diff options
Diffstat (limited to 'postgresql-config/src')
28 files changed, 2204 insertions, 0 deletions
diff --git a/postgresql-config/src/common/postinst b/postgresql-config/src/common/postinst new file mode 100755 index 0000000..b681058 --- /dev/null +++ b/postgresql-config/src/common/postinst @@ -0,0 +1,40 @@ +#!/bin/bash +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this code except in compliance +# with the License. You may obtain a copy of the License +# at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. + + +exec 1> /tmp/postgresql-config.out 2>&1 +set -x +if [ -d /opt/app/postgresql-9.5.2 ] +then export OPENECOMP=false NOTOPENECOMP=true +else export OPENECOMP=true NOTOPENECOMP=false +fi +id + +if $OPENECOMP +then INSTALL_ROOT= +fi + +echo STARTING $0 $(date) +umask 0 +echo STARTING $0 $(date) >> /tmp/pgaas.inst.report + +export CFGDIR=${INSTALL_ROOT}/opt/app/postgresql-config/ + +$CFGDIR/etc/do-post-install + +echo ENDING $0 $(date) +echo ENDING $0 $(date) >> /tmp/pgaas.inst.report +if $NOTOPENECOMP +then sed -n '/^STARTING/,/^ENDING/p' `dirname $0`/../../proc_out >> /tmp/pgaas.inst.report +fi diff --git a/postgresql-config/src/makefile b/postgresql-config/src/makefile new file mode 100644 index 0000000..bf6ae6b --- /dev/null +++ b/postgresql-config/src/makefile @@ -0,0 +1,39 @@ + +DEVBIN=../../bin +PKG=postgresql-config +REPACKAGESWMOPTS= +REPACKAGEDEBIANOPTS= + +INS= ../install +INSSTG= $(INS)/stage +INSCOM= $(INS)/common + +all: + +clean-stage: + rm -rf $(INSSTG) + +clean-common: + rm -rf $(INSCOM) + +clean: + rm -rf $(INS) + +build: + +stage: clean-stage clean-common + mkdir -p $(INS) + find stage ! -name makefile ! -name '*~' | cpio -pudmv $(INS) + find common ! -name makefile ! -name '*~' | cpio -pudmv $(INS) + chmod -R a+x $(INS)/stage/opt/app/postgresql-config/etc/* + cp -p repackage.* $(INS) + + +debian: stage + repackage -y repackage.json -b debian -d $(INS) -u + repackage -y repackage.json -b debian -d $(INS) -u -B LATEST + @echo debian built + +upload-javadocs: + @echo nothing to do here + diff --git a/postgresql-config/src/repackage.json b/postgresql-config/src/repackage.json new file mode 100644 index 0000000..d4376fe --- /dev/null +++ b/postgresql-config/src/repackage.json @@ -0,0 +1,25 @@ +{ + "debian": { + "replaces": [], + "conflicts": [], + "groupId": "org.openecomp.dcae.storage.pgaas", + "externalDependencies": [] + }, + "fileGroup": "postgres", + "version": "1.0.0", + "applicationName": "postgresql-config", + "internalDependencies": [], + "directoryTreeTops": { + "/opt": "/opt/app/postgresql-config" + }, + "executionUser": "postgres", + "maintainer": "OpenECOMP <dcae@lists.openecomp.org>", + "fileUser": "postgres", + "docker": { + "tag": "latest", + "externalDependencies": [] + }, + "groupId": "org.openecomp.dcae.storage.pgaas", + "description": " PostgreSQL as a Service main scripts ", + "executionGroup": "postgres" +}
\ No newline at end of file diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/common-db-tasks b/postgresql-config/src/stage/opt/app/postgresql-config/etc/common-db-tasks new file mode 100644 index 0000000..517fabd --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/common-db-tasks @@ -0,0 +1,43 @@ +#!/bin/bash +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this code except in compliance +# with the License. You may obtain a copy of the License +# at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. + + +set -x + +die() +{ + echo $0: "$@" 1>&2 + echo $0: "$@" + umask 022 + echo $0: "$@" >> /tmp/pgaas-failures + exit 1 +} + +[ -n "$DBROOT" ] || die "DBROOT is not set" +[ -n "$CFGDIR" ] || die "CFGDIR is not set" + +# set up ~/.pgpass +$CFGDIR/etc/gen-pgpass +# set up repmgr.conf +$CFGDIR/etc/gen-repmgr.conf + +# We don't really need to save pwd.cfg anymore since we are now forcing the password. +# PWDCFG=$DBROOT/../pgaas/pwd.cfg +# egrep '^Global_Title|^postgres|^repmgr' ${INSTALL_ROOT}/opt/app/cdf/lib/cdf.cfg > $PWDCFG + +cd $CFGDIR/main || die "Cannot cd $CFGDIR/main" + +sed -e "s!%CFGDIR%!$CFGDIR!" < postgresql.conf.orig > postgresql.conf || die "Cannot cp postgresql.conf" +sed -e "s!%CFGDIR%!$CFGDIR!" < pg_hba.conf.orig > pg_hba.conf || die "Cannot cp pg_hba.conf" + diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-cdf-master b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-cdf-master new file mode 100644 index 0000000..c079b51 --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-cdf-master @@ -0,0 +1,44 @@ +#!/bin/bash +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this code except in compliance +# with the License. You may obtain a copy of the License +# at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. + + +set -x + +DBROOT=/dbroot/pgdata/main +CDFCFG=${INSTALL_ROOT}/opt/app/cdf/lib/cdf.cfg + +# We don't really need to save pwd.cfg anymore since we are now forcing the password. +# PWDCFG=$DBROOT/../pgaas/pwd.cfg +# if the DB already exists in Cinder storage, grab the password from there for use elsewhere +# if [ -s $PWDCFG -a $( egrep '^Global_Title' < $PWDCFG ) -eq 1 ] +# then +# TMP=$(mktemp /tmp/tmp.ccm.XXXXXXXXXX) +# trap 'rm -f $TMP' 0 1 2 3 15 +# egrep -v '^Global_Title|^postgres|^repmgr' $CDFCFG > $TMP +# egrep '^Global_Title|^postgres|^repmgr' $PWDCFG | cat $TMP - > $CDFCFG +# fi + +# generate a 64 hex random value (256 bits of randomness) for the passwords +if grep '^postgres' $CDFCFG > /dev/null +then : +else + val2=$(dd if=/dev/urandom count=1 ibs=32 2>/dev/null | od -x -w1000 | sed -e 's/^0000000 //' -e 's/ //g' -e 1q) + echo "ENCRYPTME.AES.postgres=$val2" | ${INSTALL_ROOT}/opt/app/cdf/bin/setencryptedvalues >> $CDFCFG +fi +if grep '^repmgr' $CDFCFG > /dev/null +then : +else + val2=$(dd if=/dev/urandom count=1 ibs=32 2>/dev/null | od -x -w1000 | sed -e 's/^0000000 //' -e 's/ //g' -e 1q) + echo "ENCRYPTME.AES.repmgr=$val2" | ${INSTALL_ROOT}/opt/app/cdf/bin/setencryptedvalues >> $CDFCFG +fi diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-cdf-secondary b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-cdf-secondary new file mode 100644 index 0000000..034d897 --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-cdf-secondary @@ -0,0 +1,62 @@ +#!/bin/bash +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this code except in compliance +# with the License. You may obtain a copy of the License +# at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. + + +set -x + +die() +{ + echo $0: "$@" 1>&2 + echo $0: "$@" + umask 022 + echo $0: "$@" >> /tmp/pgaas-failures + exit 1 +} + +[ -n "$MASTER" ] || die "MASTER is not set" + +umask 077 +TMP=$( mktemp /tmp/tmp.ccs1.XXXXXXXXXX ) +trap 'rm -f $TMP' 0 1 2 3 15 + +bwget() +{ + ${INSTALL_ROOT}/opt/app/postgresql-prep/bin/pgwget --progress=dot:giga "$@" +} + +done= +max=40 +for s in `seq $max` +do + echo "$s of $max: Waiting for master $MASTER to send cdf.cfg" + bwget -O$TMP http://$MASTER:8000/getcdf/`hostname -f` + ls -l $TMP + if [ -s $TMP ] + then + msg=$(cat $TMP) + case "$msg" in + OK* ) + echo "Received cdf.cfg" + done=yes + break + ;; + * ) echo "Received invalid cdf: $msg" + ;; + esac + fi + rm -f $TMP + sleep 15 +done +[ "$done" = "yes" ] || die "Master did not send cdf.cfg" + diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-db-backup b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-db-backup new file mode 100644 index 0000000..625ce57 --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-db-backup @@ -0,0 +1,34 @@ +#!/bin/bash +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this code except in compliance +# with the License. You may obtain a copy of the License +# at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. + + +if [ -d /opt/app/postgresql-9.5.2 ] +then PGDIR=/opt/app/postgresql-9.5.2 +else PGDIR=/usr/lib/postgresql/9.5 +fi + +$PGDIR/bin/psql <<-EOF + SELECT pg_start_backup('backup'); +EOF + +cd /dbroot/pgdata && +{ + find main | grep -v main/pg_xlog/ + find main/pg_xlog -type d +} | cpio -oc | gzip > main.cpio.gz.$$ && mv main.cpio.gz.$$ main.cpio.gz + +$PGDIR/bin/psql <<-EOF + SELECT pg_stop_backup(); +EOF +echo /dbroot/pgdata/main.cpio.gz created diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-db-master b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-db-master new file mode 100644 index 0000000..f0081be --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-db-master @@ -0,0 +1,72 @@ +#!/bin/bash +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this code except in compliance +# with the License. You may obtain a copy of the License +# at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. + + +# create a master database +set -x + +die() +{ + echo $0: "$@" 1>&2 + echo $0: "$@" + umask 022 + echo $0: "$@" >> /tmp/pgaas-failures + exit 1 +} + +[ -n "$PGDIR" ] || die "PGDIR is not set" +[ -n "$DBROOT" ] || die "DBROOT is not set" +[ -n "$CFGDIR" ] || die "CFGDIR is not set" + +cd $CFGDIR/main || die "Cannot cd $CFGDIR/main" + +PATH=${INSTALL_ROOT}/opt/app/postgresql-prep/bin:$CFGDIR/etc:$PGDIR/bin:$PATH + +umask 077 +TMP=$(mktemp /tmp/tmp.cdm.XXXXXXXXXX) +trap 'rm -f $TMP' 0 1 2 3 15 + +rm -rf $DBROOT/* # initdb fails if the directory is not totally empty +pswd=$( ${INSTALL_ROOT}/opt/app/cdf/bin/getpropvalue -x -n postgres ) +echo "$pswd" > $TMP +$PGDIR/bin/initdb -D $DBROOT --pwfile=$TMP +rm -f $TMP + +$CFGDIR/etc/start-db +sleep 30 + +# create temporal tables and other extensions, if needed +$CFGDIR/etc/create-extensions + +# create repmgr user/db, if needed +$CFGDIR/etc/create-repmgr-user + +sleep 10 + +# register as master +repmgr -f $CFGDIR/main/repmgr.conf master register +echo repmgr ret=$? + +sleep 10 + +# start repmgrd +# start repmgrd (verbose logging for testing) +umask 07 +repmgrd -f $CFGDIR/main/repmgr.conf -d --verbose +echo repmgrd ret=$? +# start repmgrd (normal logging) +# repmgrd -f $CFGDIR/main/repmgr.conf -d + + +# NO LONGER NEEDED $CFGDIR/etc/create-db-backup diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-db-secondary b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-db-secondary new file mode 100644 index 0000000..3e2c304 --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-db-secondary @@ -0,0 +1,122 @@ +#!/bin/bash +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this code except in compliance +# with the License. You may obtain a copy of the License +# at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. + + +# create a secondary database +set -x + +die() +{ + echo $0: "$@" 1>&2 + echo $0: "$@" + umask 022 + echo $0: "$@" >> /tmp/pgaas-failures + exit 1 +} + +[ -n "$MASTER" ] || die "MASTER is not set" +[ -n "$PGDIR" ] || die "PGDIR is not set" +[ -n "$DBROOT" ] || die "DBROOT is not set" +[ -n "$CFGDIR" ] || die "CFGDIR is not set" + +cd $CFGDIR/main || die "Cannot cd $CFGDIR/main" + +PATH=${INSTALL_ROOT}/opt/app/postgresql-prep/bin:$CFGDIR/etc:$PGDIR/bin:$PATH + +bwget() +{ + ${INSTALL_ROOT}/opt/app/postgresql-prep/bin/pgwget --progress=dot:giga "$@" +} + +umask 077 +TMP=$(mktemp /tmp/tmp.cds1.XXXXXXXXXX) +TMP2=$(mktemp /tmp/tmp.cds2.XXXXXXXXXX) +trap 'rm -f $TMP $TMP2' 0 1 2 3 15 + +# wait until master DB is active and has repmgr available +max=40 +for s in `seq $max` +do + echo "$s of $max: Asking master $MASTER if repmgr is ready" + bwget -O$TMP http://$MASTER:8000/hasrepmgr + ls -l $TMP + if [ -s $TMP ] + then + msg=$(cat $TMP) + case $msg in + OK* ) + echo "Master has repmgr ready" + done=yes + break + ;; + * ) + echo "Master does not have repmgr ready, msg=$msg" + ;; + esac + fi + rm -f $TMP + sleep 15 +done +[ "$done" = "yes" ] || die "Master never had repmgr available" + + +# clone database from master + +# make sure /dbroot/pgdata/main is empty +mv $DBROOT $DBROOT-$(date +%Y%m%d%H%M%S) +mkdir -p $DBROOT +# rm -rf $DBROOT/* + +repmgr -v -h $MASTER -U repmgr -d repmgr -D $DBROOT -f $CFGDIR/main/repmgr.conf --ignore-external-config-files standby clone + +if [ ! -f $DBROOT/PG_VERSION ] +then + umask 022 + cat /opt/app/log/postgresql/server/repmgr.log >> /tmp/pgaas-failures + die repmgr clone failed +fi + +$CFGDIR/etc/start-db + +sleep 10 + +# register as standby +repmgr -f $CFGDIR/main/repmgr.conf standby register +echo repmgr ret=$? +sleep 10 + +# start repmgrd +# start repmgrd (verbose logging for testing) +umask 07 + +# wait until repmgrd starts up +max=20 +REPLOG=/opt/app/log/postgresql/server/repmgr.log +done=no +for s in `seq $max` +do + cat $REPLOG > $TMP + repmgrd -f $CFGDIR/main/repmgr.conf -d --verbose + # start repmgrd (normal logging) + # repmgrd -f $CFGDIR/main/repmgr.conf -d + echo repmgrd ret=$? + sleep 5 + diff $TMP $REPLOG | grep "ERROR.*terminating" > $TMP2 + if [ -s "$TMP2" ] + then cat "$TMP2" + else done=yes; break + fi + sleep 10 +done +[ "$done" = "yes" ] || die "Secondary never started repmgrd" diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-extensions b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-extensions new file mode 100644 index 0000000..09f0229 --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-extensions @@ -0,0 +1,53 @@ +#!/bin/bash +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this code except in compliance +# with the License. You may obtain a copy of the License +# at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. + + +set -x + +die() +{ + echo $0: "$@" 1>&2 + echo $0: "$@" + umask 022 + echo $0: "$@" >> /tmp/pgaas-failures + exit 1 +} + +[ -n "$PGDIR" ] || die "PGDIR is not set" + +PATH=${INSTALL_ROOT}/opt/app/postgresql-prep/bin:$PGDIR/bin:$PATH + +TMP=$(mktemp /tmp/tmp.ce.XXXXXXXXXX) +trap 'rm -f $TMP' 0 1 2 3 15 + +echo "select datname from pg_database;" | psql --tuples-only | sed -e 's/^ *//' -e '/^$/d' -e '/^template0$/d' -e '/^repmgr$/d' > $TMP + +for db in $(< $TMP) +do + # enable temporal tables for use + if [ -f /opt/app/postgresql-9.5.2/lib/temporal_tables.so ] + then + psql --dbname=$db <<-EOF + CREATE EXTENSION temporal_tables; + EOF + else + echo "$0: temporal_tables extension is not installed" + fi + + # and other extensions + psql --dbname=$db <<-EOF + CREATE EXTENSION hstore; + CREATE EXTENSION pgcrypto; + EOF +done diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-repmgr-user b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-repmgr-user new file mode 100644 index 0000000..06b5a0a --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-repmgr-user @@ -0,0 +1,40 @@ +#!/bin/bash +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this code except in compliance +# with the License. You may obtain a copy of the License +# at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. + + +set -x + +die() +{ + echo $0: "$@" 1>&2 + echo $0: "$@" + umask 022 + echo $0: "$@" >> /tmp/pgaas-failures + exit 1 +} + +[ -n "$PGDIR" ] || die "PGDIR is not set" + +PATH=${INSTALL_ROOT}/opt/app/postgresql-prep/bin:$PGDIR/bin:$PATH +pswd=$( ${INSTALL_ROOT}/opt/app/cdf/bin/getpropvalue -x -n repmgr ) + +# note: The "pgaas" in "repmgr_pgaas" must match the cluster name used in repmgr.conf + +psql <<-EOF + CREATE ROLE repmgr SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN; + DROP DATABASE repmgr; + CREATE DATABASE repmgr OWNER repmgr; + ALTER USER repmgr PASSWORD '$pswd'; + ALTER USER repmgr SET search_path TO repmgr_pgaas, "\$user", public; +EOF diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-ssh-master b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-ssh-master new file mode 100644 index 0000000..5565041 --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-ssh-master @@ -0,0 +1,40 @@ +#!/bin/bash +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this code except in compliance +# with the License. You may obtain a copy of the License +# at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. + + +set -x + +die() +{ + echo $0: "$@" 1>&2 + echo $0: "$@" + umask 022 + echo $0: "$@" >> /tmp/pgaas-failures + exit 1 +} + +umask 077 +mkdir -p ~postgres/.ssh +chmod 700 ~postgres/.ssh + +PGAASDIR=/dbroot/pgdata/pgaas +if [ -f $PGAASDIR/id_rsa.pub -a -f $PGAASDIR/id_rsa -a $PGAASDIR/authorized_keys ] +then + cp -p $PGAASDIR/id_rsa.pub $PGAASDIR/id_rsa $PGAASDIR/authorized_keys ~postgres/.ssh +else + ssh-keygen -t rsa -N '' -f ~postgres/.ssh/id_rsa + cp -p ~postgres/.ssh/id_rsa.pub ~postgres/.ssh/authorized_keys + cp -p ~postgres/.ssh/id_rsa ~postgres/.ssh/id_rsa.pub ~postgres/.ssh/authorized_keys $PGAASDIR +fi + diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-ssh-secondary b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-ssh-secondary new file mode 100644 index 0000000..a5ee2d4 --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-ssh-secondary @@ -0,0 +1,102 @@ +#!/bin/bash +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this code except in compliance +# with the License. You may obtain a copy of the License +# at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. + + +set -x + +die() +{ + echo $0: "$@" 1>&2 + echo $0: "$@" + umask 022 + echo $0: "$@" >> /tmp/pgaas-failures + exit 1 +} + +bwget() +{ + ${INSTALL_ROOT}/opt/app/postgresql-prep/bin/pgwget --progress=dot:giga "$@" +} + +[ -n "$MASTER" ] || die "MASTER is not set" + + + +umask 077 +TMP=$(mktemp /tmp/tmp.css1.XXXXXXXXXX) +TMP2=$(mktemp /tmp/tmp.css2.XXXXXXXXXX) +trap 'rm -f $TMP $TMP2' 0 1 2 3 15 + +# do we have the keys already? +if [ -f $PGAASDIR/id_rsa.pub -a -f $PGAASDIR/id_rsa -a $PGAASDIR/authorized_keys ] +then + mkdir -p ~postgres/.ssh + chmod 700 ~postgres/.ssh + cp -p $PGAASDIR/id_rsa.pub $PGAASDIR/id_rsa $PGAASDIR/authorized_keys ~postgres/.ssh +else + # no? copy them from the master + done= + max=40 + for s in `seq $max` + do + echo "$s of $max: Waiting for master $MASTER to come online and send its public key" + bwget -O$TMP http://$MASTER:8000/getpubkey + ls -l $TMP + if [ -s $TMP ] + then + msg=$(cat $TMP) + case "$msg" in + ssh-rsa* ) + echo "Received public key" + mkdir -p ~postgres/.ssh + chmod 700 ~postgres/.ssh + cp -p $TMP ~postgres/.ssh/authorized_keys + done=yes + break + ;; + * ) echo "Received invalid public key: $msg" + ;; + esac + else + echo "No key available yet" + fi + rm -f $TMP + sleep 15 + done + [ "$done" = "yes" ] || die "Unable to get key from $MASTER" + + done= + max=40 + for s in `seq $max` + do + echo "$s of $max: Asking for master $MASTER to send remaining ssh files" + bwget -O$TMP2 http://$MASTER:8000/getssh/`hostname -f` + ls -l $TMP2 + if [ -s $TMP2 ] + then + msg=$(cat $TMP2) + case "$msg" in + OK* ) echo "Master has sent the remaining ssh keys" + done=yes + break + ;; + * ) echo "No ssh keys yet: $msg" + ;; + esac + fi + rm -f $TMP2 + sleep 15 + done + [ "$done" = "yes" ] || die "Master did not send ssh keys" +fi diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/do-post-install b/postgresql-config/src/stage/opt/app/postgresql-config/etc/do-post-install new file mode 100644 index 0000000..9b25be8 --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/do-post-install @@ -0,0 +1,124 @@ +#!/bin/bash +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this code except in compliance +# with the License. You may obtain a copy of the License +# at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. + + +set -x + +die() +{ + echo "$@" 1>&2 + echo $0: "$@" + umask 022 + echo $0: "$@" >> /tmp/pgaas-failures + exit 1 +} + +[ -n "$CFGDIR" ] || die "CFGDIR is not set" +[ -n "$OPENECOMP" ] || die "OPENECOMP is not set" +[ -n "$NOTOPENECOMP" ] || die "NOTOPENECOMP is not set" + +if $OPENECOMP +then export PGDIR=${INSTALL_ROOT}/usr/lib/postgresql/9.5 +else export PGDIR=${INSTALL_ROOT}/opt/app/postgresql-9.5.2 +fi +export DBROOT=/dbroot/pgdata/main +export PATH=$PATH:${INSTALL_ROOT}/opt/app/postgresql-prep/bin + +$CFGDIR/etc/makecerts + +cat $CFGDIR/lib/profile.additions >> ~postgres/.profile + +# Determine which system is the master. +# For central, we look first in /tmp/postgres.conf. +# If we don't find that, we look at the pgnodes list and pick the first one. +# For edge, we ignore /tmp/postgres.conf and go directly to the pgnodes list. +# Each edge site has its own master. +clustertype=$( ${INSTALL_ROOT}/opt/app/cdf/bin/getpropvalue -n cluster ) +ismaster=no + +case $clustertype in + central ) + CONF=/tmp/postgres.conf + if [ -f $CONF ] # OpenDCAE + then + umask 077 + TMP=$(mktemp /tmp/tmp.pi1.XXXXXXXXXX) + trap 'rm -f $TMP' 0 1 2 3 15 + sed -e 's/ *: */="/' -e 's/$/"/' -e 's/=""/="/' -e 's/""$/"/' < $CONF > $TMP + . $TMP + case `hostname` in + $master ) ismaster=yes ;; + *?* ) ismaster=no ;; + '' ) die "master is not set in $CONF" + esac + PGNODES=$( ${INSTALL_ROOT}/opt/app/cdf/bin/getpropvalue -n pgnodes ) + export MASTER=$( gen-repmgr-info -n "$PGNODES" -M "$master" ) + [ -n "$MASTER" ] || die "Cannot determine master system. $CONF has '$master' (from env.yaml), which cannot be found in pgnodes." + + else + # not OpenDCAE + ismaster=yes + PGNODES=$( ${INSTALL_ROOT}/opt/app/cdf/bin/getpropvalue -n pgnodes ) + export MASTER=$( gen-repmgr-info -n "$PGNODES" -m ) + fi + ;; + edge ) + host=$( hostname -f ) + PGNODES=$( ${INSTALL_ROOT}/opt/app/cdf/bin/getpropvalue -n pgnodes ) + export MASTER=$( gen-repmgr-info -n "$PGNODES" -C $host ) + case $MASTER in + '' ) die "Cannot determine master system. Does cdf.cfg have pgnodes= in it? Is $host listed as a site?" ;; + DEFAULT ) ismaster=yes MASTER=$host ;; + esac + ;; +esac + +ssh_and_cdf_okay=no + +case $ismaster in + yes ) # master + $CFGDIR/etc/create-ssh-master && + $CFGDIR/etc/create-cdf-master && + ssh_and_cdf_okay=yes + ;; + + no ) # secondary + $CFGDIR/etc/create-ssh-secondary && + $CFGDIR/etc/create-cdf-secondary && + touch $CFGDIR/lib/ignore-database-reconfiguration # prevent dcae_admin_db.py from looking at json DB reconfigurations && + ssh_and_cdf_okay=yes + ;; +esac + +[ "$ssh_and_cdf_okay" = yes ] || die "Could not set up ssh or cdf" + +$CFGDIR/etc/common-db-tasks +# check if we have a database already +if [ ! -s $DBROOT/PG_VERSION ] +then + # need to create it + case $ismaster in + yes ) $CFGDIR/etc/create-db-master ;; + no ) $CFGDIR/etc/create-db-secondary ;; + esac +else + # need to update it + case $ismaster in + yes ) $CFGDIR/etc/update-db-master ;; + no ) + $CFGDIR/etc/create-db-secondary # use repmgr clone even if secondary previously existed + # $CFGDIR/etc/update-db-secondary + ;; + esac +fi diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/gen-pgpass b/postgresql-config/src/stage/opt/app/postgresql-config/etc/gen-pgpass new file mode 100644 index 0000000..ca99a0f --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/gen-pgpass @@ -0,0 +1,33 @@ +#!/bin/bash +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this code except in compliance +# with the License. You may obtain a copy of the License +# at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. + + +# create ~postgres/.pgpass +postgrespswd=$( ${INSTALL_ROOT}/opt/app/cdf/bin/getpropvalue -x -n postgres ) +repmgrpswd=$( ${INSTALL_ROOT}/opt/app/cdf/bin/getpropvalue -x -n repmgr ) +umask 077 +if [ -f ~postgres/.pgpaas ] +then + ed ~postgres/.pgpaas <<-EOF + H + g/:postgres:/d + g/:repmgr:/d + w + q + EOF +fi + +echo "*:*:*:postgres:$postgrespswd" >> ~postgres/.pgpass +echo "*:*:*:repmgr:$repmgrpswd" >> ~postgres/.pgpass +chmod go-rwx ~postgres/.pgpass diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/gen-recovery.conf b/postgresql-config/src/stage/opt/app/postgresql-config/etc/gen-recovery.conf new file mode 100644 index 0000000..fc80cb0 --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/gen-recovery.conf @@ -0,0 +1,51 @@ +#!/bin/bash +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this code except in compliance +# with the License. You may obtain a copy of the License +# at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. + + +set -x + +die() +{ + echo $0: "$@" 1>&2 + echo $0: "$@" + umask 022 + echo $0: "$@" >> /tmp/pgaas-failures + exit 1 +} + +[ -n "$DBROOT" ] || die "DBROOT is not set" + +cd $DBROOT || die "Cannot cd $DBROOT" +PATH=${INSTALL_ROOT}/opt/app/postgresql-prep/bin:$PATH + +PGNODES=$( ${INSTALL_ROOT}/opt/app/cdf/bin/getpropvalue -n pgnodes ) +HOSTNAME=`hostname -f` +PGNODEVALUE=$( gen-repmgr-info -n "$PGNODES" -l "$HOSTNAME" ) + +# node_name from repmgr.conf => application_name in recovery.conf conninfo line +# "node" value from repmgr.conf => primary_slot_name in recovery.conf with the string "repmgr_slot_" prefixed +# node_name in repmgr.conf can be the $HOSTNAME value ? + +pswd=$( ${INSTALL_ROOT}/opt/app/cdf/bin/getpropvalue -x -n repmgr ) + +appname=$HOSTNAME +PGNODEVALUE=$( gen-repmgr-info -n "$PGNODES" -l "$HOSTNAME" ) +umask 07 +cat <<-EOF > $DBROOT/recovery.conf + standby_mode = 'on' + primary_conninfo = 'user=repmgr password=$pswd host=$HOSTNAME port=5432 application_name=$HOSTNAME sslmode=prefer sslcompression=1' + recovery_target_timeline = 'latest' + primary_slot_name = repmgr_slot_$PGNODEVALUE +EOF + diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/gen-repmgr.conf b/postgresql-config/src/stage/opt/app/postgresql-config/etc/gen-repmgr.conf new file mode 100755 index 0000000..ca595f6 --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/gen-repmgr.conf @@ -0,0 +1,63 @@ +#!/bin/bash +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this code except in compliance +# with the License. You may obtain a copy of the License +# at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. + + +set -x + +die() +{ + echo $0: "$@" 1>&2 + echo $0: "$@" + umask 022 + echo $0: "$@" >> /tmp/pgaas-failures + exit 1 +} + +[ -n "$CFGDIR" ] || die "CFGDIR is not set" + +cd $CFGDIR/main || die "Cannot cd $CFGDIR/main" +PATH=${INSTALL_ROOT}/opt/app/postgresql-prep/bin:$PATH +LOGDIR=/opt/app/log/postgresql/server + +PGNODES=$( ${INSTALL_ROOT}/opt/app/cdf/bin/getpropvalue -n pgnodes ) + +CLUSTER=pgaas +HOSTNAME=`hostname -f` +PGNODEVALUE=$( gen-repmgr-info -n "$PGNODES" -l "$HOSTNAME" ) +UPSTREAMPGNODE=$( gen-repmgr-info -n "$PGNODES" -c "$HOSTNAME" ) + +UPSTREAMTEXT="#upstream_node=" +case $UPSTREAMPGNODE in + DEFAULT ) ;; + * ) UPSTREAMTEXT="upstream_node=$UPSTREAMPGNODE" ;; +esac + +cat <<-EOF > repmgr.conf + cluster=$CLUSTER + node=$PGNODEVALUE + node_name=$HOSTNAME + conninfo='host=$HOSTNAME user=repmgr dbname=repmgr' + use_replication_slots=1 + $UPSTREAMTEXT + + failover=automatic + promote_command='repmgr standby promote -f $CFGDIR/main/repmgr.conf' + follow_command='repmgr standby follow -f $CFGDIR/main/repmgr.conf' + event_notification_command='/opt/app/postgresql-prep/bin/repmgrd-status-changes %n %e %s "%t" "%d"' + + #Log level: possible values are DEBUG, INFO, NOTICE, WARNING, ERR, ALERT, CRIT or EMERG + loglevel=INFO + logfile='$LOGDIR/repmgr.log' +EOF + diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/lock-and-create-db-backup b/postgresql-config/src/stage/opt/app/postgresql-config/etc/lock-and-create-db-backup new file mode 100644 index 0000000..ff942e6 --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/lock-and-create-db-backup @@ -0,0 +1,33 @@ +#!/bin/bash +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this code except in compliance +# with the License. You may obtain a copy of the License +# at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. + + +if [ -d /opt/app/postgresql-9.5.2 ] +then PGDIR=${INSTALL_ROOT}/opt/app/postgresql-9.5.2 +else PGDIR=/usr/lib/postgresql/9.5 +fi + +export PATH=$PGDIR/bin:${INSTALL_ROOT}/opt/java/jdk/jdk170/bin:${INSTALL_ROOT}/opt/app/cdf/bin:${INSTALL_ROOT}/opt/app/pgaas/bin:$PATH + +LOCKFILE=/var/lock/create-db-backup + +testlock -s -t 0 -r 99 ${LOCKFILE} create-db-backup +retc=$? + +if [ $retc -eq 99 ] +then + echo Backup is already being created +fi +exit $retc + diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/makecerts b/postgresql-config/src/stage/opt/app/postgresql-config/etc/makecerts new file mode 100755 index 0000000..a272f7b --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/makecerts @@ -0,0 +1,97 @@ +#!/bin/bash +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this code except in compliance +# with the License. You may obtain a copy of the License +# at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. + + +# NAME +# makecerts - Create elf-signed certificates for PostgreSQL +# +# USAGE +# makecerts [--force-overwrite] +# +# FILES +# /opt/app/postgresql-config/etc +# ssleay.cnf - template +# /opt/app/postgresql-config/lib +# ssl-cert-snakeoil.pem - public key +# ssl-cert-snakeoil.key - private key + +die() +{ + echo $0: "$@" 1>&2 + echo $0: "$@" + umask 022 + echo $0: "$@" >> /tmp/pgaas-failures + exit 1 +} + +if [ -d ${INSTALL_ROOT}/opt/app/postgresql-config ] +then dir=${INSTALL_ROOT}/opt/app/postgresql-config +else dir=${INSTALL_ROOT}/opt/app/postgresql-config-9.5.2 +fi +etcdir=$dir/etc +libdir=$dir/lib +template="$etcdir/ssleay.cnf" + +usage() +{ + exec 1>&2 + echo "Usage: $0 [--force-overwrite]" + echo "Create self-signed certificates for $dir" + exit 1 +} + +if [ -f "$libdir/ssl-cert-snakeoil.pem" ] && [ -f "$libdir/ssl-cert-snakeoil.key" ]; then + if [ "$1" != "--force-overwrite" ]; then + exit 0 + fi +fi + +# make_snakeoil + +if ! HostName="$(hostname -f)" ; then + HostName="$(hostname)" + echo "$0: Could not get FQDN, using \"$HostName\"." + echo "$0: You may want to fix your /etc/hosts and/or DNS setup and run" + echo "$0: '$0 --force-overwrite'" + echo "$0: again." +fi +if [ ${#HostName} -gt 64 ] ; then + AltName="DNS:$HostName" + HostName="$(hostname)" +fi + + +TMPFILE="$(mktemp /tmp/tmp.mc1.XXXXXXXXXX)" || die mktemp failed +TMPOUT="$(mktemp /tmp/tmp.mc2.XXXXXXXXXX)" || die mktemp failed + +trap "rm -f $TMPFILE $TMPOUT" EXIT 1 2 3 15 + +# create_temporary_cnf + sed -e s#@HostName@#"$HostName"# $template > $TMPFILE + [ -z "$AltName" ] || echo "subjectAltName=$AltName" >> $TMPFILE + +# create the certificate. + +if ! openssl req -config $TMPFILE -new -x509 -days 3650 -nodes \ + -out $libdir/ssl-cert-snakeoil.pem \ + -keyout $libdir/ssl-cert-snakeoil.key > $TMPOUT 2>&1 +then + echo Could not create certificate. Openssl output was: >&2 + cat $TMPOUT >&2 + die openssl failed +fi +chmod 644 $libdir/ssl-cert-snakeoil.pem +chmod 600 $libdir/ssl-cert-snakeoil.key +# hash symlink +ln -sf ssl-cert-snakeoil.pem $libdir/$(openssl x509 -hash -noout -in $libdir/ssl-cert-snakeoil.pem) diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/ssleay.cnf b/postgresql-config/src/stage/opt/app/postgresql-config/etc/ssleay.cnf new file mode 100644 index 0000000..2b665cc --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/ssleay.cnf @@ -0,0 +1,33 @@ +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this code except in compliance +# with the License. You may obtain a copy of the License +# at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. + +# +# SSLeay example configuration file. +# + +RANDFILE = /dev/urandom + +[ req ] +default_bits = 2048 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +prompt = no +policy = policy_anything +req_extensions = v3_req +x509_extensions = v3_req + +[ req_distinguished_name ] +commonName = @HostName@ + +[ v3_req ] +basicConstraints = CA:FALSE diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/start-db b/postgresql-config/src/stage/opt/app/postgresql-config/etc/start-db new file mode 100644 index 0000000..2d50b40 --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/start-db @@ -0,0 +1,32 @@ +#!/bin/bash +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this code except in compliance +# with the License. You may obtain a copy of the License +# at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. + + +set -x + +die() +{ + echo $0: "$@" 1>&2 + echo $0: "$@" + umask 022 + echo $0: "$@" >> /tmp/pgaas-failures + exit 1 +} + +[ -n "$PGDIR" ] || die "PGDIR is not set" +[ -n "$DBROOT" ] || die "DBROOT is not set" +[ -n "$CFGDIR" ] || die "CFGDIR is not set" + +rm -f $DBROOT/postmaster.pid +$PGDIR/bin/pg_ctl start -D $DBROOT -o "-c config_file=$CFGDIR/main/postgresql.conf" diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/update-db-master b/postgresql-config/src/stage/opt/app/postgresql-config/etc/update-db-master new file mode 100644 index 0000000..0c0c238 --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/update-db-master @@ -0,0 +1,63 @@ +#!/bin/bash +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this code except in compliance +# with the License. You may obtain a copy of the License +# at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. + + +# update a master database +set -x + +die() +{ + echo $0: "$@" 1>&2 + echo $0: "$@" + umask 022 + echo $0: "$@" >> /tmp/pgaas-failures + exit 1 +} + +[ -n "$PGDIR" ] || die "PGDIR is not set" +[ -n "$DBROOT" ] || die "DBROOT is not set" +[ -n "$CFGDIR" ] || die "CFGDIR is not set" + +cd $CFGDIR/main || die "Cannot cd $CFGDIR/main" + +PATH=${INSTALL_ROOT}/opt/app/postgresql-prep/bin:$CFGDIR/etc:$PGDIR/bin:$PATH + +# update postgresql.conf - got new ones +# update pg_hba.conf - got new ones +# set up repmgr.conf - in common + +# start the DB +start-db +sleep 10 + +# make sure the postgres password is right +$CFGDIR/etc/update-postgres-user + +# create temporal tables and other extensions, if needed +$CFGDIR/etc/create-extensions + +# create repmgr user/db, if needed +$CFGDIR/etc/create-repmgr-user + +# register as master +repmgr -f $CFGDIR/main/repmgr.conf master register +echo repmgr ret=$? + +# start repmgrd +# start repmgrd (verbose logging for testing) +umask 07 +repmgrd -f $CFGDIR/main/repmgr.conf -d --verbose +echo repmgrd ret=$? +# start repmgrd (normal logging) +# repmgrd -f $CFGDIR/main/repmgr.conf -d diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/update-db-secondary b/postgresql-config/src/stage/opt/app/postgresql-config/etc/update-db-secondary new file mode 100644 index 0000000..b819865 --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/update-db-secondary @@ -0,0 +1,95 @@ +#!/bin/bash +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this code except in compliance +# with the License. You may obtain a copy of the License +# at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. + + +# update a secondary database +set -x + +die() +{ + echo $0: "$@" 1>&2 + echo $0: "$@" + umask 022 + echo $0: "$@" >> /tmp/pgaas-failures + exit 1 +} + +[ -n "$MASTER" ] || die "MASTER is not set" +[ -n "$PGDIR" ] || die "PGDIR is not set" +[ -n "$DBROOT" ] || die "DBROOT is not set" +[ -n "$CFGDIR" ] || die "CFGDIR is not set" + +cd $CFGDIR/main || die "Cannot cd $CFGDIR/main" + +PATH=${INSTALL_ROOT}/opt/app/postgresql-prep/bin:$CFGDIR/etc:$PGDIR/bin:$PATH + +umask 077 +TMP=$(mktemp /tmp/tmp.uds1.XXXXXXXXXX) +trap 'rm -f $TMP' 0 1 2 3 15 + +# update postgresql.conf - got new ones +# update pg_hba.conf - got new ones +# set up repmgr.conf - in common + +# replace/update recovery.conf +if [ -f $DBROOT/recovery.conf ];then mv $DBROOT/recovery.conf $DBROOT/recovery.conf.upgraded;fi +$CFGDIR/etc/gen-recovery.conf + +# wait until master DB is active and has repmgr available +max=40 +for s in `seq $max` +do + echo "$s of $max: Asking master $MASTER if repmgr is ready" + pgwget --progress=dot:giga -O$TMP http://$MASTER:8000/hasrepmgr + if [ -s $TMP ] + then + msg=$(cat $TMP) + case $msg in + OK* ) + echo "Master has repmgr ready" + done=yes + break + ;; + * ) + echo "Master does not have repmgr ready, msg=$msg" + ;; + esac + fi + rm -f $TMP + sleep 15 +done +[ "$done" = "yes" ] || die "Master never had repmgr available" + + +$CFGDIR/etc/start-db + +sleep 10 + +# make sure the postgres password is right +$CFGDIR/etc/update-postgres-user + +# register as standby +repmgr -f $CFGDIR/main/repmgr.conf standby register +echo repmgr ret=$? +sleep 10 + +# start repmgrd +# start repmgrd (verbose logging for testing) +umask 07 +repmgrd -f $CFGDIR/main/repmgr.conf -d --verbose +echo repmgrd ret=$? +# start repmgrd (normal logging) +# repmgrd -f $CFGDIR/main/repmgr.conf -d + +chmod 600 recovery.conf diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/update-postgres-user b/postgresql-config/src/stage/opt/app/postgresql-config/etc/update-postgres-user new file mode 100644 index 0000000..b7f3762 --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/update-postgres-user @@ -0,0 +1,34 @@ +#!/bin/bash +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this code except in compliance +# with the License. You may obtain a copy of the License +# at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. + + +set -x + +die() +{ + echo $0: "$@" 1>&2 + echo $0: "$@" + umask 022 + echo $0: "$@" >> /tmp/pgaas-failures + exit 1 +} + +[ -n "$PGDIR" ] || die "PGDIR is not set" + +PATH=${INSTALL_ROOT}/opt/app/postgresql-prep/bin:$PGDIR/bin:$PATH +pswd=$( ${INSTALL_ROOT}/opt/app/cdf/bin/getpropvalue -x -n postgres ) + +psql <<-EOF + ALTER USER postgres PASSWORD '$pswd'; + EOF diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/lib/profile.additions b/postgresql-config/src/stage/opt/app/postgresql-config/lib/profile.additions new file mode 100644 index 0000000..3ee8128 --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/lib/profile.additions @@ -0,0 +1,6 @@ + +if [ -d /opt/app/postgresql-9.5.2 ] +then PGDIR=/opt/app/postgresql-9.5.2 +else PGDIR=/usr/lib/postgresql/9.5 +fi +export PATH="$PGDIR/bin:/opt/app/cdf/bin:/opt/app/pgaas/bin:/opt/app/postgresql-prep/bin:$PATH" diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/main/pg_hba.conf.orig b/postgresql-config/src/stage/opt/app/postgresql-config/main/pg_hba.conf.orig new file mode 100644 index 0000000..7bf51c1 --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/main/pg_hba.conf.orig @@ -0,0 +1,127 @@ +# PostgreSQL Client Authentication Configuration File +# =================================================== +# +# Refer to the "Client Authentication" section in the PostgreSQL +# documentation for a complete description of this file. A short +# synopsis follows. +# +# This file controls: which hosts are allowed to connect, how clients +# are authenticated, which PostgreSQL user names they can use, which +# databases they can access. Records take one of these forms: +# +# local DATABASE USER METHOD [OPTIONS] +# host DATABASE USER ADDRESS METHOD [OPTIONS] +# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] +# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] +# +# (The uppercase items must be replaced by actual values.) +# +# The first field is the connection type: "local" is a Unix-domain +# socket, "host" is either a plain or SSL-encrypted TCP/IP socket, +# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a +# plain TCP/IP socket. +# +# DATABASE can be "all", "sameuser", "samerole", "replication", a +# database name, or a comma-separated list thereof. The "all" +# keyword does not match "replication". Access to replication +# must be enabled in a separate record (see example below). +# +# USER can be "all", a user name, a group name prefixed with "+", or a +# comma-separated list thereof. In both the DATABASE and USER fields +# you can also write a file name prefixed with "@" to include names +# from a separate file. +# +# ADDRESS specifies the set of hosts the record matches. It can be a +# host name, or it is made up of an IP address and a CIDR mask that is +# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that +# specifies the number of significant bits in the mask. A host name +# that starts with a dot (.) matches a suffix of the actual host name. +# Alternatively, you can write an IP address and netmask in separate +# columns to specify the set of hosts. Instead of a CIDR-address, you +# can write "samehost" to match any of the server's own IP addresses, +# or "samenet" to match any address in any subnet that the server is +# directly connected to. +# +# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi", +# "ident", "peer", "pam", "ldap", "radius" or "cert". Note that +# "password" sends passwords in clear text; "md5" is preferred since +# it sends encrypted passwords. +# +# OPTIONS are a set of options for the authentication in the format +# NAME=VALUE. The available options depend on the different +# authentication methods -- refer to the "Client Authentication" +# section in the documentation for a list of which options are +# available for which authentication methods. +# +# Database and user names containing spaces, commas, quotes and other +# special characters must be quoted. Quoting one of the keywords +# "all", "sameuser", "samerole" or "replication" makes the name lose +# its special character, and just match a database or username with +# that name. +# +# This file is read on server startup and when the postmaster receives +# a SIGHUP signal. If you edit the file on a running system, you have +# to SIGHUP the postmaster for the changes to take effect. You can +# use "pg_ctl reload" to do that. + +# Put your actual configuration here +# ---------------------------------- +# +# If you want to allow non-local connections, you need to add more +# "host" records. In that case you will also need to make PostgreSQL +# listen on a non-local interface via the listen_addresses +# configuration parameter, or via the -i or -h command line switches. + +### @authcomment@ +### +### # TYPE DATABASE USER ADDRESS METHOD +### +### @remove-line-for-nolocal@# "local" is for Unix domain socket connections only +### @remove-line-for-nolocal@local all all @authmethodlocal@ +### # IPv4 local connections: +### host all all 127.0.0.1/32 @authmethodhost@ +### # IPv6 local connections: +### host all all ::1/128 @authmethodhost@ +### # Allow replication connections from localhost, by a user with the +### # replication privilege. +### @remove-line-for-nolocal@#local replication @default_username@ @authmethodlocal@ +### #host replication @default_username@ 127.0.0.1/32 @authmethodhost@ +### #host replication @default_username@ ::1/128 @authmethodhost@ + +# DO NOT DISABLE! +# If you change this first entry you will need to make sure that the +# database superuser can access the database using some other method. +# Noninteractive access to all databases is required during automatic +# maintenance (custom daily cronjobs, replication, and similar tasks). +# +# Database administrative login by Unix domain socket +local all postgres peer + +# TYPE DATABASE USER ADDRESS METHOD + +# DCAE IPv4/IPv6 remote connections: +host all all 0.0.0.0/0 md5 +host all all ::/0 md5 + +# "local" is for Unix domain socket connections only +local all all peer +# IPv4 local connections: +host all all 127.0.0.1/32 md5 +# IPv6 local connections: +host all all ::1/128 md5 +# Allow replication connections from localhost, by a user with the +# replication privilege. +# local replication postgres peer +# host replication postgres 127.0.0.1/32 md5 +# host replication postgres 0.0.0.0/0 md5 +# host replication postgres ::1/128 md5 + +local replication repmgr md5 +host replication repmgr 127.0.0.1/32 md5 +host replication repmgr 0.0.0.0/0 md5 +host replication repmgr ::1/128 md5 + +local repmgr repmgr md5 +host repmgr repmgr 127.0.0.1/32 md5 +host repmgr repmgr 0.0.0.0/0 md5 +host repmgr repmgr ::1/128 md5 diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/main/pg_ident.conf b/postgresql-config/src/stage/opt/app/postgresql-config/main/pg_ident.conf new file mode 100644 index 0000000..a5870e6 --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/main/pg_ident.conf @@ -0,0 +1,42 @@ +# PostgreSQL User Name Maps +# ========================= +# +# Refer to the PostgreSQL documentation, chapter "Client +# Authentication" for a complete description. A short synopsis +# follows. +# +# This file controls PostgreSQL user name mapping. It maps external +# user names to their corresponding PostgreSQL user names. Records +# are of the form: +# +# MAPNAME SYSTEM-USERNAME PG-USERNAME +# +# (The uppercase quantities must be replaced by actual values.) +# +# MAPNAME is the (otherwise freely chosen) map name that was used in +# pg_hba.conf. SYSTEM-USERNAME is the detected user name of the +# client. PG-USERNAME is the requested PostgreSQL user name. The +# existence of a record specifies that SYSTEM-USERNAME may connect as +# PG-USERNAME. +# +# If SYSTEM-USERNAME starts with a slash (/), it will be treated as a +# regular expression. Optionally this can contain a capture (a +# parenthesized subexpression). The substring matching the capture +# will be substituted for \1 (backslash-one) if present in +# PG-USERNAME. +# +# Multiple maps may be specified in this file and used by pg_hba.conf. +# +# No map names are defined in the default configuration. If all +# system user names and PostgreSQL user names are the same, you don't +# need anything in this file. +# +# This file is read on server startup and when the postmaster receives +# a SIGHUP signal. If you edit the file on a running system, you have +# to SIGHUP the postmaster for the changes to take effect. You can +# use "pg_ctl reload" to do that. + +# Put your actual configuration here +# ---------------------------------- + +# MAPNAME SYSTEM-USERNAME PG-USERNAME diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/main/postgresql.conf.orig b/postgresql-config/src/stage/opt/app/postgresql-config/main/postgresql.conf.orig new file mode 100644 index 0000000..b2587db --- /dev/null +++ b/postgresql-config/src/stage/opt/app/postgresql-config/main/postgresql.conf.orig @@ -0,0 +1,655 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, or use "pg_ctl reload". Some +# parameters, which are marked below, require a server shutdown and restart to +# take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +data_directory = '/dbroot/pgdata/main' # for DCAE +#data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) +hba_file = '%CFGDIR%/main/pg_hba.conf' # for DCAE +#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) +ident_file = '%CFGDIR%/main/pg_ident.conf' # for DCAE +#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +external_pid_file = '/var/run/postgresql/9.5-main.pid' # for DCAE +#external_pid_file = '' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +# DCAE -- for 1607 IST30, set to '*' to allow remote connections +listen_addresses = '*' # for DCAE + +#listen_addresses = 'localhost' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +#port = 5432 # (change requires restart) +#max_connections = 100 # (change requires restart) +# Note: Increasing max_connections costs ~400 bytes of shared memory per +# connection slot, plus lock space (see max_locks_per_transaction). +#superuser_reserved_connections = 3 # (change requires restart) +unix_socket_directories = '/var/run/postgresql,/tmp' # for DCAE +#unix_socket_directories = '/tmp' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - Security and Authentication - + +#authentication_timeout = 1min # 1s-600s +ssl = true # for DCAE +#ssl = off # (change requires restart) +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers + # (change requires restart) +#ssl_prefer_server_ciphers = on # (change requires restart) +#ssl_ecdh_curve = 'prime256v1' # (change requires restart) +ssl_cert_file = '%CFGDIR%/lib/ssl-cert-snakeoil.pem' # for DCAE +#ssl_cert_file = 'server.crt' # (change requires restart) +ssl_key_file = '%CFGDIR%/lib/ssl-cert-snakeoil.key' # for DCAE +#ssl_key_file = 'server.key' # (change requires restart) +#ssl_ca_file = '' # (change requires restart) +#ssl_crl_file = '' # (change requires restart) +#password_encryption = on +#db_user_namespace = off +#row_security = on + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - TCP Keepalives - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +#shared_buffers = 32MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Note: Increasing max_prepared_transactions costs ~600 bytes of shared memory +# per transaction slot, plus lock space (see max_locks_per_transaction). +# It is not advisable to set max_prepared_transactions nonzero unless you +# actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +#dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + +# - Disk - + +#temp_file_limit = -1 # limits per-session temp file space + # in kB, or -1 for no limit + +# - Kernel Resource Usage - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) +#shared_preload_libraries = '' # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multipler on buffers scanned/round + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 + + +#------------------------------------------------------------------------------ +# WRITE AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +# TLH - this is where we do WAL settings +wal_level = hot_standby # minimal, archive, hot_standby, or logical + # (change requires restart) +#fsync = on # turns forced synchronization on or off +#synchronous_commit = on # synchronization level; + # off, local, remote_write, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_compression = off # enable compression of full-page writes +wal_log_hints = on # also do full page writes of non-critical updates + # (change requires restart) +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_timeout = 5min # range 30s-1h +#max_wal_size = 1GB +#min_wal_size = 80MB +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +archive_mode = on # enables archiving; off, on, or always + # (change requires restart) +archive_command = 'test ! -f /dbroot/pglogs/main/%f && cp %p /dbroot/pglogs/main/%f' + # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Server(s) - + +# Set these on the master and on any standby that will send replication data. + +max_wal_senders = 4 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +max_replication_slots = 5 # max number of replication slots + # (change requires restart) + # DCAE NOTE: if we ever grow our cluster, change this value to + # the number of nodes + 1 +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +hot_standby = on # "on" allows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses + + +#------------------------------------------------------------------------------ +# ERROR REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +logging_collector = on # for DCAE +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +log_directory = '/opt/app/log/postgresql/server' # for DCAE +#log_directory = 'pg_log' # directory where log files are written, + # can be absolute or relative to PGDATA +log_filename = 'error.log' # for DCAE +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +log_file_mode = 0666 # for DCAE +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +log_rotation_age = 1d # for DCAE +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +log_rotation_size = 0 # for DCAE +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' + +# This is only relevant when logging to eventlog (win32): +#event_source = 'PostgreSQL' + +# - When to Log - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%t|%a|%u|%d|%i|%e|%r|%c|' # for DCAE +#log_line_prefix = '' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'none' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +#log_timezone = 'GMT' + + +# - Process Title - + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# RUNTIME STATISTICS +#------------------------------------------------------------------------------ + +# - Query/Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Statistics Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM PARAMETERS +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#search_path = '"$user", public' # schema names +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +#datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +#timezone = 'GMT' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 0 # min -15, max 3 +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +#lc_messages = 'C' # locale for system error message + # strings +#lc_monetary = 'C' # locale for monetary formatting +#lc_numeric = 'C' # locale for number formatting +#lc_time = 'C' # locale for time formatting + +# default configuration for text search +#default_text_search_config = 'pg_catalog.simple' + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#local_preload_libraries = '' +#session_preload_libraries = '' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +# Note: Each lock table slot uses ~270 bytes of shared memory, and there are +# max_locks_per_transaction * (max_connections + max_prepared_transactions) +# lock table slots. +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) + + +#------------------------------------------------------------------------------ +# VERSION/PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#sql_inheritance = on +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. + +#include_dir = 'conf.d' # include files ending in '.conf' from + # directory 'conf.d' +#include_if_exists = 'exists.conf' # include file only if it exists +#include = 'special.conf' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here + +# repmgr / repmgrd +shared_preload_libraries = 'repmgr_funcs' |