Make --tags=import-generic-sqlite-db commands not pass a sensitive connection string around

Instead of passing the connection string, we can now pass a name of a
variable, which contains a connection string.

Both are supported for having extra flexibility.
This commit is contained in:
Slavi Pantaleev 2020-12-14 11:47:00 +02:00
parent 2a99e84b5b
commit 5dba0c038b
2 changed files with 21 additions and 8 deletions

View file

@ -15,7 +15,7 @@
To continue using SQLite, opt into it explicitly: add `matrix_appservice_discord_database_engine: sqlite` to your vars.yml file and re-run this same command. To continue using SQLite, opt into it explicitly: add `matrix_appservice_discord_database_engine: sqlite` to your vars.yml file and re-run this same command.
Alternatively, to migrate your existing SQLite database to Postgres: Alternatively, to migrate your existing SQLite database to Postgres:
1. Stop all services (`ansible-playbook -i inventory/hosts setup.yml --tags=stop`) 1. Stop all services (`ansible-playbook -i inventory/hosts setup.yml --tags=stop`)
2. Import the SQLite database into Postgres (`ansible-playbook -v -i inventory/hosts setup.yml --tags=import-generic-sqlite-db --extra-vars='sqlite_database_path={{ matrix_appservice_discord_sqlite_database_path_local }} postgres_db_connection_string={{ matrix_appservice_discord_database_connString }}'`) 2. Import the SQLite database into Postgres (`ansible-playbook -v -i inventory/hosts setup.yml --tags=import-generic-sqlite-db --extra-vars='sqlite_database_path={{ matrix_appservice_discord_sqlite_database_path_local }} postgres_connection_string_variable_name=matrix_appservice_discord_database_connString'`)
3. Re-run the playbook (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`) 3. Re-run the playbook (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`)
when: "matrix_appservice_discord_sqlite_database_path_local_stat_result.stat.exists" when: "matrix_appservice_discord_sqlite_database_path_local_stat_result.stat.exists"
when: "matrix_appservice_discord_database_engine == 'postgres'" when: "matrix_appservice_discord_database_engine == 'postgres'"

View file

@ -12,13 +12,6 @@
msg: "The `sqlite_database_path` variable needs to be provided to this playbook, via --extra-vars" msg: "The `sqlite_database_path` variable needs to be provided to this playbook, via --extra-vars"
when: "sqlite_database_path is not defined or sqlite_database_path.startswith('<')" when: "sqlite_database_path is not defined or sqlite_database_path.startswith('<')"
- name: Fail if playbook called incorrectly
fail:
msg: >-
The `postgres_db_connection_string` variable needs to be provided to this playbook, via `--extra-vars`.
Example: `--extra-vars="postgres_db_connection_string=postgresql://username:password@localhost:<port>/database_name`"
when: "postgres_db_connection_string is not defined or not postgres_db_connection_string.startswith('postgresql://')"
- name: Check if the provided SQLite database file exists - name: Check if the provided SQLite database file exists
stat: stat:
path: "{{ sqlite_database_path }}" path: "{{ sqlite_database_path }}"
@ -29,6 +22,26 @@
msg: "File cannot be found on the server at {{ sqlite_database_path }}" msg: "File cannot be found on the server at {{ sqlite_database_path }}"
when: "not sqlite_database_path_stat_result.stat.exists" when: "not sqlite_database_path_stat_result.stat.exists"
# We either expect `postgres_db_connection_string` specifying a full Postgres database connection string,
# or `postgres_connection_string_variable_name`, specifying a name of a variable, which contains a valid connection string.
- block:
- name: Fail if postgres_connection_string_variable_name points to an undefined variable
fail: msg="postgres_connection_string_variable_name is defined, but there is no variable with the name `{{ postgres_connection_string_variable_name }}`"
when: "postgres_connection_string_variable_name not in vars"
- name: Get Postgres connection string from variable
set_fact:
postgres_db_connection_string: "{{ lookup('vars', postgres_connection_string_variable_name) }}"
when: 'postgres_connection_string_variable_name is defined'
- name: Fail if playbook called incorrectly
fail:
msg: >-
Either a `postgres_db_connection_string` variable or a `postgres_connection_string_variable_name` needs to be provided to this playbook, via `--extra-vars`.
Example: `--extra-vars="postgres_db_connection_string=postgresql://username:password@localhost:<port>/database_name"` or `--extra-vars="postgres_connection_string_variable_name=matrix_appservice_discord_database_connString"`
when: "postgres_db_connection_string is not defined or not postgres_db_connection_string.startswith('postgresql://')"
# Defaults # Defaults