0

My goal is to configure my new AWS instances with a python script that installs my repositories and packages, then utilizing subprocess to configure, (in this case), postgres. Values are read from a yaml or json file. So far I have had success installing all the packages and repos for the environment. Where I'm stuck is a python script that will create a user in postgres then create a database. 

import subprocess
# out is to show output, com is the stdin value(s) to pass
def run(command, out=False, com=False, ):

  process = subprocess.Popen(
    command,
    close_fds=True,
    stdin=subprocess.PIPE,
    stdout=subprocess.PIPE,
    stderr=subprocess.STDOUT
  )

  if out:
    out = iter(process.stdout.readline, b'')
    for line in out:
      print(line)

  if com:
    process.stdin.write(com)
    # http://stackoverflow.com/questions/16091112/python-pipe-to-popen-stdin
    # process.communicate(com) doesn't fit, i need multiple stdin

run(['ls', '-l'], True) # works 
run(['sudo', 'su', '-', 'postgres']) # works 

run(['createuser'], False, 'testuser') 
# broken, also after i get this working, this should be a list of stdin values    
# this results in infinite lines:
# Shall the new role be a superuser? (y/n)
# I do have a workaround, run(['createuser', '-d', '-r', '-s', '-w', 'username'], False)
# Confirmed workaround created user successfully
Michael Benin
  • 4,317
  • 2
  • 23
  • 15

1 Answers1

0

I haven't used Postgres in ages, but I'm guessing you want to su to postgres, and then run a command that requires postgres' rights.

But your run(['sudo', 'su', '-', 'postgres']) will probably just open a shell and wait; run(['createuser'], False, 'testuser') will likely never get run.

Instead, I believe you should combine these two commands. See the "-c" option to su.

Alternatively, and a little more securely, you could give your source user postgres rights in sudo, to take root out of the equation and make your code a little simpler.

dstromberg
  • 6,954
  • 1
  • 26
  • 27