dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge "Make DBAccessBase use DBConnRef, rename $wiki, and hide getLoadBalancer()"
[lhc/web/wiklou.git] / includes / installer / PostgresInstaller.php
1 <?php
2 /**
3 * PostgreSQL-specific installer.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 * @ingroup Deployment
22 */
23
24 use Wikimedia\Rdbms\Database;
25 use Wikimedia\Rdbms\DBQueryError;
26 use Wikimedia\Rdbms\DBConnectionError;
27
28 /**
29 * Class for setting up the MediaWiki database using Postgres.
30 *
31 * @ingroup Deployment
32 * @since 1.17
33 */
34 class PostgresInstaller extends DatabaseInstaller {
35
36 protected $globalNames = [
37 'wgDBserver',
38 'wgDBport',
39 'wgDBname',
40 'wgDBuser',
41 'wgDBpassword',
42 'wgDBmwschema',
43 ];
44
45 protected $internalDefaults = [
46 '_InstallUser' => 'postgres',
47 ];
48
49 public static $minimumVersion = '9.2';
50 protected static $notMinimumVersionMessage = 'config-postgres-old';
51 public $maxRoleSearchDepth = 5;
52
53 protected $pgConns = [];
54
55 function getName() {
56 return 'postgres';
57 }
58
59 public function isCompiled() {
60 return self::checkExtension( 'pgsql' );
61 }
62
63 function getConnectForm() {
64 return $this->getTextBox(
65 'wgDBserver',
66 'config-db-host',
67 [],
68 $this->parent->getHelpBox( 'config-db-host-help' )
69 ) .
70 $this->getTextBox( 'wgDBport', 'config-db-port' ) .
71 Html::openElement( 'fieldset' ) .
72 Html::element( 'legend', [], wfMessage( 'config-db-wiki-settings' )->text() ) .
73 $this->getTextBox(
74 'wgDBname',
75 'config-db-name',
76 [],
77 $this->parent->getHelpBox( 'config-db-name-help' )
78 ) .
79 $this->getTextBox(
80 'wgDBmwschema',
81 'config-db-schema',
82 [],
83 $this->parent->getHelpBox( 'config-db-schema-help' )
84 ) .
85 Html::closeElement( 'fieldset' ) .
86 $this->getInstallUserBox();
87 }
88
89 function submitConnectForm() {
90 // Get variables from the request
91 $newValues = $this->setVarsFromRequest( [
92 'wgDBserver',
93 'wgDBport',
94 'wgDBname',
95 'wgDBmwschema'
96 ] );
97
98 // Validate them
99 $status = Status::newGood();
100 if ( !strlen( $newValues['wgDBname'] ) ) {
101 $status->fatal( 'config-missing-db-name' );
102 } elseif ( !preg_match( '/^[a-zA-Z0-9_]+$/', $newValues['wgDBname'] ) ) {
103 $status->fatal( 'config-invalid-db-name', $newValues['wgDBname'] );
104 }
105 if ( !preg_match( '/^[a-zA-Z0-9_]*$/', $newValues['wgDBmwschema'] ) ) {
106 $status->fatal( 'config-invalid-schema', $newValues['wgDBmwschema'] );
107 }
108
109 // Submit user box
110 if ( $status->isOK() ) {
111 $status->merge( $this->submitInstallUserBox() );
112 }
113 if ( !$status->isOK() ) {
114 return $status;
115 }
116
117 $status = $this->getPgConnection( 'create-db' );
118 if ( !$status->isOK() ) {
119 return $status;
120 }
121 /**
122 * @var Database $conn
123 */
124 $conn = $status->value;
125
126 // Check version
127 $version = $conn->getServerVersion();
128 $status = static::meetsMinimumRequirement( $version );
129 if ( !$status->isOK() ) {
130 return $status;
131 }
132
133 $this->setVar( 'wgDBuser', $this->getVar( '_InstallUser' ) );
134 $this->setVar( 'wgDBpassword', $this->getVar( '_InstallPassword' ) );
135
136 return Status::newGood();
137 }
138
139 public function getConnection() {
140 $status = $this->getPgConnection( 'create-tables' );
141 if ( $status->isOK() ) {
142 $this->db = $status->value;
143 }
144
145 return $status;
146 }
147
148 public function openConnection() {
149 return $this->openPgConnection( 'create-tables' );
150 }
151
152 /**
153 * Open a PG connection with given parameters
154 * @param string $user User name
155 * @param string $password
156 * @param string $dbName Database name
157 * @param string $schema Database schema
158 * @return Status
159 */
160 protected function openConnectionWithParams( $user, $password, $dbName, $schema ) {
161 $status = Status::newGood();
162 try {
163 $db = Database::factory( 'postgres', [
164 'host' => $this->getVar( 'wgDBserver' ),
165 'port' => $this->getVar( 'wgDBport' ),
166 'user' => $user,
167 'password' => $password,
168 'dbname' => $dbName,
169 'schema' => $schema,
170 'keywordTableMap' => [ 'user' => 'mwuser', 'text' => 'pagecontent' ],
171 ] );
172 $status->value = $db;
173 } catch ( DBConnectionError $e ) {
174 $status->fatal( 'config-connection-error', $e->getMessage() );
175 }
176
177 return $status;
178 }
179
180 /**
181 * Get a special type of connection
182 * @param string $type See openPgConnection() for details.
183 * @return Status
184 */
185 protected function getPgConnection( $type ) {
186 if ( isset( $this->pgConns[$type] ) ) {
187 return Status::newGood( $this->pgConns[$type] );
188 }
189 $status = $this->openPgConnection( $type );
190
191 if ( $status->isOK() ) {
192 /**
193 * @var Database $conn
194 */
195 $conn = $status->value;
196 $conn->clearFlag( DBO_TRX );
197 $conn->commit( __METHOD__ );
198 $this->pgConns[$type] = $conn;
199 }
200
201 return $status;
202 }
203
204 /**
205 * Get a connection of a specific PostgreSQL-specific type. Connections
206 * of a given type are cached.
207 *
208 * PostgreSQL lacks cross-database operations, so after the new database is
209 * created, you need to make a separate connection to connect to that
210 * database and add tables to it.
211 *
212 * New tables are owned by the user that creates them, and MediaWiki's
213 * PostgreSQL support has always assumed that the table owner will be
214 * $wgDBuser. So before we create new tables, we either need to either
215 * connect as the other user or to execute a SET ROLE command. Using a
216 * separate connection for this allows us to avoid accidental cross-module
217 * dependencies.
218 *
219 * @param string $type The type of connection to get:
220 * - create-db: A connection for creating DBs, suitable for pre-
221 * installation.
222 * - create-schema: A connection to the new DB, for creating schemas and
223 * other similar objects in the new DB.
224 * - create-tables: A connection with a role suitable for creating tables.
225 *
226 * @throws MWException
227 * @return Status On success, a connection object will be in the value member.
228 */
229 protected function openPgConnection( $type ) {
230 switch ( $type ) {
231 case 'create-db':
232 return $this->openConnectionToAnyDB(
233 $this->getVar( '_InstallUser' ),
234 $this->getVar( '_InstallPassword' ) );
235 case 'create-schema':
236 return $this->openConnectionWithParams(
237 $this->getVar( '_InstallUser' ),
238 $this->getVar( '_InstallPassword' ),
239 $this->getVar( 'wgDBname' ),
240 $this->getVar( 'wgDBmwschema' ) );
241 case 'create-tables':
242 $status = $this->openPgConnection( 'create-schema' );
243 if ( $status->isOK() ) {
244 /**
245 * @var Database $conn
246 */
247 $conn = $status->value;
248 $safeRole = $conn->addIdentifierQuotes( $this->getVar( 'wgDBuser' ) );
249 $conn->query( "SET ROLE $safeRole" );
250 }
251
252 return $status;
253 default:
254 throw new MWException( "Invalid special connection type: \"$type\"" );
255 }
256 }
257
258 public function openConnectionToAnyDB( $user, $password ) {
259 $dbs = [
260 'template1',
261 'postgres',
262 ];
263 if ( !in_array( $this->getVar( 'wgDBname' ), $dbs ) ) {
264 array_unshift( $dbs, $this->getVar( 'wgDBname' ) );
265 }
266 $conn = false;
267 $status = Status::newGood();
268 foreach ( $dbs as $db ) {
269 try {
270 $p = [
271 'host' => $this->getVar( 'wgDBserver' ),
272 'user' => $user,
273 'password' => $password,
274 'dbname' => $db
275 ];
276 $conn = Database::factory( 'postgres', $p );
277 } catch ( DBConnectionError $error ) {
278 $conn = false;
279 $status->fatal( 'config-pg-test-error', $db,
280 $error->getMessage() );
281 }
282 if ( $conn !== false ) {
283 break;
284 }
285 }
286 if ( $conn !== false ) {
287 return Status::newGood( $conn );
288 } else {
289 return $status;
290 }
291 }
292
293 protected function getInstallUserPermissions() {
294 $status = $this->getPgConnection( 'create-db' );
295 if ( !$status->isOK() ) {
296 return false;
297 }
298 /**
299 * @var Database $conn
300 */
301 $conn = $status->value;
302 $superuser = $this->getVar( '_InstallUser' );
303
304 $row = $conn->selectRow( '"pg_catalog"."pg_roles"', '*',
305 [ 'rolname' => $superuser ], __METHOD__ );
306
307 return $row;
308 }
309
310 protected function canCreateAccounts() {
311 $perms = $this->getInstallUserPermissions();
312 if ( !$perms ) {
313 return false;
314 }
315
316 return $perms->rolsuper === 't' || $perms->rolcreaterole === 't';
317 }
318
319 protected function isSuperUser() {
320 $perms = $this->getInstallUserPermissions();
321 if ( !$perms ) {
322 return false;
323 }
324
325 return $perms->rolsuper === 't';
326 }
327
328 public function getSettingsForm() {
329 if ( $this->canCreateAccounts() ) {
330 $noCreateMsg = false;
331 } else {
332 $noCreateMsg = 'config-db-web-no-create-privs';
333 }
334 $s = $this->getWebUserBox( $noCreateMsg );
335
336 return $s;
337 }
338
339 public function submitSettingsForm() {
340 $status = $this->submitWebUserBox();
341 if ( !$status->isOK() ) {
342 return $status;
343 }
344
345 $same = $this->getVar( 'wgDBuser' ) === $this->getVar( '_InstallUser' );
346
347 if ( $same ) {
348 $exists = true;
349 } else {
350 // Check if the web user exists
351 // Connect to the database with the install user
352 $status = $this->getPgConnection( 'create-db' );
353 if ( !$status->isOK() ) {
354 return $status;
355 }
356 // @phan-suppress-next-line PhanUndeclaredMethod
357 $exists = $status->value->roleExists( $this->getVar( 'wgDBuser' ) );
358 }
359
360 // Validate the create checkbox
361 if ( $this->canCreateAccounts() && !$same && !$exists ) {
362 $create = $this->getVar( '_CreateDBAccount' );
363 } else {
364 $this->setVar( '_CreateDBAccount', false );
365 $create = false;
366 }
367
368 if ( !$create && !$exists ) {
369 if ( $this->canCreateAccounts() ) {
370 $msg = 'config-install-user-missing-create';
371 } else {
372 $msg = 'config-install-user-missing';
373 }
374
375 return Status::newFatal( $msg, $this->getVar( 'wgDBuser' ) );
376 }
377
378 if ( !$exists ) {
379 // No more checks to do
380 return Status::newGood();
381 }
382
383 // Existing web account. Test the connection.
384 $status = $this->openConnectionToAnyDB(
385 $this->getVar( 'wgDBuser' ),
386 $this->getVar( 'wgDBpassword' ) );
387 if ( !$status->isOK() ) {
388 return $status;
389 }
390
391 // The web user is conventionally the table owner in PostgreSQL
392 // installations. Make sure the install user is able to create
393 // objects on behalf of the web user.
394 if ( $same || $this->canCreateObjectsForWebUser() ) {
395 return Status::newGood();
396 } else {
397 return Status::newFatal( 'config-pg-not-in-role' );
398 }
399 }
400
401 /**
402 * Returns true if the install user is able to create objects owned
403 * by the web user, false otherwise.
404 * @return bool
405 */
406 protected function canCreateObjectsForWebUser() {
407 if ( $this->isSuperUser() ) {
408 return true;
409 }
410
411 $status = $this->getPgConnection( 'create-db' );
412 if ( !$status->isOK() ) {
413 return false;
414 }
415 $conn = $status->value;
416 $installerId = $conn->selectField( '"pg_catalog"."pg_roles"', 'oid',
417 [ 'rolname' => $this->getVar( '_InstallUser' ) ], __METHOD__ );
418 $webId = $conn->selectField( '"pg_catalog"."pg_roles"', 'oid',
419 [ 'rolname' => $this->getVar( 'wgDBuser' ) ], __METHOD__ );
420
421 return $this->isRoleMember( $conn, $installerId, $webId, $this->maxRoleSearchDepth );
422 }
423
424 /**
425 * Recursive helper for canCreateObjectsForWebUser().
426 * @param Database $conn
427 * @param int $targetMember Role ID of the member to look for
428 * @param int $group Role ID of the group to look for
429 * @param int $maxDepth Maximum recursive search depth
430 * @return bool
431 */
432 protected function isRoleMember( $conn, $targetMember, $group, $maxDepth ) {
433 if ( $targetMember === $group ) {
434 // A role is always a member of itself
435 return true;
436 }
437 // Get all members of the given group
438 $res = $conn->select( '"pg_catalog"."pg_auth_members"', [ 'member' ],
439 [ 'roleid' => $group ], __METHOD__ );
440 foreach ( $res as $row ) {
441 if ( $row->member == $targetMember ) {
442 // Found target member
443 return true;
444 }
445 // Recursively search each member of the group to see if the target
446 // is a member of it, up to the given maximum depth.
447 if ( $maxDepth > 0 &&
448 $this->isRoleMember( $conn, $targetMember, $row->member, $maxDepth - 1 )
449 ) {
450 // Found member of member
451 return true;
452 }
453 }
454
455 return false;
456 }
457
458 public function preInstall() {
459 $createDbAccount = [
460 'name' => 'user',
461 'callback' => [ $this, 'setupUser' ],
462 ];
463 $commitCB = [
464 'name' => 'pg-commit',
465 'callback' => [ $this, 'commitChanges' ],
466 ];
467 $plpgCB = [
468 'name' => 'pg-plpgsql',
469 'callback' => [ $this, 'setupPLpgSQL' ],
470 ];
471 $schemaCB = [
472 'name' => 'schema',
473 'callback' => [ $this, 'setupSchema' ]
474 ];
475
476 if ( $this->getVar( '_CreateDBAccount' ) ) {
477 $this->parent->addInstallStep( $createDbAccount, 'database' );
478 }
479 $this->parent->addInstallStep( $commitCB, 'interwiki' );
480 $this->parent->addInstallStep( $plpgCB, 'database' );
481 $this->parent->addInstallStep( $schemaCB, 'database' );
482 }
483
484 function setupDatabase() {
485 $status = $this->getPgConnection( 'create-db' );
486 if ( !$status->isOK() ) {
487 return $status;
488 }
489 $conn = $status->value;
490
491 $dbName = $this->getVar( 'wgDBname' );
492
493 $exists = $conn->selectField( '"pg_catalog"."pg_database"', '1',
494 [ 'datname' => $dbName ], __METHOD__ );
495 if ( !$exists ) {
496 $safedb = $conn->addIdentifierQuotes( $dbName );
497 $conn->query( "CREATE DATABASE $safedb", __METHOD__ );
498 }
499
500 return Status::newGood();
501 }
502
503 function setupSchema() {
504 // Get a connection to the target database
505 $status = $this->getPgConnection( 'create-schema' );
506 if ( !$status->isOK() ) {
507 return $status;
508 }
509 /** @var DatabasePostgres $conn */
510 $conn = $status->value;
511 '@phan-var DatabasePostgres $conn';
512
513 // Create the schema if necessary
514 $schema = $this->getVar( 'wgDBmwschema' );
515 $safeschema = $conn->addIdentifierQuotes( $schema );
516 $safeuser = $conn->addIdentifierQuotes( $this->getVar( 'wgDBuser' ) );
517 if ( !$conn->schemaExists( $schema ) ) {
518 try {
519 $conn->query( "CREATE SCHEMA $safeschema AUTHORIZATION $safeuser" );
520 } catch ( DBQueryError $e ) {
521 return Status::newFatal( 'config-install-pg-schema-failed',
522 $this->getVar( '_InstallUser' ), $schema );
523 }
524 }
525
526 // Select the new schema in the current connection
527 $conn->determineCoreSchema( $schema );
528
529 return Status::newGood();
530 }
531
532 function commitChanges() {
533 $this->db->commit( __METHOD__ );
534
535 return Status::newGood();
536 }
537
538 function setupUser() {
539 if ( !$this->getVar( '_CreateDBAccount' ) ) {
540 return Status::newGood();
541 }
542
543 $status = $this->getPgConnection( 'create-db' );
544 if ( !$status->isOK() ) {
545 return $status;
546 }
547 /** @var DatabasePostgres $conn */
548 $conn = $status->value;
549 '@phan-var DatabasePostgres $conn';
550
551 $safeuser = $conn->addIdentifierQuotes( $this->getVar( 'wgDBuser' ) );
552 $safepass = $conn->addQuotes( $this->getVar( 'wgDBpassword' ) );
553
554 // Check if the user already exists
555 $userExists = $conn->roleExists( $this->getVar( 'wgDBuser' ) );
556 if ( !$userExists ) {
557 // Create the user
558 try {
559 $sql = "CREATE ROLE $safeuser NOCREATEDB LOGIN PASSWORD $safepass";
560
561 // If the install user is not a superuser, we need to make the install
562 // user a member of the new user's group, so that the install user will
563 // be able to create a schema and other objects on behalf of the new user.
564 if ( !$this->isSuperUser() ) {
565 $sql .= ' ROLE' . $conn->addIdentifierQuotes( $this->getVar( '_InstallUser' ) );
566 }
567
568 $conn->query( $sql, __METHOD__ );
569 } catch ( DBQueryError $e ) {
570 return Status::newFatal( 'config-install-user-create-failed',
571 $this->getVar( 'wgDBuser' ), $e->getMessage() );
572 }
573 }
574
575 return Status::newGood();
576 }
577
578 function getLocalSettings() {
579 $port = $this->getVar( 'wgDBport' );
580 $schema = $this->getVar( 'wgDBmwschema' );
581
582 return "# Postgres specific settings
583 \$wgDBport = \"{$port}\";
584 \$wgDBmwschema = \"{$schema}\";";
585 }
586
587 public function preUpgrade() {
588 global $wgDBuser, $wgDBpassword;
589
590 # Normal user and password are selected after this step, so for now
591 # just copy these two
592 $wgDBuser = $this->getVar( '_InstallUser' );
593 $wgDBpassword = $this->getVar( '_InstallPassword' );
594 }
595
596 public function createTables() {
597 $schema = $this->getVar( 'wgDBmwschema' );
598
599 $status = $this->getConnection();
600 if ( !$status->isOK() ) {
601 return $status;
602 }
603
604 /** @var DatabasePostgres $conn */
605 $conn = $status->value;
606 '@phan-var DatabasePostgres $conn';
607
608 if ( $conn->tableExists( 'archive' ) ) {
609 $status->warning( 'config-install-tables-exist' );
610 $this->enableLB();
611
612 return $status;
613 }
614
615 $conn->begin( __METHOD__ );
616
617 if ( !$conn->schemaExists( $schema ) ) {
618 $status->fatal( 'config-install-pg-schema-not-exist' );
619
620 return $status;
621 }
622 $error = $conn->sourceFile( $this->getSchemaPath( $conn ) );
623 if ( $error !== true ) {
624 $conn->reportQueryError( $error, 0, '', __METHOD__ );
625 $conn->rollback( __METHOD__ );
626 $status->fatal( 'config-install-tables-failed', $error );
627 } else {
628 $conn->commit( __METHOD__ );
629 }
630 // Resume normal operations
631 if ( $status->isOK() ) {
632 $this->enableLB();
633 }
634
635 return $status;
636 }
637
638 public function getGlobalDefaults() {
639 // The default $wgDBmwschema is null, which breaks Postgres and other DBMSes that require
640 // the use of a schema, so we need to set it here
641 return array_merge( parent::getGlobalDefaults(), [
642 'wgDBmwschema' => 'mediawiki',
643 ] );
644 }
645
646 public function setupPLpgSQL() {
647 // Connect as the install user, since it owns the database and so is
648 // the user that needs to run "CREATE LANGUAGE"
649 $status = $this->getPgConnection( 'create-schema' );
650 if ( !$status->isOK() ) {
651 return $status;
652 }
653 /**
654 * @var Database $conn
655 */
656 $conn = $status->value;
657
658 $exists = $conn->selectField( '"pg_catalog"."pg_language"', 1,
659 [ 'lanname' => 'plpgsql' ], __METHOD__ );
660 if ( $exists ) {
661 // Already exists, nothing to do
662 return Status::newGood();
663 }
664
665 // plpgsql is not installed, but if we have a pg_pltemplate table, we
666 // should be able to create it
667 $exists = $conn->selectField(
668 [ '"pg_catalog"."pg_class"', '"pg_catalog"."pg_namespace"' ],
669 1,
670 [
671 'pg_namespace.oid=relnamespace',
672 'nspname' => 'pg_catalog',
673 'relname' => 'pg_pltemplate',
674 ],
675 __METHOD__ );
676 if ( $exists ) {
677 try {
678 $conn->query( 'CREATE LANGUAGE plpgsql' );
679 } catch ( DBQueryError $e ) {
680 return Status::newFatal( 'config-pg-no-plpgsql', $this->getVar( 'wgDBname' ) );
681 }
682 } else {
683 return Status::newFatal( 'config-pg-no-plpgsql', $this->getVar( 'wgDBname' ) );
684 }
685
686 return Status::newGood();
687 }
688 }
Wiklou, le Wiki du Wiklou