From 771651a1d7a57a41193881a13a1cbb8571756959 Mon Sep 17 00:00:00 2001 From: "Ralf S. Engelschall" Date: Sun, 15 May 2016 11:08:44 +0000 Subject: [PATCH] improve packaging --- cockroach/cockroach-cert.sh | 56 +++++++++++++++++++++++++ cockroach/cockroach-sql.sh | 23 +++++++++-- cockroach/cockroach-user.sh | 18 +++++++++ cockroach/cockroach.spec | 81 +++++++++++++++++++++++++++---------- cockroach/rc.cockroach | 6 +-- 5 files changed, 156 insertions(+), 28 deletions(-) create mode 100644 cockroach/cockroach-cert.sh create mode 100644 cockroach/cockroach-user.sh diff --git a/cockroach/cockroach-cert.sh b/cockroach/cockroach-cert.sh new file mode 100644 index 0000000000..23de421c97 --- /dev/null +++ b/cockroach/cockroach-cert.sh @@ -0,0 +1,56 @@ +#!/bin/sh + +usage () { + echo "USAGE: cockroach-cert ca" 1>&2 + echo "USAGE: cockroach-cert server []" 1>&2 + echo "USAGE: cockroach-cert client " 1>&2 + exit 1 +} +if [ $# -lt 1 ]; then + usage +fi +cmd="$1" +shift +if [ ".$cmd" = .ca ]; then + if [ $# -ne 0 ]; then + usage + fi + echo "++ generating CA certificate/key pair" + echo "-- generating: @l_prefix@/etc/cockroach/cockroach-ca.crt" + echo "-- generating: @l_prefix@/etc/cockroach/cockroach-ca.key" + su - @l_rusr@ -c \ + "@l_prefix@/bin/cockroach cert create-ca \ + --ca-cert=@l_prefix@/etc/cockroach/cockroach-ca.crt \ + --ca-key=@l_prefix@/etc/cockroach/cockroach-ca.key" +elif [ ".$cmd" = .server ]; then + if [ $# -lt 1 ]; then + usage + fi + echo "++ generating server certificate/key pair" + echo "-- generating: @l_prefix@/etc/cockroach/cockroach-server.crt" + echo "-- generating: @l_prefix@/etc/cockroach/cockroach-server.key" + su - @l_rusr@ -c \ + "@l_prefix@/bin/cockroach cert create-node \ + --ca-cert=@l_prefix@/etc/cockroach/cockroach-ca.crt \ + --ca-key=@l_prefix@/etc/cockroach/cockroach-ca.key \ + --cert=@l_prefix@/etc/cockroach/cockroach-server.crt \ + --key=@l_prefix@/etc/cockroach/cockroach-server.key \ + $*" +elif [ ".$cmd" = .client ]; then + if [ $# -lt 1 ]; then + usage + fi + username="$1" + shift + echo "++ generating client certificate/key pair" + echo "-- generating: @l_prefix@/etc/cockroach/cockroach-client-$username.crt" + echo "-- generating: @l_prefix@/etc/cockroach/cockroach-client-$username.key" + su - @l_rusr@ -c \ + "@l_prefix@/bin/cockroach cert create-client \ + --ca-cert=@l_prefix@/etc/cockroach/cockroach-ca.crt \ + --ca-key=@l_prefix@/etc/cockroach/cockroach-ca.key \ + --cert=@l_prefix@/etc/cockroach/cockroach-client-$username.crt \ + --key=@l_prefix@/etc/cockroach/cockroach-client-$username.key \ + $username $*" +fi + diff --git a/cockroach/cockroach-sql.sh b/cockroach/cockroach-sql.sh index 121c8ffb83..e469ee7067 100644 --- a/cockroach/cockroach-sql.sh +++ b/cockroach/cockroach-sql.sh @@ -1,8 +1,25 @@ #!/bin/sh +if [ $# -lt 3 ]; then + echo "USAGE: cockroach-sql [...]" 1>&2 + exit 1 +fi + +username="$1"; shift +hostname="$1"; shift +database="$1"; shift + +if [ ! -f @l_prefix@/etc/cockroach/cockroach-client-$username.crt ]; then + echo "ERROR: no certificate/key pair found for user \"$username\"" 1>&2 + exit 1 +fi + exec @l_prefix@/bin/cockroach sql \ - --ca-cert=@l_prefix@/etc/cockroach/ca.crt \ - --cert=@l_prefix@/etc/cockroach/client.crt \ - --key=@l_prefix@/etc/cockroach/client.key \ + --user=$username \ + --host=$hostname \ + --database=$database \ + --ca-cert=@l_prefix@/etc/cockroach/cockroach-ca.crt \ + --cert=@l_prefix@/etc/cockroach/cockroach-client-$username.crt \ + --key=@l_prefix@/etc/cockroach/cockroach-client-$username.key \ ${1+"$@"} diff --git a/cockroach/cockroach-user.sh b/cockroach/cockroach-user.sh new file mode 100644 index 0000000000..9ed6088d4f --- /dev/null +++ b/cockroach/cockroach-user.sh @@ -0,0 +1,18 @@ +#!/bin/sh + +if [ $# -lt 1 ]; then + echo "USAGE: cockroach-user [...]" 1>&2 + exit 1 +fi +username="$1" +shift +if [ ! -f @l_prefix@/etc/cockroach/cockroach-client-$username.crt ]; then + echo "ERROR: no certificate/key pair found for user \"$username\"" 1>&2 + exit 1 +fi +exec @l_prefix@/bin/cockroach user \ + --ca-cert=@l_prefix@/etc/cockroach/cockroach-ca.crt \ + --cert=@l_prefix@/etc/cockroach/cockroach-client-$username.crt \ + --key=@l_prefix@/etc/cockroach/cockroach-client-$username.key \ + ${1+"$@"} + diff --git a/cockroach/cockroach.spec b/cockroach/cockroach.spec index f559cc1585..e3e2db0b82 100644 --- a/cockroach/cockroach.spec +++ b/cockroach/cockroach.spec @@ -22,8 +22,8 @@ ## # package version -%define V_cockroach_base 20160514 -%define V_cockroach_snap 20160514 +%define V_cockroach_base 20160515 +%define V_cockroach_snap 20160515 # package information Name: cockroach @@ -42,6 +42,9 @@ Release: 20160515 Source0: http://download.openpkg.org/components/versioned/cockroach/cockroach-%{V_cockroach_snap}.tar.xz Source1: rc.cockroach Source2: cockroach-sql.sh +Source3: cockroach-psql.sh +Source4: cockroach-cert.sh +Source5: cockroach-user.sh Patch0: cockroach.patch # build information @@ -106,10 +109,19 @@ PreReq: OpenPKG, openpkg >= 20140101 src/github.com/cockroachdb/cockroach/cockroach \ $RPM_BUILD_ROOT%{l_prefix}/bin/cockroach - # install wrapper script + # install wrapper scripts %{l_shtool} install -c -m 755 %{l_value -s -a} \ %{SOURCE cockroach-sql.sh} \ $RPM_BUILD_ROOT%{l_prefix}/bin/cockroach-sql + %{l_shtool} install -c -m 755 %{l_value -s -a} \ + %{SOURCE cockroach-psql.sh} \ + $RPM_BUILD_ROOT%{l_prefix}/bin/cockroach-psql + %{l_shtool} install -c -m 755 %{l_value -s -a} \ + %{SOURCE cockroach-cert.sh} \ + $RPM_BUILD_ROOT%{l_prefix}/bin/cockroach-cert + %{l_shtool} install -c -m 755 %{l_value -s -a} \ + %{SOURCE cockroach-user.sh} \ + $RPM_BUILD_ROOT%{l_prefix}/bin/cockroach-user # install manual pages %{l_shtool} install -c -m 644 \ @@ -140,24 +152,48 @@ PreReq: OpenPKG, openpkg >= 20140101 if [ $1 -eq 1 ]; then # on initial installation, create database and certs/keys echo "Generating Certificates/Keys" | %{l_rpmtool} msg -b -t notice - su - %{l_rusr} -c \ - "$RPM_INSTALL_PREFIX/bin/cockroach cert create-ca \ - --ca-cert=$RPM_INSTALL_PREFIX/etc/cockroach/ca.crt \ - --ca-key=$RPM_INSTALL_PREFIX/etc/cockroach/ca.key" - su - %{l_rusr} -c \ - "$RPM_INSTALL_PREFIX/bin/cockroach cert create-node \ - --ca-cert=$RPM_INSTALL_PREFIX/etc/cockroach/ca.crt \ - --ca-key=$RPM_INSTALL_PREFIX/etc/cockroach/ca.key \ - --cert=$RPM_INSTALL_PREFIX/etc/cockroach/server.crt \ - --key=$RPM_INSTALL_PREFIX/etc/cockroach/server.key \ - 127.0.0.1 localhost" - su - %{l_rusr} -c \ - "$RPM_INSTALL_PREFIX/bin/cockroach cert create-client \ - --ca-cert=$RPM_INSTALL_PREFIX/etc/cockroach/ca.crt \ - --ca-key=$RPM_INSTALL_PREFIX/etc/cockroach/ca.key \ - --cert=$RPM_INSTALL_PREFIX/etc/cockroach/client.crt \ - --key=$RPM_INSTALL_PREFIX/etc/cockroach/client.key \ - root" + $RPM_INSTALL_PREFIX/bin/cockroach-cert ca + $RPM_INSTALL_PREFIX/bin/cockroach-cert server localhost 127.0.0.1 + $RPM_INSTALL_PREFIX/bin/cockroach-cert client root + + # display some initial hints, too + ( echo "An initial CockroachDB was configured with the standard" + echo "certificate/key pairs. You can start CockroachDB and connect" + echo "to it on \"localhost\" with database user \"root\":" + echo " \$ $RPM_INSTALL_PREFIX/bin/openpkg rc cockroach start" + echo " \$ $RPM_INSTALL_PREFIX/bin/cockroach-sql root 127.0.0.1 system" + echo "" + echo "For production use, you can reconfigure it to listen on external" + echo "IP address. But for this the server certificate has to be regenerated:" + echo " \$ vi $RPM_INSTALL_PREFIX/etc/rc.conf" + echo " | cockroach_flags=\"--host= --port=26257 --http-port=8080\"" + echo " \$ $RPM_INSTALL_PREFIX/bin/cockroach-cert server " + echo " \$ $RPM_INSTALL_PREFIX/bin/openpkg rc cockroach stop start" + echo "Then you have to connect through the external IP address from now on:" + echo " \$ $RPM_INSTALL_PREFIX/bin/cockroach-sql root system" + echo "" + echo "For production use, you usually also want to establish a non-privileged" + echo "user with a dedicated database:" + echo " \$ $RPM_INSTALL_PREFIX/bin/cockroach-cert client " + echo " \$ $RPM_INSTALL_PREFIX/bin/cockroach-user root set " + echo " | Enter password: " + echo " | Confirm password: " + echo " \$ $RPM_INSTALL_PREFIX/bin/cockroach-sql root system" + echo " | CREATE DATABASE ;" + echo " | GRANT ALL ON DATABASE TO ;" + echo " | \\q" + echo "After this, the user will be able to connect with:" + echo " \$ $RPM_INSTALL_PREFIX/bin/cockroach-sql " + echo "Alternatively, you can also use the covenient PostgreSQL psql(1) CLI:" + echo " \$ $RPM_INSTALL_PREFIX/bin/cockroach-psql " + echo "" + echo "The CockroachDB admin interface you can reach under URL:" + echo " https://:8080/" + echo "CockroachDB uses the PostgreSQL protocol. The connection string is:" + echo " postgresql://@:26257/?sslmode=require&%{l_nil}" + echo " sslcert=$RPM_INSTALL_PREFIX/etc/cockroach/cockroach-client-root.crt&%{l_nil}" + echo " sslkey=$RPM_INSTALL_PREFIX/etc/cockroach/cockroach-client-root.key" + ) | %{l_rpmtool} msg -b -t notice elif [ $1 -eq 2 ]; then # after upgrade, restart service eval `%{l_rc} cockroach status 2>/dev/null` @@ -169,7 +205,8 @@ PreReq: OpenPKG, openpkg >= 20140101 # before erase, stop service and remove log files if [ $1 -eq 0 ]; then %{l_rc} cockroach stop 2>/dev/null - rm -f $RPM_INSTALL_PREFIX/etc/cockroach/* >/dev/null 2>&1 || true + rm -f $RPM_INSTALL_PREFIX/etc/cockroach/*.crt >/dev/null 2>&1 || true + rm -f $RPM_INSTALL_PREFIX/etc/cockroach/*.key >/dev/null 2>&1 || true rm -f $RPM_INSTALL_PREFIX/var/cockroach/log/* >/dev/null 2>&1 || true rm -f $RPM_INSTALL_PREFIX/var/cockroach/run/* >/dev/null 2>&1 || true rm -rf $RPM_INSTALL_PREFIX/var/cockroach/db/* >/dev/null 2>&1 || true diff --git a/cockroach/rc.cockroach b/cockroach/rc.cockroach index 1ed6eb4703..8a42e78be8 100644 --- a/cockroach/rc.cockroach +++ b/cockroach/rc.cockroach @@ -37,9 +37,9 @@ ( GOMAXPROCS=32 export GOMAXPROCS nohup @l_prefix@/bin/cockroach start \ - --ca-cert=$cockroach_cfgdir/ca.crt \ - --cert=$cockroach_cfgdir/server.crt \ - --key=$cockroach_cfgdir/server.key \ + --ca-cert=$cockroach_cfgdir/cockroach-ca.crt \ + --cert=$cockroach_cfgdir/cockroach-server.crt \ + --key=$cockroach_cfgdir/cockroach-server.key \ --store=path=$cockroach_datdir,attrs=ssd \ --log-dir=$cockroach_logdir \ $cockroach_flags \