Mercurial > gemma
changeset 330:fd04bccae6ca
Create standard roles as part of the base schema.
We will always need:
1. a gemma service user
2. an initial sys_admin user
so these are now created as part of the base gemma schema.
The install-db script now creates random default passwords for this
accounts.
As the complexity is sufficiently increased by now I also changed the
Quick Start guide to use an configuration file and provided an example
file.
author | Sascha Wilde <wilde@intevation.de> |
---|---|
date | Fri, 03 Aug 2018 13:40:10 +0200 |
parents | 71970f03c9e8 |
children | a85f56207d80 |
files | README.md cmd/gemma/gemma.toml.example schema/demo-data/roles.sql schema/install-db.sh schema/std_login_roles.sql |
diffstat | 5 files changed, 123 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/README.md Fri Aug 03 10:52:03 2018 +0200 +++ b/README.md Fri Aug 03 13:40:10 2018 +0200 @@ -32,14 +32,22 @@ ## Running gemma -- In the top level directory of the repo run: - `./cmd/gemma/gemma -s session.data -w ./web` +- Best is to create a configuration file. Copy the example from + `cmd/gemma/gemma.toml.example` to get started: + ``` + cp cmd/gemma/gemma.toml.example gemma.toml + ``` -- To listen on a specific port and interface: - ``` - ./cmd/gemma/gemma -s session.data -w ./web \ - --host 192.168.46.72 -p 8088 - ``` +- Edit `gemma.toml`, some parameters you propably want to change: + + * `host` and `port` to make gemma listen on a public interface + * `service-password` to match the password for "gemma_service" user + of your database. - `./cmd/gemma/gemma -h` gives you an overview of more available options. + +- Then start gemma: + ``` + + ```
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/cmd/gemma/gemma.toml.example Fri Aug 03 13:40:10 2018 +0200 @@ -0,0 +1,43 @@ +# ---------------------------------------------------------------------- +# Example configuration for gemma back end +# ---------------------------------------------------------------------- + +# ---------------------------------------------------------------------- +# Basic Setup: + +# Host and port to listen on: +#host = "localhost" +#port = "8000" + +# Where to find the data of the web client (SPA) to serve: +web = "./web" + +# File to persist session data: +sessions = "session.data" + +# ---------------------------------------------------------------------- +# Database: + +# DB connection configuration: +#dbhost = "localhost" +#dbname = "gemma" +#dbport = "5432" +#dbssl = "prefer" + +# Database account to use for service tasks +# (like password reset): +service-user = "gemma_service" +#service-password = "SECRET" + +# ---------------------------------------------------------------------- +# Mail setup: + +# SMTP connection configuration: +#mail-host = "localhost" +#mail-password = "SECRET" +#mail-port = "464" +#mail-user = "gemma" + +# Client data to use: +#mail-from = "noreplay@localhost" +#mail-helo = "localhost"
--- a/schema/demo-data/roles.sql Fri Aug 03 10:52:03 2018 +0200 +++ b/schema/demo-data/roles.sql Fri Aug 03 13:40:10 2018 +0200 @@ -11,7 +11,4 @@ CREATE ROLE oana IN ROLE waterway_user LOGIN PASSWORD 'oa2Na2'; CREATE ROLE vanja IN ROLE waterway_user LOGIN PASSWORD 'va2Nja3'; --- User for password reset -CREATE ROLE paul IN ROLE pw_reset LOGIN PASSWORD 'pw2Reset4'; - COMMIT;
--- a/schema/install-db.sh Fri Aug 03 10:52:03 2018 +0200 +++ b/schema/install-db.sh Fri Aug 03 13:40:10 2018 +0200 @@ -27,6 +27,12 @@ exit 23 } +genpw() +# $1 - length +{ + dd count=1 if=/dev/urandom 2>/dev/null \ + | tr -cd '[:alnum:],._!?-' | tail -c "$1" +} # Defaults: @@ -83,7 +89,8 @@ -c "SET client_min_messages TO WARNING;" \ -f "$BASEDIR/gemma.sql" \ -f "$BASEDIR/manage_users.sql" \ - -f "$BASEDIR/auth.sql" + -f "$BASEDIR/auth.sql" \ + -f "$BASEDIR/std_login_roles.sql" if [[ $demo -eq 1 ]] ; then psql -q -p "$port" -f "$BASEDIR/demo-data/responsibility_areas.sql" \ @@ -91,6 +98,17 @@ psql -q -p "$port" -f "$BASEDIR/demo-data/roles.sql" \ -f "$BASEDIR/demo-data/users.sql" -d "$db" fi + + # Generate and set Passwords + adminpw=`genpw 15` + servicepw=`genpw 15` + + psql -qt -p "$port" -d "$db" \ + -c "ALTER ROLE sysadmin PASSWORD '$adminpw'" + psql -qt -p "$port" -d "$db" \ + -c "ALTER ROLE gemma_service PASSWORD '$servicepw'" + echo "Default admin user 'sysadmin' created with password '$adminpw'." + echo "Back end user 'gemma_service' created with password '$servicepw'." else # Evil mode: drop everything gemma echo "Really drop database '$db' and alle gemma roles? [type 'yes']: "
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/schema/std_login_roles.sql Fri Aug 03 13:40:10 2018 +0200 @@ -0,0 +1,46 @@ +BEGIN; + +-- +-- Standard users for the GEMMA database +-- + +-- NOTE: Passwords for these roels must be set during initial setup of +-- the database. + +-- +-- Admin User +-- +-- This initial Admin account is used to bootstrap the personalized +-- accounts. +CREATE ROLE sysadmin IN ROLE sys_admin LOGIN; +-- We need an empty dumm country for the default admin, as the user is +-- not supposed to work on data, it should be only used to create +-- personalized accounts. +INSERT INTO countries (country_code) VALUES ('--'); +INSERT INTO users.responsibility_areas (country, area) + VALUES ('--', ST_GeomFromText('MULTIPOLYGON(((0 0, 0 0, 0 0, 0 0)))', 4326)); +-- Add user profile data for sysadminL +INSERT INTO internal.user_profiles + (username, country, email_address, map_extent) + VALUES ('sysadmin','--','', + 'BOX(9.52115482500011 46.3786430870001,17.1483378500001 49.0097744750001)'); + +-- +-- Functional Users +-- + +-- Used by the back end (gemma) +CREATE ROLE gemma_service IN ROLE pw_reset LOGIN; + + +-- +-- Remind the caller of his duties +-- +DO language plpgsql $$ +BEGIN + RAISE NOTICE 'Don''t forget to set a password for the user "sysadmin".'; + RAISE NOTICE 'Don''t forget to set a password for the user "gemma_service".'; +END +$$; + +COMMIT;