#!/usr/bin/perl -wT

# Upgrade a PostgreSQL cluster to a newer major version.
#
# (C) 2005 Martin Pitt <mpitt@debian.org>

use strict;

use lib '/usr/share/postgresql-common';
use PgCommon;
use Getopt::Long;
use POSIX;

# untaint environment
$ENV{'PATH'} = '/bin:/usr/local/bin:/usr/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

my ($version, $newversion, $cluster);
my (%info, %newinfo);

sub adapt_conffiles {
    my %c = read_cluster_conf_file $newversion, $cluster, 'postgresql.conf';

    # Arguments: <ref to conf hash> <name> <comment>
    sub deprecate {
        if (defined ${$_[0]}{$_[1]}) {
            PgCommon::disable_conf_value $newversion, $cluster,
                'postgresql.conf', $_[1], $_[2];
        }
    }

    # Arguments: <ref to conf hash> <old name> <new name>
    sub rename_ {
        my ($conf, $old, $new) = @_;
        if (defined ${$conf}{$old}) {
            PgCommon::replace_conf_value $newversion, $cluster,
                'postgresql.conf', $old, "deprecated in favor of $new", 
                $new, ${$conf}{$old};
        }
    }

    # Arguments: <string>, <from>, <to>
    sub strrepl {
        my ($s, $f, $t) = @_;
        for(;;) {
            my $i = index $s, $f;
            last if $i < 0;
            substr($s, $i, (length $f)) = $t;
        }
        return $s;
    }

    # adapt paths to configuration files
    PgCommon::set_conf_value $newversion, $cluster, 'postgresql.conf',
	'hba_file', strrepl($c{'hba_file'}, $version, $newversion) if $c{'hba_file'};
    PgCommon::set_conf_value $newversion, $cluster, 'postgresql.conf',
	'ident_file', strrepl($c{'ident_file'}, $version, $newversion) if $c{'ident_file'};
    PgCommon::set_conf_value $newversion, $cluster, 'postgresql.conf',
	'external_pid_file', strrepl($c{'external_pid_file'}, $version, $newversion) if $c{'external_pid_file'};

    # tcpip_socket transition
    my $tcpip_socket = config_bool $c{'tcpip_socket'};
    deprecate \%c, 'virtual_host', 'deprecated in favor of listen_addresses';
    if (defined $tcpip_socket) {
        PgCommon::replace_conf_value $newversion, $cluster, 'postgresql.conf',
                'tcpip_socket', 'deprecated in favor of listen_addresses', 
                'listen_addresses', ($tcpip_socket ? ($c{'virtual_host'} || '*') : '');
    }

    # syslog transition
    if (defined $c{'syslog'}) {
        my %syslog_values = (0 => 'stderr', 1 => 'stderr,syslog', 2 => 'syslog');
        PgCommon::replace_conf_value $newversion, $cluster, 'postgresql.conf',
            'syslog', 'deprecated in favor of log_destination',
            'log_destination', $syslog_values{$c{'syslog'}};
    }

    # sort_mem -> work_mem transition
    rename_ \%c, 'sort_mem', 'work_mem' if $newversion ge '8.0';

    # log_statement transition
    if (defined $c{'log_statement'}) {
        PgCommon::set_conf_value $newversion, $cluster, 'postgresql.conf',
            'log_statement', ($c{'log_statement'} ? 'all' : 'none');
    }

    # log_* transition
    my $log_line_prefix = '';

    deprecate \%c, 'log_timestamp', 'deprecated in favor of log_line_prefix';
    deprecate \%c, 'log_pid', 'deprecated in favor of log_line_prefix';
    deprecate \%c, 'log_hostname', 'deprecated in favor of log_line_prefix';
    deprecate \%c, 'log_source_port', 'deprecated in favor of log_line_prefix';

    $log_line_prefix .= '%t ' if config_bool $c{'log_timestamp'};
    $log_line_prefix .= '[%p] ' if config_bool $c{'log_pid'};
    $log_line_prefix .= '%r ' if config_bool $c{'log_hostname'} || config_bool $c{'log_source_port'};
    chop $log_line_prefix if (substr $log_line_prefix, -1) eq ' ';
    if ($log_line_prefix) {
        PgCommon::set_conf_value $newversion, $cluster, 'postgresql.conf',
            'log_line_prefix', $log_line_prefix;
    }

    # obsolete max_expr_depth
    deprecate \%c, 'max_expr_depth', 'does not exist any more, look at max_stack_depth';

    if ($newversion ge '8.1') {
        # obsolete rendezvous_name 
        deprecate \%c, 'rendezvous_name', 'obsolete in 8.1';

        # 8.1+ has internal autovacuum
        PgCommon::set_conf_value $newversion, $cluster, 'postgresql.conf',
            'autovacuum', $info{'avac_enable'} ? 'yes' : 'no';

        # bgwriter_percent -> bgwriter_{lru,all}_percent transition
        rename_ \%c, 'bgwriter_percent', 'bgwriter_all_percent';
        # bgwriter_maxpages -> bgwriter_{lru,all}_maxpages transition
        rename_ \%c, 'bgwriter_maxpages', 'bgwriter_all_maxpages';
    }

    if ($newversion ge '8.2') {
        # preload_libraries -> shared_preload_libraries transition
        rename_ \%c, 'preload_libraries', 'shared_preload_libraries';

	# australian_timezones -> timezone_abbreviations transition
	my $australian_timezones = config_bool $c{'australian_timezones'};
	if (defined $australian_timezones) {
	    PgCommon::replace_conf_value $newversion, $cluster, 'postgresql.conf',
		    'australian_timezones', 'deprecated in favor of timezone_abbreviations', 
		    'timezone_abbreviations', ($australian_timezones ?  'Australia' : 'Default');
	}
    }
}

# Save original pg_hba.conf, replace it with one that only allows local access
# to the owner, and reload postmaster.
# Arguments: <version> <cluster> <owner> <owneruid>
sub disable_connections {
    my $hba = "/etc/postgresql/$_[0]/$_[1]/pg_hba.conf";

    rename $hba, "$hba.orig" or error 'could not rename pg_hba.conf';
    unless (open F, ">$hba") {
        rename "$hba.orig", $hba; 
        error "could not create $hba";
    }
    chmod 0400, $hba;
    chown $_[3], 0, $hba;
    print F "local all $_[2] ident sameuser";
    close F;

    if (system 'pg_ctlcluster', $_[0], $_[1], 'reload') {
        rename "$hba.orig", $hba; 
        error "could not reload cluster $_[0]/$_[1]";
    }
}

# Restore original pg_hba.conf, but do not restart postmaster.
# Arguments: <version> <cluster>
sub enable_connections {
    my $hba = "/etc/postgresql/$_[0]/$_[1]/pg_hba.conf";

    rename "$hba.orig", $hba or error 'could not rename pg_hba.conf';
}

#
# Execution starts here
#

# command line arguments

$newversion = get_newest_version;

exit 1 unless GetOptions ('v|version=s' => \$newversion);
($newversion) = $newversion =~ /^(\d+\.\d+)$/; # untaint

if ($#ARGV < 1) {
    print "Usage: $0 [-v <newversion>] <version> <cluster name> [<data directory>]\n";
    exit 1;
}

error 'This command needs to be executed as root' if $> != 0;

($version) = $ARGV[0] =~ /^(\d+\.\d+)$/;
($cluster) = $ARGV[1] =~ /^([-.\w]+)$/;
my $datadir;
($datadir) = $ARGV[2] =~ /(.*)/ if defined $ARGV[2];

error 'specified cluster does not exist' unless cluster_exists $version, $cluster;
%info = cluster_info ($version, $cluster);
error 'specified cluster is not running' unless $info{'running'};
error 'cluster is disabled' if $info{'start'} eq 'disabled';

my $encoding = get_db_encoding $version, $cluster, 'template1';
error 'could not get cluster default encoding' unless $encoding;
my ($lc_ctype, $lc_collate) = get_cluster_locales $version, $cluster;
error 'could not get cluster locale' unless $lc_ctype;
error 'could not get cluster collating locale' unless $lc_ctype;

if (PgCommon::cluster_data_directory $newversion, $cluster) {
    error "target cluster $newversion/$cluster already exists";
}

my $oldpsql = get_program_path 'psql', $version;
my $oldsocket = get_cluster_socketdir $version, $cluster;

# do read-only checks for situations that would make the upgrade fail
if (!fork) {
    change_ugid $info{'owneruid'}, $info{'ownergid'};

    # check for users and groups with the same name when upgrading < 8.1 to >=
    # 8.1
    if ($version lt '8.1' && $newversion ge '8.1') {
        my @samename;
        print "Checking for users and groups with the same name...\n";
        open F, '-|', $oldpsql, '-h', $oldsocket, '-p', $info{'port'}, 
            '-F|', '-d', 'template1', '-Atc', 
            'select usename from pg_user,pg_group where usename = groname' or 
            error 'Could not execute pg_user/pg_group query';
        while (<F>) {
            chomp;
            push @samename, $_;
        }
        close F;
        error 'could not get list of users/groups' if $?;

        if (@samename) {
            print 
"PostgreSQL 8.1 and later subsume users and groups into 'roles'. The following\
names are both a user and a group, so either the user or the group must be\
uniquely renamed before the cluster can be upgraded:\n";
            print ((join ' ', @samename), "\n");
            exit 1;
        }
    }

    exit 0;
}   
wait;
exit 1 if $?;

# create new cluster, preserving encoding and locales

my @argv = ('pg_createcluster', '-u', $info{'owneruid'}, '-g', $info{'ownergid'},
    '--socketdir', $info{'socketdir'}, '--encoding', $encoding, $newversion,
    $cluster);
push @argv, '--datadir', $datadir if $datadir;

delete $ENV{'LC_ALL'};
$ENV{'LC_CTYPE'} = $lc_ctype;
$ENV{'LC_COLLATE'} = $lc_collate;
error "Could not create target cluster" if system @argv;

@argv = ('pg_ctlcluster', $newversion, $cluster, 'start');
error "Could not start target cluster" if system @argv;

sleep(4);

%newinfo = cluster_info($newversion, $cluster);
my $pg_restore = get_program_path 'pg_restore', $newversion;

# check whether upgrade scripts exist; if so, verify that pg_restore supports
# -X no-data-for-failed-tables.
my $upgrade_scripts = (-d '/etc/postgresql-common/pg_upgradecluster.d' &&
     `run-parts --test /etc/postgresql-common/pg_upgradecluster.d`);

if ($upgrade_scripts) {
    if (`$pg_restore --help` !~ qr/no-data-for-failed-tables/) {
	error '/etc/postgresql-common/pg_upgradecluster.d has upgrade scripts, but $pg_restore does not support the "-X no-data-for-failed-tables" option.'
    }
}

# Run upgrade scripts in init phase
if ($upgrade_scripts) {
    if (!fork) {
	change_ugid $info{'owneruid'}, $info{'ownergid'};

	@argv = ('run-parts', '--lsbsysinit', '-a', $version, '-a', $cluster,
	    '-a', $newversion, '-a', 'init',
	    '/etc/postgresql-common/pg_upgradecluster.d');
	error '/etc/postgresql-common/pg_upgradecluster.d script failed' if system @argv;
	exit 0;
    }
    wait;
}

# Disable access to clusters during upgrade
my $owner = getpwuid $info{'owneruid'};
error 'could not get name of cluster owner' unless $owner;
print "Disabling connections to the old cluster during upgrade...\n";
disable_connections $version, $cluster, $owner, $info{'owneruid'};
print "Disabling connections to the new cluster during upgrade...\n";
disable_connections $newversion, $cluster, $owner, $newinfo{'owneruid'};

# dump cluster; drop to cluster owner privileges

if (!fork) {
    change_ugid $info{'owneruid'}, $info{'ownergid'};
    my $pg_dumpall = get_program_path 'pg_dumpall', $newversion;
    my $pg_dump = get_program_path 'pg_dump', $newversion;
    my $psql = get_program_path 'psql', $newversion;
    my $newsocket = get_cluster_socketdir $newversion, $cluster;
    my $buffer;

    # get list of databases and allowed connections
    my %databases;
    open F, '-|', $oldpsql, '-h', $oldsocket, '-p', $info{'port'}, 
        '-F|', '-d', 'template1', '-Atc', 
        'select datname, datallowconn from pg_database' or 
        error 'Could not get pg_database list';
    while (<F>) {
        chomp;
        my ($n, $a) = split '\|';
        $databases{$n} = ($a eq 't');
    }
    close F;
    error 'could not get list of databases' if $?;

    # real global objects data (roles)
    print "Creating globals...\n";
    open SOURCE, '-|', $pg_dumpall, '-h', $oldsocket, '-p', $info{'port'},
         '-g' or error 'Could not execute pg_dumpall for old cluster';
    my $data = '';
    while (read SOURCE, $buffer, 1048576) {
	$data .= $buffer;
    }
    close SOURCE;
    ($? == 0) or exit 1;

    # remove creation of db superuser role to avoid error message
    $data =~ s/^CREATE (ROLE|USER) $owner;\s*$//m;

    # create global objects int target cluster
    open SINK, '|-', $psql, '-h', $newsocket, '-p', $newinfo{'port'},
        '-q', '-d', 'template1' or 
        error 'Could not execute psql for new cluster';
    print SINK $data;
    close SINK;
    ($? == 0) or exit 1;
    
    # Upgrade databases
    for my $db (keys %databases) {
        next if $db eq 'template0';

	if ($db eq 'postgres' && $newversion ge '8.1') {
	    (system 'dropdb', '--cluster', "$newversion/$cluster", '-q', 'postgres');
	}

        unless ($databases{$db}) {
            print "Temporary enabling access to database $db\n";
            (system $oldpsql, '-h', $oldsocket, '-p', $info{'port'}, '-q', 
                '-d', 'template1', '-c', 
                "update pg_database set datallowconn = 't' where datname = '$db'") == 0 or
                error 'Could not enable access to database';
        }

	print "Fixing hardcoded library paths for stored procedures...\n";
	(system $psql, '-h', $oldsocket, '-p', $info{'port'}, '-q', '-d',
	    $db, '-c', "update pg_proc set probin = decode(replace(\
		replace(encode(probin, 'escape'), '/usr/lib/postgresql/lib', '\$libdir'), \
		'/usr/lib/postgresql/$version/lib', '\$libdir'), 'escape')") == 0 or
	    error 'Could not fix library paths';

        print 'Upgrading database ', $db, "...\n";
        open SOURCE, '-|', $pg_dump, '-h', $oldsocket, '-p', $info{'port'},
             '-Fc', $db or 
            error 'Could not execute pg_dump for old cluster';
	if ($upgrade_scripts) {
	    if ($newversion eq '8.1') {
		open SINK, '|-', $pg_restore, '-h', $newsocket, '-p', $newinfo{'port'},
		    '-X', 'no-data-for-failed-tables', '-d', 'template1', 
		    ($db eq 'template1' ? '-O' : '-C') or 
		    error 'Could not execute pg_restore for new cluster';
	    } else {
		open SINK, '|-', $pg_restore, '-h', $newsocket, '-p', $newinfo{'port'},
		    '--no-data-for-failed-tables', '-d', 'template1', 
		    ($db eq 'template1' ? '-O' : '-C') or 
		    error 'Could not execute pg_restore for new cluster';
	    }
	} else {
	    open SINK, '|-', $pg_restore, '-h', $newsocket, '-p', $newinfo{'port'},
		'-d', 'template1', ($db eq 'template1' ? '-O' : '-C') or 
		error 'Could not execute pg_restore for new cluster';
	}
        while (read SOURCE, $buffer, 1048576) {
            print SINK $buffer;
        }
        close SOURCE;
        ($? == 0) or exit 1;
        close SINK;
        print 'Analyzing database ', $db, "...\n";
        (system $psql, '-h', $newsocket, '-p', $newinfo{'port'}, '-q', 
            '-d', $db, '-c', 'ANALYZE') == 0 or
            error 'Could not ANALZYE database';

        unless ($databases{$db}) {
            print "Disabling access to database $db\n";
            (system $oldpsql, '-h', $oldsocket, '-p', $info{'port'}, '-q', 
                '-d', 'template1', '-c', 
                "update pg_database set datallowconn = 'f' where datname = '$db'") == 0 or
                error 'Could not disable access to database in old cluster';
            (system $psql, '-h', $newsocket, '-p', $newinfo{'port'}, '-q', 
                '-d', 'template1', '-c', 
                "update pg_database set datallowconn = 'f' where datname = '$db'") == 0 or
                error 'Could not disable access to database in new cluster';
        }
    }
    exit 0;
}

print "Re-enabling connections to the old cluster...\n";
enable_connections $version, $cluster;
print "Re-enabling connections to the new cluster...\n";
enable_connections $newversion, $cluster;

wait;
if ($?) {
    print STDERR "Error during cluster dumping, removing new cluster\n";
    system 'pg_dropcluster', '--stop', $newversion, $cluster;

    # Reload old cluster to allow connections again
    if (system 'pg_ctlcluster', $version, $cluster, 'reload') {
        error 'could not reload old cluster, please do that manually';
    }
    exit 1;
}

# copy configuration files
print "Copying old configuration files...\n";
install_file $info{'configdir'}.'/postgresql.conf', $newinfo{'configdir'},
    $newinfo{'owneruid'}, $newinfo{'ownergid'}, "644";
install_file $info{'configdir'}.'/pg_ident.conf', $newinfo{'configdir'},
    $newinfo{'owneruid'}, $newinfo{'ownergid'}, "640";
install_file $info{'configdir'}.'/pg_hba.conf', $newinfo{'configdir'},
    $newinfo{'owneruid'}, $newinfo{'ownergid'}, "640";
if ( -e $info{'configdir'}.'/start.conf') {
    print "Copying old start.conf...\n";
    install_file $info{'configdir'}.'/start.conf', $newinfo{'configdir'},
	$newinfo{'owneruid'}, $newinfo{'ownergid'}, "644";
}

adapt_conffiles;

print "Stopping target cluster...\n";
@argv = ('pg_ctlcluster', $newversion, $cluster, 'stop');
error "Could not stop target cluster" if system @argv;

print "Stopping old cluster...\n";
@argv = ('pg_ctlcluster', $version, $cluster, 'stop');
error "Could not stop old cluster" if system @argv;

print "Disabling automatic startup of old cluster...\n";
my $startconf = $info{'configdir'}.'/start.conf';
if (open F, ">$startconf") {
    print F "# This cluster was upgraded to a newer major version. The old
# cluster has been preserved for backup purposes, but is not started
# automatically.

manual";
    close F;
} else {
    error "could not create $startconf: $!";
}

my $oldport = next_free_port;
print "Configuring old cluster to use a different port ($oldport)...\n";
set_cluster_port $version, $cluster, $oldport;

print "Starting target cluster on the original port...\n";
@argv = ('pg_ctlcluster', $newversion, $cluster, 'start');
error "Could not start target cluster; please check configuration and log files" if system @argv;

# Run upgrade scripts in finish phase
if ($upgrade_scripts) {
    if (!fork) {
	change_ugid $info{'owneruid'}, $info{'ownergid'};

	@argv = ('run-parts', '--lsbsysinit', '-a', $version, '-a', $cluster,
	    '-a', $newversion, '-a', 'finish',
	    '/etc/postgresql-common/pg_upgradecluster.d');
	error '/etc/postgresql-common/pg_upgradecluster.d script failed' if system @argv;
	exit 0;
    }
    wait;
}

print "Success. Please check that the upgraded cluster works. If it does,
you can remove the old cluster with

  pg_dropcluster $version $cluster
"

__END__

=head1 NAME

pg_upgradecluster - upgrade a new PostgreSQL cluster to a new major version.

=head1 SYNOPSIS

B<pg_upgradecluster> [B<-v> I<newversion>] I<version> I<name> [I<data dir>]

=head1 DESCRIPTION

B<pg_upgradecluster> upgrades an existing PostgreSQL server cluster (i. e. a
collection of databases served by a B<postmaster> instance) to a new version
specified by I<newversion> (default: latest available version).  The
configuration files of the old version are copied to the new cluster.

The cluster of the old version will be configured to use a previously unused
port since the upgraded one will use the original port. The old cluster is not
automatically be removed. After upgrade, please verify that the new cluster
indeed works as expected; if so, you should remove the old cluster with
L<pg_dropcluster(8)>.

=head1 HOOK SCRIPTS

Some PostgreSQL extensions like PostGIS need metadata in auxiliary tables which
must not be upgraded from the old version, but rather initialized for the new
version before copying the table data. For this purpose, extensions (as well as
administrators, of course) can drop upgrade hook scripts into 
C</etc/postgresql-common/pg_upgradecluster.d/>. Scripts in that
directory will be called with the following arguments:

<old version> <cluster name> <new version> <phase> 

Phases:

=over

=item B<init>

A virgin cluster of version I<new version> has been created, i. e.  this new
cluster will already have B<template1>, but no user databases.

=item B<finish>

All data from the old version cluster has been dumped/reloaded into the new
one. The old cluster still exists.

=back

The scripts are called as the user who owns the database.

=head1 SEE ALSO

L<pg_createcluster(8)>, L<pg_dropcluster(8)>, L<pg_lsclusters(1)>, L<pg_wrapper(1)>

=head1 AUTHOR

Martin Pitt L<E<lt>mpitt@debian.orgE<gt>>
