;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
;;; Copyright © 2017 Christopher Baines <mail@cbaines.net>
;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2018 Julien Lepiller <julien@lepiller.eu>
+;;; Copyright © 2019 Robert Vollmert <rob@vllmrt.net>
+;;; Copyright © 2020 Marius Bakke <marius@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
#:use-module (gnu system shadow)
#:use-module (gnu packages admin)
#:use-module (gnu packages databases)
+ #:use-module (guix build-system trivial)
+ #:use-module (guix build union)
+ #:use-module (guix deprecation)
#:use-module (guix modules)
+ #:use-module (guix packages)
#:use-module (guix records)
#:use-module (guix gexp)
#:use-module (srfi srfi-1)
#:use-module (ice-9 match)
- #:export (<postgresql-config-file>
- postgresql-config-file
+ #:export (postgresql-config-file
postgresql-config-file?
postgresql-config-file-log-destination
postgresql-config-file-hba-file
postgresql-config-file-ident-file
+ postgresql-config-file-socket-directory
postgresql-config-file-extra-config
- <postgresql-configuration>
postgresql-configuration
postgresql-configuration?
postgresql-configuration-postgresql
postgresql-configuration-port
postgresql-configuration-locale
postgresql-configuration-file
+ postgresql-configuration-log-directory
postgresql-configuration-data-directory
postgresql-service
postgresql-service-type
+ postgresql-role
+ postgresql-role?
+ postgresql-role-name
+ postgresql-role-permissions
+ postgresql-role-create-database?
+ postgresql-role-configuration
+ postgresql-role-configuration?
+ postgresql-role-configuration-host
+ postgresql-role-configuration-roles
+
+ postgresql-role-service-type
+
memcached-service-type
- <memcached-configuration>
memcached-configuration
memcached-configuration?
memcached-configuration-memecached
memcached-configuration-udp-port
memcached-configuration-additional-options
- <mongodb-configuration>
- mongodb-configuration
- mongodb-configuration?
- mongodb-configuration-mongodb
- mongodb-configuration-config-file
- mongodb-configuration-data-directory
- mongodb-service-type
-
mysql-service
mysql-service-type
mysql-configuration
(define %default-postgres-hba
(plain-file "pg_hba.conf"
"
-local all all trust
-host all all 127.0.0.1/32 trust
-host all all ::1/128 trust"))
+local all all peer
+host all all 127.0.0.1/32 md5
+host all all ::1/128 md5"))
(define %default-postgres-ident
(plain-file "pg_ident.conf"
(define-record-type* <postgresql-config-file>
postgresql-config-file make-postgresql-config-file
postgresql-config-file?
- (log-destination postgresql-config-file-log-destination
- (default "syslog"))
- (hba-file postgresql-config-file-hba-file
- (default %default-postgres-hba))
- (ident-file postgresql-config-file-ident-file
- (default %default-postgres-ident))
- (extra-config postgresql-config-file-extra-config
- (default '())))
+ (log-destination postgresql-config-file-log-destination
+ (default "syslog"))
+ (hba-file postgresql-config-file-hba-file
+ (default %default-postgres-hba))
+ (ident-file postgresql-config-file-ident-file
+ (default %default-postgres-ident))
+ (socket-directory postgresql-config-file-socket-directory
+ (default #false))
+ (extra-config postgresql-config-file-extra-config
+ (default '())))
(define-gexp-compiler (postgresql-config-file-compiler
(file <postgresql-config-file>) system target)
(match file
(($ <postgresql-config-file> log-destination hba-file
- ident-file extra-config)
- (define (quote' string)
- (if string
- (list "'" string "'")
- '()))
-
- (define contents
- (append-map
- (match-lambda
- ((key) '())
- ((key . #f) '())
- ((key values ...) `(,key " = " ,@values "\n")))
-
- `(("log_destination" ,@(quote' log-destination))
- ("hba_file" ,@(quote' hba-file))
- ("ident_file" ,@(quote' ident-file))
- ,@extra-config)))
+ ident-file socket-directory
+ extra-config)
+ ;; See: https://www.postgresql.org/docs/current/config-setting.html.
+ (define (format-value value)
+ (cond
+ ((boolean? value)
+ (list (if value "on" "off")))
+ ((number? value)
+ (list (number->string value)))
+ (else
+ (list "'" value "'"))))
+
+ (define contents
+ (append-map
+ (match-lambda
+ ((key) '())
+ ((key . #f) '())
+ ((key values ...)
+ `(,key " = " ,@(append-map format-value values) "\n")))
+
+ `(("log_destination" ,log-destination)
+ ("hba_file" ,hba-file)
+ ("ident_file" ,ident-file)
+ ,@(if socket-directory
+ `(("unix_socket_directories" ,socket-directory))
+ '())
+ ,@extra-config)))
(gexp->derivation
"postgresql.conf"
(define-record-type* <postgresql-configuration>
postgresql-configuration make-postgresql-configuration
postgresql-configuration?
- (postgresql postgresql-configuration-postgresql ;<package>
- (default postgresql))
- (port postgresql-configuration-port
- (default 5432))
- (locale postgresql-configuration-locale
- (default "en_US.utf8"))
- (config-file postgresql-configuration-file
- (default (postgresql-config-file)))
- (data-directory postgresql-configuration-data-directory
- (default "/var/lib/postgresql/data")))
+ (postgresql postgresql-configuration-postgresql) ;<package>
+ (port postgresql-configuration-port
+ (default 5432))
+ (locale postgresql-configuration-locale
+ (default "en_US.utf8"))
+ (config-file postgresql-configuration-file
+ (default (postgresql-config-file)))
+ (log-directory postgresql-configuration-log-directory
+ (default "/var/log/postgresql"))
+ (data-directory postgresql-configuration-data-directory
+ (default "/var/lib/postgresql/data"))
+ (extension-packages postgresql-configuration-extension-packages
+ (default '())))
(define %postgresql-accounts
(list (user-group (name "postgres") (system? #t))
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin")))))
+(define (final-postgresql postgresql extension-packages)
+ (if (null? extension-packages)
+ postgresql
+ (package
+ (inherit postgresql)
+ (source #f)
+ (build-system trivial-build-system)
+ (arguments
+ `(#:modules ((guix build utils) (guix build union))
+ #:builder
+ (begin
+ (use-modules (guix build utils) (guix build union) (srfi srfi-26))
+ (union-build (assoc-ref %outputs "out")
+ (map (lambda (input) (cdr input))
+ %build-inputs))
+ #t)))
+ (inputs
+ `(("postgresql" ,postgresql)
+ ,@(map (lambda (extension) (list "extension" extension))
+ extension-packages))))))
+
(define postgresql-activation
(match-lambda
- (($ <postgresql-configuration> postgresql port locale config-file data-directory)
+ (($ <postgresql-configuration> postgresql port locale config-file
+ log-directory data-directory
+ extension-packages)
#~(begin
(use-modules (guix build utils)
(ice-9 match))
(let ((user (getpwnam "postgres"))
- (initdb (string-append #$postgresql "/bin/initdb"))
+ (initdb (string-append
+ #$(final-postgresql postgresql
+ extension-packages)
+ "/bin/initdb"))
(initdb-args
(append
(if #$locale
(mkdir-p #$data-directory)
(chown #$data-directory (passwd:uid user) (passwd:gid user))
+ ;; Create the socket directory.
+ (let ((socket-directory
+ #$(postgresql-config-file-socket-directory config-file)))
+ (when (string? socket-directory)
+ (mkdir-p socket-directory)
+ (chown socket-directory (passwd:uid user) (passwd:gid user))))
+
+ ;; Create the log directory.
+ (when (string? #$log-directory)
+ (mkdir-p #$log-directory)
+ (chown #$log-directory (passwd:uid user) (passwd:gid user)))
+
;; Drop privileges and init state directory in a new
;; process. Wait for it to finish before proceeding.
(match (primitive-fork)
(define postgresql-shepherd-service
(match-lambda
- (($ <postgresql-configuration> postgresql port locale config-file data-directory)
+ (($ <postgresql-configuration> postgresql port locale config-file
+ log-directory data-directory
+ extension-packages)
(let* ((pg_ctl-wrapper
;; Wrapper script that switches to the 'postgres' user before
;; launching daemon.
(match (command-line)
((_ mode)
(let ((user (getpwnam "postgres"))
- (pg_ctl #$(file-append postgresql "/bin/pg_ctl"))
+ (pg_ctl #$(file-append
+ (final-postgresql postgresql
+ extension-packages)
+ "/bin/pg_ctl"))
(options (format #f "--config-file=~a -p ~d"
#$config-file #$port)))
(setgid (passwd:gid user))
(setuid (passwd:uid user))
- (execl pg_ctl pg_ctl "-D" #$data-directory "-o" options
+ (execl pg_ctl pg_ctl "-D" #$data-directory
+ #$@(if (string? log-directory)
+ (list "-l"
+ (string-append log-directory
+ "/pg_ctl.log"))
+ '())
+ "-o" options
mode)))))))
+ (pid-file (in-vicinity data-directory "postmaster.pid"))
(action (lambda args
#~(lambda _
- (invoke #$pg_ctl-wrapper #$@args)))))
+ (invoke #$pg_ctl-wrapper #$@args)
+ (match '#$args
+ (("start")
+ (call-with-input-file #$pid-file read))
+ (_ #t))))))
(list (shepherd-service
(provision '(postgres))
(documentation "Run the PostgreSQL daemon.")
(requirement '(user-processes loopback syslogd))
+ (modules `((ice-9 match)
+ ,@%default-modules))
(start (action "start"))
(stop (action "stop"))))))))
(define postgresql-service-type
- (service-type (name 'postgresql)
- (extensions
- (list (service-extension shepherd-root-service-type
- postgresql-shepherd-service)
- (service-extension activation-service-type
- postgresql-activation)
- (service-extension account-service-type
- (const %postgresql-accounts))))
- (default-value (postgresql-configuration))))
-
-(define* (postgresql-service #:key (postgresql postgresql)
- (port 5432)
- (locale "en_US.utf8")
- (config-file (postgresql-config-file))
- (data-directory "/var/lib/postgresql/data"))
- "Return a service that runs @var{postgresql}, the PostgreSQL database server.
+ (service-type
+ (name 'postgresql)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ postgresql-shepherd-service)
+ (service-extension activation-service-type
+ postgresql-activation)
+ (service-extension account-service-type
+ (const %postgresql-accounts))
+ (service-extension
+ profile-service-type
+ (compose list postgresql-configuration-postgresql))))
+ (default-value (postgresql-configuration
+ (postgresql postgresql-10)))))
+
+(define-deprecated (postgresql-service #:key (postgresql postgresql)
+ (port 5432)
+ (locale "en_US.utf8")
+ (config-file (postgresql-config-file))
+ (data-directory
+ "/var/lib/postgresql/data")
+ (extension-packages '()))
+ postgresql-service-type
+ "Return a service that runs @var{postgresql}, the PostgreSQL database
+server.
The PostgreSQL daemon loads its runtime configuration from @var{config-file}
and stores the database cluster in @var{data-directory}."
(port port)
(locale locale)
(config-file config-file)
- (data-directory data-directory))))
+ (data-directory data-directory)
+ (extension-packages extension-packages))))
+
+(define-record-type* <postgresql-role>
+ postgresql-role make-postgresql-role
+ postgresql-role?
+ (name postgresql-role-name) ;string
+ (permissions postgresql-role-permissions
+ (default '(createdb login))) ;list
+ (create-database? postgresql-role-create-database? ;boolean
+ (default #f)))
+
+(define-record-type* <postgresql-role-configuration>
+ postgresql-role-configuration make-postgresql-role-configuration
+ postgresql-role-configuration?
+ (host postgresql-role-configuration-host ;string
+ (default "/tmp"))
+ (log postgresql-role-configuration-log ;string
+ (default "/var/log/postgresql_roles.log"))
+ (roles postgresql-role-configuration-roles
+ (default '()))) ;list
+
+(define (postgresql-create-roles config)
+ ;; See: https://www.postgresql.org/docs/current/sql-createrole.html for the
+ ;; complete permissions list.
+ (define (format-permissions permissions)
+ (let ((dict '(bypassrls createdb createrole login replication superuser)))
+ (string-join (filter-map (lambda (permission)
+ (and (member permission dict)
+ (string-upcase
+ (symbol->string permission))))
+ permissions)
+ " ")))
+
+ (define (roles->queries roles)
+ (apply mixed-text-file "queries"
+ (append-map
+ (lambda (role)
+ (match-record role <postgresql-role>
+ (name permissions create-database?)
+ `("SELECT NOT(EXISTS(SELECT 1 FROM pg_catalog.pg_roles WHERE \
+rolname = '" ,name "')) as not_exists;\n"
+"\\gset\n"
+"\\if :not_exists\n"
+"CREATE ROLE \"" ,name "\""
+" WITH " ,(format-permissions permissions)
+";\n"
+,@(if create-database?
+ `("CREATE DATABASE \"" ,name "\""
+ " OWNER \"" ,name "\";\n")
+ '())
+"\\endif\n")))
+ roles)))
+
+ (let ((host (postgresql-role-configuration-host config))
+ (roles (postgresql-role-configuration-roles config)))
+ #~(let ((psql #$(file-append postgresql "/bin/psql")))
+ (list psql "-a" "-h" #$host "-f" #$(roles->queries roles)))))
+
+(define (postgresql-role-shepherd-service config)
+ (match-record config <postgresql-role-configuration>
+ (log)
+ (list (shepherd-service
+ (requirement '(postgres))
+ (provision '(postgres-roles))
+ (one-shot? #t)
+ (start
+ #~(lambda args
+ (let ((pid (fork+exec-command
+ #$(postgresql-create-roles config)
+ #:user "postgres"
+ #:group "postgres"
+ #:log-file #$log)))
+ (zero? (cdr (waitpid pid))))))
+ (documentation "Create PostgreSQL roles.")))))
+
+(define postgresql-role-service-type
+ (service-type (name 'postgresql-role)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ postgresql-role-shepherd-service)))
+ (compose concatenate)
+ (extend (lambda (config extended-roles)
+ (match-record config <postgresql-role-configuration>
+ (host roles)
+ (postgresql-role-configuration
+ (host host)
+ (roles (append roles extended-roles))))))
+ (default-value (postgresql-role-configuration))
+ (description "Ensure the specified PostgreSQL roles are
+created after the PostgreSQL database is started.")))
\f
;;;
(default-value (memcached-configuration))))
\f
-;;;
-;;; MongoDB
-;;;
-
-(define %default-mongodb-configuration-file
- (plain-file
- "mongodb.yaml"
- "# GNU Guix: MongoDB default configuration file
-processManagement:
- pidFilePath: /var/run/mongodb/pid
-storage:
- dbPath: /var/lib/mongodb
-"))
-
-
-(define-record-type* <mongodb-configuration>
- mongodb-configuration make-mongodb-configuration
- mongodb-configuration?
- (mongodb mongodb-configuration-mongodb
- (default mongodb))
- (config-file mongodb-configuration-config-file
- (default %default-mongodb-configuration-file))
- (data-directory mongodb-configuration-data-directory
- (default "/var/lib/mongodb")))
-
-(define %mongodb-accounts
- (list (user-group (name "mongodb") (system? #t))
- (user-account
- (name "mongodb")
- (group "mongodb")
- (system? #t)
- (comment "Mongodb server user")
- (home-directory "/var/lib/mongodb")
- (shell (file-append shadow "/sbin/nologin")))))
-
-(define mongodb-activation
- (match-lambda
- (($ <mongodb-configuration> mongodb config-file data-directory)
- #~(begin
- (use-modules (guix build utils))
- (let ((user (getpwnam "mongodb")))
- (for-each
- (lambda (directory)
- (mkdir-p directory)
- (chown directory
- (passwd:uid user) (passwd:gid user)))
- '("/var/run/mongodb" #$data-directory)))))))
-
-(define mongodb-shepherd-service
- (match-lambda
- (($ <mongodb-configuration> mongodb config-file data-directory)
- (shepherd-service
- (provision '(mongodb))
- (documentation "Run the Mongodb daemon.")
- (requirement '(user-processes loopback))
- (start #~(make-forkexec-constructor
- `(,(string-append #$mongodb "/bin/mongod")
- "--config"
- ,#$config-file)
- #:user "mongodb"
- #:group "mongodb"
- #:pid-file "/var/run/mongodb/pid"
- #:log-file "/var/log/mongodb.log"))
- (stop #~(make-kill-destructor))))))
-
-(define mongodb-service-type
- (service-type
- (name 'mongodb)
- (description "Run the MongoDB document database server.")
- (extensions
- (list (service-extension shepherd-root-service-type
- (compose list
- mongodb-shepherd-service))
- (service-extension activation-service-type
- mongodb-activation)
- (service-extension account-service-type
- (const %mongodb-accounts))))
- (default-value
- (mongodb-configuration))))
-
-\f
;;;
;;; MySQL.
;;;
mysql-configuration make-mysql-configuration
mysql-configuration?
(mysql mysql-configuration-mysql (default mariadb))
- (port mysql-configuration-port (default 3306)))
+ (bind-address mysql-configuration-bind-address (default "127.0.0.1"))
+ (port mysql-configuration-port (default 3306))
+ (socket mysql-configuration-socket (default "/run/mysqld/mysqld.sock"))
+ (extra-content mysql-configuration-extra-content (default ""))
+ (auto-upgrade? mysql-configuration-auto-upgrade? (default #t)))
(define %mysql-accounts
(list (user-group
(define mysql-configuration-file
(match-lambda
- (($ <mysql-configuration> mysql port)
+ (($ <mysql-configuration> mysql bind-address port socket extra-content)
(mixed-text-file "my.cnf" "[mysqld]
datadir=/var/lib/mysql
-socket=/run/mysqld/mysqld.sock
+socket=" socket "
+bind-address=" bind-address "
port=" (number->string port) "
+" extra-content "
"))))
(define (%mysql-activation config)
(for-each
(lambda (sql)
(call-with-input-file
- (string-append #$mysql "/share/mysql/" sql)
+ (string-append #$mysql:lib "/share/mysql/" sql)
(lambda (in) (dump-port in p))))
'("mysql_system_tables.sql"
"mysql_performance_tables.sql"
#:user "mysql" #:group "mysql")))
(stop #~(make-kill-destructor)))))
+(define (mysql-upgrade-wrapper mysql socket-file)
+ ;; The MySQL socket and PID file may appear before the server is ready to
+ ;; accept connections. Ensure the socket is responsive before attempting
+ ;; to run the upgrade script.
+ (program-file
+ "mysql-upgrade-wrapper"
+ #~(begin
+ (let ((mysql-upgrade #$(file-append mysql "/bin/mysql_upgrade"))
+ (timeout 10))
+ (begin
+ (let loop ((i 0))
+ (catch 'system-error
+ (lambda ()
+ (let ((sock (socket PF_UNIX SOCK_STREAM 0)))
+ (connect sock AF_UNIX #$socket-file)
+ (close-port sock)
+ ;; The socket is ready!
+ (execl mysql-upgrade mysql-upgrade
+ (string-append "--socket=" #$socket-file))))
+ (lambda args
+ (if (< i timeout)
+ (begin
+ (sleep 1)
+ (loop (+ 1 i)))
+ ;; No luck, give up.
+ (throw 'timeout-error
+ "MySQL server did not appear in time!"))))))))))
+
+(define (mysql-upgrade-shepherd-service config)
+ (list (shepherd-service
+ (provision '(mysql-upgrade))
+ (requirement '(mysql))
+ (one-shot? #t)
+ (documentation "Upgrade MySQL database schemas.")
+ (start (let ((mysql (mysql-configuration-mysql config))
+ (socket (mysql-configuration-socket config)))
+ #~(make-forkexec-constructor
+ (list #$(mysql-upgrade-wrapper mysql socket))
+ #:user "mysql" #:group "mysql"))))))
+
+(define (mysql-shepherd-services config)
+ (if (mysql-configuration-auto-upgrade? config)
+ (append (mysql-shepherd-service config)
+ (mysql-upgrade-shepherd-service config))
+ (mysql-shepherd-service config)))
+
(define mysql-service-type
(service-type
(name 'mysql)
(service-extension activation-service-type
%mysql-activation)
(service-extension shepherd-root-service-type
- mysql-shepherd-service)))
+ mysql-shepherd-services)))
(default-value (mysql-configuration))))
-(define* (mysql-service #:key (config (mysql-configuration)))
- "Return a service that runs @command{mysqld}, the MySQL or MariaDB
-database server.
-
-The optional @var{config} argument specifies the configuration for
-@command{mysqld}, which should be a @code{<mysql-configuration>} object."
+(define-deprecated (mysql-service #:key (config (mysql-configuration)))
+ mysql-service-type
(service mysql-service-type config))
\f
HCoop / jackhill / guix / guix.git / blobdiff