Use config file settings to configure databaseRelease/13.2.3

Let the database configuration scripts get the configuration parameter from the director config file.
Now, the scripts try to get there values in following order:
  1. environment variable (db_name, db_user, db_password)
  2. director config file
  3. fallback value (from configure)

Signed-off-by: Marco van Wieringen <marco.van.wieringen@bareos.com>

13 files changed, 143 insertions, 37 deletions

diff --git a/scripts/bareos-config-lib.sh.in b/scripts/bareos-config-lib.sh.in
index 507c79664..d9e8327b2 100644
--- a/scripts/bareos-config-lib.sh.in
+++ b/scripts/bareos-config-lib.sh.in
@@ -1,8 +1,10 @@
 #!/bin/sh
 
+CONFIG_LIB=@scriptdir@/bareos-config-lib.sh
 DIR_CFG=@sysconfdir@
 CFG_DIR=${DIR_CFG}/bareos-dir.conf
 DIR_SCRIPTS=@scriptdir@
+DBCHECK="@sbindir@/bareos-dbcheck -B -c ${CFG_DIR}"
 
 SEC_GROUPS="tape disk"
 
@@ -52,6 +54,24 @@ is_function()
 #     fi
 # }
 
+warn()
+{
+    echo "Warning: $@" >&2
+}
+
+error()
+{
+    echo "Error: $@" >&2
+}
+
+get_config_lib_file()
+{
+    # can be used in following way:
+    # LIB=`bareos-config get_config_lib_file`
+    # . $LIB
+    echo "${CONFIG_LIB}"
+}
+
 get_user_fd()
 {
     echo "${FILE_DAEMON_USER}"
@@ -190,33 +210,99 @@ setup_sd_user()
    exit 1
 }
 
-get_database_driver()
+get_config_param()
 {
-    if ! [ -r "${CFG_DIR}" ]; then
-        return
+    #
+    # get parameter values from a Bareos configuration file
+    #
+
+    # configuration file
+    CFG_FILE="$1"
+    # section, currently ignored
+    SECTION="$2"
+    # name of the section, currently ignored
+    NAME="$3"
+    # parameter to get from config file
+    PARAM="$4"
+    # default value, if parameter is not found
+    DEFAULT="$5"
+
+    if ! [ -r "${CFG_FILE}" ]; then
+        warn "failed to get parameter ${SECTION} ${NAME} ${PARAM}: can't read ${CFG_FILE}"
+        # if default value is given, return it anyway
+        [ "$DEFAULT" ] && echo "$DEFAULT"
+        return 1
     fi
 
-    # get dbdriver, that is defined in director configuration.
-    # If string is still set to default, return nothing
-    DBDRIVER=`egrep -i '^[ 	]*dbdriver[ 	]*=' ${CFG_DIR} |\
+    # get parameter from configuration file
+    VALUE=`egrep -i "^[ 	]*${PARAM}[ 	]*=" ${CFG_FILE} |\
               cut -d'=' -f2 | \
-              sed -e 's/[ 	]*"//' -e 's/"//' | \
-              grep -v "XXX_REPLACE_WITH_DATABASE_DRIVER_XXX"`
+              sed -e 's/[ 	]*"//' -e 's/"//'`
+    [ "$VALUE" ] || VALUE="$DEFAULT"
+    echo "$VALUE"
+}
 
-    echo "$DBDRIVER"
+get_database_param()
+{
+    PARAM="$1"
+    DEFAULT="$2"
+
+    DBCHECK_OUTPUT=`$DBCHECK`
+    rc=$?
+    if [ $rc != 0 ]; then
+        temp_log="/tmp/bareos-config.$$.log"
+        echo "executing: $DBCHECK" >> $temp_log
+        echo "${DBCHECK_OUTPUT}" >> $temp_log
+        echo "" >> $temp_log
+
+        # if default value is given, return it anyway
+        if [ -n "$DEFAULT" ]; then
+            warn "failed to get \"${PARAM}\" from config, using default value \"${DEFAULT}\", see $temp_log"
+            echo "$DEFAULT"
+        else
+            warn "failed to get \"${PARAM}\" from config, see $temp_log"
+        fi
+
+        return 1
+    fi
+
+    # DBCHECK gets the database parameter from the Director config file in a standard format,
+    # however, it writes "db_name" (like the environment variables)
+    # instead of "dbname" like in the config file.
+    # Replace "db_" by "db" to be compatible with the config file.
+    VALUE=`echo "$DBCHECK_OUTPUT" | sed "s/^db_/db/" | sed -n "s/^${PARAM}=//p"`
+
+    [ -z "$VALUE" ] && VALUE="$DEFAULT"
+    echo "$VALUE"
+    return $rc
+}
+
+get_database_driver()
+{
+    DEFAULT="$1"
+    get_database_param "dbdriver" "$DEFAULT" | grep -v "XXX_REPLACE_WITH_DATABASE_DRIVER_XXX"
+    return $?
 }
 
 get_database_name()
 {
-    if ! [ -r "${CFG_DIR}" ]; then
-        return
-    fi
+    DEFAULT="$1"
+    get_database_param "dbname" "$DEFAULT"
+    return $?
+}
 
-    # get dbname, that is defined in director configuration.
-    DBNAME=`egrep -i '^[ 	]*dbname[ 	]*=' ${CFG_DIR} |\
-              cut -d'=' -f2 | \
-              sed -e 's/[ 	]*"//' -e 's/"//'`
-    echo "$DBNAME"
+get_database_user()
+{
+    DEFAULT="$1"
+    get_database_param "dbuser" "$DEFAULT"
+    return $?
+}
+
+get_database_password()
+{
+    DEFAULT="$1"
+    get_database_param "dbpassword" "$DEFAULT"
+    return $?
 }
 
 get_databases_installed()
@@ -282,9 +368,10 @@ get_translated_sql_file()
     fi
 
     db_type="${db_type:-`get_database_driver_default`}"
-    db_name="${db_name:-@db_name@}"
-    db_user="${db_user:-@db_user@}"
-    db_password="${db_password:-@db_password@}"
+    db_name="${db_name:-`get_database_name @db_name@`}"
+    db_user="${db_user:-`get_database_user @db_user@`}"
+    # if $db_password is defined but empty, an empty password will be used ("-" instead of ":-")
+    db_password="${db_password-`get_database_password @db_password@`}"
     db_version=`get_database_version`
 
     case ${db_type} in
diff --git a/src/cats/create_bareos_database.in b/src/cats/create_bareos_database.in
index 3b53547f5..e02b9cbac 100644
--- a/src/cats/create_bareos_database.in
+++ b/src/cats/create_bareos_database.in
@@ -29,8 +29,8 @@
 #
 . @scriptdir@/bareos-config-lib.sh
 
-db_name="${db_name:-@db_name@}"
-db_user="${db_user:-@db_user@}"
+db_name="${db_name:-`get_database_name @db_name@`}"
+db_user="${db_user:-`get_database_user @db_user@`}"
 dir_user=`get_user_dir`
 dir_group=`get_group_dir`
 default_db_type=`get_database_driver_default`
diff --git a/src/cats/ddl/creates/mysql.sql b/src/cats/ddl/creates/mysql.sql
index 705c8e826..87cc1963e 100644
--- a/src/cats/ddl/creates/mysql.sql
+++ b/src/cats/ddl/creates/mysql.sql
@@ -451,4 +451,7 @@ INSERT INTO Status (JobStatus,JobStatusLong,Severity) VALUES
    ('a', 'SD despooling attributes', 15);
 
 -- Initialize Version
+--   DELETE should not be required,
+--   but prevents errors if create script is called multiple times
+DELETE FROM Version WHERE VersionId<=2002;
 INSERT INTO Version (VersionId) VALUES (2002);
diff --git a/src/cats/ddl/creates/postgresql.sql b/src/cats/ddl/creates/postgresql.sql
index 63bdc1e5f..e63e42563 100644
--- a/src/cats/ddl/creates/postgresql.sql
+++ b/src/cats/ddl/creates/postgresql.sql
@@ -472,6 +472,10 @@ INSERT INTO Status (JobStatus,JobStatusLong,Severity) VALUES
 INSERT INTO Status (JobStatus,JobStatusLong,Severity) VALUES
    ('i', 'Doing batch insert file records',15);
 
+-- Initialize Version
+--   DELETE should not be required,
+--   but prevents errors if create script is called multiple times
+DELETE FROM Version WHERE VersionId<=2002;
 INSERT INTO Version (VersionId) VALUES (2002);
 
 -- Make sure we have appropriate permissions
diff --git a/src/cats/ddl/creates/sqlite3.sql b/src/cats/ddl/creates/sqlite3.sql
index def95513f..9c8db85af 100644
--- a/src/cats/ddl/creates/sqlite3.sql
+++ b/src/cats/ddl/creates/sqlite3.sql
@@ -461,6 +461,9 @@ INSERT INTO Status (JobStatus,JobStatusLong,Severity) VALUES
    ('i', 'Doing batch insert file records',15);
 
 -- Initialize Version
+--   DELETE should not be required,
+--   but prevents errors if create script is called multiple times
+DELETE FROM Version WHERE VersionId<=2002;
 INSERT INTO Version (VersionId) VALUES (2002);
 
 PRAGMA default_cache_size = 100000;
diff --git a/src/cats/ddl/grants/mysql-readonly.sql b/src/cats/ddl/grants/mysql-readonly.sql
index 57f193180..15c47c274 100644
--- a/src/cats/ddl/grants/mysql-readonly.sql
+++ b/src/cats/ddl/grants/mysql-readonly.sql
@@ -1,5 +1,6 @@
 USE mysql
 -- read-only access for third party applications
-GRANT SELECT PRIVILEGES ON @DB_NAME@.* TO @DB_USER@@localhost @DB_PASS@;
-GRANT SELECT PRIVILEGES ON @DB_NAME@.* TO @DB_USER@@"%" @DB_PASS@;
+GRANT SELECT ON TABLE @DB_NAME@.* TO @DB_USER@@localhost @DB_PASS@;
+GRANT SELECT ON TABLE @DB_NAME@.* TO @DB_USER@@'127.0.0.1' @DB_PASS@;
+GRANT SELECT ON TABLE @DB_NAME@.* TO @DB_USER@@'::1' @DB_PASS@;
 FLUSH PRIVILEGES;
diff --git a/src/cats/ddl/grants/mysql.sql b/src/cats/ddl/grants/mysql.sql
index 7b7143b63..3aa4fb4c2 100644
--- a/src/cats/ddl/grants/mysql.sql
+++ b/src/cats/ddl/grants/mysql.sql
@@ -1,4 +1,5 @@
 USE mysql
-GRANT ALL PRIVILEGES ON @DB_NAME@.* TO @DB_USER@@localhost @DB_PASS@;
-GRANT ALL PRIVILEGES ON @DB_NAME@.* TO @DB_USER@@"%" @DB_PASS@;
+GRANT ALL PRIVILEGES ON TABLE @DB_NAME@.* TO @DB_USER@@localhost @DB_PASS@;
+GRANT ALL PRIVILEGES ON TABLE @DB_NAME@.* TO @DB_USER@@'127.0.0.1' @DB_PASS@;
+GRANT ALL PRIVILEGES ON TABLE @DB_NAME@.* TO @DB_USER@@'::1' @DB_PASS@;
 FLUSH PRIVILEGES;
diff --git a/src/cats/ddl/updates/mysql.2001_2002.sql b/src/cats/ddl/updates/mysql.2001_2002.sql
index 547832b7a..4b0dd4744 100644
--- a/src/cats/ddl/updates/mysql.2001_2002.sql
+++ b/src/cats/ddl/updates/mysql.2001_2002.sql
@@ -35,3 +35,9 @@ ALTER TABLE Pool ADD COLUMN MinBlockSize INTEGER UNSIGNED DEFAULT 0;
 ALTER TABLE Pool ADD COLUMN MaxBlockSize INTEGER UNSIGNED DEFAULT 0;
 
 UPDATE Version SET VersionId = 2002;
+
+-- remove unsecure user entry,
+-- created by older Bareos versions,
+-- if configured to run without password
+DELETE FROM mysql.user where User='bareos' and Host="%" and Password="";
+FLUSH PRIVILEGES;
diff --git a/src/cats/drop_bareos_database.in b/src/cats/drop_bareos_database.in
index 7638d1107..8b41c9579 100644
--- a/src/cats/drop_bareos_database.in
+++ b/src/cats/drop_bareos_database.in
@@ -28,8 +28,8 @@
 #
 . @scriptdir@/bareos-config-lib.sh
 
-db_name="${db_name:-@db_name@}"
-db_user="${db_user:-@db_user@}"
+db_name="${db_name:-`get_database_name @db_name@`}"
+db_user="${db_user:-`get_database_user @db_user@`}"
 default_db_type=`get_database_driver_default`
 working_dir=`get_working_dir`
 
diff --git a/src/cats/drop_bareos_tables.in b/src/cats/drop_bareos_tables.in
index e7de49bce..b5329c837 100644
--- a/src/cats/drop_bareos_tables.in
+++ b/src/cats/drop_bareos_tables.in
@@ -29,8 +29,8 @@
 #
 . @scriptdir@/bareos-config-lib.sh
 
-db_name="${db_name:-@db_name@}"
-db_user="${db_user:-@db_user@}"
+db_name="${db_name:-`get_database_name @db_name@`}"
+db_user="${db_user:-`get_database_user @db_user@`}"
 db_version=`get_database_version`
 bareos_sql_ddl=`get_database_ddl_dir`
 temp_sql_schema="/tmp/drops.sql.$$"
diff --git a/src/cats/grant_bareos_privileges.in b/src/cats/grant_bareos_privileges.in
index 4b3bae363..5b9f4989d 100644
--- a/src/cats/grant_bareos_privileges.in
+++ b/src/cats/grant_bareos_privileges.in
@@ -29,9 +29,10 @@
 #
 . @scriptdir@/bareos-config-lib.sh
 
-db_name="${db_name:-@db_name@}"
-db_user="${db_user:-@db_user@}"
-db_password="${db_password:-@db_password@}"
+db_name="${db_name:-`get_database_name @db_name@`}"
+db_user="${db_user:-`get_database_user @db_user@`}"
+# if $db_password is defined but empty, an empty password will be used ("-" instead of ":-")
+db_password="${db_password-`get_database_password @db_password@`}"
 db_version=`get_database_version`
 bareos_sql_ddl=`get_database_ddl_dir`
 temp_sql_grants="/tmp/grants.sql.$$"
diff --git a/src/cats/make_bareos_tables.in b/src/cats/make_bareos_tables.in
index 01c8bb4da..fdf1798dd 100644
--- a/src/cats/make_bareos_tables.in
+++ b/src/cats/make_bareos_tables.in
@@ -29,8 +29,8 @@
 #
 . @scriptdir@/bareos-config-lib.sh
 
-db_name="${db_name:-@db_name@}"
-db_user="${db_user:-@db_user@}"
+db_name="${db_name:-`get_database_name @db_name@`}"
+db_user="${db_user:-`get_database_user @db_user@`}"
 db_version=`get_database_version`
 bareos_sql_ddl=`get_database_ddl_dir`
 temp_sql_schema="/tmp/creates.sql.$$"
diff --git a/src/cats/update_bareos_tables.in b/src/cats/update_bareos_tables.in
index f4e9aa96f..bb9255cf1 100644
--- a/src/cats/update_bareos_tables.in
+++ b/src/cats/update_bareos_tables.in
@@ -28,8 +28,8 @@
 #
 . @scriptdir@/bareos-config-lib.sh
 
-db_name="${db_name:-@db_name@}"
-db_user="${db_user:-@db_user@}"
+db_name="${db_name:-`get_database_name @db_name@`}"
+db_user="${db_user:-`get_database_user @db_user@`}"
 db_version=`get_database_version`
 bareos_sql_ddl=`get_database_ddl_dir`
 temp_sql_schema="/tmp/tables.sql.$$"