Jordan Ramos
4f69420aaa
Implement comprehensive directory reorganization to improve discoverability,
logical grouping, and separation of concerns across documentation, scripts,
and infrastructure snapshots.
Major Changes:
1. Documentation Reorganization:
- Created start-here-docs/ for onboarding documentation
* Moved QUICK-START.md, START-HERE.md, GIT-SETUP-GUIDE.md
* Moved GIT-QUICK-REFERENCE.md, SCRIPT-USAGE.md, SETUP-COMPLETE.md
- Created troubleshooting/ directory
* Moved BUGFIX-SUMMARY.md for centralized issue resolution
- Created mcp/ directory for Model Context Protocol configurations
* Moved OBSIDIAN-MCP-SETUP.md to mcp/obsidian/
2. Scripts Reorganization:
- Created scripts/crawlers-exporters/ for infrastructure collection
* Moved collect*.sh scripts and collection documentation
* Consolidates Proxmox homelab export tooling
- Created scripts/fixers/ for operational repair scripts
* Moved fix_n8n_db_*.sh scripts
* Isolated scripts with embedded credentials (templates tracked)
- Created scripts/qol/ for quality-of-life utilities
* Moved git-aliases.sh and git-first-commit.sh
3. Infrastructure Snapshots:
- Created disaster-recovery/ for active infrastructure state
* Moved latest homelab-export-20251202-204939/ snapshot
* Contains current VM/CT configurations and system state
- Created archive-homelab/ for historical snapshots
* Moved homelab-export-*.tar.gz archives
* Preserves point-in-time backups for reference
4. Agent Definitions:
- Created sub-agents/ directory
* Added backend-builder.md (development agent)
* Added lab-operator.md (infrastructure operations agent)
* Added librarian.md (git/version control agent)
* Added scribe.md (documentation agent)
5. Updated INDEX.md:
- Reflects new directory structure throughout
- Updated all file path references
- Enhanced navigation with new sections
- Added agent roles documentation
- Updated quick reference commands
6. Security Improvements:
- Updated .gitignore to match reorganized file locations
- Corrected path for scripts/fixers/fix_n8n_db_c_locale.sh exclusion
- Maintained template-based credential management pattern
Infrastructure State Update:
- Latest snapshot: 2025-12-02 20:49:54
- Removed: VM 101 (gitlab), CT 112 (Anytype)
- Added: CT 113 (n8n)
- Total: 9 VMs, 3 Containers
Impact:
- Improved repository navigation and discoverability
- Logical separation of documentation, scripts, and snapshots
- Clearer onboarding path for new users
- Enhanced maintainability through organized structure
- Foundation for multi-agent workflow support
Files changed: 90 files (+935/-349)
- 3 modified, 14 new files, 73 renames/moves
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
350 lines
10 KiB
Bash
350 lines
10 KiB
Bash
#!/bin/bash
|
|
################################################################################
|
|
# n8n PostgreSQL Permission Fix Script
|
|
#
|
|
# Purpose: Fix PostgreSQL 15+ permission issues for n8n database
|
|
# Root Cause: PostgreSQL 15+ removed default CREATE permission from PUBLIC
|
|
# role on the 'public' schema
|
|
# Solution: Recreate database with proper ownership and explicit grants
|
|
#
|
|
# Author: Backend Builder (Claude Code)
|
|
# Date: 2025-12-01
|
|
# Environment: Debian 12, PostgreSQL 16, n8n LXC Container (CT 113)
|
|
#
|
|
# SECURITY NOTE: This script requires database password to be set via environment
|
|
# variable or edited directly before use.
|
|
################################################################################
|
|
|
|
set -e # Exit immediately if a command exits with a non-zero status
|
|
set -u # Treat unset variables as an error
|
|
set -o pipefail # Prevent errors in a pipeline from being masked
|
|
|
|
################################################################################
|
|
# CONFIGURATION
|
|
################################################################################
|
|
|
|
DB_NAME="n8n_db"
|
|
DB_USER="n8n_user"
|
|
DB_PASSWORD="${N8N_DB_PASSWORD:-YOUR_DB_PASSWORD_HERE}" # Set via env or edit this line
|
|
DB_HOST="localhost"
|
|
BACKUP_DIR="/var/backups/n8n"
|
|
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
|
|
BACKUP_FILE="${BACKUP_DIR}/n8n_db_backup_${TIMESTAMP}.sql"
|
|
LOG_FILE="/var/log/n8n_db_fix_${TIMESTAMP}.log"
|
|
|
|
# Color codes for output
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
BLUE='\033[0;34m'
|
|
NC='\033[0m' # No Color
|
|
|
|
################################################################################
|
|
# FUNCTIONS
|
|
################################################################################
|
|
|
|
log() {
|
|
echo -e "${BLUE}[$(date +'%Y-%m-%d %H:%M:%S')]${NC} $1" | tee -a "$LOG_FILE"
|
|
}
|
|
|
|
log_success() {
|
|
echo -e "${GREEN}[✓]${NC} $1" | tee -a "$LOG_FILE"
|
|
}
|
|
|
|
log_warning() {
|
|
echo -e "${YELLOW}[⚠]${NC} $1" | tee -a "$LOG_FILE"
|
|
}
|
|
|
|
log_error() {
|
|
echo -e "${RED}[✗]${NC} $1" | tee -a "$LOG_FILE"
|
|
}
|
|
|
|
check_password() {
|
|
if [[ "$DB_PASSWORD" == "YOUR_DB_PASSWORD_HERE" ]] || [[ -z "$DB_PASSWORD" ]]; then
|
|
log_error "Database password not configured!"
|
|
log_error "Set N8N_DB_PASSWORD environment variable or edit DB_PASSWORD in this script"
|
|
log_error "Example: export N8N_DB_PASSWORD='your_password_here'"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
check_root() {
|
|
if [[ $EUID -ne 0 ]]; then
|
|
log_error "This script must be run as root"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
check_postgresql() {
|
|
if ! systemctl is-active --quiet postgresql; then
|
|
log_error "PostgreSQL is not running"
|
|
exit 1
|
|
fi
|
|
log_success "PostgreSQL service is running"
|
|
}
|
|
|
|
check_n8n_service() {
|
|
if systemctl list-unit-files | grep -q "n8n.service"; then
|
|
return 0
|
|
else
|
|
log_warning "n8n service not found, skipping service management"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
stop_n8n() {
|
|
log "Stopping n8n service..."
|
|
if check_n8n_service; then
|
|
systemctl stop n8n || true
|
|
sleep 3
|
|
if systemctl is-active --quiet n8n; then
|
|
log_error "Failed to stop n8n service"
|
|
exit 1
|
|
fi
|
|
log_success "n8n service stopped"
|
|
else
|
|
log_warning "n8n service not managed by systemd, ensure it's stopped manually"
|
|
fi
|
|
}
|
|
|
|
create_backup() {
|
|
log "Creating backup directory..."
|
|
mkdir -p "$BACKUP_DIR"
|
|
chmod 700 "$BACKUP_DIR"
|
|
|
|
log "Creating database backup..."
|
|
if sudo -u postgres pg_dump -h "$DB_HOST" "$DB_NAME" > "$BACKUP_FILE" 2>/dev/null; then
|
|
log_success "Database backed up to: $BACKUP_FILE"
|
|
|
|
# Check if backup is empty
|
|
if [[ ! -s "$BACKUP_FILE" ]]; then
|
|
log_warning "Backup file is empty (database may be empty)"
|
|
else
|
|
BACKUP_SIZE=$(du -h "$BACKUP_FILE" | cut -f1)
|
|
log_success "Backup size: $BACKUP_SIZE"
|
|
fi
|
|
else
|
|
log_warning "Database backup failed (database may not exist or be empty)"
|
|
echo "-- No data to backup" > "$BACKUP_FILE"
|
|
fi
|
|
}
|
|
|
|
drop_database() {
|
|
log "Dropping existing database and recreating with proper ownership..."
|
|
|
|
# Terminate existing connections
|
|
sudo -u postgres psql <<EOF 2>&1 | tee -a "$LOG_FILE"
|
|
SELECT pg_terminate_backend(pg_stat_activity.pid)
|
|
FROM pg_stat_activity
|
|
WHERE pg_stat_activity.datname = '$DB_NAME'
|
|
AND pid <> pg_backend_pid();
|
|
EOF
|
|
|
|
# Drop and recreate database
|
|
sudo -u postgres psql <<EOF 2>&1 | tee -a "$LOG_FILE"
|
|
-- Drop database if exists
|
|
DROP DATABASE IF EXISTS $DB_NAME;
|
|
|
|
-- Recreate database with n8n_user as owner
|
|
CREATE DATABASE $DB_NAME
|
|
OWNER $DB_USER
|
|
ENCODING 'UTF8'
|
|
LC_COLLATE = 'en_US.UTF-8'
|
|
LC_CTYPE = 'en_US.UTF-8'
|
|
TEMPLATE template0;
|
|
|
|
-- Connect to the database
|
|
\c $DB_NAME
|
|
|
|
-- Grant all privileges on the public schema to n8n_user
|
|
GRANT ALL ON SCHEMA public TO $DB_USER;
|
|
|
|
-- Grant all privileges on all tables (current and future)
|
|
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO $DB_USER;
|
|
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO $DB_USER;
|
|
GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public TO $DB_USER;
|
|
|
|
-- Set default privileges for future objects
|
|
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO $DB_USER;
|
|
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO $DB_USER;
|
|
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON FUNCTIONS TO $DB_USER;
|
|
|
|
-- Verify ownership
|
|
\dt
|
|
EOF
|
|
|
|
log_success "Database recreated with proper ownership"
|
|
}
|
|
|
|
test_permissions() {
|
|
log "Testing database permissions..."
|
|
|
|
# Test connection and DDL operations
|
|
PGPASSWORD="$DB_PASSWORD" psql -h "$DB_HOST" -U "$DB_USER" -d "$DB_NAME" <<EOF 2>&1 | tee -a "$LOG_FILE"
|
|
-- Test table creation
|
|
CREATE TABLE IF NOT EXISTS permission_test (
|
|
id SERIAL PRIMARY KEY,
|
|
test_column VARCHAR(100),
|
|
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
|
|
);
|
|
|
|
-- Test insert
|
|
INSERT INTO permission_test (test_column) VALUES ('Permission test successful');
|
|
|
|
-- Test select
|
|
SELECT * FROM permission_test;
|
|
|
|
-- Cleanup test table
|
|
DROP TABLE permission_test;
|
|
|
|
-- Display current user and database
|
|
SELECT current_user, current_database();
|
|
EOF
|
|
|
|
if [[ $? -eq 0 ]]; then
|
|
log_success "Permission test PASSED - n8n_user can create tables and perform DDL operations"
|
|
return 0
|
|
else
|
|
log_error "Permission test FAILED - n8n_user still lacks necessary permissions"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
verify_schema_permissions() {
|
|
log "Verifying schema permissions..."
|
|
|
|
sudo -u postgres psql -d "$DB_NAME" <<EOF | tee -a "$LOG_FILE"
|
|
-- Check database ownership
|
|
SELECT d.datname AS database_name,
|
|
pg_catalog.pg_get_userbyid(d.datdba) AS owner
|
|
FROM pg_catalog.pg_database d
|
|
WHERE d.datname = '$DB_NAME';
|
|
|
|
-- Check schema permissions
|
|
SELECT
|
|
n.nspname AS schema_name,
|
|
pg_catalog.pg_get_userbyid(n.nspowner) AS owner,
|
|
pg_catalog.array_to_string(n.nspacl, E'\n') AS acl
|
|
FROM pg_catalog.pg_namespace n
|
|
WHERE n.nspname = 'public';
|
|
EOF
|
|
|
|
log_success "Schema permissions verified"
|
|
}
|
|
|
|
start_n8n() {
|
|
log "Starting n8n service..."
|
|
if check_n8n_service; then
|
|
systemctl start n8n
|
|
sleep 5
|
|
|
|
if systemctl is-active --quiet n8n; then
|
|
log_success "n8n service started successfully"
|
|
else
|
|
log_error "n8n service failed to start"
|
|
log "Check logs with: journalctl -u n8n -n 50"
|
|
return 1
|
|
fi
|
|
else
|
|
log_warning "n8n service not managed by systemd, start manually"
|
|
fi
|
|
}
|
|
|
|
verify_n8n_startup() {
|
|
log "Verifying n8n startup and database migration..."
|
|
|
|
if check_n8n_service; then
|
|
sleep 10 # Give n8n time to run migrations
|
|
|
|
# Check service status
|
|
if systemctl is-active --quiet n8n; then
|
|
log_success "n8n service is running"
|
|
else
|
|
log_error "n8n service is not running"
|
|
return 1
|
|
fi
|
|
|
|
# Check logs for errors
|
|
if journalctl -u n8n --since "1 minute ago" | grep -q "permission denied"; then
|
|
log_error "Permission errors still present in n8n logs"
|
|
journalctl -u n8n -n 30 | tee -a "$LOG_FILE"
|
|
return 1
|
|
elif journalctl -u n8n --since "1 minute ago" | grep -q "n8n ready on"; then
|
|
log_success "n8n started successfully and is ready"
|
|
return 0
|
|
else
|
|
log_warning "Unable to confirm n8n status from logs, check manually"
|
|
return 0
|
|
fi
|
|
else
|
|
log_warning "Cannot verify n8n startup automatically, check manually"
|
|
return 0
|
|
fi
|
|
}
|
|
|
|
display_summary() {
|
|
echo ""
|
|
echo "================================================================================"
|
|
log_success "n8n DATABASE PERMISSION FIX COMPLETED"
|
|
echo "================================================================================"
|
|
echo ""
|
|
echo "📋 Summary:"
|
|
echo " - Database: $DB_NAME"
|
|
echo " - User: $DB_USER"
|
|
echo " - Backup: $BACKUP_FILE"
|
|
echo " - Log file: $LOG_FILE"
|
|
echo ""
|
|
echo "✅ Actions Completed:"
|
|
echo " 1. Created database backup"
|
|
echo " 2. Dropped and recreated database with proper ownership"
|
|
echo " 3. Granted explicit schema permissions to n8n_user"
|
|
echo " 4. Tested DDL permissions successfully"
|
|
echo " 5. Restarted n8n service"
|
|
echo ""
|
|
echo "🔍 Verification Steps:"
|
|
echo " 1. Check n8n service: systemctl status n8n"
|
|
echo " 2. View recent logs: journalctl -u n8n -n 50 -f"
|
|
echo " 3. Access n8n web UI: http://<container-ip>:5678"
|
|
echo ""
|
|
echo "📊 Database Status:"
|
|
sudo -u postgres psql -d "$DB_NAME" -c "\dt" 2>/dev/null || true
|
|
echo ""
|
|
echo "================================================================================"
|
|
}
|
|
|
|
################################################################################
|
|
# MAIN EXECUTION
|
|
################################################################################
|
|
|
|
main() {
|
|
echo "================================================================================"
|
|
echo "n8n PostgreSQL Permission Fix Script"
|
|
echo "================================================================================"
|
|
echo ""
|
|
|
|
# Pre-flight checks
|
|
log "Starting pre-flight checks..."
|
|
check_root
|
|
check_password
|
|
check_postgresql
|
|
|
|
# Execute fix
|
|
stop_n8n
|
|
create_backup
|
|
drop_database
|
|
verify_schema_permissions
|
|
test_permissions
|
|
|
|
# Restart and verify
|
|
start_n8n
|
|
verify_n8n_startup
|
|
|
|
# Display summary
|
|
display_summary
|
|
|
|
log_success "Script completed successfully!"
|
|
}
|
|
|
|
# Execute main function
|
|
main "$@"
|