_USER; GRANT USAGE ON SCHEMA public TO $DATASTORE_USER; -- grant access to current tables and views to read-only user GRANT SELECT ON ALL TABLES IN SCHEMA public TO $DATASTORE_USER; -- grant access to new tables and views by default ALTER DEFAULT PRIVILEGES FOR USER $CKAN_USER IN SCHEMA public GRANT SELECT ON TABLES TO $DATASTORE_USER; EOF # Database configured touch $PGDATA/db_configured } else init_db () { echo "CKAN database & datastore already configured" } fi init_db_when_ready () { # calls init_db when postgres is running while [[ ! -e /run/postgresql/9.3-main.pid ]]; do inotifywait -q -e create /run/postgresql/ >> /dev/null done init_db } if [[ ! -d "$PGDATA" ]]; then echo "Creating Postgres Directory..." # create dirs if needed mkdir -p $PGDATA # Ensure postgres owns the PGDATA chown -R postgres $PGDATA # Ensure we have the right permissions set on the PGDATA chmod -R 700 $PGDATA fi # initialize db if needed if [[ ! "$(ls -A $PGDATA)" ]]; then echo "Initializing PostgreSQL..." chown -R postgres $PGDATA # postgres initdb setuser postgres /usr/lib/postgresql/9.3/bin/initdb --locale=en_US.UTF-8 --encoding=UNICODE $PGDATA mv $PGDATA/*.conf $PGMAIN/ # Update postgresql.conf settings sed -i -e "s|^#listen_addresses =.*$|listen_addresses = '*'|" $PGMAIN/postgresql.conf sed -i -e "s|^#data_directory =.*$|data_directory = '/var/lib/postgresql/9.3/main'|" $PGMAIN/postgresql.conf sed -i -e "s|^#hba_file =.*$|hba_file = '/etc/postgresql/9.3/main/pg_hba.conf'|" $PGMAIN/postgresql.conf sed -i -e "s|^#ident_file =.*$|ident_file = '/etc/postgresql/9.3/main/pg_ident.conf'|" $PGMAIN/postgresql.conf sed -i -e "s|^#external_pid_file =.*$|external_pid_file = '/var/run/postgresql/9.3-main.pid'|" $PGMAIN/postgresql.conf # Allow connections from anywhere with valid credentials (md5) echo "local all postgres peer" >> $PGMAIN/pg_hba.conf echo "host all all 0.0.0.0/0 md5" >> $PGMAIN/pg_hba.conf fi init_db_when_ready & # Start PostgreSQL echo "Starting PostgreSQL..." setuser postgres /usr/lib/postgresql/9.3/bin/postgres -D $PGDATA -c config_file=$PGMAIN/postgresql.conf