initial COM2 system snapshot
This commit is contained in:
gitea
84
COM2_STRIP_PG_SEMICOLONS_AND_REVERIFY_ONE_SHOT.sh
Executable file
84
COM2_STRIP_PG_SEMICOLONS_AND_REVERIFY_ONE_SHOT.sh
Executable file
@@ -0,0 +1,84 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
DIR="/opt/hx-ki/com2-stack"
|
||||
F="$DIR/docker-compose.yml"
|
||||
C="hxki-postgres"
|
||||
TS="$(date +%Y%m%d-%H%M%S)"
|
||||
BK="/opt/hx-ki/backups/com2-strip-pg-$TS"
|
||||
mkdir -p "$BK"
|
||||
|
||||
echo "=== COM2 · STRIP PG ';' + REVERIFY (one-shot) ==="
|
||||
echo "Compose: $F"
|
||||
echo "Backup: $BK"
|
||||
echo
|
||||
|
||||
[ -f "$F" ] || { echo "FAIL: missing $F"; exit 1; }
|
||||
cp -a "$F" "$BK/docker-compose.yml.pre"
|
||||
|
||||
echo "[1] Strip trailing ';' from POSTGRES_USER/DB/PASSWORD values (list + mapping, quoted/unquoted)"
|
||||
python3 - <<'PY'
|
||||
from pathlib import Path
|
||||
import re
|
||||
|
||||
p = Path("/opt/hx-ki/com2-stack/docker-compose.yml")
|
||||
s = p.read_text()
|
||||
|
||||
keys = ["POSTGRES_USER", "POSTGRES_PASSWORD", "POSTGRES_DB"]
|
||||
|
||||
# list-form: - KEY=value;
|
||||
for k in keys:
|
||||
s = re.sub(rf'^(\s*-\s*{k}=)(.*?);(\s*)$', r'\1\2\3', s, flags=re.M)
|
||||
|
||||
# mapping-form: KEY: value;
|
||||
for k in keys:
|
||||
s = re.sub(rf'^(\s*{k}:\s*)(.*?);(\s*)$', r'\1\2\3', s, flags=re.M)
|
||||
|
||||
# also handle quoted values: KEY: "value;";
|
||||
for k in keys:
|
||||
s = re.sub(rf'^(\s*{k}:\s*")(.*?);("(\s*)$)', r'\1\2\3', s, flags=re.M)
|
||||
|
||||
p.write_text(s)
|
||||
PY
|
||||
|
||||
echo
|
||||
echo "[2] Validate compose"
|
||||
docker compose -f "$F" config >/dev/null
|
||||
echo "OK: compose valid"
|
||||
|
||||
echo
|
||||
echo "[3] Recreate postgres to re-inject sanitized ENV"
|
||||
cd "$DIR"
|
||||
docker compose up -d --force-recreate --no-deps "$C" >/dev/null
|
||||
|
||||
echo
|
||||
echo "[4] Ground truth ENV inside container (must NOT end with ';')"
|
||||
docker inspect "$C" --format '{{range .Config.Env}}{{println .}}{{end}}' | egrep '^POSTGRES_(USER|PASSWORD|DB)='
|
||||
|
||||
PG_USER="$(docker inspect "$C" --format '{{range .Config.Env}}{{println .}}{{end}}' | awk -F= '/^POSTGRES_USER=/{print $2}' | tail -n1)"
|
||||
PG_DB="$(docker inspect "$C" --format '{{range .Config.Env}}{{println .}}{{end}}' | awk -F= '/^POSTGRES_DB=/{print $2}' | tail -n1)"
|
||||
PG_PW="$(docker inspect "$C" --format '{{range .Config.Env}}{{println .}}{{end}}' | awk -F= '/^POSTGRES_PASSWORD=/{print $2}' | tail -n1)"
|
||||
|
||||
for x in "$PG_USER" "$PG_DB" "$PG_PW"; do
|
||||
if [[ "$x" == *";"* ]]; then
|
||||
echo "FAIL: still contains ';' in ENV -> $x"
|
||||
exit 3
|
||||
fi
|
||||
done
|
||||
echo "OK: no semicolons in ENV"
|
||||
|
||||
echo
|
||||
echo "[5] Verify REAL login (max 30s)"
|
||||
for i in $(seq 1 30); do
|
||||
if docker exec -e PGPASSWORD="$PG_PW" "$C" psql -U "$PG_USER" -d "$PG_DB" -c "SELECT 1;" >/dev/null 2>&1; then
|
||||
echo "OK: Postgres auth works with CURRENT ENV"
|
||||
echo "=== DONE ==="
|
||||
exit 0
|
||||
fi
|
||||
sleep 1
|
||||
done
|
||||
|
||||
echo "FAIL: Postgres still rejects CURRENT ENV."
|
||||
echo "=> That means the DATA DIR was initialized with different credentials."
|
||||
echo "=> Next deterministic step is a controlled auth-reset (one-time), or you provide the real old password."
|
||||
exit 2
|
||||
Reference in New Issue
Block a user