aboutsummaryrefslogtreecommitdiffstats
path: root/postgresql-config/src
diff options
context:
space:
mode:
Diffstat (limited to 'postgresql-config/src')
-rwxr-xr-xpostgresql-config/src/common/postinst40
-rw-r--r--postgresql-config/src/makefile39
-rw-r--r--postgresql-config/src/repackage.json25
-rw-r--r--postgresql-config/src/stage/opt/app/postgresql-config/etc/common-db-tasks43
-rw-r--r--postgresql-config/src/stage/opt/app/postgresql-config/etc/create-cdf-master44
-rw-r--r--postgresql-config/src/stage/opt/app/postgresql-config/etc/create-cdf-secondary62
-rw-r--r--postgresql-config/src/stage/opt/app/postgresql-config/etc/create-db-backup34
-rw-r--r--postgresql-config/src/stage/opt/app/postgresql-config/etc/create-db-master72
-rw-r--r--postgresql-config/src/stage/opt/app/postgresql-config/etc/create-db-secondary122
-rw-r--r--postgresql-config/src/stage/opt/app/postgresql-config/etc/create-extensions53
-rw-r--r--postgresql-config/src/stage/opt/app/postgresql-config/etc/create-repmgr-user40
-rw-r--r--postgresql-config/src/stage/opt/app/postgresql-config/etc/create-ssh-master40
-rw-r--r--postgresql-config/src/stage/opt/app/postgresql-config/etc/create-ssh-secondary102
-rw-r--r--postgresql-config/src/stage/opt/app/postgresql-config/etc/do-post-install124
-rw-r--r--postgresql-config/src/stage/opt/app/postgresql-config/etc/gen-pgpass33
-rw-r--r--postgresql-config/src/stage/opt/app/postgresql-config/etc/gen-recovery.conf51
-rwxr-xr-xpostgresql-config/src/stage/opt/app/postgresql-config/etc/gen-repmgr.conf63
-rw-r--r--postgresql-config/src/stage/opt/app/postgresql-config/etc/lock-and-create-db-backup33
-rwxr-xr-xpostgresql-config/src/stage/opt/app/postgresql-config/etc/makecerts97
-rw-r--r--postgresql-config/src/stage/opt/app/postgresql-config/etc/ssleay.cnf33
-rw-r--r--postgresql-config/src/stage/opt/app/postgresql-config/etc/start-db32
-rw-r--r--postgresql-config/src/stage/opt/app/postgresql-config/etc/update-db-master63
-rw-r--r--postgresql-config/src/stage/opt/app/postgresql-config/etc/update-db-secondary95
-rw-r--r--postgresql-config/src/stage/opt/app/postgresql-config/etc/update-postgres-user34
-rw-r--r--postgresql-config/src/stage/opt/app/postgresql-config/lib/profile.additions6
-rw-r--r--postgresql-config/src/stage/opt/app/postgresql-config/main/pg_hba.conf.orig127
-rw-r--r--postgresql-config/src/stage/opt/app/postgresql-config/main/pg_ident.conf42
-rw-r--r--postgresql-config/src/stage/opt/app/postgresql-config/main/postgresql.conf.orig655
28 files changed, 2204 insertions, 0 deletions
diff --git a/postgresql-config/src/common/postinst b/postgresql-config/src/common/postinst
new file mode 100755
index 0000000..b681058
--- /dev/null
+++ b/postgresql-config/src/common/postinst
@@ -0,0 +1,40 @@
+#!/bin/bash
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this code except in compliance
+# with the License. You may obtain a copy of the License
+# at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+
+exec 1> /tmp/postgresql-config.out 2>&1
+set -x
+if [ -d /opt/app/postgresql-9.5.2 ]
+then export OPENECOMP=false NOTOPENECOMP=true
+else export OPENECOMP=true NOTOPENECOMP=false
+fi
+id
+
+if $OPENECOMP
+then INSTALL_ROOT=
+fi
+
+echo STARTING $0 $(date)
+umask 0
+echo STARTING $0 $(date) >> /tmp/pgaas.inst.report
+
+export CFGDIR=${INSTALL_ROOT}/opt/app/postgresql-config/
+
+$CFGDIR/etc/do-post-install
+
+echo ENDING $0 $(date)
+echo ENDING $0 $(date) >> /tmp/pgaas.inst.report
+if $NOTOPENECOMP
+then sed -n '/^STARTING/,/^ENDING/p' `dirname $0`/../../proc_out >> /tmp/pgaas.inst.report
+fi
diff --git a/postgresql-config/src/makefile b/postgresql-config/src/makefile
new file mode 100644
index 0000000..bf6ae6b
--- /dev/null
+++ b/postgresql-config/src/makefile
@@ -0,0 +1,39 @@
+
+DEVBIN=../../bin
+PKG=postgresql-config
+REPACKAGESWMOPTS=
+REPACKAGEDEBIANOPTS=
+
+INS= ../install
+INSSTG= $(INS)/stage
+INSCOM= $(INS)/common
+
+all:
+
+clean-stage:
+ rm -rf $(INSSTG)
+
+clean-common:
+ rm -rf $(INSCOM)
+
+clean:
+ rm -rf $(INS)
+
+build:
+
+stage: clean-stage clean-common
+ mkdir -p $(INS)
+ find stage ! -name makefile ! -name '*~' | cpio -pudmv $(INS)
+ find common ! -name makefile ! -name '*~' | cpio -pudmv $(INS)
+ chmod -R a+x $(INS)/stage/opt/app/postgresql-config/etc/*
+ cp -p repackage.* $(INS)
+
+
+debian: stage
+ repackage -y repackage.json -b debian -d $(INS) -u
+ repackage -y repackage.json -b debian -d $(INS) -u -B LATEST
+ @echo debian built
+
+upload-javadocs:
+ @echo nothing to do here
+
diff --git a/postgresql-config/src/repackage.json b/postgresql-config/src/repackage.json
new file mode 100644
index 0000000..d4376fe
--- /dev/null
+++ b/postgresql-config/src/repackage.json
@@ -0,0 +1,25 @@
+{
+ "debian": {
+ "replaces": [],
+ "conflicts": [],
+ "groupId": "org.openecomp.dcae.storage.pgaas",
+ "externalDependencies": []
+ },
+ "fileGroup": "postgres",
+ "version": "1.0.0",
+ "applicationName": "postgresql-config",
+ "internalDependencies": [],
+ "directoryTreeTops": {
+ "/opt": "/opt/app/postgresql-config"
+ },
+ "executionUser": "postgres",
+ "maintainer": "OpenECOMP <dcae@lists.openecomp.org>",
+ "fileUser": "postgres",
+ "docker": {
+ "tag": "latest",
+ "externalDependencies": []
+ },
+ "groupId": "org.openecomp.dcae.storage.pgaas",
+ "description": " PostgreSQL as a Service main scripts ",
+ "executionGroup": "postgres"
+} \ No newline at end of file
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/common-db-tasks b/postgresql-config/src/stage/opt/app/postgresql-config/etc/common-db-tasks
new file mode 100644
index 0000000..517fabd
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/common-db-tasks
@@ -0,0 +1,43 @@
+#!/bin/bash
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this code except in compliance
+# with the License. You may obtain a copy of the License
+# at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+
+set -x
+
+die()
+{
+ echo $0: "$@" 1>&2
+ echo $0: "$@"
+ umask 022
+ echo $0: "$@" >> /tmp/pgaas-failures
+ exit 1
+}
+
+[ -n "$DBROOT" ] || die "DBROOT is not set"
+[ -n "$CFGDIR" ] || die "CFGDIR is not set"
+
+# set up ~/.pgpass
+$CFGDIR/etc/gen-pgpass
+# set up repmgr.conf
+$CFGDIR/etc/gen-repmgr.conf
+
+# We don't really need to save pwd.cfg anymore since we are now forcing the password.
+# PWDCFG=$DBROOT/../pgaas/pwd.cfg
+# egrep '^Global_Title|^postgres|^repmgr' ${INSTALL_ROOT}/opt/app/cdf/lib/cdf.cfg > $PWDCFG
+
+cd $CFGDIR/main || die "Cannot cd $CFGDIR/main"
+
+sed -e "s!%CFGDIR%!$CFGDIR!" < postgresql.conf.orig > postgresql.conf || die "Cannot cp postgresql.conf"
+sed -e "s!%CFGDIR%!$CFGDIR!" < pg_hba.conf.orig > pg_hba.conf || die "Cannot cp pg_hba.conf"
+
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-cdf-master b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-cdf-master
new file mode 100644
index 0000000..c079b51
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-cdf-master
@@ -0,0 +1,44 @@
+#!/bin/bash
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this code except in compliance
+# with the License. You may obtain a copy of the License
+# at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+
+set -x
+
+DBROOT=/dbroot/pgdata/main
+CDFCFG=${INSTALL_ROOT}/opt/app/cdf/lib/cdf.cfg
+
+# We don't really need to save pwd.cfg anymore since we are now forcing the password.
+# PWDCFG=$DBROOT/../pgaas/pwd.cfg
+# if the DB already exists in Cinder storage, grab the password from there for use elsewhere
+# if [ -s $PWDCFG -a $( egrep '^Global_Title' < $PWDCFG ) -eq 1 ]
+# then
+# TMP=$(mktemp /tmp/tmp.ccm.XXXXXXXXXX)
+# trap 'rm -f $TMP' 0 1 2 3 15
+# egrep -v '^Global_Title|^postgres|^repmgr' $CDFCFG > $TMP
+# egrep '^Global_Title|^postgres|^repmgr' $PWDCFG | cat $TMP - > $CDFCFG
+# fi
+
+# generate a 64 hex random value (256 bits of randomness) for the passwords
+if grep '^postgres' $CDFCFG > /dev/null
+then :
+else
+ val2=$(dd if=/dev/urandom count=1 ibs=32 2>/dev/null | od -x -w1000 | sed -e 's/^0000000 //' -e 's/ //g' -e 1q)
+ echo "ENCRYPTME.AES.postgres=$val2" | ${INSTALL_ROOT}/opt/app/cdf/bin/setencryptedvalues >> $CDFCFG
+fi
+if grep '^repmgr' $CDFCFG > /dev/null
+then :
+else
+ val2=$(dd if=/dev/urandom count=1 ibs=32 2>/dev/null | od -x -w1000 | sed -e 's/^0000000 //' -e 's/ //g' -e 1q)
+ echo "ENCRYPTME.AES.repmgr=$val2" | ${INSTALL_ROOT}/opt/app/cdf/bin/setencryptedvalues >> $CDFCFG
+fi
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-cdf-secondary b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-cdf-secondary
new file mode 100644
index 0000000..034d897
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-cdf-secondary
@@ -0,0 +1,62 @@
+#!/bin/bash
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this code except in compliance
+# with the License. You may obtain a copy of the License
+# at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+
+set -x
+
+die()
+{
+ echo $0: "$@" 1>&2
+ echo $0: "$@"
+ umask 022
+ echo $0: "$@" >> /tmp/pgaas-failures
+ exit 1
+}
+
+[ -n "$MASTER" ] || die "MASTER is not set"
+
+umask 077
+TMP=$( mktemp /tmp/tmp.ccs1.XXXXXXXXXX )
+trap 'rm -f $TMP' 0 1 2 3 15
+
+bwget()
+{
+ ${INSTALL_ROOT}/opt/app/postgresql-prep/bin/pgwget --progress=dot:giga "$@"
+}
+
+done=
+max=40
+for s in `seq $max`
+do
+ echo "$s of $max: Waiting for master $MASTER to send cdf.cfg"
+ bwget -O$TMP http://$MASTER:8000/getcdf/`hostname -f`
+ ls -l $TMP
+ if [ -s $TMP ]
+ then
+ msg=$(cat $TMP)
+ case "$msg" in
+ OK* )
+ echo "Received cdf.cfg"
+ done=yes
+ break
+ ;;
+ * ) echo "Received invalid cdf: $msg"
+ ;;
+ esac
+ fi
+ rm -f $TMP
+ sleep 15
+done
+[ "$done" = "yes" ] || die "Master did not send cdf.cfg"
+
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-db-backup b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-db-backup
new file mode 100644
index 0000000..625ce57
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-db-backup
@@ -0,0 +1,34 @@
+#!/bin/bash
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this code except in compliance
+# with the License. You may obtain a copy of the License
+# at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+
+if [ -d /opt/app/postgresql-9.5.2 ]
+then PGDIR=/opt/app/postgresql-9.5.2
+else PGDIR=/usr/lib/postgresql/9.5
+fi
+
+$PGDIR/bin/psql <<-EOF
+ SELECT pg_start_backup('backup');
+EOF
+
+cd /dbroot/pgdata &&
+{
+ find main | grep -v main/pg_xlog/
+ find main/pg_xlog -type d
+} | cpio -oc | gzip > main.cpio.gz.$$ && mv main.cpio.gz.$$ main.cpio.gz
+
+$PGDIR/bin/psql <<-EOF
+ SELECT pg_stop_backup();
+EOF
+echo /dbroot/pgdata/main.cpio.gz created
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-db-master b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-db-master
new file mode 100644
index 0000000..f0081be
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-db-master
@@ -0,0 +1,72 @@
+#!/bin/bash
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this code except in compliance
+# with the License. You may obtain a copy of the License
+# at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+
+# create a master database
+set -x
+
+die()
+{
+ echo $0: "$@" 1>&2
+ echo $0: "$@"
+ umask 022
+ echo $0: "$@" >> /tmp/pgaas-failures
+ exit 1
+}
+
+[ -n "$PGDIR" ] || die "PGDIR is not set"
+[ -n "$DBROOT" ] || die "DBROOT is not set"
+[ -n "$CFGDIR" ] || die "CFGDIR is not set"
+
+cd $CFGDIR/main || die "Cannot cd $CFGDIR/main"
+
+PATH=${INSTALL_ROOT}/opt/app/postgresql-prep/bin:$CFGDIR/etc:$PGDIR/bin:$PATH
+
+umask 077
+TMP=$(mktemp /tmp/tmp.cdm.XXXXXXXXXX)
+trap 'rm -f $TMP' 0 1 2 3 15
+
+rm -rf $DBROOT/* # initdb fails if the directory is not totally empty
+pswd=$( ${INSTALL_ROOT}/opt/app/cdf/bin/getpropvalue -x -n postgres )
+echo "$pswd" > $TMP
+$PGDIR/bin/initdb -D $DBROOT --pwfile=$TMP
+rm -f $TMP
+
+$CFGDIR/etc/start-db
+sleep 30
+
+# create temporal tables and other extensions, if needed
+$CFGDIR/etc/create-extensions
+
+# create repmgr user/db, if needed
+$CFGDIR/etc/create-repmgr-user
+
+sleep 10
+
+# register as master
+repmgr -f $CFGDIR/main/repmgr.conf master register
+echo repmgr ret=$?
+
+sleep 10
+
+# start repmgrd
+# start repmgrd (verbose logging for testing)
+umask 07
+repmgrd -f $CFGDIR/main/repmgr.conf -d --verbose
+echo repmgrd ret=$?
+# start repmgrd (normal logging)
+# repmgrd -f $CFGDIR/main/repmgr.conf -d
+
+
+# NO LONGER NEEDED $CFGDIR/etc/create-db-backup
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-db-secondary b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-db-secondary
new file mode 100644
index 0000000..3e2c304
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-db-secondary
@@ -0,0 +1,122 @@
+#!/bin/bash
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this code except in compliance
+# with the License. You may obtain a copy of the License
+# at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+
+# create a secondary database
+set -x
+
+die()
+{
+ echo $0: "$@" 1>&2
+ echo $0: "$@"
+ umask 022
+ echo $0: "$@" >> /tmp/pgaas-failures
+ exit 1
+}
+
+[ -n "$MASTER" ] || die "MASTER is not set"
+[ -n "$PGDIR" ] || die "PGDIR is not set"
+[ -n "$DBROOT" ] || die "DBROOT is not set"
+[ -n "$CFGDIR" ] || die "CFGDIR is not set"
+
+cd $CFGDIR/main || die "Cannot cd $CFGDIR/main"
+
+PATH=${INSTALL_ROOT}/opt/app/postgresql-prep/bin:$CFGDIR/etc:$PGDIR/bin:$PATH
+
+bwget()
+{
+ ${INSTALL_ROOT}/opt/app/postgresql-prep/bin/pgwget --progress=dot:giga "$@"
+}
+
+umask 077
+TMP=$(mktemp /tmp/tmp.cds1.XXXXXXXXXX)
+TMP2=$(mktemp /tmp/tmp.cds2.XXXXXXXXXX)
+trap 'rm -f $TMP $TMP2' 0 1 2 3 15
+
+# wait until master DB is active and has repmgr available
+max=40
+for s in `seq $max`
+do
+ echo "$s of $max: Asking master $MASTER if repmgr is ready"
+ bwget -O$TMP http://$MASTER:8000/hasrepmgr
+ ls -l $TMP
+ if [ -s $TMP ]
+ then
+ msg=$(cat $TMP)
+ case $msg in
+ OK* )
+ echo "Master has repmgr ready"
+ done=yes
+ break
+ ;;
+ * )
+ echo "Master does not have repmgr ready, msg=$msg"
+ ;;
+ esac
+ fi
+ rm -f $TMP
+ sleep 15
+done
+[ "$done" = "yes" ] || die "Master never had repmgr available"
+
+
+# clone database from master
+
+# make sure /dbroot/pgdata/main is empty
+mv $DBROOT $DBROOT-$(date +%Y%m%d%H%M%S)
+mkdir -p $DBROOT
+# rm -rf $DBROOT/*
+
+repmgr -v -h $MASTER -U repmgr -d repmgr -D $DBROOT -f $CFGDIR/main/repmgr.conf --ignore-external-config-files standby clone
+
+if [ ! -f $DBROOT/PG_VERSION ]
+then
+ umask 022
+ cat /opt/app/log/postgresql/server/repmgr.log >> /tmp/pgaas-failures
+ die repmgr clone failed
+fi
+
+$CFGDIR/etc/start-db
+
+sleep 10
+
+# register as standby
+repmgr -f $CFGDIR/main/repmgr.conf standby register
+echo repmgr ret=$?
+sleep 10
+
+# start repmgrd
+# start repmgrd (verbose logging for testing)
+umask 07
+
+# wait until repmgrd starts up
+max=20
+REPLOG=/opt/app/log/postgresql/server/repmgr.log
+done=no
+for s in `seq $max`
+do
+ cat $REPLOG > $TMP
+ repmgrd -f $CFGDIR/main/repmgr.conf -d --verbose
+ # start repmgrd (normal logging)
+ # repmgrd -f $CFGDIR/main/repmgr.conf -d
+ echo repmgrd ret=$?
+ sleep 5
+ diff $TMP $REPLOG | grep "ERROR.*terminating" > $TMP2
+ if [ -s "$TMP2" ]
+ then cat "$TMP2"
+ else done=yes; break
+ fi
+ sleep 10
+done
+[ "$done" = "yes" ] || die "Secondary never started repmgrd"
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-extensions b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-extensions
new file mode 100644
index 0000000..09f0229
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-extensions
@@ -0,0 +1,53 @@
+#!/bin/bash
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this code except in compliance
+# with the License. You may obtain a copy of the License
+# at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+
+set -x
+
+die()
+{
+ echo $0: "$@" 1>&2
+ echo $0: "$@"
+ umask 022
+ echo $0: "$@" >> /tmp/pgaas-failures
+ exit 1
+}
+
+[ -n "$PGDIR" ] || die "PGDIR is not set"
+
+PATH=${INSTALL_ROOT}/opt/app/postgresql-prep/bin:$PGDIR/bin:$PATH
+
+TMP=$(mktemp /tmp/tmp.ce.XXXXXXXXXX)
+trap 'rm -f $TMP' 0 1 2 3 15
+
+echo "select datname from pg_database;" | psql --tuples-only | sed -e 's/^ *//' -e '/^$/d' -e '/^template0$/d' -e '/^repmgr$/d' > $TMP
+
+for db in $(< $TMP)
+do
+ # enable temporal tables for use
+ if [ -f /opt/app/postgresql-9.5.2/lib/temporal_tables.so ]
+ then
+ psql --dbname=$db <<-EOF
+ CREATE EXTENSION temporal_tables;
+ EOF
+ else
+ echo "$0: temporal_tables extension is not installed"
+ fi
+
+ # and other extensions
+ psql --dbname=$db <<-EOF
+ CREATE EXTENSION hstore;
+ CREATE EXTENSION pgcrypto;
+ EOF
+done
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-repmgr-user b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-repmgr-user
new file mode 100644
index 0000000..06b5a0a
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-repmgr-user
@@ -0,0 +1,40 @@
+#!/bin/bash
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this code except in compliance
+# with the License. You may obtain a copy of the License
+# at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+
+set -x
+
+die()
+{
+ echo $0: "$@" 1>&2
+ echo $0: "$@"
+ umask 022
+ echo $0: "$@" >> /tmp/pgaas-failures
+ exit 1
+}
+
+[ -n "$PGDIR" ] || die "PGDIR is not set"
+
+PATH=${INSTALL_ROOT}/opt/app/postgresql-prep/bin:$PGDIR/bin:$PATH
+pswd=$( ${INSTALL_ROOT}/opt/app/cdf/bin/getpropvalue -x -n repmgr )
+
+# note: The "pgaas" in "repmgr_pgaas" must match the cluster name used in repmgr.conf
+
+psql <<-EOF
+ CREATE ROLE repmgr SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN;
+ DROP DATABASE repmgr;
+ CREATE DATABASE repmgr OWNER repmgr;
+ ALTER USER repmgr PASSWORD '$pswd';
+ ALTER USER repmgr SET search_path TO repmgr_pgaas, "\$user", public;
+EOF
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-ssh-master b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-ssh-master
new file mode 100644
index 0000000..5565041
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-ssh-master
@@ -0,0 +1,40 @@
+#!/bin/bash
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this code except in compliance
+# with the License. You may obtain a copy of the License
+# at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+
+set -x
+
+die()
+{
+ echo $0: "$@" 1>&2
+ echo $0: "$@"
+ umask 022
+ echo $0: "$@" >> /tmp/pgaas-failures
+ exit 1
+}
+
+umask 077
+mkdir -p ~postgres/.ssh
+chmod 700 ~postgres/.ssh
+
+PGAASDIR=/dbroot/pgdata/pgaas
+if [ -f $PGAASDIR/id_rsa.pub -a -f $PGAASDIR/id_rsa -a $PGAASDIR/authorized_keys ]
+then
+ cp -p $PGAASDIR/id_rsa.pub $PGAASDIR/id_rsa $PGAASDIR/authorized_keys ~postgres/.ssh
+else
+ ssh-keygen -t rsa -N '' -f ~postgres/.ssh/id_rsa
+ cp -p ~postgres/.ssh/id_rsa.pub ~postgres/.ssh/authorized_keys
+ cp -p ~postgres/.ssh/id_rsa ~postgres/.ssh/id_rsa.pub ~postgres/.ssh/authorized_keys $PGAASDIR
+fi
+
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-ssh-secondary b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-ssh-secondary
new file mode 100644
index 0000000..a5ee2d4
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/create-ssh-secondary
@@ -0,0 +1,102 @@
+#!/bin/bash
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this code except in compliance
+# with the License. You may obtain a copy of the License
+# at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+
+set -x
+
+die()
+{
+ echo $0: "$@" 1>&2
+ echo $0: "$@"
+ umask 022
+ echo $0: "$@" >> /tmp/pgaas-failures
+ exit 1
+}
+
+bwget()
+{
+ ${INSTALL_ROOT}/opt/app/postgresql-prep/bin/pgwget --progress=dot:giga "$@"
+}
+
+[ -n "$MASTER" ] || die "MASTER is not set"
+
+
+
+umask 077
+TMP=$(mktemp /tmp/tmp.css1.XXXXXXXXXX)
+TMP2=$(mktemp /tmp/tmp.css2.XXXXXXXXXX)
+trap 'rm -f $TMP $TMP2' 0 1 2 3 15
+
+# do we have the keys already?
+if [ -f $PGAASDIR/id_rsa.pub -a -f $PGAASDIR/id_rsa -a $PGAASDIR/authorized_keys ]
+then
+ mkdir -p ~postgres/.ssh
+ chmod 700 ~postgres/.ssh
+ cp -p $PGAASDIR/id_rsa.pub $PGAASDIR/id_rsa $PGAASDIR/authorized_keys ~postgres/.ssh
+else
+ # no? copy them from the master
+ done=
+ max=40
+ for s in `seq $max`
+ do
+ echo "$s of $max: Waiting for master $MASTER to come online and send its public key"
+ bwget -O$TMP http://$MASTER:8000/getpubkey
+ ls -l $TMP
+ if [ -s $TMP ]
+ then
+ msg=$(cat $TMP)
+ case "$msg" in
+ ssh-rsa* )
+ echo "Received public key"
+ mkdir -p ~postgres/.ssh
+ chmod 700 ~postgres/.ssh
+ cp -p $TMP ~postgres/.ssh/authorized_keys
+ done=yes
+ break
+ ;;
+ * ) echo "Received invalid public key: $msg"
+ ;;
+ esac
+ else
+ echo "No key available yet"
+ fi
+ rm -f $TMP
+ sleep 15
+ done
+ [ "$done" = "yes" ] || die "Unable to get key from $MASTER"
+
+ done=
+ max=40
+ for s in `seq $max`
+ do
+ echo "$s of $max: Asking for master $MASTER to send remaining ssh files"
+ bwget -O$TMP2 http://$MASTER:8000/getssh/`hostname -f`
+ ls -l $TMP2
+ if [ -s $TMP2 ]
+ then
+ msg=$(cat $TMP2)
+ case "$msg" in
+ OK* ) echo "Master has sent the remaining ssh keys"
+ done=yes
+ break
+ ;;
+ * ) echo "No ssh keys yet: $msg"
+ ;;
+ esac
+ fi
+ rm -f $TMP2
+ sleep 15
+ done
+ [ "$done" = "yes" ] || die "Master did not send ssh keys"
+fi
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/do-post-install b/postgresql-config/src/stage/opt/app/postgresql-config/etc/do-post-install
new file mode 100644
index 0000000..9b25be8
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/do-post-install
@@ -0,0 +1,124 @@
+#!/bin/bash
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this code except in compliance
+# with the License. You may obtain a copy of the License
+# at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+
+set -x
+
+die()
+{
+ echo "$@" 1>&2
+ echo $0: "$@"
+ umask 022
+ echo $0: "$@" >> /tmp/pgaas-failures
+ exit 1
+}
+
+[ -n "$CFGDIR" ] || die "CFGDIR is not set"
+[ -n "$OPENECOMP" ] || die "OPENECOMP is not set"
+[ -n "$NOTOPENECOMP" ] || die "NOTOPENECOMP is not set"
+
+if $OPENECOMP
+then export PGDIR=${INSTALL_ROOT}/usr/lib/postgresql/9.5
+else export PGDIR=${INSTALL_ROOT}/opt/app/postgresql-9.5.2
+fi
+export DBROOT=/dbroot/pgdata/main
+export PATH=$PATH:${INSTALL_ROOT}/opt/app/postgresql-prep/bin
+
+$CFGDIR/etc/makecerts
+
+cat $CFGDIR/lib/profile.additions >> ~postgres/.profile
+
+# Determine which system is the master.
+# For central, we look first in /tmp/postgres.conf.
+# If we don't find that, we look at the pgnodes list and pick the first one.
+# For edge, we ignore /tmp/postgres.conf and go directly to the pgnodes list.
+# Each edge site has its own master.
+clustertype=$( ${INSTALL_ROOT}/opt/app/cdf/bin/getpropvalue -n cluster )
+ismaster=no
+
+case $clustertype in
+ central )
+ CONF=/tmp/postgres.conf
+ if [ -f $CONF ] # OpenDCAE
+ then
+ umask 077
+ TMP=$(mktemp /tmp/tmp.pi1.XXXXXXXXXX)
+ trap 'rm -f $TMP' 0 1 2 3 15
+ sed -e 's/ *: */="/' -e 's/$/"/' -e 's/=""/="/' -e 's/""$/"/' < $CONF > $TMP
+ . $TMP
+ case `hostname` in
+ $master ) ismaster=yes ;;
+ *?* ) ismaster=no ;;
+ '' ) die "master is not set in $CONF"
+ esac
+ PGNODES=$( ${INSTALL_ROOT}/opt/app/cdf/bin/getpropvalue -n pgnodes )
+ export MASTER=$( gen-repmgr-info -n "$PGNODES" -M "$master" )
+ [ -n "$MASTER" ] || die "Cannot determine master system. $CONF has '$master' (from env.yaml), which cannot be found in pgnodes."
+
+ else
+ # not OpenDCAE
+ ismaster=yes
+ PGNODES=$( ${INSTALL_ROOT}/opt/app/cdf/bin/getpropvalue -n pgnodes )
+ export MASTER=$( gen-repmgr-info -n "$PGNODES" -m )
+ fi
+ ;;
+ edge )
+ host=$( hostname -f )
+ PGNODES=$( ${INSTALL_ROOT}/opt/app/cdf/bin/getpropvalue -n pgnodes )
+ export MASTER=$( gen-repmgr-info -n "$PGNODES" -C $host )
+ case $MASTER in
+ '' ) die "Cannot determine master system. Does cdf.cfg have pgnodes= in it? Is $host listed as a site?" ;;
+ DEFAULT ) ismaster=yes MASTER=$host ;;
+ esac
+ ;;
+esac
+
+ssh_and_cdf_okay=no
+
+case $ismaster in
+ yes ) # master
+ $CFGDIR/etc/create-ssh-master &&
+ $CFGDIR/etc/create-cdf-master &&
+ ssh_and_cdf_okay=yes
+ ;;
+
+ no ) # secondary
+ $CFGDIR/etc/create-ssh-secondary &&
+ $CFGDIR/etc/create-cdf-secondary &&
+ touch $CFGDIR/lib/ignore-database-reconfiguration # prevent dcae_admin_db.py from looking at json DB reconfigurations &&
+ ssh_and_cdf_okay=yes
+ ;;
+esac
+
+[ "$ssh_and_cdf_okay" = yes ] || die "Could not set up ssh or cdf"
+
+$CFGDIR/etc/common-db-tasks
+# check if we have a database already
+if [ ! -s $DBROOT/PG_VERSION ]
+then
+ # need to create it
+ case $ismaster in
+ yes ) $CFGDIR/etc/create-db-master ;;
+ no ) $CFGDIR/etc/create-db-secondary ;;
+ esac
+else
+ # need to update it
+ case $ismaster in
+ yes ) $CFGDIR/etc/update-db-master ;;
+ no )
+ $CFGDIR/etc/create-db-secondary # use repmgr clone even if secondary previously existed
+ # $CFGDIR/etc/update-db-secondary
+ ;;
+ esac
+fi
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/gen-pgpass b/postgresql-config/src/stage/opt/app/postgresql-config/etc/gen-pgpass
new file mode 100644
index 0000000..ca99a0f
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/gen-pgpass
@@ -0,0 +1,33 @@
+#!/bin/bash
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this code except in compliance
+# with the License. You may obtain a copy of the License
+# at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+
+# create ~postgres/.pgpass
+postgrespswd=$( ${INSTALL_ROOT}/opt/app/cdf/bin/getpropvalue -x -n postgres )
+repmgrpswd=$( ${INSTALL_ROOT}/opt/app/cdf/bin/getpropvalue -x -n repmgr )
+umask 077
+if [ -f ~postgres/.pgpaas ]
+then
+ ed ~postgres/.pgpaas <<-EOF
+ H
+ g/:postgres:/d
+ g/:repmgr:/d
+ w
+ q
+ EOF
+fi
+
+echo "*:*:*:postgres:$postgrespswd" >> ~postgres/.pgpass
+echo "*:*:*:repmgr:$repmgrpswd" >> ~postgres/.pgpass
+chmod go-rwx ~postgres/.pgpass
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/gen-recovery.conf b/postgresql-config/src/stage/opt/app/postgresql-config/etc/gen-recovery.conf
new file mode 100644
index 0000000..fc80cb0
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/gen-recovery.conf
@@ -0,0 +1,51 @@
+#!/bin/bash
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this code except in compliance
+# with the License. You may obtain a copy of the License
+# at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+
+set -x
+
+die()
+{
+ echo $0: "$@" 1>&2
+ echo $0: "$@"
+ umask 022
+ echo $0: "$@" >> /tmp/pgaas-failures
+ exit 1
+}
+
+[ -n "$DBROOT" ] || die "DBROOT is not set"
+
+cd $DBROOT || die "Cannot cd $DBROOT"
+PATH=${INSTALL_ROOT}/opt/app/postgresql-prep/bin:$PATH
+
+PGNODES=$( ${INSTALL_ROOT}/opt/app/cdf/bin/getpropvalue -n pgnodes )
+HOSTNAME=`hostname -f`
+PGNODEVALUE=$( gen-repmgr-info -n "$PGNODES" -l "$HOSTNAME" )
+
+# node_name from repmgr.conf => application_name in recovery.conf conninfo line
+# "node" value from repmgr.conf => primary_slot_name in recovery.conf with the string "repmgr_slot_" prefixed
+# node_name in repmgr.conf can be the $HOSTNAME value ?
+
+pswd=$( ${INSTALL_ROOT}/opt/app/cdf/bin/getpropvalue -x -n repmgr )
+
+appname=$HOSTNAME
+PGNODEVALUE=$( gen-repmgr-info -n "$PGNODES" -l "$HOSTNAME" )
+umask 07
+cat <<-EOF > $DBROOT/recovery.conf
+ standby_mode = 'on'
+ primary_conninfo = 'user=repmgr password=$pswd host=$HOSTNAME port=5432 application_name=$HOSTNAME sslmode=prefer sslcompression=1'
+ recovery_target_timeline = 'latest'
+ primary_slot_name = repmgr_slot_$PGNODEVALUE
+EOF
+
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/gen-repmgr.conf b/postgresql-config/src/stage/opt/app/postgresql-config/etc/gen-repmgr.conf
new file mode 100755
index 0000000..ca595f6
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/gen-repmgr.conf
@@ -0,0 +1,63 @@
+#!/bin/bash
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this code except in compliance
+# with the License. You may obtain a copy of the License
+# at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+
+set -x
+
+die()
+{
+ echo $0: "$@" 1>&2
+ echo $0: "$@"
+ umask 022
+ echo $0: "$@" >> /tmp/pgaas-failures
+ exit 1
+}
+
+[ -n "$CFGDIR" ] || die "CFGDIR is not set"
+
+cd $CFGDIR/main || die "Cannot cd $CFGDIR/main"
+PATH=${INSTALL_ROOT}/opt/app/postgresql-prep/bin:$PATH
+LOGDIR=/opt/app/log/postgresql/server
+
+PGNODES=$( ${INSTALL_ROOT}/opt/app/cdf/bin/getpropvalue -n pgnodes )
+
+CLUSTER=pgaas
+HOSTNAME=`hostname -f`
+PGNODEVALUE=$( gen-repmgr-info -n "$PGNODES" -l "$HOSTNAME" )
+UPSTREAMPGNODE=$( gen-repmgr-info -n "$PGNODES" -c "$HOSTNAME" )
+
+UPSTREAMTEXT="#upstream_node="
+case $UPSTREAMPGNODE in
+ DEFAULT ) ;;
+ * ) UPSTREAMTEXT="upstream_node=$UPSTREAMPGNODE" ;;
+esac
+
+cat <<-EOF > repmgr.conf
+ cluster=$CLUSTER
+ node=$PGNODEVALUE
+ node_name=$HOSTNAME
+ conninfo='host=$HOSTNAME user=repmgr dbname=repmgr'
+ use_replication_slots=1
+ $UPSTREAMTEXT
+
+ failover=automatic
+ promote_command='repmgr standby promote -f $CFGDIR/main/repmgr.conf'
+ follow_command='repmgr standby follow -f $CFGDIR/main/repmgr.conf'
+ event_notification_command='/opt/app/postgresql-prep/bin/repmgrd-status-changes %n %e %s "%t" "%d"'
+
+ #Log level: possible values are DEBUG, INFO, NOTICE, WARNING, ERR, ALERT, CRIT or EMERG
+ loglevel=INFO
+ logfile='$LOGDIR/repmgr.log'
+EOF
+
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/lock-and-create-db-backup b/postgresql-config/src/stage/opt/app/postgresql-config/etc/lock-and-create-db-backup
new file mode 100644
index 0000000..ff942e6
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/lock-and-create-db-backup
@@ -0,0 +1,33 @@
+#!/bin/bash
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this code except in compliance
+# with the License. You may obtain a copy of the License
+# at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+
+if [ -d /opt/app/postgresql-9.5.2 ]
+then PGDIR=${INSTALL_ROOT}/opt/app/postgresql-9.5.2
+else PGDIR=/usr/lib/postgresql/9.5
+fi
+
+export PATH=$PGDIR/bin:${INSTALL_ROOT}/opt/java/jdk/jdk170/bin:${INSTALL_ROOT}/opt/app/cdf/bin:${INSTALL_ROOT}/opt/app/pgaas/bin:$PATH
+
+LOCKFILE=/var/lock/create-db-backup
+
+testlock -s -t 0 -r 99 ${LOCKFILE} create-db-backup
+retc=$?
+
+if [ $retc -eq 99 ]
+then
+ echo Backup is already being created
+fi
+exit $retc
+
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/makecerts b/postgresql-config/src/stage/opt/app/postgresql-config/etc/makecerts
new file mode 100755
index 0000000..a272f7b
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/makecerts
@@ -0,0 +1,97 @@
+#!/bin/bash
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this code except in compliance
+# with the License. You may obtain a copy of the License
+# at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+
+# NAME
+# makecerts - Create elf-signed certificates for PostgreSQL
+#
+# USAGE
+# makecerts [--force-overwrite]
+#
+# FILES
+# /opt/app/postgresql-config/etc
+# ssleay.cnf - template
+# /opt/app/postgresql-config/lib
+# ssl-cert-snakeoil.pem - public key
+# ssl-cert-snakeoil.key - private key
+
+die()
+{
+ echo $0: "$@" 1>&2
+ echo $0: "$@"
+ umask 022
+ echo $0: "$@" >> /tmp/pgaas-failures
+ exit 1
+}
+
+if [ -d ${INSTALL_ROOT}/opt/app/postgresql-config ]
+then dir=${INSTALL_ROOT}/opt/app/postgresql-config
+else dir=${INSTALL_ROOT}/opt/app/postgresql-config-9.5.2
+fi
+etcdir=$dir/etc
+libdir=$dir/lib
+template="$etcdir/ssleay.cnf"
+
+usage()
+{
+ exec 1>&2
+ echo "Usage: $0 [--force-overwrite]"
+ echo "Create self-signed certificates for $dir"
+ exit 1
+}
+
+if [ -f "$libdir/ssl-cert-snakeoil.pem" ] && [ -f "$libdir/ssl-cert-snakeoil.key" ]; then
+ if [ "$1" != "--force-overwrite" ]; then
+ exit 0
+ fi
+fi
+
+# make_snakeoil
+
+if ! HostName="$(hostname -f)" ; then
+ HostName="$(hostname)"
+ echo "$0: Could not get FQDN, using \"$HostName\"."
+ echo "$0: You may want to fix your /etc/hosts and/or DNS setup and run"
+ echo "$0: '$0 --force-overwrite'"
+ echo "$0: again."
+fi
+if [ ${#HostName} -gt 64 ] ; then
+ AltName="DNS:$HostName"
+ HostName="$(hostname)"
+fi
+
+
+TMPFILE="$(mktemp /tmp/tmp.mc1.XXXXXXXXXX)" || die mktemp failed
+TMPOUT="$(mktemp /tmp/tmp.mc2.XXXXXXXXXX)" || die mktemp failed
+
+trap "rm -f $TMPFILE $TMPOUT" EXIT 1 2 3 15
+
+# create_temporary_cnf
+ sed -e s#@HostName@#"$HostName"# $template > $TMPFILE
+ [ -z "$AltName" ] || echo "subjectAltName=$AltName" >> $TMPFILE
+
+# create the certificate.
+
+if ! openssl req -config $TMPFILE -new -x509 -days 3650 -nodes \
+ -out $libdir/ssl-cert-snakeoil.pem \
+ -keyout $libdir/ssl-cert-snakeoil.key > $TMPOUT 2>&1
+then
+ echo Could not create certificate. Openssl output was: >&2
+ cat $TMPOUT >&2
+ die openssl failed
+fi
+chmod 644 $libdir/ssl-cert-snakeoil.pem
+chmod 600 $libdir/ssl-cert-snakeoil.key
+# hash symlink
+ln -sf ssl-cert-snakeoil.pem $libdir/$(openssl x509 -hash -noout -in $libdir/ssl-cert-snakeoil.pem)
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/ssleay.cnf b/postgresql-config/src/stage/opt/app/postgresql-config/etc/ssleay.cnf
new file mode 100644
index 0000000..2b665cc
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/ssleay.cnf
@@ -0,0 +1,33 @@
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this code except in compliance
+# with the License. You may obtain a copy of the License
+# at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+#
+# SSLeay example configuration file.
+#
+
+RANDFILE = /dev/urandom
+
+[ req ]
+default_bits = 2048
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+prompt = no
+policy = policy_anything
+req_extensions = v3_req
+x509_extensions = v3_req
+
+[ req_distinguished_name ]
+commonName = @HostName@
+
+[ v3_req ]
+basicConstraints = CA:FALSE
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/start-db b/postgresql-config/src/stage/opt/app/postgresql-config/etc/start-db
new file mode 100644
index 0000000..2d50b40
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/start-db
@@ -0,0 +1,32 @@
+#!/bin/bash
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this code except in compliance
+# with the License. You may obtain a copy of the License
+# at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+
+set -x
+
+die()
+{
+ echo $0: "$@" 1>&2
+ echo $0: "$@"
+ umask 022
+ echo $0: "$@" >> /tmp/pgaas-failures
+ exit 1
+}
+
+[ -n "$PGDIR" ] || die "PGDIR is not set"
+[ -n "$DBROOT" ] || die "DBROOT is not set"
+[ -n "$CFGDIR" ] || die "CFGDIR is not set"
+
+rm -f $DBROOT/postmaster.pid
+$PGDIR/bin/pg_ctl start -D $DBROOT -o "-c config_file=$CFGDIR/main/postgresql.conf"
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/update-db-master b/postgresql-config/src/stage/opt/app/postgresql-config/etc/update-db-master
new file mode 100644
index 0000000..0c0c238
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/update-db-master
@@ -0,0 +1,63 @@
+#!/bin/bash
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this code except in compliance
+# with the License. You may obtain a copy of the License
+# at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+
+# update a master database
+set -x
+
+die()
+{
+ echo $0: "$@" 1>&2
+ echo $0: "$@"
+ umask 022
+ echo $0: "$@" >> /tmp/pgaas-failures
+ exit 1
+}
+
+[ -n "$PGDIR" ] || die "PGDIR is not set"
+[ -n "$DBROOT" ] || die "DBROOT is not set"
+[ -n "$CFGDIR" ] || die "CFGDIR is not set"
+
+cd $CFGDIR/main || die "Cannot cd $CFGDIR/main"
+
+PATH=${INSTALL_ROOT}/opt/app/postgresql-prep/bin:$CFGDIR/etc:$PGDIR/bin:$PATH
+
+# update postgresql.conf - got new ones
+# update pg_hba.conf - got new ones
+# set up repmgr.conf - in common
+
+# start the DB
+start-db
+sleep 10
+
+# make sure the postgres password is right
+$CFGDIR/etc/update-postgres-user
+
+# create temporal tables and other extensions, if needed
+$CFGDIR/etc/create-extensions
+
+# create repmgr user/db, if needed
+$CFGDIR/etc/create-repmgr-user
+
+# register as master
+repmgr -f $CFGDIR/main/repmgr.conf master register
+echo repmgr ret=$?
+
+# start repmgrd
+# start repmgrd (verbose logging for testing)
+umask 07
+repmgrd -f $CFGDIR/main/repmgr.conf -d --verbose
+echo repmgrd ret=$?
+# start repmgrd (normal logging)
+# repmgrd -f $CFGDIR/main/repmgr.conf -d
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/update-db-secondary b/postgresql-config/src/stage/opt/app/postgresql-config/etc/update-db-secondary
new file mode 100644
index 0000000..b819865
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/update-db-secondary
@@ -0,0 +1,95 @@
+#!/bin/bash
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this code except in compliance
+# with the License. You may obtain a copy of the License
+# at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+
+# update a secondary database
+set -x
+
+die()
+{
+ echo $0: "$@" 1>&2
+ echo $0: "$@"
+ umask 022
+ echo $0: "$@" >> /tmp/pgaas-failures
+ exit 1
+}
+
+[ -n "$MASTER" ] || die "MASTER is not set"
+[ -n "$PGDIR" ] || die "PGDIR is not set"
+[ -n "$DBROOT" ] || die "DBROOT is not set"
+[ -n "$CFGDIR" ] || die "CFGDIR is not set"
+
+cd $CFGDIR/main || die "Cannot cd $CFGDIR/main"
+
+PATH=${INSTALL_ROOT}/opt/app/postgresql-prep/bin:$CFGDIR/etc:$PGDIR/bin:$PATH
+
+umask 077
+TMP=$(mktemp /tmp/tmp.uds1.XXXXXXXXXX)
+trap 'rm -f $TMP' 0 1 2 3 15
+
+# update postgresql.conf - got new ones
+# update pg_hba.conf - got new ones
+# set up repmgr.conf - in common
+
+# replace/update recovery.conf
+if [ -f $DBROOT/recovery.conf ];then mv $DBROOT/recovery.conf $DBROOT/recovery.conf.upgraded;fi
+$CFGDIR/etc/gen-recovery.conf
+
+# wait until master DB is active and has repmgr available
+max=40
+for s in `seq $max`
+do
+ echo "$s of $max: Asking master $MASTER if repmgr is ready"
+ pgwget --progress=dot:giga -O$TMP http://$MASTER:8000/hasrepmgr
+ if [ -s $TMP ]
+ then
+ msg=$(cat $TMP)
+ case $msg in
+ OK* )
+ echo "Master has repmgr ready"
+ done=yes
+ break
+ ;;
+ * )
+ echo "Master does not have repmgr ready, msg=$msg"
+ ;;
+ esac
+ fi
+ rm -f $TMP
+ sleep 15
+done
+[ "$done" = "yes" ] || die "Master never had repmgr available"
+
+
+$CFGDIR/etc/start-db
+
+sleep 10
+
+# make sure the postgres password is right
+$CFGDIR/etc/update-postgres-user
+
+# register as standby
+repmgr -f $CFGDIR/main/repmgr.conf standby register
+echo repmgr ret=$?
+sleep 10
+
+# start repmgrd
+# start repmgrd (verbose logging for testing)
+umask 07
+repmgrd -f $CFGDIR/main/repmgr.conf -d --verbose
+echo repmgrd ret=$?
+# start repmgrd (normal logging)
+# repmgrd -f $CFGDIR/main/repmgr.conf -d
+
+chmod 600 recovery.conf
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/etc/update-postgres-user b/postgresql-config/src/stage/opt/app/postgresql-config/etc/update-postgres-user
new file mode 100644
index 0000000..b7f3762
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/etc/update-postgres-user
@@ -0,0 +1,34 @@
+#!/bin/bash
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this code except in compliance
+# with the License. You may obtain a copy of the License
+# at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+
+set -x
+
+die()
+{
+ echo $0: "$@" 1>&2
+ echo $0: "$@"
+ umask 022
+ echo $0: "$@" >> /tmp/pgaas-failures
+ exit 1
+}
+
+[ -n "$PGDIR" ] || die "PGDIR is not set"
+
+PATH=${INSTALL_ROOT}/opt/app/postgresql-prep/bin:$PGDIR/bin:$PATH
+pswd=$( ${INSTALL_ROOT}/opt/app/cdf/bin/getpropvalue -x -n postgres )
+
+psql <<-EOF
+ ALTER USER postgres PASSWORD '$pswd';
+ EOF
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/lib/profile.additions b/postgresql-config/src/stage/opt/app/postgresql-config/lib/profile.additions
new file mode 100644
index 0000000..3ee8128
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/lib/profile.additions
@@ -0,0 +1,6 @@
+
+if [ -d /opt/app/postgresql-9.5.2 ]
+then PGDIR=/opt/app/postgresql-9.5.2
+else PGDIR=/usr/lib/postgresql/9.5
+fi
+export PATH="$PGDIR/bin:/opt/app/cdf/bin:/opt/app/pgaas/bin:/opt/app/postgresql-prep/bin:$PATH"
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/main/pg_hba.conf.orig b/postgresql-config/src/stage/opt/app/postgresql-config/main/pg_hba.conf.orig
new file mode 100644
index 0000000..7bf51c1
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/main/pg_hba.conf.orig
@@ -0,0 +1,127 @@
+# PostgreSQL Client Authentication Configuration File
+# ===================================================
+#
+# Refer to the "Client Authentication" section in the PostgreSQL
+# documentation for a complete description of this file. A short
+# synopsis follows.
+#
+# This file controls: which hosts are allowed to connect, how clients
+# are authenticated, which PostgreSQL user names they can use, which
+# databases they can access. Records take one of these forms:
+#
+# local DATABASE USER METHOD [OPTIONS]
+# host DATABASE USER ADDRESS METHOD [OPTIONS]
+# hostssl DATABASE USER ADDRESS METHOD [OPTIONS]
+# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS]
+#
+# (The uppercase items must be replaced by actual values.)
+#
+# The first field is the connection type: "local" is a Unix-domain
+# socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
+# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
+# plain TCP/IP socket.
+#
+# DATABASE can be "all", "sameuser", "samerole", "replication", a
+# database name, or a comma-separated list thereof. The "all"
+# keyword does not match "replication". Access to replication
+# must be enabled in a separate record (see example below).
+#
+# USER can be "all", a user name, a group name prefixed with "+", or a
+# comma-separated list thereof. In both the DATABASE and USER fields
+# you can also write a file name prefixed with "@" to include names
+# from a separate file.
+#
+# ADDRESS specifies the set of hosts the record matches. It can be a
+# host name, or it is made up of an IP address and a CIDR mask that is
+# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
+# specifies the number of significant bits in the mask. A host name
+# that starts with a dot (.) matches a suffix of the actual host name.
+# Alternatively, you can write an IP address and netmask in separate
+# columns to specify the set of hosts. Instead of a CIDR-address, you
+# can write "samehost" to match any of the server's own IP addresses,
+# or "samenet" to match any address in any subnet that the server is
+# directly connected to.
+#
+# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi",
+# "ident", "peer", "pam", "ldap", "radius" or "cert". Note that
+# "password" sends passwords in clear text; "md5" is preferred since
+# it sends encrypted passwords.
+#
+# OPTIONS are a set of options for the authentication in the format
+# NAME=VALUE. The available options depend on the different
+# authentication methods -- refer to the "Client Authentication"
+# section in the documentation for a list of which options are
+# available for which authentication methods.
+#
+# Database and user names containing spaces, commas, quotes and other
+# special characters must be quoted. Quoting one of the keywords
+# "all", "sameuser", "samerole" or "replication" makes the name lose
+# its special character, and just match a database or username with
+# that name.
+#
+# This file is read on server startup and when the postmaster receives
+# a SIGHUP signal. If you edit the file on a running system, you have
+# to SIGHUP the postmaster for the changes to take effect. You can
+# use "pg_ctl reload" to do that.
+
+# Put your actual configuration here
+# ----------------------------------
+#
+# If you want to allow non-local connections, you need to add more
+# "host" records. In that case you will also need to make PostgreSQL
+# listen on a non-local interface via the listen_addresses
+# configuration parameter, or via the -i or -h command line switches.
+
+### @authcomment@
+###
+### # TYPE DATABASE USER ADDRESS METHOD
+###
+### @remove-line-for-nolocal@# "local" is for Unix domain socket connections only
+### @remove-line-for-nolocal@local all all @authmethodlocal@
+### # IPv4 local connections:
+### host all all 127.0.0.1/32 @authmethodhost@
+### # IPv6 local connections:
+### host all all ::1/128 @authmethodhost@
+### # Allow replication connections from localhost, by a user with the
+### # replication privilege.
+### @remove-line-for-nolocal@#local replication @default_username@ @authmethodlocal@
+### #host replication @default_username@ 127.0.0.1/32 @authmethodhost@
+### #host replication @default_username@ ::1/128 @authmethodhost@
+
+# DO NOT DISABLE!
+# If you change this first entry you will need to make sure that the
+# database superuser can access the database using some other method.
+# Noninteractive access to all databases is required during automatic
+# maintenance (custom daily cronjobs, replication, and similar tasks).
+#
+# Database administrative login by Unix domain socket
+local all postgres peer
+
+# TYPE DATABASE USER ADDRESS METHOD
+
+# DCAE IPv4/IPv6 remote connections:
+host all all 0.0.0.0/0 md5
+host all all ::/0 md5
+
+# "local" is for Unix domain socket connections only
+local all all peer
+# IPv4 local connections:
+host all all 127.0.0.1/32 md5
+# IPv6 local connections:
+host all all ::1/128 md5
+# Allow replication connections from localhost, by a user with the
+# replication privilege.
+# local replication postgres peer
+# host replication postgres 127.0.0.1/32 md5
+# host replication postgres 0.0.0.0/0 md5
+# host replication postgres ::1/128 md5
+
+local replication repmgr md5
+host replication repmgr 127.0.0.1/32 md5
+host replication repmgr 0.0.0.0/0 md5
+host replication repmgr ::1/128 md5
+
+local repmgr repmgr md5
+host repmgr repmgr 127.0.0.1/32 md5
+host repmgr repmgr 0.0.0.0/0 md5
+host repmgr repmgr ::1/128 md5
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/main/pg_ident.conf b/postgresql-config/src/stage/opt/app/postgresql-config/main/pg_ident.conf
new file mode 100644
index 0000000..a5870e6
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/main/pg_ident.conf
@@ -0,0 +1,42 @@
+# PostgreSQL User Name Maps
+# =========================
+#
+# Refer to the PostgreSQL documentation, chapter "Client
+# Authentication" for a complete description. A short synopsis
+# follows.
+#
+# This file controls PostgreSQL user name mapping. It maps external
+# user names to their corresponding PostgreSQL user names. Records
+# are of the form:
+#
+# MAPNAME SYSTEM-USERNAME PG-USERNAME
+#
+# (The uppercase quantities must be replaced by actual values.)
+#
+# MAPNAME is the (otherwise freely chosen) map name that was used in
+# pg_hba.conf. SYSTEM-USERNAME is the detected user name of the
+# client. PG-USERNAME is the requested PostgreSQL user name. The
+# existence of a record specifies that SYSTEM-USERNAME may connect as
+# PG-USERNAME.
+#
+# If SYSTEM-USERNAME starts with a slash (/), it will be treated as a
+# regular expression. Optionally this can contain a capture (a
+# parenthesized subexpression). The substring matching the capture
+# will be substituted for \1 (backslash-one) if present in
+# PG-USERNAME.
+#
+# Multiple maps may be specified in this file and used by pg_hba.conf.
+#
+# No map names are defined in the default configuration. If all
+# system user names and PostgreSQL user names are the same, you don't
+# need anything in this file.
+#
+# This file is read on server startup and when the postmaster receives
+# a SIGHUP signal. If you edit the file on a running system, you have
+# to SIGHUP the postmaster for the changes to take effect. You can
+# use "pg_ctl reload" to do that.
+
+# Put your actual configuration here
+# ----------------------------------
+
+# MAPNAME SYSTEM-USERNAME PG-USERNAME
diff --git a/postgresql-config/src/stage/opt/app/postgresql-config/main/postgresql.conf.orig b/postgresql-config/src/stage/opt/app/postgresql-config/main/postgresql.conf.orig
new file mode 100644
index 0000000..b2587db
--- /dev/null
+++ b/postgresql-config/src/stage/opt/app/postgresql-config/main/postgresql.conf.orig
@@ -0,0 +1,655 @@
+# -----------------------------
+# PostgreSQL configuration file
+# -----------------------------
+#
+# This file consists of lines of the form:
+#
+# name = value
+#
+# (The "=" is optional.) Whitespace may be used. Comments are introduced with
+# "#" anywhere on a line. The complete list of parameter names and allowed
+# values can be found in the PostgreSQL documentation.
+#
+# The commented-out settings shown in this file represent the default values.
+# Re-commenting a setting is NOT sufficient to revert it to the default value;
+# you need to reload the server.
+#
+# This file is read on server startup and when the server receives a SIGHUP
+# signal. If you edit the file on a running system, you have to SIGHUP the
+# server for the changes to take effect, or use "pg_ctl reload". Some
+# parameters, which are marked below, require a server shutdown and restart to
+# take effect.
+#
+# Any parameter can also be given as a command-line option to the server, e.g.,
+# "postgres -c log_connections=on". Some parameters can be changed at run time
+# with the "SET" SQL command.
+#
+# Memory units: kB = kilobytes Time units: ms = milliseconds
+# MB = megabytes s = seconds
+# GB = gigabytes min = minutes
+# TB = terabytes h = hours
+# d = days
+
+
+#------------------------------------------------------------------------------
+# FILE LOCATIONS
+#------------------------------------------------------------------------------
+
+# The default values of these variables are driven from the -D command-line
+# option or PGDATA environment variable, represented here as ConfigDir.
+
+data_directory = '/dbroot/pgdata/main' # for DCAE
+#data_directory = 'ConfigDir' # use data in another directory
+ # (change requires restart)
+hba_file = '%CFGDIR%/main/pg_hba.conf' # for DCAE
+#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file
+ # (change requires restart)
+ident_file = '%CFGDIR%/main/pg_ident.conf' # for DCAE
+#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file
+ # (change requires restart)
+
+# If external_pid_file is not explicitly set, no extra PID file is written.
+external_pid_file = '/var/run/postgresql/9.5-main.pid' # for DCAE
+#external_pid_file = '' # write an extra PID file
+ # (change requires restart)
+
+
+#------------------------------------------------------------------------------
+# CONNECTIONS AND AUTHENTICATION
+#------------------------------------------------------------------------------
+
+# - Connection Settings -
+
+# DCAE -- for 1607 IST30, set to '*' to allow remote connections
+listen_addresses = '*' # for DCAE
+
+#listen_addresses = 'localhost' # what IP address(es) to listen on;
+ # comma-separated list of addresses;
+ # defaults to 'localhost'; use '*' for all
+ # (change requires restart)
+#port = 5432 # (change requires restart)
+#max_connections = 100 # (change requires restart)
+# Note: Increasing max_connections costs ~400 bytes of shared memory per
+# connection slot, plus lock space (see max_locks_per_transaction).
+#superuser_reserved_connections = 3 # (change requires restart)
+unix_socket_directories = '/var/run/postgresql,/tmp' # for DCAE
+#unix_socket_directories = '/tmp' # comma-separated list of directories
+ # (change requires restart)
+#unix_socket_group = '' # (change requires restart)
+#unix_socket_permissions = 0777 # begin with 0 to use octal notation
+ # (change requires restart)
+#bonjour = off # advertise server via Bonjour
+ # (change requires restart)
+#bonjour_name = '' # defaults to the computer name
+ # (change requires restart)
+
+# - Security and Authentication -
+
+#authentication_timeout = 1min # 1s-600s
+ssl = true # for DCAE
+#ssl = off # (change requires restart)
+#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
+ # (change requires restart)
+#ssl_prefer_server_ciphers = on # (change requires restart)
+#ssl_ecdh_curve = 'prime256v1' # (change requires restart)
+ssl_cert_file = '%CFGDIR%/lib/ssl-cert-snakeoil.pem' # for DCAE
+#ssl_cert_file = 'server.crt' # (change requires restart)
+ssl_key_file = '%CFGDIR%/lib/ssl-cert-snakeoil.key' # for DCAE
+#ssl_key_file = 'server.key' # (change requires restart)
+#ssl_ca_file = '' # (change requires restart)
+#ssl_crl_file = '' # (change requires restart)
+#password_encryption = on
+#db_user_namespace = off
+#row_security = on
+
+# GSSAPI using Kerberos
+#krb_server_keyfile = ''
+#krb_caseins_users = off
+
+# - TCP Keepalives -
+# see "man 7 tcp" for details
+
+#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds;
+ # 0 selects the system default
+#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds;
+ # 0 selects the system default
+#tcp_keepalives_count = 0 # TCP_KEEPCNT;
+ # 0 selects the system default
+
+
+#------------------------------------------------------------------------------
+# RESOURCE USAGE (except WAL)
+#------------------------------------------------------------------------------
+
+# - Memory -
+
+#shared_buffers = 32MB # min 128kB
+ # (change requires restart)
+#huge_pages = try # on, off, or try
+ # (change requires restart)
+#temp_buffers = 8MB # min 800kB
+#max_prepared_transactions = 0 # zero disables the feature
+ # (change requires restart)
+# Note: Increasing max_prepared_transactions costs ~600 bytes of shared memory
+# per transaction slot, plus lock space (see max_locks_per_transaction).
+# It is not advisable to set max_prepared_transactions nonzero unless you
+# actively intend to use prepared transactions.
+#work_mem = 4MB # min 64kB
+#maintenance_work_mem = 64MB # min 1MB
+#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem
+#max_stack_depth = 2MB # min 100kB
+#dynamic_shared_memory_type = posix # the default is the first option
+ # supported by the operating system:
+ # posix
+ # sysv
+ # windows
+ # mmap
+ # use none to disable dynamic shared memory
+
+# - Disk -
+
+#temp_file_limit = -1 # limits per-session temp file space
+ # in kB, or -1 for no limit
+
+# - Kernel Resource Usage -
+
+#max_files_per_process = 1000 # min 25
+ # (change requires restart)
+#shared_preload_libraries = '' # (change requires restart)
+
+# - Cost-Based Vacuum Delay -
+
+#vacuum_cost_delay = 0 # 0-100 milliseconds
+#vacuum_cost_page_hit = 1 # 0-10000 credits
+#vacuum_cost_page_miss = 10 # 0-10000 credits
+#vacuum_cost_page_dirty = 20 # 0-10000 credits
+#vacuum_cost_limit = 200 # 1-10000 credits
+
+# - Background Writer -
+
+#bgwriter_delay = 200ms # 10-10000ms between rounds
+#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round
+#bgwriter_lru_multiplier = 2.0 # 0-10.0 multipler on buffers scanned/round
+
+# - Asynchronous Behavior -
+
+#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching
+#max_worker_processes = 8
+
+
+#------------------------------------------------------------------------------
+# WRITE AHEAD LOG
+#------------------------------------------------------------------------------
+
+# - Settings -
+
+# TLH - this is where we do WAL settings
+wal_level = hot_standby # minimal, archive, hot_standby, or logical
+ # (change requires restart)
+#fsync = on # turns forced synchronization on or off
+#synchronous_commit = on # synchronization level;
+ # off, local, remote_write, or on
+#wal_sync_method = fsync # the default is the first option
+ # supported by the operating system:
+ # open_datasync
+ # fdatasync (default on Linux)
+ # fsync
+ # fsync_writethrough
+ # open_sync
+#full_page_writes = on # recover from partial page writes
+#wal_compression = off # enable compression of full-page writes
+wal_log_hints = on # also do full page writes of non-critical updates
+ # (change requires restart)
+#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers
+ # (change requires restart)
+#wal_writer_delay = 200ms # 1-10000 milliseconds
+
+#commit_delay = 0 # range 0-100000, in microseconds
+#commit_siblings = 5 # range 1-1000
+
+# - Checkpoints -
+
+#checkpoint_timeout = 5min # range 30s-1h
+#max_wal_size = 1GB
+#min_wal_size = 80MB
+#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0
+#checkpoint_warning = 30s # 0 disables
+
+# - Archiving -
+
+archive_mode = on # enables archiving; off, on, or always
+ # (change requires restart)
+archive_command = 'test ! -f /dbroot/pglogs/main/%f && cp %p /dbroot/pglogs/main/%f'
+ # command to use to archive a logfile segment
+ # placeholders: %p = path of file to archive
+ # %f = file name only
+ # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f'
+archive_timeout = 0 # force a logfile segment switch after this
+ # number of seconds; 0 disables
+
+
+#------------------------------------------------------------------------------
+# REPLICATION
+#------------------------------------------------------------------------------
+
+# - Sending Server(s) -
+
+# Set these on the master and on any standby that will send replication data.
+
+max_wal_senders = 4 # max number of walsender processes
+ # (change requires restart)
+#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables
+#wal_sender_timeout = 60s # in milliseconds; 0 disables
+
+max_replication_slots = 5 # max number of replication slots
+ # (change requires restart)
+ # DCAE NOTE: if we ever grow our cluster, change this value to
+ # the number of nodes + 1
+#track_commit_timestamp = off # collect timestamp of transaction commit
+ # (change requires restart)
+
+# - Master Server -
+
+# These settings are ignored on a standby server.
+
+#synchronous_standby_names = '' # standby servers that provide sync rep
+ # comma-separated list of application_name
+ # from standby(s); '*' = all
+#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed
+
+# - Standby Servers -
+
+# These settings are ignored on a master server.
+
+hot_standby = on # "on" allows queries during recovery
+ # (change requires restart)
+#max_standby_archive_delay = 30s # max delay before canceling queries
+ # when reading WAL from archive;
+ # -1 allows indefinite delay
+#max_standby_streaming_delay = 30s # max delay before canceling queries
+ # when reading streaming WAL;
+ # -1 allows indefinite delay
+#wal_receiver_status_interval = 10s # send replies at least this often
+ # 0 disables
+#hot_standby_feedback = off # send info from standby to prevent
+ # query conflicts
+#wal_receiver_timeout = 60s # time that receiver waits for
+ # communication from master
+ # in milliseconds; 0 disables
+#wal_retrieve_retry_interval = 5s # time to wait before retrying to
+ # retrieve WAL after a failed attempt
+
+
+#------------------------------------------------------------------------------
+# QUERY TUNING
+#------------------------------------------------------------------------------
+
+# - Planner Method Configuration -
+
+#enable_bitmapscan = on
+#enable_hashagg = on
+#enable_hashjoin = on
+#enable_indexscan = on
+#enable_indexonlyscan = on
+#enable_material = on
+#enable_mergejoin = on
+#enable_nestloop = on
+#enable_seqscan = on
+#enable_sort = on
+#enable_tidscan = on
+
+# - Planner Cost Constants -
+
+#seq_page_cost = 1.0 # measured on an arbitrary scale
+#random_page_cost = 4.0 # same scale as above
+#cpu_tuple_cost = 0.01 # same scale as above
+#cpu_index_tuple_cost = 0.005 # same scale as above
+#cpu_operator_cost = 0.0025 # same scale as above
+#effective_cache_size = 4GB
+
+# - Genetic Query Optimizer -
+
+#geqo = on
+#geqo_threshold = 12
+#geqo_effort = 5 # range 1-10
+#geqo_pool_size = 0 # selects default based on effort
+#geqo_generations = 0 # selects default based on effort
+#geqo_selection_bias = 2.0 # range 1.5-2.0
+#geqo_seed = 0.0 # range 0.0-1.0
+
+# - Other Planner Options -
+
+#default_statistics_target = 100 # range 1-10000
+#constraint_exclusion = partition # on, off, or partition
+#cursor_tuple_fraction = 0.1 # range 0.0-1.0
+#from_collapse_limit = 8
+#join_collapse_limit = 8 # 1 disables collapsing of explicit
+ # JOIN clauses
+
+
+#------------------------------------------------------------------------------
+# ERROR REPORTING AND LOGGING
+#------------------------------------------------------------------------------
+
+# - Where to Log -
+
+#log_destination = 'stderr' # Valid values are combinations of
+ # stderr, csvlog, syslog, and eventlog,
+ # depending on platform. csvlog
+ # requires logging_collector to be on.
+
+# This is used when logging to stderr:
+logging_collector = on # for DCAE
+#logging_collector = off # Enable capturing of stderr and csvlog
+ # into log files. Required to be on for
+ # csvlogs.
+ # (change requires restart)
+
+# These are only used if logging_collector is on:
+log_directory = '/opt/app/log/postgresql/server' # for DCAE
+#log_directory = 'pg_log' # directory where log files are written,
+ # can be absolute or relative to PGDATA
+log_filename = 'error.log' # for DCAE
+#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern,
+ # can include strftime() escapes
+log_file_mode = 0666 # for DCAE
+#log_file_mode = 0600 # creation mode for log files,
+ # begin with 0 to use octal notation
+#log_truncate_on_rotation = off # If on, an existing log file with the
+ # same name as the new log file will be
+ # truncated rather than appended to.
+ # But such truncation only occurs on
+ # time-driven rotation, not on restarts
+ # or size-driven rotation. Default is
+ # off, meaning append to existing files
+ # in all cases.
+log_rotation_age = 1d # for DCAE
+#log_rotation_age = 1d # Automatic rotation of logfiles will
+ # happen after that time. 0 disables.
+log_rotation_size = 0 # for DCAE
+#log_rotation_size = 10MB # Automatic rotation of logfiles will
+ # happen after that much log output.
+ # 0 disables.
+
+# These are relevant when logging to syslog:
+#syslog_facility = 'LOCAL0'
+#syslog_ident = 'postgres'
+
+# This is only relevant when logging to eventlog (win32):
+#event_source = 'PostgreSQL'
+
+# - When to Log -
+
+#client_min_messages = notice # values in order of decreasing detail:
+ # debug5
+ # debug4
+ # debug3
+ # debug2
+ # debug1
+ # log
+ # notice
+ # warning
+ # error
+
+#log_min_messages = warning # values in order of decreasing detail:
+ # debug5
+ # debug4
+ # debug3
+ # debug2
+ # debug1
+ # info
+ # notice
+ # warning
+ # error
+ # log
+ # fatal
+ # panic
+
+#log_min_error_statement = error # values in order of decreasing detail:
+ # debug5
+ # debug4
+ # debug3
+ # debug2
+ # debug1
+ # info
+ # notice
+ # warning
+ # error
+ # log
+ # fatal
+ # panic (effectively off)
+
+#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements
+ # and their durations, > 0 logs only
+ # statements running at least this number
+ # of milliseconds
+
+
+# - What to Log -
+
+#debug_print_parse = off
+#debug_print_rewritten = off
+#debug_print_plan = off
+#debug_pretty_print = on
+#log_checkpoints = off
+#log_connections = off
+#log_disconnections = off
+#log_duration = off
+#log_error_verbosity = default # terse, default, or verbose messages
+#log_hostname = off
+log_line_prefix = '%t|%a|%u|%d|%i|%e|%r|%c|' # for DCAE
+#log_line_prefix = '' # special values:
+ # %a = application name
+ # %u = user name
+ # %d = database name
+ # %r = remote host and port
+ # %h = remote host
+ # %p = process ID
+ # %t = timestamp without milliseconds
+ # %m = timestamp with milliseconds
+ # %i = command tag
+ # %e = SQL state
+ # %c = session ID
+ # %l = session line number
+ # %s = session start timestamp
+ # %v = virtual transaction ID
+ # %x = transaction ID (0 if none)
+ # %q = stop here in non-session
+ # processes
+ # %% = '%'
+ # e.g. '<%u%%%d> '
+#log_lock_waits = off # log lock waits >= deadlock_timeout
+#log_statement = 'none' # none, ddl, mod, all
+#log_replication_commands = off
+#log_temp_files = -1 # log temporary files equal or larger
+ # than the specified size in kilobytes;
+ # -1 disables, 0 logs all temp files
+#log_timezone = 'GMT'
+
+
+# - Process Title -
+
+#cluster_name = '' # added to process titles if nonempty
+ # (change requires restart)
+#update_process_title = on
+
+
+#------------------------------------------------------------------------------
+# RUNTIME STATISTICS
+#------------------------------------------------------------------------------
+
+# - Query/Index Statistics Collector -
+
+#track_activities = on
+#track_counts = on
+#track_io_timing = off
+#track_functions = none # none, pl, all
+#track_activity_query_size = 1024 # (change requires restart)
+#stats_temp_directory = 'pg_stat_tmp'
+
+
+# - Statistics Monitoring -
+
+#log_parser_stats = off
+#log_planner_stats = off
+#log_executor_stats = off
+#log_statement_stats = off
+
+
+#------------------------------------------------------------------------------
+# AUTOVACUUM PARAMETERS
+#------------------------------------------------------------------------------
+
+#autovacuum = on # Enable autovacuum subprocess? 'on'
+ # requires track_counts to also be on.
+#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and
+ # their durations, > 0 logs only
+ # actions running at least this number
+ # of milliseconds.
+#autovacuum_max_workers = 3 # max number of autovacuum subprocesses
+ # (change requires restart)
+#autovacuum_naptime = 1min # time between autovacuum runs
+#autovacuum_vacuum_threshold = 50 # min number of row updates before
+ # vacuum
+#autovacuum_analyze_threshold = 50 # min number of row updates before
+ # analyze
+#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum
+#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze
+#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum
+ # (change requires restart)
+#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age
+ # before forced vacuum
+ # (change requires restart)
+#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for
+ # autovacuum, in milliseconds;
+ # -1 means use vacuum_cost_delay
+#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for
+ # autovacuum, -1 means use
+ # vacuum_cost_limit
+
+
+#------------------------------------------------------------------------------
+# CLIENT CONNECTION DEFAULTS
+#------------------------------------------------------------------------------
+
+# - Statement Behavior -
+
+#search_path = '"$user", public' # schema names
+#default_tablespace = '' # a tablespace name, '' uses the default
+#temp_tablespaces = '' # a list of tablespace names, '' uses
+ # only default tablespace
+#check_function_bodies = on
+#default_transaction_isolation = 'read committed'
+#default_transaction_read_only = off
+#default_transaction_deferrable = off
+#session_replication_role = 'origin'
+#statement_timeout = 0 # in milliseconds, 0 is disabled
+#lock_timeout = 0 # in milliseconds, 0 is disabled
+#vacuum_freeze_min_age = 50000000
+#vacuum_freeze_table_age = 150000000
+#vacuum_multixact_freeze_min_age = 5000000
+#vacuum_multixact_freeze_table_age = 150000000
+#bytea_output = 'hex' # hex, escape
+#xmlbinary = 'base64'
+#xmloption = 'content'
+#gin_fuzzy_search_limit = 0
+#gin_pending_list_limit = 4MB
+
+# - Locale and Formatting -
+
+#datestyle = 'iso, mdy'
+#intervalstyle = 'postgres'
+#timezone = 'GMT'
+#timezone_abbreviations = 'Default' # Select the set of available time zone
+ # abbreviations. Currently, there are
+ # Default
+ # Australia (historical usage)
+ # India
+ # You can create your own file in
+ # share/timezonesets/.
+#extra_float_digits = 0 # min -15, max 3
+#client_encoding = sql_ascii # actually, defaults to database
+ # encoding
+
+# These settings are initialized by initdb, but they can be changed.
+#lc_messages = 'C' # locale for system error message
+ # strings
+#lc_monetary = 'C' # locale for monetary formatting
+#lc_numeric = 'C' # locale for number formatting
+#lc_time = 'C' # locale for time formatting
+
+# default configuration for text search
+#default_text_search_config = 'pg_catalog.simple'
+
+# - Other Defaults -
+
+#dynamic_library_path = '$libdir'
+#local_preload_libraries = ''
+#session_preload_libraries = ''
+
+
+#------------------------------------------------------------------------------
+# LOCK MANAGEMENT
+#------------------------------------------------------------------------------
+
+#deadlock_timeout = 1s
+#max_locks_per_transaction = 64 # min 10
+ # (change requires restart)
+# Note: Each lock table slot uses ~270 bytes of shared memory, and there are
+# max_locks_per_transaction * (max_connections + max_prepared_transactions)
+# lock table slots.
+#max_pred_locks_per_transaction = 64 # min 10
+ # (change requires restart)
+
+
+#------------------------------------------------------------------------------
+# VERSION/PLATFORM COMPATIBILITY
+#------------------------------------------------------------------------------
+
+# - Previous PostgreSQL Versions -
+
+#array_nulls = on
+#backslash_quote = safe_encoding # on, off, or safe_encoding
+#default_with_oids = off
+#escape_string_warning = on
+#lo_compat_privileges = off
+#operator_precedence_warning = off
+#quote_all_identifiers = off
+#sql_inheritance = on
+#standard_conforming_strings = on
+#synchronize_seqscans = on
+
+# - Other Platforms and Clients -
+
+#transform_null_equals = off
+
+
+#------------------------------------------------------------------------------
+# ERROR HANDLING
+#------------------------------------------------------------------------------
+
+#exit_on_error = off # terminate session on any error?
+#restart_after_crash = on # reinitialize after backend crash?
+
+
+#------------------------------------------------------------------------------
+# CONFIG FILE INCLUDES
+#------------------------------------------------------------------------------
+
+# These options allow settings to be loaded from files other than the
+# default postgresql.conf.
+
+#include_dir = 'conf.d' # include files ending in '.conf' from
+ # directory 'conf.d'
+#include_if_exists = 'exists.conf' # include file only if it exists
+#include = 'special.conf' # include file
+
+
+#------------------------------------------------------------------------------
+# CUSTOMIZED OPTIONS
+#------------------------------------------------------------------------------
+
+# Add settings for extensions here
+
+# repmgr / repmgrd
+shared_preload_libraries = 'repmgr_funcs'