From 3bab31bbe5c44db96944e3088691a94cdb357acc Mon Sep 17 00:00:00 2001 From: mohit Date: Thu, 25 Jul 2024 15:27:51 +0000 Subject: [PATCH 01/31] Added db service with barman disaster recovery feature --- common/db/Dockerfile | 36 +++++ common/db/config/pg_hba.conf.template | 6 + common/db/config/postgresql.conf.template | 4 + common/db/docker-compose.yaml | 36 +++++ docker-compose.yaml.example | 1 + scripts/setup-barman.sh | 169 ++++++++++++++++++++++ 6 files changed, 252 insertions(+) create mode 100644 common/db/Dockerfile create mode 100644 common/db/config/pg_hba.conf.template create mode 100644 common/db/config/postgresql.conf.template create mode 100644 common/db/docker-compose.yaml create mode 100644 scripts/setup-barman.sh diff --git a/common/db/Dockerfile b/common/db/Dockerfile new file mode 100644 index 0000000..77db366 --- /dev/null +++ b/common/db/Dockerfile @@ -0,0 +1,36 @@ +FROM samagragovernance/postgres:1.0.1-pg15 + +ARG ENABLE_BARMAN +ARG ID_RSA +ARG ID_RSA_PUB +ARG BARMAN_SERVER + +ADD config/postgresql.conf.template /etc/postgresql/postgresql.conf.template +ADD config/pg_hba.conf.template /etc/postgresql/pg_hba.conf.template + +RUN apk update && \ + apk add envsubst && \ + envsubst < /etc/postgresql/postgresql.conf.template > /etc/postgresql/postgresql.conf && \ + envsubst < /etc/postgresql/pg_hba.conf.template > /etc/postgresql/pg_hba.conf; + +RUN if [ "$ENABLE_BARMAN" = "true" ]; then \ + apk update && \ + apk add openrc openssh-server openssh rsync && \ + mkdir -p /run/openrc && \ + touch /run/openrc/softlevel && \ + ssh-keygen -A && \ + echo -e "PasswordAuthentication no" >> /etc/ssh/sshd_config && \ + mkdir -p /var/lib/postgresql/.ssh && \ + echo "" > /var/lib/postgresql/.ssh/known_hosts && \ + echo "$ID_RSA" | base64 -d > /var/lib/postgresql/.ssh/id_rsa && \ + echo "$ID_RSA_PUB" | base64 -d > /var/lib/postgresql/.ssh/id_rsa.pub && \ + chmod 0600 /var/lib/postgresql/.ssh/id_rsa && \ + echo -e "Host *\n\tStrictHostKeyChecking no" > /var/lib/postgresql/.ssh/config && \ + passwd -u postgres && \ + chown -R postgres:postgres /var/lib/postgresql/.ssh; \ +fi + +EXPOSE 22 +EXPOSE 5432 + + diff --git a/common/db/config/pg_hba.conf.template b/common/db/config/pg_hba.conf.template new file mode 100644 index 0000000..fd6dbdf --- /dev/null +++ b/common/db/config/pg_hba.conf.template @@ -0,0 +1,6 @@ +# TYPE DATABASE USER ADDRESS METHOD +local all all trust +host all all localhost trust +host replication streaming_barman ${BARMAN_SERVER}/32 md5 +host all barman ${BARMAN_SERVER}/32 md5 + diff --git a/common/db/config/postgresql.conf.template b/common/db/config/postgresql.conf.template new file mode 100644 index 0000000..1ceedef --- /dev/null +++ b/common/db/config/postgresql.conf.template @@ -0,0 +1,4 @@ +listen_addresses = '*' +wal_level = replica +archive_mode = on +archive_command = 'rsync -a %p barman@${BARMAN_SERVER}:/var/lib/barman/pg_db/incoming/%f' diff --git a/common/db/docker-compose.yaml b/common/db/docker-compose.yaml new file mode 100644 index 0000000..43cab27 --- /dev/null +++ b/common/db/docker-compose.yaml @@ -0,0 +1,36 @@ +services: + db: + build: + context: ./ + dockerfile: Dockerfile + args: + ENABLE_BARMAN: ${ENABLE_BARMAN} + BARMAN_SERVER: ${BARMAN_SERVER} + ID_RSA: ${ID_RSA} + ID_RSA_PUB: ${ID_RSA_PUB} + image: samagra-postgres-15-barman + restart: always + volumes: + - db:/var/lib/postgresql/data + profiles: ["database"] + env_file: + - path: .env + required: true + ports: + - "5432:5432/tcp" + - "2222:22/tcp" + command: -c 'config_file=/etc/postgresql/postgresql.conf' -c 'hba_file=/etc/postgresql/pg_hba.conf' + healthcheck: + test: [ "CMD-SHELL", "pg_isready -U postgres" ] + interval: 5s + timeout: 5s + retries: 5 + environment: + POSTGRES_USER: ${POSTGRES_USER:?Postgres user is not set in .env} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?Postgres password is not set in .env} + BARMAN_SERVER: ${BARMAN_SERVER:?Barman server is not defined in .env} + +volumes: + db: + ssh-vol: + diff --git a/docker-compose.yaml.example b/docker-compose.yaml.example index 01627f1..85aa686 100644 --- a/docker-compose.yaml.example +++ b/docker-compose.yaml.example @@ -3,6 +3,7 @@ include: # - ./common/minio/docker-compose.yaml # - ./common/environment/docker-compose.yaml # - ./common/fusionauth/docker-compose.yaml +# - ./common/db/docker-compose.yaml - ./common/registry/docker-compose.yaml diff --git a/scripts/setup-barman.sh b/scripts/setup-barman.sh new file mode 100644 index 0000000..c438c4d --- /dev/null +++ b/scripts/setup-barman.sh @@ -0,0 +1,169 @@ +#!/bin/bash + +#barman_password=password +#streaming_barman_password=password + +# Prompt user for input +echo "Enter hostname/fqdn of postgres server:" +read host_name +echo "Enter database name to replicate wals:" +read db_name +echo "Enter password for barman user" +read barman_password +echo "Enter password for streaming_barman user" +read streaming_barman_password + +echo "Entered hostname is $host_name and database name is $db_name" + +### Function to confirm continuation +prompt_continue() { + while true; do + read -p "Do you want to continue? (yes/no): " yn + case $yn in + [Yy]* ) + echo "Continuing the script..." + break + ;; + [Nn]* ) + echo "Exiting the script..." + exit 0 + ;; + * ) + echo "Please answer yes or no." + ;; + esac + done +} +prompt_continue + +### Update and install required packages if not already installed +echo "Updating package list..." +apt-get update +if ! dpkg -l | grep -qw curl; then + echo "Installing curl..." + apt-get install -y curl +else + echo "curl is already installed, skipping........." +fi +if ! dpkg -l | grep -qw ca-certificates; then + echo "Installing ca-certificates..." + apt-get install -y ca-certificates +else + echo "ca-certificates is already installed ,skipping.........." +fi +if ! dpkg -l | grep -qw gnupg; then + echo "Installing gnupg..." + apt-get install -y gnupg +else + echo "gnupg is already installed, skipping ............." +fi + +### Add PostgreSQL's authentication key if not already added +if ! apt-key list | grep -qw ACCC4CF8; then + echo "Adding PostgreSQL's authentication key..." + curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - +else + echo "PostgreSQL's authentication key already added, skippping..........." +fi + +### Add PostgreSQL repository if not already added +if [ ! -f /etc/apt/sources.list.d/pgdg.list ]; then + echo "Adding PostgreSQL repository..." + sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list' + apt-get update +else + echo "PostgreSQL repository already added, skipping........." +fi + +### Install barman if not already installed +if ! dpkg -l | grep -qw barman; then + echo "Installing barman..." + apt-get -y install barman +else + echo "barman is already installed, skipping.........." +fi + +# Create barman configuration file +config_file="/etc/barman.d/$host_name.conf" +if [ -e $config_file ]; then + echo "Configuration file $config_file exists, deleting and recreating..." + rm -f $config_file +else + echo "Generating barman configuration file $config_file for streaming backup of database..." +fi + +cat < $config_file +[$host_name] +description = "Main PostgreSQL Database" +conninfo = host=$host_name user=barman dbname=$db_name password=$barman_password +ssh_command = ssh postgres@$host_name -p 2222 +backup_method = rsync +parallel_jobs = 2 +archiver = on +EOF + +echo "Configuration file $config_file created." + +### Create .pgpass file for barman user +barman_home=$(getent passwd barman | cut -d':' -f6) +pgpass_file="$barman_home/.pgpass" +if [ -e $pgpass_file ]; then + echo "$pgpass_file exists, deleting and recreating..." + rm -f $pgpass_file +else + echo "Creating $pgpass_file for credentials..." +fi + +sudo -u barman bash -c "echo '$host_name:5432:replication:barman:$barman_password' > ~/.pgpass" +sudo -u barman bash -c "echo '$host_name:5432:replication:streaming_barman:$streaming_barman_password' >> ~/.pgpass" +sudo -u barman bash -c "chmod 600 ~/.pgpass" +echo ".pgpass file created and permissions set." + +:' ######## Commented key generation feature +### Deploying keys to barman +if [ -f ./id_rsa ]; then + echo "Private key found deploying to barman user" + mkdir -p $barman_home/.ssh/ + cp ./id_rsa $barman_home/.ssh/id_rsa + cp ./id_rsa.pub $barman_home/.ssh/authorized_keys + echo -e "Host *\n\tStrictHostKeyChecking no" > $barman_home/.ssh/config + chmod 0600 $barman_home/.ssh/id_rsa + echo "">$barman_home/.ssh/known_hosts + chown -R barman:barman $barman_home/.ssh/ +else + echo "SSH keypair not found , please arrange key pair id_rsa , id_rsa.pub" + echo "Rolling back insallation..........................................................." + apt-get remove --purge barman -y + apt-get autoremove -y + exit +fi +### SSH deployment +' + +### Set up barman cron job if not already set +if ! sudo crontab -u barman -l 2>/dev/null | grep -q "barman cron"; then + echo "Setting up barman cron for receiving wals..." + (sudo crontab -u barman -l 2>/dev/null; echo "* * * * * barman cron") | sudo crontab -u barman - +else + echo "barman cron job already set." +fi +sleep 10s +### Create replication slot if not already created +if ! sudo -u barman barman show-server $host_name | grep -q "Slot name: $host_name"; then + echo "Creating slot for receiving wals..." + #sudo -u barman barman receive-wal --create-slot $host_name +else + echo "Replication slot $host_name already exists." +fi + +### Check the status of the db server +echo "Checking db server status..." +sleep 15s +sudo -u barman barman check $host_name + +### Synchronize barman with postgres if necessary +echo "Synchronizing barman with postgresdb..." +sleep 5s + +echo "Script execution completed." + From 6cbb4204abcad7598dc0e5f6812cc00ca8db034e Mon Sep 17 00:00:00 2001 From: mohit Date: Thu, 25 Jul 2024 15:33:12 +0000 Subject: [PATCH 02/31] Added setup-barman script under scripts --- scripts/setup-barman.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 scripts/setup-barman.sh diff --git a/scripts/setup-barman.sh b/scripts/setup-barman.sh old mode 100644 new mode 100755 From 2f2a6c0499a7fb4e6f0b51ff0a22e13489f9df99 Mon Sep 17 00:00:00 2001 From: mohit Date: Thu, 25 Jul 2024 15:37:14 +0000 Subject: [PATCH 03/31] Added makefile entry for setup-barman --- Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Makefile b/Makefile index ed68c1a..e6919c0 100644 --- a/Makefile +++ b/Makefile @@ -4,6 +4,8 @@ REMOVE_ANSI_FLAG := $(if $(filter 1,$(DISABLE_ANSI)),,--ansi never) DOCKER_COMPOSE_COMMAND=docker compose $(REMOVE_ANSI_FLAG) -p bhasai +setup-barman: + @./scripts/setup-barman.sh install-docker: @./scripts/install-docker.sh From 3336d8b6884d4f0f071663d3589982b7c535f397 Mon Sep 17 00:00:00 2001 From: mohit Date: Fri, 26 Jul 2024 04:57:09 +0000 Subject: [PATCH 04/31] Added makefile entry for setup-barman --- common/db/Dockerfile | 2 +- common/db/config/pg_hba.conf.template | 4 ++-- common/db/config/postgresql.conf.template | 2 +- common/db/docker-compose.yaml | 4 ++-- common/sample.env | 11 ++++++++++- 5 files changed, 16 insertions(+), 7 deletions(-) diff --git a/common/db/Dockerfile b/common/db/Dockerfile index 77db366..35cffd2 100644 --- a/common/db/Dockerfile +++ b/common/db/Dockerfile @@ -3,7 +3,7 @@ FROM samagragovernance/postgres:1.0.1-pg15 ARG ENABLE_BARMAN ARG ID_RSA ARG ID_RSA_PUB -ARG BARMAN_SERVER +ARG BARMAN_HOST ADD config/postgresql.conf.template /etc/postgresql/postgresql.conf.template ADD config/pg_hba.conf.template /etc/postgresql/pg_hba.conf.template diff --git a/common/db/config/pg_hba.conf.template b/common/db/config/pg_hba.conf.template index fd6dbdf..f864f90 100644 --- a/common/db/config/pg_hba.conf.template +++ b/common/db/config/pg_hba.conf.template @@ -1,6 +1,6 @@ # TYPE DATABASE USER ADDRESS METHOD local all all trust host all all localhost trust -host replication streaming_barman ${BARMAN_SERVER}/32 md5 -host all barman ${BARMAN_SERVER}/32 md5 +host replication streaming_barman ${BARMAN_HOST}/32 md5 +host all barman ${BARMAN_HOST}/32 md5 diff --git a/common/db/config/postgresql.conf.template b/common/db/config/postgresql.conf.template index 1ceedef..f8163f1 100644 --- a/common/db/config/postgresql.conf.template +++ b/common/db/config/postgresql.conf.template @@ -1,4 +1,4 @@ listen_addresses = '*' wal_level = replica archive_mode = on -archive_command = 'rsync -a %p barman@${BARMAN_SERVER}:/var/lib/barman/pg_db/incoming/%f' +archive_command = 'rsync -a %p barman@${BARMAN_HOST}:/var/lib/barman/pg_db/incoming/%f' diff --git a/common/db/docker-compose.yaml b/common/db/docker-compose.yaml index 43cab27..e13d864 100644 --- a/common/db/docker-compose.yaml +++ b/common/db/docker-compose.yaml @@ -5,7 +5,7 @@ services: dockerfile: Dockerfile args: ENABLE_BARMAN: ${ENABLE_BARMAN} - BARMAN_SERVER: ${BARMAN_SERVER} + BARMAN_HOST: ${BARMAN_HOST} ID_RSA: ${ID_RSA} ID_RSA_PUB: ${ID_RSA_PUB} image: samagra-postgres-15-barman @@ -28,7 +28,7 @@ services: environment: POSTGRES_USER: ${POSTGRES_USER:?Postgres user is not set in .env} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?Postgres password is not set in .env} - BARMAN_SERVER: ${BARMAN_SERVER:?Barman server is not defined in .env} + BARMAN_HOST: ${BARMAN_HOST:?Barman host is not defined in .env} volumes: db: diff --git a/common/sample.env b/common/sample.env index 2789a8f..9e7d98d 100644 --- a/common/sample.env +++ b/common/sample.env @@ -4,6 +4,15 @@ MINIO_ROOT_PASSWORD= MINIO_ACCESS_KEY= MINIO_SECRET_KEY= + +## For db service +ENABLE_BARMAN= +BARMAN_HOST= +ID_RSA= +ID_RSA_PUB= +POSTGRES_USER= +POSTGRES_PASSWORD= + # Set your organization name org= @@ -35,4 +44,4 @@ FUSIONAUTH_POSTGRES_PASSWORD= FUSIONAUTH_APP_RUNTIME_MODE=development FUSIONAUTH_API_KEY= FUSIONAUTH_ADMIN_EMAIL= -FUSIONAUTH_ADMIN_PASSWORD= \ No newline at end of file +FUSIONAUTH_ADMIN_PASSWORD= From 3e6d9da08aeba1bfd2909271504d3e5a63bf89cd Mon Sep 17 00:00:00 2001 From: mohit Date: Fri, 26 Jul 2024 08:45:35 +0000 Subject: [PATCH 05/31] removing profiles as not required anymore --- common/db/docker-compose.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/common/db/docker-compose.yaml b/common/db/docker-compose.yaml index e13d864..f7c9fe9 100644 --- a/common/db/docker-compose.yaml +++ b/common/db/docker-compose.yaml @@ -12,7 +12,6 @@ services: restart: always volumes: - db:/var/lib/postgresql/data - profiles: ["database"] env_file: - path: .env required: true From 6956bf4ff92d4a07b7599ee075f489e8ba7bf015 Mon Sep 17 00:00:00 2001 From: mohit Date: Fri, 26 Jul 2024 09:05:48 +0000 Subject: [PATCH 06/31] handled conditional configuration files for db --- common/db/Dockerfile | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/common/db/Dockerfile b/common/db/Dockerfile index 35cffd2..28bb77e 100644 --- a/common/db/Dockerfile +++ b/common/db/Dockerfile @@ -8,11 +8,18 @@ ARG BARMAN_HOST ADD config/postgresql.conf.template /etc/postgresql/postgresql.conf.template ADD config/pg_hba.conf.template /etc/postgresql/pg_hba.conf.template -RUN apk update && \ +RUN if [ "$ENABLE_BARMAN" = "true" ]; then \ + apk update && \ apk add envsubst && \ envsubst < /etc/postgresql/postgresql.conf.template > /etc/postgresql/postgresql.conf && \ - envsubst < /etc/postgresql/pg_hba.conf.template > /etc/postgresql/pg_hba.conf; - + envsubst < /etc/postgresql/pg_hba.conf.template > /etc/postgresql/pg_hba.conf; \ + else \ + ln -s /var/lib/postgresql/data/pg_hba.conf /etc/postgresql/pg_hba.conf &\ + ln -s /var/lib/postgresql/data/postgresql.conf /etc/postgresql/postgresql.conf; \ +fi + + + RUN if [ "$ENABLE_BARMAN" = "true" ]; then \ apk update && \ apk add openrc openssh-server openssh rsync && \ From 1317f9fdd88d18c4272cbc6991ff0ffc48baa132 Mon Sep 17 00:00:00 2001 From: mohit Date: Fri, 26 Jul 2024 09:07:55 +0000 Subject: [PATCH 07/31] Adding readme for db service --- common/db/README.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 common/db/README.md diff --git a/common/db/README.md b/common/db/README.md new file mode 100644 index 0000000..e69de29 From b1942aa159ee31bc19c28fd7e2152af3f38fc87b Mon Sep 17 00:00:00 2001 From: mohit Date: Fri, 26 Jul 2024 09:52:40 +0000 Subject: [PATCH 08/31] modified dockerfile and dockercompose to avoid env-vars issue --- common/db/docker-compose.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/common/db/docker-compose.yaml b/common/db/docker-compose.yaml index f7c9fe9..ecefb3b 100644 --- a/common/db/docker-compose.yaml +++ b/common/db/docker-compose.yaml @@ -8,13 +8,9 @@ services: BARMAN_HOST: ${BARMAN_HOST} ID_RSA: ${ID_RSA} ID_RSA_PUB: ${ID_RSA_PUB} - image: samagra-postgres-15-barman restart: always volumes: - db:/var/lib/postgresql/data - env_file: - - path: .env - required: true ports: - "5432:5432/tcp" - "2222:22/tcp" From 88100c56015605c0f6e6d2b2dc8844082d198a2d Mon Sep 17 00:00:00 2001 From: mohit4buntikki Date: Fri, 26 Jul 2024 15:33:37 +0530 Subject: [PATCH 09/31] Update README.md how to sping up db service --- common/db/README.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/common/db/README.md b/common/db/README.md index e69de29..2f5ff43 100644 --- a/common/db/README.md +++ b/common/db/README.md @@ -0,0 +1,27 @@ +How to sping up the db service along with disaster recovery setup. + +1. Create a clone of this repository +2. Create a copy of [sample.env](./common/sample.env) file (`cp common/sample.env .env`) +3. **Update the environment variables in the .env file as required** ( refer to below required environment variables) +4. Create a copy of example docker-compose file (`cp docker-compose.yaml.example docker-compose.yaml`) +5. Edit the docker-compose.yaml and uncomment the "db" service. +6. Create a copy of example Caddyfile (`cp Caddyfile.example Caddyfile`) +7. Run `make install-docker` to install docker +8. Exit out of VM and re-connect to the VM to reflect the latest user changes +9. Run `make setup-daemon` to configure the docker daemon +10. Run `sudo make setup-webhook` to start the webhook service (use `kill -9 $(lsof -t -i:9000)` to kill any existing service on 9000 port) +11. Run `make deploy` to deploy all the services + + +##### REQUIRED ENVIRONMENT VARIABLES IN .env FILE + +``` +DOMAIN_SCHEME=http +DOMAIN_NAME=localdev.me +ENABLE_BARMAN= +BARMAN_HOST= +ID_RSA= +ID_RSA_PUB= +POSTGRES_USER= +POSTGRES_PASSWORD= +``` From ce2761bfc6ce834af92c6dbb4093bdf149ba1e9f Mon Sep 17 00:00:00 2001 From: mohit4buntikki Date: Fri, 26 Jul 2024 15:53:34 +0530 Subject: [PATCH 10/31] Update README.md --- common/db/README.md | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/common/db/README.md b/common/db/README.md index 2f5ff43..d3e8000 100644 --- a/common/db/README.md +++ b/common/db/README.md @@ -1,4 +1,4 @@ -How to sping up the db service along with disaster recovery setup. +#### How to sping up the db service along with disaster recovery setup. 1. Create a clone of this repository 2. Create a copy of [sample.env](./common/sample.env) file (`cp common/sample.env .env`) @@ -25,3 +25,29 @@ ID_RSA_PUB= POSTGRES_USER= POSTGRES_PASSWORD= ``` +``` +1. ENABLE_BARMAN (required ) : To tell service if database needs to be configured with barman disaster recovery/ +2. BARMAN_HOST (required if ENABLE_BARMAN is set to true ) : IP of barman host where data needs to be replicated. +3. ID_RSA (required if ENABLE_BARMAN is set to true ) : private key of postgres user which will be stored in /var/lib/postgresql/.ssh/id_rsa. +4. ID_RSA_PUB= (required if ENABLE_BARMAN is set to true ) private key of postgres user which will be stored in /var/lib/postgresql/.ssh/id_rsa_pub. +5. POSTGRES_USER= (required) : User for postgres database (e.g postgres) +6. POSTGRES_PASSWORD= (required) : Password for postgres database user +``` + + +###### NOTE: If ENABLE_BARMAN was set to true there are three additional efforts : +a) It requires a manual start of sshd service with below command. +> docker exec -it CONTAINER_ID /usr/sbin/sshd + +b) Key pair needs to be generated and set the required value to .env file. Refer to below example: +> ssh-keygen + + Content of below command should go to ID_RSA + > cat ~/.ssh/id_rsa | base64 -w 0 + +Content of below command should go to ID_RSA_PUB + > cat ~/.ssh/id_rsa.pub | base64 -w 0 + + +c) copy the public key of postgres user from container and add it in /var/lib/barman/.ssh/authorized_keys of barman server. +> docker exec -it CONTAINER_ID cat /var/lib/postgresql/.ssh/id_rsa.pub From 2e9d9db7ec27851e0dd860d16e1542c48aa196c4 Mon Sep 17 00:00:00 2001 From: Karun Agarwal <113603846+singhalkarun@users.noreply.github.com> Date: Wed, 31 Jul 2024 03:49:02 +0000 Subject: [PATCH 11/31] cosmetic changes, improve readme, variable naming, remove redundancy --- common/db/Dockerfile | 10 ++++--- common/db/README.md | 56 +++++++---------------------------- common/db/docker-compose.yaml | 12 ++++---- common/sample.env | 7 +++-- 4 files changed, 25 insertions(+), 60 deletions(-) diff --git a/common/db/Dockerfile b/common/db/Dockerfile index 28bb77e..922011e 100644 --- a/common/db/Dockerfile +++ b/common/db/Dockerfile @@ -1,10 +1,12 @@ FROM samagragovernance/postgres:1.0.1-pg15 ARG ENABLE_BARMAN -ARG ID_RSA -ARG ID_RSA_PUB +ARG DB_SSH_PRIVATE_KEY +ARG DB_SSH_PUBLIC_KEY ARG BARMAN_HOST +ENV BARMAN_HOST=$BARMAN_HOST + ADD config/postgresql.conf.template /etc/postgresql/postgresql.conf.template ADD config/pg_hba.conf.template /etc/postgresql/pg_hba.conf.template @@ -29,8 +31,8 @@ RUN if [ "$ENABLE_BARMAN" = "true" ]; then \ echo -e "PasswordAuthentication no" >> /etc/ssh/sshd_config && \ mkdir -p /var/lib/postgresql/.ssh && \ echo "" > /var/lib/postgresql/.ssh/known_hosts && \ - echo "$ID_RSA" | base64 -d > /var/lib/postgresql/.ssh/id_rsa && \ - echo "$ID_RSA_PUB" | base64 -d > /var/lib/postgresql/.ssh/id_rsa.pub && \ + echo "$DB_SSH_PRIVATE_KEY" | base64 -d > /var/lib/postgresql/.ssh/id_rsa && \ + echo "$DB_SSH_PUBLIC_KEY" | base64 -d > /var/lib/postgresql/.ssh/id_rsa.pub && \ chmod 0600 /var/lib/postgresql/.ssh/id_rsa && \ echo -e "Host *\n\tStrictHostKeyChecking no" > /var/lib/postgresql/.ssh/config && \ passwd -u postgres && \ diff --git a/common/db/README.md b/common/db/README.md index d3e8000..be51a11 100644 --- a/common/db/README.md +++ b/common/db/README.md @@ -1,53 +1,17 @@ -#### How to sping up the db service along with disaster recovery setup. +### Generating Key Pair for DB -1. Create a clone of this repository -2. Create a copy of [sample.env](./common/sample.env) file (`cp common/sample.env .env`) -3. **Update the environment variables in the .env file as required** ( refer to below required environment variables) -4. Create a copy of example docker-compose file (`cp docker-compose.yaml.example docker-compose.yaml`) -5. Edit the docker-compose.yaml and uncomment the "db" service. -6. Create a copy of example Caddyfile (`cp Caddyfile.example Caddyfile`) -7. Run `make install-docker` to install docker -8. Exit out of VM and re-connect to the VM to reflect the latest user changes -9. Run `make setup-daemon` to configure the docker daemon -10. Run `sudo make setup-webhook` to start the webhook service (use `kill -9 $(lsof -t -i:9000)` to kill any existing service on 9000 port) -11. Run `make deploy` to deploy all the services +1. RUN `ssh-keygen -t rsa` to generate a key pair +2. Set value of `cat ~/.ssh/id_rsa | base64 -w 0` in DB_SSH_PRIVATE_KEY (change the location of private key in command if needed) +3. Set value of `cat ~/.ssh/id_rsa.pub | base64 -w 0` in DB_SSH_PUBLIC_KEY (change the location of private key in command if needed) +### Steps to follow after the db container is started (only if you have enabled barman) -##### REQUIRED ENVIRONMENT VARIABLES IN .env FILE +1. Currently the ssh server doesn't start automatically, run `docker exec -it DB_CONTAINER_ID /usr/sbin/sshd` to start the ssh server inside the db container -``` -DOMAIN_SCHEME=http -DOMAIN_NAME=localdev.me -ENABLE_BARMAN= -BARMAN_HOST= -ID_RSA= -ID_RSA_PUB= -POSTGRES_USER= -POSTGRES_PASSWORD= -``` -``` -1. ENABLE_BARMAN (required ) : To tell service if database needs to be configured with barman disaster recovery/ -2. BARMAN_HOST (required if ENABLE_BARMAN is set to true ) : IP of barman host where data needs to be replicated. -3. ID_RSA (required if ENABLE_BARMAN is set to true ) : private key of postgres user which will be stored in /var/lib/postgresql/.ssh/id_rsa. -4. ID_RSA_PUB= (required if ENABLE_BARMAN is set to true ) private key of postgres user which will be stored in /var/lib/postgresql/.ssh/id_rsa_pub. -5. POSTGRES_USER= (required) : User for postgres database (e.g postgres) -6. POSTGRES_PASSWORD= (required) : Password for postgres database user -``` +### Steps to setup Barman +1. Run `make setup-barman` to setup barman -###### NOTE: If ENABLE_BARMAN was set to true there are three additional efforts : -a) It requires a manual start of sshd service with below command. -> docker exec -it CONTAINER_ID /usr/sbin/sshd +> [!NOTE] -b) Key pair needs to be generated and set the required value to .env file. Refer to below example: -> ssh-keygen - - Content of below command should go to ID_RSA - > cat ~/.ssh/id_rsa | base64 -w 0 - -Content of below command should go to ID_RSA_PUB - > cat ~/.ssh/id_rsa.pub | base64 -w 0 - - -c) copy the public key of postgres user from container and add it in /var/lib/barman/.ssh/authorized_keys of barman server. -> docker exec -it CONTAINER_ID cat /var/lib/postgresql/.ssh/id_rsa.pub +> 1. We will require the public key generated here while we setup Barman diff --git a/common/db/docker-compose.yaml b/common/db/docker-compose.yaml index ecefb3b..6d7a7aa 100644 --- a/common/db/docker-compose.yaml +++ b/common/db/docker-compose.yaml @@ -4,10 +4,10 @@ services: context: ./ dockerfile: Dockerfile args: - ENABLE_BARMAN: ${ENABLE_BARMAN} + ENABLE_BARMAN: ${ENABLE_BARMAN:-false} BARMAN_HOST: ${BARMAN_HOST} - ID_RSA: ${ID_RSA} - ID_RSA_PUB: ${ID_RSA_PUB} + DB_SSH_PUBLIC_KEY: ${DB_SSH_PUBLIC_KEY} + DB_SSH_PRIVATE_KEY: ${DB_SSH_PRIVATE_KEY} restart: always volumes: - db:/var/lib/postgresql/data @@ -21,11 +21,9 @@ services: timeout: 5s retries: 5 environment: - POSTGRES_USER: ${POSTGRES_USER:?Postgres user is not set in .env} - POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?Postgres password is not set in .env} - BARMAN_HOST: ${BARMAN_HOST:?Barman host is not defined in .env} + POSTGRES_USER: ${POSTGRES_USER:?POSTGRES_USER is not set in .env} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?POSTGRES_PASSWORD is not set in .env} volumes: db: - ssh-vol: diff --git a/common/sample.env b/common/sample.env index 9e7d98d..745ce3c 100644 --- a/common/sample.env +++ b/common/sample.env @@ -5,11 +5,12 @@ MINIO_ACCESS_KEY= MINIO_SECRET_KEY= -## For db service +# For db service +# default value is false, set it to true to enable barman ENABLE_BARMAN= BARMAN_HOST= -ID_RSA= -ID_RSA_PUB= +DB_SSH_PRIVATE_KEY= +DB_SSH_PUBLIC_KEY= POSTGRES_USER= POSTGRES_PASSWORD= From 7e43a1e17c2b3332647e8c676212d3add1c4a138 Mon Sep 17 00:00:00 2001 From: Karun Agarwal <113603846+singhalkarun@users.noreply.github.com> Date: Wed, 31 Jul 2024 04:16:23 +0000 Subject: [PATCH 12/31] If ENABLE_BARMAN is set to true, verify the other arguments are set and throw error if they aren't --- common/db/Dockerfile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/common/db/Dockerfile b/common/db/Dockerfile index 922011e..bf1ba33 100644 --- a/common/db/Dockerfile +++ b/common/db/Dockerfile @@ -7,6 +7,14 @@ ARG BARMAN_HOST ENV BARMAN_HOST=$BARMAN_HOST +# Check if ENABLE_BARMAN is set to true, and if so, ensure other arguments are provided +# Check if ENABLE_BARMAN is set to true, and if so, ensure other arguments are provided +RUN if [ "$ENABLE_BARMAN" = "true" ]; then \ + : "${DB_SSH_PRIVATE_KEY:?DB_SSH_PRIVATE_KEY is not set}"; \ + : "${DB_SSH_PUBLIC_KEY:?DB_SSH_PUBLIC_KEY is not set}"; \ + : "${BARMAN_HOST:?BARMAN_HOST is not set}"; \ + fi + ADD config/postgresql.conf.template /etc/postgresql/postgresql.conf.template ADD config/pg_hba.conf.template /etc/postgresql/pg_hba.conf.template From 45f5d6ffc50bfd3be1ae8bdd7881d58725870bee Mon Sep 17 00:00:00 2001 From: Mohit Date: Fri, 2 Aug 2024 14:17:08 +0530 Subject: [PATCH 13/31] updated sample-env --- common/sample.env | 1 + 1 file changed, 1 insertion(+) diff --git a/common/sample.env b/common/sample.env index 745ce3c..bd43987 100644 --- a/common/sample.env +++ b/common/sample.env @@ -6,6 +6,7 @@ MINIO_SECRET_KEY= # For db service +# NOTE: Refer to common/db/README.md to generate DB_SSH_PRIVATE_KEY and DB_SSH_PUBLIC_KEY if you set ENABLE_BARMAN=tru # default value is false, set it to true to enable barman ENABLE_BARMAN= BARMAN_HOST= From 3fdcd643249710c32138f2d75b06739a8db39220 Mon Sep 17 00:00:00 2001 From: mohit4buntikki Date: Fri, 2 Aug 2024 14:22:24 +0530 Subject: [PATCH 14/31] Update README.md --- common/db/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/common/db/README.md b/common/db/README.md index be51a11..7b59e71 100644 --- a/common/db/README.md +++ b/common/db/README.md @@ -1,8 +1,8 @@ ### Generating Key Pair for DB -1. RUN `ssh-keygen -t rsa` to generate a key pair -2. Set value of `cat ~/.ssh/id_rsa | base64 -w 0` in DB_SSH_PRIVATE_KEY (change the location of private key in command if needed) -3. Set value of `cat ~/.ssh/id_rsa.pub | base64 -w 0` in DB_SSH_PUBLIC_KEY (change the location of private key in command if needed) +1. RUN `ssh-keygen -t rsa -f /opt/id_rsa` to generate a key pair +2. Set value of `cat /opt/id_rsa | base64 -w 0` in DB_SSH_PRIVATE_KEY (change the location of private key in command if needed) +3. Set value of `cat /opt/id_rsa.pub | base64 -w 0` in DB_SSH_PUBLIC_KEY (change the location of private key in command if needed) ### Steps to follow after the db container is started (only if you have enabled barman) From a22c389d87016adb7ed0601f9e43950bfda4a783 Mon Sep 17 00:00:00 2001 From: mohit4buntikki Date: Fri, 2 Aug 2024 15:12:08 +0530 Subject: [PATCH 15/31] Update README.md --- common/db/README.md | 71 ++++++++++++++++++++++++++++++++++++++------- 1 file changed, 61 insertions(+), 10 deletions(-) diff --git a/common/db/README.md b/common/db/README.md index 7b59e71..2476e9b 100644 --- a/common/db/README.md +++ b/common/db/README.md @@ -1,17 +1,68 @@ -### Generating Key Pair for DB +### STEP 1 Generate keypair for for postgres -1. RUN `ssh-keygen -t rsa -f /opt/id_rsa` to generate a key pair -2. Set value of `cat /opt/id_rsa | base64 -w 0` in DB_SSH_PRIVATE_KEY (change the location of private key in command if needed) -3. Set value of `cat /opt/id_rsa.pub | base64 -w 0` in DB_SSH_PUBLIC_KEY (change the location of private key in command if needed) +A. RUN `ssh-keygen -t rsa -f /opt/id_rsa` to generate a key pair +B. Set value of `cat /opt/id_rsa | base64 -w 0` in DB_SSH_PRIVATE_KEY (change the location of private key in command if needed) +C. Set value of `cat /opt/id_rsa.pub | base64 -w 0` in DB_SSH_PUBLIC_KEY (change the location of private key in command if needed) -### Steps to follow after the db container is started (only if you have enabled barman) +### STEP 2 Follow after the db container is started (only if you have enabled barman) -1. Currently the ssh server doesn't start automatically, run `docker exec -it DB_CONTAINER_ID /usr/sbin/sshd` to start the ssh server inside the db container +A. Currently the ssh server doesn't start automatically, run `docker exec -it DB_CONTAINER_ID /usr/sbin/sshd` to start the ssh server inside the db container. -### Steps to setup Barman +B. Setup the barman and streaming_barman user which is required to setup barman later. -1. Run `make setup-barman` to setup barman +`docker exec -it DB_CONTAINER_ID bash` -> [!NOTE] +`su - postgres` + +`createuser --superuser --replication -P barman` Remember the password it will be required to setup barman later. + +`createuser --replication -P streaming_barman` Remember the password it will be required to setup barman later. + +C. Get the public key which will be used to setup barman later. + +`cat ~/.ssh/id_rsa.pu` Copy this somewhere as it will be used later in setting up key baed auth with barman. + +now exit from db container using `exit` command twice. + + + +### STEP 3 Steps to setup Barman +A. Login to barman server and sitch to root user using `sudo -i` + +B. Add DNS entry in /etc/hosts file for postgres db server / container. + +`vi /etc/hosts` add `POSTGRES_IP mydb` replace POSTGRES_IP with the actual IP address of DB server / container and 'mydb' would be the HOSTNAME for your db server which will be required in next step during barman setup. + +C. Run `make setup-barman` to setup barman. + +``` +- HOSTNAME/DOMAIN name of your server (e.g mydb.example.com , mydb) which we set in STEP 3.B +- Database name for which backup needs to be created. +- Password of user 'barman' which was created while configuring postgres database users in STEP 2.B +- Password of user 'streaming_barman' which was created while configuring postgres database users in STEP 2.B +``` + +D. Switch to barman user to generate keypair for barman. + +`su - barman` + +`ssh-keygen -t rsa` It will generate keypair in home directory of barman user. + +`cat ~/.ssh/id_rsa.pub` COPY this key it will be added in postgres user's .ssh/authorized_keys + +E. Add public key of postgres in barman user's .ssh/authorized_keys + +`vi ~/.ssh/authorized_keys` Paste the key which we copied in STEP 2.C + +### STEP 4 add barman's public key (Refer to STEP 3.D) to postgres db user's .ssh/authorized_keys file. +A. Connect to DB server / container. + +`docker exec -it DB_CONTAINER_ID bash` + +`su - postgres` + +`vi ~/.ssh/authorized_keys` PASTE the content copied from STEP 3.D. Now exit from container using `exit` command twice. + +### STEP 5 Test the replication in barman server using barman user after waiting for 2-3 minutes. +`barman check mydb` -> 1. We will require the public key generated here while we setup Barman From a89ec68f2bc4f813bc864eb545948a29df29e20e Mon Sep 17 00:00:00 2001 From: mohit4buntikki Date: Fri, 2 Aug 2024 15:14:40 +0530 Subject: [PATCH 16/31] Update README.md --- common/db/README.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/common/db/README.md b/common/db/README.md index 2476e9b..83c25c4 100644 --- a/common/db/README.md +++ b/common/db/README.md @@ -1,8 +1,10 @@ ### STEP 1 Generate keypair for for postgres -A. RUN `ssh-keygen -t rsa -f /opt/id_rsa` to generate a key pair -B. Set value of `cat /opt/id_rsa | base64 -w 0` in DB_SSH_PRIVATE_KEY (change the location of private key in command if needed) -C. Set value of `cat /opt/id_rsa.pub | base64 -w 0` in DB_SSH_PUBLIC_KEY (change the location of private key in command if needed) +A. RUN `ssh-keygen -t rsa -f /opt/id_rsa` to generate a key pair. + +B. Set value of `cat /opt/id_rsa | base64 -w 0` in DB_SSH_PRIVATE_KEY (change the location of private key in command if needed). + +C. Set value of `cat /opt/id_rsa.pub | base64 -w 0` in DB_SSH_PUBLIC_KEY (change the location of private key in command if needed). ### STEP 2 Follow after the db container is started (only if you have enabled barman) From 47ca0f1d89f62a667df0aefb53500edcd66c9d0a Mon Sep 17 00:00:00 2001 From: mohit4buntikki Date: Fri, 2 Aug 2024 15:17:25 +0530 Subject: [PATCH 17/31] Update README.md --- common/db/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/db/README.md b/common/db/README.md index 83c25c4..63fa374 100644 --- a/common/db/README.md +++ b/common/db/README.md @@ -22,7 +22,7 @@ B. Setup the barman and streaming_barman user which is required to setup barman C. Get the public key which will be used to setup barman later. -`cat ~/.ssh/id_rsa.pu` Copy this somewhere as it will be used later in setting up key baed auth with barman. +`cat ~/.ssh/id_rsa.pub` Copy this somewhere as it will be used later in setting up key baed auth with barman. now exit from db container using `exit` command twice. From 21932ebd103e22cd88a843bf98367e8ac79b1cec Mon Sep 17 00:00:00 2001 From: mohit4buntikki Date: Fri, 2 Aug 2024 15:19:34 +0530 Subject: [PATCH 18/31] Update README.md --- common/db/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/db/README.md b/common/db/README.md index 63fa374..f910629 100644 --- a/common/db/README.md +++ b/common/db/README.md @@ -29,7 +29,7 @@ now exit from db container using `exit` command twice. ### STEP 3 Steps to setup Barman -A. Login to barman server and sitch to root user using `sudo -i` +A. Login to barman server and switch to root user using `sudo -i` B. Add DNS entry in /etc/hosts file for postgres db server / container. From 75e0dcc73e86aa0cdb054ab955f33390eb5550ab Mon Sep 17 00:00:00 2001 From: mohit4buntikki Date: Fri, 2 Aug 2024 15:21:51 +0530 Subject: [PATCH 19/31] Update README.md --- common/db/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/common/db/README.md b/common/db/README.md index f910629..7ac11b4 100644 --- a/common/db/README.md +++ b/common/db/README.md @@ -26,6 +26,10 @@ C. Get the public key which will be used to setup barman later. now exit from db container using `exit` command twice. +D. Copy the IP address of your postgress container using below command. + +`docker exec -it DB_CONTAINER_ID ip addr show` + ### STEP 3 Steps to setup Barman From 77a0e88a7c86265cf9da55a66e4be819e73a7b7c Mon Sep 17 00:00:00 2001 From: mohit4buntikki Date: Fri, 2 Aug 2024 15:24:22 +0530 Subject: [PATCH 20/31] Update README.md --- common/db/README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/common/db/README.md b/common/db/README.md index 7ac11b4..344c09b 100644 --- a/common/db/README.md +++ b/common/db/README.md @@ -33,7 +33,12 @@ D. Copy the IP address of your postgress container using below command. ### STEP 3 Steps to setup Barman -A. Login to barman server and switch to root user using `sudo -i` +A. Login to barman server and switch to root user using `sudo -i` and install required packages + +`apt-get update` + +`apt-get install build-essential -y` + B. Add DNS entry in /etc/hosts file for postgres db server / container. From 45937234c244e7635a867ec8b0d32704e8fb2d96 Mon Sep 17 00:00:00 2001 From: mohit4buntikki Date: Fri, 2 Aug 2024 15:38:30 +0530 Subject: [PATCH 21/31] Update setup-barman.sh --- scripts/setup-barman.sh | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/scripts/setup-barman.sh b/scripts/setup-barman.sh index c438c4d..f8b8bb9 100755 --- a/scripts/setup-barman.sh +++ b/scripts/setup-barman.sh @@ -147,23 +147,5 @@ if ! sudo crontab -u barman -l 2>/dev/null | grep -q "barman cron"; then else echo "barman cron job already set." fi -sleep 10s -### Create replication slot if not already created -if ! sudo -u barman barman show-server $host_name | grep -q "Slot name: $host_name"; then - echo "Creating slot for receiving wals..." - #sudo -u barman barman receive-wal --create-slot $host_name -else - echo "Replication slot $host_name already exists." -fi - -### Check the status of the db server -echo "Checking db server status..." -sleep 15s -sudo -u barman barman check $host_name - -### Synchronize barman with postgres if necessary -echo "Synchronizing barman with postgresdb..." -sleep 5s - -echo "Script execution completed." +echo "Barman Installation completed............" From 281bb806ca75cc54a7af60bbfba0ea9ca11b93de Mon Sep 17 00:00:00 2001 From: root Date: Fri, 2 Aug 2024 10:51:10 +0000 Subject: [PATCH 22/31] changed pg_db to mydb --- common/db/config/postgresql.conf.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/db/config/postgresql.conf.template b/common/db/config/postgresql.conf.template index f8163f1..902af70 100644 --- a/common/db/config/postgresql.conf.template +++ b/common/db/config/postgresql.conf.template @@ -1,4 +1,4 @@ listen_addresses = '*' wal_level = replica archive_mode = on -archive_command = 'rsync -a %p barman@${BARMAN_HOST}:/var/lib/barman/pg_db/incoming/%f' +archive_command = 'rsync -a %p barman@${BARMAN_HOST}:/var/lib/barman/mydb/incoming/%f' From 57eba2b02d311cecb5e7908828b93f1019821751 Mon Sep 17 00:00:00 2001 From: mohit4buntikki Date: Fri, 2 Aug 2024 16:39:10 +0530 Subject: [PATCH 23/31] Update README.md --- common/db/README.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/common/db/README.md b/common/db/README.md index 344c09b..45354a9 100644 --- a/common/db/README.md +++ b/common/db/README.md @@ -26,10 +26,9 @@ C. Get the public key which will be used to setup barman later. now exit from db container using `exit` command twice. -D. Copy the IP address of your postgress container using below command. - -`docker exec -it DB_CONTAINER_ID ip addr show` +D. Copy the IP address of your machine where db container is running ( do not run this in container). +` ip addr show` copy the IP this will be used when setting up DNS entry in barman server. ### STEP 3 Steps to setup Barman @@ -42,7 +41,7 @@ A. Login to barman server and switch to root user using `sudo -i` and install re B. Add DNS entry in /etc/hosts file for postgres db server / container. -`vi /etc/hosts` add `POSTGRES_IP mydb` replace POSTGRES_IP with the actual IP address of DB server / container and 'mydb' would be the HOSTNAME for your db server which will be required in next step during barman setup. +`vi /etc/hosts` add `POSTGRES_IP mydb` replace POSTGRES_IP with the actual IP address of DB server / container. 'mydb' would be the HOSTNAME for your db server which will be required in next step during barman setup. C. Run `make setup-barman` to setup barman. From 7e6ff19575400c1146d9fbed807099c366c2eb2a Mon Sep 17 00:00:00 2001 From: mohit4buntikki Date: Fri, 2 Aug 2024 17:46:51 +0530 Subject: [PATCH 24/31] Update README.md updated doc --- common/db/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/common/db/README.md b/common/db/README.md index 45354a9..325450d 100644 --- a/common/db/README.md +++ b/common/db/README.md @@ -39,9 +39,9 @@ A. Login to barman server and switch to root user using `sudo -i` and install re `apt-get install build-essential -y` -B. Add DNS entry in /etc/hosts file for postgres db server / container. +B. Add DNS entry in /etc/hosts file for machine where DB container / service is running. -`vi /etc/hosts` add `POSTGRES_IP mydb` replace POSTGRES_IP with the actual IP address of DB server / container. 'mydb' would be the HOSTNAME for your db server which will be required in next step during barman setup. +`vi /etc/hosts` add `POSTGRES_IP mydb` replace POSTGRES_IP with the actual IP address of machine where where DB container / service is running.'mydb' would be the HOSTNAME for your db server which will be required in next step during barman setup. C. Run `make setup-barman` to setup barman. From 84ebb81a91b2cfd254accaabb6b6b7ba8c1a6fec Mon Sep 17 00:00:00 2001 From: mohit4buntikki Date: Fri, 2 Aug 2024 17:47:27 +0530 Subject: [PATCH 25/31] Update README.md --- common/db/README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/common/db/README.md b/common/db/README.md index 325450d..dd4aae5 100644 --- a/common/db/README.md +++ b/common/db/README.md @@ -6,6 +6,8 @@ B. Set value of `cat /opt/id_rsa | base64 -w 0` in DB_SSH_PRIVATE_KEY (change th C. Set value of `cat /opt/id_rsa.pub | base64 -w 0` in DB_SSH_PUBLIC_KEY (change the location of private key in command if needed). +--- + ### STEP 2 Follow after the db container is started (only if you have enabled barman) A. Currently the ssh server doesn't start automatically, run `docker exec -it DB_CONTAINER_ID /usr/sbin/sshd` to start the ssh server inside the db container. @@ -30,6 +32,7 @@ D. Copy the IP address of your machine where db container is running ( do not ru ` ip addr show` copy the IP this will be used when setting up DNS entry in barman server. +--- ### STEP 3 Steps to setup Barman A. Login to barman server and switch to root user using `sudo -i` and install required packages @@ -64,6 +67,8 @@ E. Add public key of postgres in barman user's .ssh/authorized_keys `vi ~/.ssh/authorized_keys` Paste the key which we copied in STEP 2.C +--- + ### STEP 4 add barman's public key (Refer to STEP 3.D) to postgres db user's .ssh/authorized_keys file. A. Connect to DB server / container. From 06e21ae978afe09410dc2681ae9711fda385fd0f Mon Sep 17 00:00:00 2001 From: root Date: Sun, 4 Aug 2024 06:04:52 +0000 Subject: [PATCH 26/31] Commented barman cron command as not neccessarywhen rsync method used --- scripts/setup-barman.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/setup-barman.sh b/scripts/setup-barman.sh index f8b8bb9..80c68a2 100755 --- a/scripts/setup-barman.sh +++ b/scripts/setup-barman.sh @@ -141,11 +141,11 @@ fi ' ### Set up barman cron job if not already set -if ! sudo crontab -u barman -l 2>/dev/null | grep -q "barman cron"; then - echo "Setting up barman cron for receiving wals..." - (sudo crontab -u barman -l 2>/dev/null; echo "* * * * * barman cron") | sudo crontab -u barman - -else - echo "barman cron job already set." -fi +#if ! sudo crontab -u barman -l 2>/dev/null | grep -q "barman cron"; then +# echo "Setting up barman cron for receiving wals..." +# (sudo crontab -u barman -l 2>/dev/null; echo "* * * * * barman cron") | sudo crontab -u barman - +#else +# echo "barman cron job already set." +#fi echo "Barman Installation completed............" From c1817750100dcd81c90b1ae85bb4e270b49add8a Mon Sep 17 00:00:00 2001 From: mohit4buntikki Date: Sun, 4 Aug 2024 11:37:31 +0530 Subject: [PATCH 27/31] Update README.md --- common/db/README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/common/db/README.md b/common/db/README.md index dd4aae5..bb4df80 100644 --- a/common/db/README.md +++ b/common/db/README.md @@ -78,6 +78,10 @@ A. Connect to DB server / container. `vi ~/.ssh/authorized_keys` PASTE the content copied from STEP 3.D. Now exit from container using `exit` command twice. -### STEP 5 Test the replication in barman server using barman user after waiting for 2-3 minutes. +### STEP 5 Restart postgres container + +Connect to machine where postgres db container/service is running and run `docker restart DB_CONTAINER_ID` and then run `docker exec -it DB_CONTAINER_ID /usr/sbin/sshd`. + +### STEP 6 : Test the replication in barman server using barman user after waiting for 2-3 minutes. `barman check mydb` From 733d917a8ae46516006873273b782fe4e84ce021 Mon Sep 17 00:00:00 2001 From: gauravjisri Date: Thu, 22 Aug 2024 10:11:32 +0530 Subject: [PATCH 28/31] modified barman dockerfile and added entrypoint.sh --- common/db/Dockerfile | 86 ++++++++++++++++++----------------------- common/db/entrypoint.sh | 7 ++++ 2 files changed, 45 insertions(+), 48 deletions(-) create mode 100755 common/db/entrypoint.sh diff --git a/common/db/Dockerfile b/common/db/Dockerfile index bf1ba33..d3cca73 100644 --- a/common/db/Dockerfile +++ b/common/db/Dockerfile @@ -1,53 +1,43 @@ FROM samagragovernance/postgres:1.0.1-pg15 -ARG ENABLE_BARMAN -ARG DB_SSH_PRIVATE_KEY -ARG DB_SSH_PUBLIC_KEY -ARG BARMAN_HOST - -ENV BARMAN_HOST=$BARMAN_HOST - -# Check if ENABLE_BARMAN is set to true, and if so, ensure other arguments are provided -# Check if ENABLE_BARMAN is set to true, and if so, ensure other arguments are provided -RUN if [ "$ENABLE_BARMAN" = "true" ]; then \ - : "${DB_SSH_PRIVATE_KEY:?DB_SSH_PRIVATE_KEY is not set}"; \ - : "${DB_SSH_PUBLIC_KEY:?DB_SSH_PUBLIC_KEY is not set}"; \ - : "${BARMAN_HOST:?BARMAN_HOST is not set}"; \ - fi - -ADD config/postgresql.conf.template /etc/postgresql/postgresql.conf.template -ADD config/pg_hba.conf.template /etc/postgresql/pg_hba.conf.template - -RUN if [ "$ENABLE_BARMAN" = "true" ]; then \ - apk update && \ - apk add envsubst && \ - envsubst < /etc/postgresql/postgresql.conf.template > /etc/postgresql/postgresql.conf && \ - envsubst < /etc/postgresql/pg_hba.conf.template > /etc/postgresql/pg_hba.conf; \ - else \ - ln -s /var/lib/postgresql/data/pg_hba.conf /etc/postgresql/pg_hba.conf &\ - ln -s /var/lib/postgresql/data/postgresql.conf /etc/postgresql/postgresql.conf; \ -fi - - - -RUN if [ "$ENABLE_BARMAN" = "true" ]; then \ - apk update && \ - apk add openrc openssh-server openssh rsync && \ - mkdir -p /run/openrc && \ - touch /run/openrc/softlevel && \ - ssh-keygen -A && \ - echo -e "PasswordAuthentication no" >> /etc/ssh/sshd_config && \ - mkdir -p /var/lib/postgresql/.ssh && \ - echo "" > /var/lib/postgresql/.ssh/known_hosts && \ - echo "$DB_SSH_PRIVATE_KEY" | base64 -d > /var/lib/postgresql/.ssh/id_rsa && \ - echo "$DB_SSH_PUBLIC_KEY" | base64 -d > /var/lib/postgresql/.ssh/id_rsa.pub && \ - chmod 0600 /var/lib/postgresql/.ssh/id_rsa && \ - echo -e "Host *\n\tStrictHostKeyChecking no" > /var/lib/postgresql/.ssh/config && \ - passwd -u postgres && \ - chown -R postgres:postgres /var/lib/postgresql/.ssh; \ -fi +# Install OpenSSH +RUN apk add --update --no-cache openssh openssh-keygen -EXPOSE 22 -EXPOSE 5432 +RUN ssh-keygen -A + +# Verify that the host keys exist +RUN ls -l /etc/ssh/ssh_host_* + +# Enable SSH and configure key-based authentication +RUN mkdir -p /root/.ssh && chmod 700 /root/.ssh + +# Use build argument to add the public key +ARG DB_SSH_PUBLIC_KEY +RUN echo "$DB_SSH_PUBLIC_KEY" > /root/.ssh/authorized_keys && chmod 600 /root/.ssh/authorized_keys + +# Create the .ssh directory for the postgres user +RUN mkdir -p /var/lib/postgresql/.ssh && \ + chmod 700 /var/lib/postgresql/.ssh && \ + chown postgres:postgres /var/lib/postgresql/.ssh + +# Use build argument to add the public key for the postgres user +RUN echo "$DB_SSH_PUBLIC_KEY" > /var/lib/postgresql/.ssh/authorized_keys && \ + chmod 600 /var/lib/postgresql/.ssh/authorized_keys && \ + chown postgres:postgres /var/lib/postgresql/.ssh/authorized_keys +# Configure SSH daemon +RUN echo 'PasswordAuthentication no' >> /etc/ssh/sshd_config +RUN echo 'PubkeyAuthentication yes' >> /etc/ssh/sshd_config +RUN echo 'AllowUsers postgres' >> /etc/ssh/sshd_config + +RUN chown -R postgres:postgres /etc/ssh + +# Set up WAL archive directory +RUN mkdir -p /var/lib/postgresql/archive && chown postgres:postgres /var/lib/postgresql/archive + +USER postgres + +ENTRYPOINT ["/entrypoint.sh"] +EXPOSE 22 +COPY entrypoint.sh / \ No newline at end of file diff --git a/common/db/entrypoint.sh b/common/db/entrypoint.sh new file mode 100755 index 0000000..e719eb5 --- /dev/null +++ b/common/db/entrypoint.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +# Start PostgreSQL +pg_ctl -D "$PGDATA" -o "-c archive_mode=on -c archive_command='test ! -f /var/lib/postgresql/archive/%f && cp %p /var/lib/postgresql/archive/%f'" start + +# Start SSH +exec /usr/sbin/sshd -D -e From b6bfd07fb278f7c9985213069d76118d27353ebb Mon Sep 17 00:00:00 2001 From: gauravjisri Date: Thu, 22 Aug 2024 11:12:04 +0530 Subject: [PATCH 29/31] Modified README.md --- common/db/README.md | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/common/db/README.md b/common/db/README.md index bb4df80..8fbb800 100644 --- a/common/db/README.md +++ b/common/db/README.md @@ -10,13 +10,9 @@ C. Set value of `cat /opt/id_rsa.pub | base64 -w 0` in DB_SSH_PUBLIC_KEY (change ### STEP 2 Follow after the db container is started (only if you have enabled barman) -A. Currently the ssh server doesn't start automatically, run `docker exec -it DB_CONTAINER_ID /usr/sbin/sshd` to start the ssh server inside the db container. +A. Setup the barman and streaming_barman user which is required to setup barman later. -B. Setup the barman and streaming_barman user which is required to setup barman later. - -`docker exec -it DB_CONTAINER_ID bash` - -`su - postgres` +`docker exec -u postgres -it DB_CONTAINER_ID bash` `createuser --superuser --replication -P barman` Remember the password it will be required to setup barman later. @@ -24,7 +20,7 @@ B. Setup the barman and streaming_barman user which is required to setup barman C. Get the public key which will be used to setup barman later. -`cat ~/.ssh/id_rsa.pub` Copy this somewhere as it will be used later in setting up key baed auth with barman. +`cat ~/.ssh/authorized_keys` Copy this somewhere as it will be used later in setting up key based auth with barman. now exit from db container using `exit` command twice. @@ -41,12 +37,17 @@ A. Login to barman server and switch to root user using `sudo -i` and install re `apt-get install build-essential -y` +```exit``` + +```sudo su``` B. Add DNS entry in /etc/hosts file for machine where DB container / service is running. `vi /etc/hosts` add `POSTGRES_IP mydb` replace POSTGRES_IP with the actual IP address of machine where where DB container / service is running.'mydb' would be the HOSTNAME for your db server which will be required in next step during barman setup. -C. Run `make setup-barman` to setup barman. + + +C. ```cd devops```, Run `make setup-barman` to setup barman. ``` - HOSTNAME/DOMAIN name of your server (e.g mydb.example.com , mydb) which we set in STEP 3.B @@ -72,16 +73,21 @@ E. Add public key of postgres in barman user's .ssh/authorized_keys ### STEP 4 add barman's public key (Refer to STEP 3.D) to postgres db user's .ssh/authorized_keys file. A. Connect to DB server / container. -`docker exec -it DB_CONTAINER_ID bash` - -`su - postgres` +`docker exec -u postgres -it DB_CONTAINER_ID bash` `vi ~/.ssh/authorized_keys` PASTE the content copied from STEP 3.D. Now exit from container using `exit` command twice. -### STEP 5 Restart postgres container -Connect to machine where postgres db container/service is running and run `docker restart DB_CONTAINER_ID` and then run `docker exec -it DB_CONTAINER_ID /usr/sbin/sshd`. +### STEP 6 : Do some modifications. +1. Go to db machine and exec into the container `docker exec -u postgres -it DB_CONTAINER_ID bash` + +2. type `touch ~/.hushlogin` +3. Now go to the barman machine and `vi /etc/barman.d/mydb.conf` +4. Modify the ssh_command, like: ```ssh_command = ssh -q postgres@mydb -p 2222``` + +### STEP 7 : Restart postgres container +1. Connect to machine where postgres db container/service is running and run `docker restart DB_CONTAINER_ID`. -### STEP 6 : Test the replication in barman server using barman user after waiting for 2-3 minutes. +### STEP 8 : Test the replication in barman server using barman user after waiting for 2-3 minutes. `barman check mydb` From 63d972dc305282182a842b12b31a4b88254a0d11 Mon Sep 17 00:00:00 2001 From: gauravjisri Date: Thu, 22 Aug 2024 12:35:30 +0530 Subject: [PATCH 30/31] modified dockerfile --- common/db/Dockerfile | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/common/db/Dockerfile b/common/db/Dockerfile index d3cca73..dbae6fd 100644 --- a/common/db/Dockerfile +++ b/common/db/Dockerfile @@ -1,5 +1,20 @@ FROM samagragovernance/postgres:1.0.1-pg15 +ARG DB_SSH_PUBLIC_KEY +ARG BARMAN_HOST + +ENV BARMAN_HOST=$BARMAN_HOST + + +ADD config/postgresql.conf.template /etc/postgresql/postgresql.conf.template +ADD config/pg_hba.conf.template /etc/postgresql/pg_hba.conf.template + +RUN apk update && \ + apk add envsubst && \ + envsubst < /etc/postgresql/postgresql.conf.template > /etc/postgresql/postgresql.conf && \ + envsubst < /etc/postgresql/pg_hba.conf.template > /etc/postgresql/pg_hba.conf; + + # Install OpenSSH RUN apk add --update --no-cache openssh openssh-keygen @@ -12,7 +27,6 @@ RUN ls -l /etc/ssh/ssh_host_* RUN mkdir -p /root/.ssh && chmod 700 /root/.ssh # Use build argument to add the public key -ARG DB_SSH_PUBLIC_KEY RUN echo "$DB_SSH_PUBLIC_KEY" > /root/.ssh/authorized_keys && chmod 600 /root/.ssh/authorized_keys # Create the .ssh directory for the postgres user @@ -33,11 +47,4 @@ RUN echo 'AllowUsers postgres' >> /etc/ssh/sshd_config RUN chown -R postgres:postgres /etc/ssh -# Set up WAL archive directory -RUN mkdir -p /var/lib/postgresql/archive && chown postgres:postgres /var/lib/postgresql/archive - USER postgres - -ENTRYPOINT ["/entrypoint.sh"] -EXPOSE 22 -COPY entrypoint.sh / \ No newline at end of file From 21a9914a00e7b2a014b4d9da0b14dfa14d2e4ca2 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 22 Aug 2024 16:38:27 +0000 Subject: [PATCH 31/31] fixes, improvements --- common/db/Dockerfile | 15 ++-- common/db/README.md | 96 ++--------------------- common/db/config/pg_hba.conf.template | 4 +- common/db/config/postgresql.conf.template | 2 +- scripts/setup-barman.sh | 53 ++++--------- 5 files changed, 37 insertions(+), 133 deletions(-) diff --git a/common/db/Dockerfile b/common/db/Dockerfile index dbae6fd..4e4d570 100644 --- a/common/db/Dockerfile +++ b/common/db/Dockerfile @@ -1,16 +1,17 @@ FROM samagragovernance/postgres:1.0.1-pg15 -ARG DB_SSH_PUBLIC_KEY +ARG BARMAN_SSH_PUBLIC_KEY +ARG POSTGRES_SSH_PUBLIC_KEY +ARG POSTGRES_SSH_PRIVATE_KEY ARG BARMAN_HOST ENV BARMAN_HOST=$BARMAN_HOST - ADD config/postgresql.conf.template /etc/postgresql/postgresql.conf.template ADD config/pg_hba.conf.template /etc/postgresql/pg_hba.conf.template RUN apk update && \ - apk add envsubst && \ + apk add envsubst rsync && \ envsubst < /etc/postgresql/postgresql.conf.template > /etc/postgresql/postgresql.conf && \ envsubst < /etc/postgresql/pg_hba.conf.template > /etc/postgresql/pg_hba.conf; @@ -27,7 +28,7 @@ RUN ls -l /etc/ssh/ssh_host_* RUN mkdir -p /root/.ssh && chmod 700 /root/.ssh # Use build argument to add the public key -RUN echo "$DB_SSH_PUBLIC_KEY" > /root/.ssh/authorized_keys && chmod 600 /root/.ssh/authorized_keys +RUN echo "$BARMAN_SSH_PUBLIC_KEY" > /root/.ssh/authorized_keys && chmod 600 /root/.ssh/authorized_keys # Create the .ssh directory for the postgres user RUN mkdir -p /var/lib/postgresql/.ssh && \ @@ -35,7 +36,7 @@ RUN mkdir -p /var/lib/postgresql/.ssh && \ chown postgres:postgres /var/lib/postgresql/.ssh # Use build argument to add the public key for the postgres user -RUN echo "$DB_SSH_PUBLIC_KEY" > /var/lib/postgresql/.ssh/authorized_keys && \ +RUN echo "$BARMAN_SSH_PUBLIC_KEY" > /var/lib/postgresql/.ssh/authorized_keys && \ chmod 600 /var/lib/postgresql/.ssh/authorized_keys && \ chown postgres:postgres /var/lib/postgresql/.ssh/authorized_keys @@ -48,3 +49,7 @@ RUN echo 'AllowUsers postgres' >> /etc/ssh/sshd_config RUN chown -R postgres:postgres /etc/ssh USER postgres + +RUN echo "$POSTGRES_SSH_PUBLIC_KEY" > /var/lib/postgresql/.ssh/id_ed25519.pub && chmod 600 /var/lib/postgresql/.ssh/id_ed25519.pub +RUN echo "$POSTGRES_SSH_PRIVATE_KEY" > /var/lib/postgresql/.ssh/id_ed25519 && chmod 600 /var/lib/postgresql/.ssh/id_ed25519 +RUN ssh-keyscan -H "$BARMAN_HOST" >> /var/lib/postgresql/.ssh/known_hosts diff --git a/common/db/README.md b/common/db/README.md index 8fbb800..f2863f8 100644 --- a/common/db/README.md +++ b/common/db/README.md @@ -1,93 +1,13 @@ -### STEP 1 Generate keypair for for postgres +# Steps to run after the db container is started -A. RUN `ssh-keygen -t rsa -f /opt/id_rsa` to generate a key pair. +1. Run `docker exec db /usr/sbin/sshd` -B. Set value of `cat /opt/id_rsa | base64 -w 0` in DB_SSH_PRIVATE_KEY (change the location of private key in command if needed). +# Steps to setup barman -C. Set value of `cat /opt/id_rsa.pub | base64 -w 0` in DB_SSH_PUBLIC_KEY (change the location of private key in command if needed). +1. Run `make setup-barman` ---- - -### STEP 2 Follow after the db container is started (only if you have enabled barman) - -A. Setup the barman and streaming_barman user which is required to setup barman later. - -`docker exec -u postgres -it DB_CONTAINER_ID bash` - -`createuser --superuser --replication -P barman` Remember the password it will be required to setup barman later. - -`createuser --replication -P streaming_barman` Remember the password it will be required to setup barman later. - -C. Get the public key which will be used to setup barman later. - -`cat ~/.ssh/authorized_keys` Copy this somewhere as it will be used later in setting up key based auth with barman. - -now exit from db container using `exit` command twice. - -D. Copy the IP address of your machine where db container is running ( do not run this in container). - -` ip addr show` copy the IP this will be used when setting up DNS entry in barman server. - ---- - -### STEP 3 Steps to setup Barman -A. Login to barman server and switch to root user using `sudo -i` and install required packages - -`apt-get update` - -`apt-get install build-essential -y` - -```exit``` - -```sudo su``` - -B. Add DNS entry in /etc/hosts file for machine where DB container / service is running. - -`vi /etc/hosts` add `POSTGRES_IP mydb` replace POSTGRES_IP with the actual IP address of machine where where DB container / service is running.'mydb' would be the HOSTNAME for your db server which will be required in next step during barman setup. - - - -C. ```cd devops```, Run `make setup-barman` to setup barman. - -``` -- HOSTNAME/DOMAIN name of your server (e.g mydb.example.com , mydb) which we set in STEP 3.B -- Database name for which backup needs to be created. -- Password of user 'barman' which was created while configuring postgres database users in STEP 2.B -- Password of user 'streaming_barman' which was created while configuring postgres database users in STEP 2.B -``` - -D. Switch to barman user to generate keypair for barman. - -`su - barman` - -`ssh-keygen -t rsa` It will generate keypair in home directory of barman user. - -`cat ~/.ssh/id_rsa.pub` COPY this key it will be added in postgres user's .ssh/authorized_keys - -E. Add public key of postgres in barman user's .ssh/authorized_keys - -`vi ~/.ssh/authorized_keys` Paste the key which we copied in STEP 2.C - ---- - -### STEP 4 add barman's public key (Refer to STEP 3.D) to postgres db user's .ssh/authorized_keys file. -A. Connect to DB server / container. - -`docker exec -u postgres -it DB_CONTAINER_ID bash` - -`vi ~/.ssh/authorized_keys` PASTE the content copied from STEP 3.D. Now exit from container using `exit` command twice. - - -### STEP 6 : Do some modifications. -1. Go to db machine and exec into the container `docker exec -u postgres -it DB_CONTAINER_ID bash` - -2. type `touch ~/.hushlogin` -3. Now go to the barman machine and `vi /etc/barman.d/mydb.conf` -4. Modify the ssh_command, like: ```ssh_command = ssh -q postgres@mydb -p 2222``` - -### STEP 7 : Restart postgres container -1. Connect to machine where postgres db container/service is running and run `docker restart DB_CONTAINER_ID`. - -### STEP 8 : Test the replication in barman server using barman user after waiting for 2-3 minutes. -`barman check mydb` +# Useful Commands +`barman check mydb` to check the status of mydb +`barman backup mydb` to backup mydb +`barman switch-xlog --force --archive mydb` to fix wal issues \ No newline at end of file diff --git a/common/db/config/pg_hba.conf.template b/common/db/config/pg_hba.conf.template index f864f90..876e2c4 100644 --- a/common/db/config/pg_hba.conf.template +++ b/common/db/config/pg_hba.conf.template @@ -1,6 +1,6 @@ # TYPE DATABASE USER ADDRESS METHOD local all all trust host all all localhost trust -host replication streaming_barman ${BARMAN_HOST}/32 md5 -host all barman ${BARMAN_HOST}/32 md5 +host replication streaming_barman 0.0.0.0/0 md5 +host all barman 0.0.0.0/0 md5 diff --git a/common/db/config/postgresql.conf.template b/common/db/config/postgresql.conf.template index 902af70..0effa20 100644 --- a/common/db/config/postgresql.conf.template +++ b/common/db/config/postgresql.conf.template @@ -1,4 +1,4 @@ listen_addresses = '*' wal_level = replica archive_mode = on -archive_command = 'rsync -a %p barman@${BARMAN_HOST}:/var/lib/barman/mydb/incoming/%f' +archive_command = 'rsync -a %p barman@${BARMAN_HOST}:/var/lib/barman/mydb/streaming/%f' diff --git a/scripts/setup-barman.sh b/scripts/setup-barman.sh index 80c68a2..34e7855 100755 --- a/scripts/setup-barman.sh +++ b/scripts/setup-barman.sh @@ -1,9 +1,5 @@ #!/bin/bash -#barman_password=password -#streaming_barman_password=password - -# Prompt user for input echo "Enter hostname/fqdn of postgres server:" read host_name echo "Enter database name to replicate wals:" @@ -92,14 +88,25 @@ else echo "Generating barman configuration file $config_file for streaming backup of database..." fi +cat < /etc/barman.conf +[barman] +barman_home = /backup/barman +barman_user = barman +log_file = /var/log/barman/barman.log +compression = gzip +reuse_backup = link +backup_method = rsync +archiver = on +EOF + cat < $config_file [$host_name] description = "Main PostgreSQL Database" conninfo = host=$host_name user=barman dbname=$db_name password=$barman_password -ssh_command = ssh postgres@$host_name -p 2222 -backup_method = rsync -parallel_jobs = 2 -archiver = on +ssh_command = ssh -q postgres@$host_name -p 2222 +retention_policy_mode = auto +retention_policy = RECOVERY WINDOW OF 7 days +wal_retention_policy = main EOF echo "Configuration file $config_file created." @@ -119,33 +126,5 @@ sudo -u barman bash -c "echo '$host_name:5432:replication:streaming_barman:$stre sudo -u barman bash -c "chmod 600 ~/.pgpass" echo ".pgpass file created and permissions set." -:' ######## Commented key generation feature -### Deploying keys to barman -if [ -f ./id_rsa ]; then - echo "Private key found deploying to barman user" - mkdir -p $barman_home/.ssh/ - cp ./id_rsa $barman_home/.ssh/id_rsa - cp ./id_rsa.pub $barman_home/.ssh/authorized_keys - echo -e "Host *\n\tStrictHostKeyChecking no" > $barman_home/.ssh/config - chmod 0600 $barman_home/.ssh/id_rsa - echo "">$barman_home/.ssh/known_hosts - chown -R barman:barman $barman_home/.ssh/ -else - echo "SSH keypair not found , please arrange key pair id_rsa , id_rsa.pub" - echo "Rolling back insallation..........................................................." - apt-get remove --purge barman -y - apt-get autoremove -y - exit -fi -### SSH deployment -' - -### Set up barman cron job if not already set -#if ! sudo crontab -u barman -l 2>/dev/null | grep -q "barman cron"; then -# echo "Setting up barman cron for receiving wals..." -# (sudo crontab -u barman -l 2>/dev/null; echo "* * * * * barman cron") | sudo crontab -u barman - -#else -# echo "barman cron job already set." -#fi -echo "Barman Installation completed............" +echo "Barman Installation Completed"