diff --git a/role_scripts/10/primary/postgresql.conf b/role_scripts/10/primary/postgresql.conf index 6668c4e..b783296 100755 --- a/role_scripts/10/primary/postgresql.conf +++ b/role_scripts/10/primary/postgresql.conf @@ -61,7 +61,7 @@ listen_addresses = '*' # what IP address(es) to listen on; # defaults to 'localhost'; use '*' for all # (change requires restart) #port = 5432 # (change requires restart) -max_connections = 100 # (change requires restart) +# max_connections = 100 # (change requires restart) #superuser_reserved_connections = 3 # (change requires restart) #unix_socket_directories = '/tmp' # comma-separated list of directories # (change requires restart) diff --git a/role_scripts/10/primary/run.sh b/role_scripts/10/primary/run.sh index cbce176..0d0c386 100755 --- a/role_scripts/10/primary/run.sh +++ b/role_scripts/10/primary/run.sh @@ -25,6 +25,24 @@ export PGWAL="$PGDATA/pg_wal" export ARCHIVE=${ARCHIVE:-} if [ ! -e "$PGDATA/PG_VERSION" ]; then + if [[ ! -e "/var/pv/IGNORE_FILESYSTEM_MOUNT_CHECK" ]]; then + pv_df_output=$(df -hP 2>&1) + # Fail if kernel reports a broken FUSE mount anywhere + if echo "$pv_df_output" | grep -qi "Transport endpoint is not connected"; then + echo "ERROR: /var/pv mount not healthy (Transport endpoint is not connected)." + exit 1 + fi + # Ensure /var/pv is actually mounted (present in df output) + if ! echo "$pv_df_output" | awk '{print $NF}' | grep -qx "/var/pv"; then + echo "ERROR: /var/pv is not mounted (not listed in df)." + exit 1 + fi + # Ensure the mountpoint is accessible + if ! ls /var/pv >/dev/null 2>&1; then + echo "ERROR: /var/pv is not accessible." + exit 1 + fi + fi mkdir -p "$PGDATA" rm -rf "$PGDATA"/* chmod 0700 "$PGDATA" @@ -33,4 +51,9 @@ if [ ! -e "$PGDATA/PG_VERSION" ]; then fi /run_scripts/role/start.sh $BOOTSTRAP + +if [[ -e /var/pv/data/postgresql.conf ]]; then + cp /var/pv/data/postgresql.conf /var/pv/postgresql.conf +fi + exec postgres diff --git a/role_scripts/10/primary/start.sh b/role_scripts/10/primary/start.sh index 12c4a23..b79c89d 100755 --- a/role_scripts/10/primary/start.sh +++ b/role_scripts/10/primary/start.sh @@ -16,6 +16,11 @@ BOOTSTRAP=${1} # setup postgresql.conf touch /tmp/postgresql.conf + +if [[ "${TUNING_ENABLED:-}" == "true" ]]; then + echo "include_if_exists = '${TUNING_FILE_PATH:-/etc/tune/user.conf}'" >>/tmp/postgresql.conf +fi + echo "wal_level = replica" >>/tmp/postgresql.conf echo "shared_buffers = $SHARED_BUFFERS" >>/tmp/postgresql.conf echo "max_wal_senders = 90" >>/tmp/postgresql.conf # default is 10. value must be less than max_connections minus superuser_reserved_connections. ref: https://www.postgresql.org/docs/11/runtime-config-replication.html#GUC-MAX-WAL-SENDERS @@ -44,11 +49,11 @@ mv /tmp/postgresql.conf "$PGDATA/postgresql.conf" # setup pg_hba.conf for initial start. this one is just for initialization touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf -{ echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf -{ echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf +{ echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf +{ echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" # start postgres @@ -112,56 +117,56 @@ pg_ctl -D "$PGDATA" -m fast -w stop # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" @@ -196,3 +201,4 @@ if [[ "$STREAMING" == "synchronous" ]]; then fi # ref: https://superuser.com/a/246841/985093 cat /tmp/postgresql.conf $PGDATA/postgresql.conf >"/tmp/postgresql.conf.tmp" && mv "/tmp/postgresql.conf.tmp" "$PGDATA/postgresql.conf" + diff --git a/role_scripts/10/standby/ha_backup_job.sh b/role_scripts/10/standby/ha_backup_job.sh index 3ab83c1..f38682d 100755 --- a/role_scripts/10/standby/ha_backup_job.sh +++ b/role_scripts/10/standby/ha_backup_job.sh @@ -130,56 +130,56 @@ mv /tmp/postgresql.conf "$PGDATA/postgresql.conf" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" diff --git a/role_scripts/10/standby/postgresql.conf b/role_scripts/10/standby/postgresql.conf index 6668c4e..b783296 100755 --- a/role_scripts/10/standby/postgresql.conf +++ b/role_scripts/10/standby/postgresql.conf @@ -61,7 +61,7 @@ listen_addresses = '*' # what IP address(es) to listen on; # defaults to 'localhost'; use '*' for all # (change requires restart) #port = 5432 # (change requires restart) -max_connections = 100 # (change requires restart) +# max_connections = 100 # (change requires restart) #superuser_reserved_connections = 3 # (change requires restart) #unix_socket_directories = '/tmp' # comma-separated list of directories # (change requires restart) diff --git a/role_scripts/10/standby/run.sh b/role_scripts/10/standby/run.sh index ab11a6a..8df0c62 100755 --- a/role_scripts/10/standby/run.sh +++ b/role_scripts/10/standby/run.sh @@ -91,16 +91,35 @@ fi if [[ ! -e "$PGDATA/PG_VERSION" ]]; then + if [[ ! -e "/var/pv/IGNORE_FILESYSTEM_MOUNT_CHECK" ]]; then + # Robust /var/pv mount availability check before any destructive operation or basebackup + pv_df_output=$(df -hP 2>&1) + if echo "$pv_df_output" | grep -qi "Transport endpoint is not connected"; then + echo "ERROR: /var/pv mount not healthy (Transport endpoint is not connected). Aborting basebackup." + exit 1 + fi + if ! echo "$pv_df_output" | awk '{print $NF}' | grep -qx "/var/pv"; then + echo "ERROR: /var/pv is not mounted (not listed in df). Aborting basebackup." + echo "$pv_df_output" + exit 1 + fi + if ! ls /var/pv >/dev/null 2>&1; then + echo "ERROR: /var/pv is not accessible. Aborting basebackup." + exit 1 + fi + fi + touch /var/pv/BOOTSTRAP_INITIALIZATION_STARTED echo "take base basebackup..." # get basebackup mkdir -p "$PGDATA" rm -rf "$PGDATA"/* chmod 0700 "$PGDATA" if [[ "${SSL:-0}" == "ON" ]]; then - pg_basebackup -X fetch --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" -d "sslmode=$SSL_MODE sslrootcert=/tls/certs/client/ca.crt sslcert=/tls/certs/client/client.crt sslkey=/tls/certs/client/client.key" + pg_basebackup -Xs -c fast --pgdata "$PGDATA" --max-rate=1024M --username=postgres --progress --host="$PRIMARY_HOST" -d "sslmode=$SSL_MODE sslrootcert=/tls/certs/client/ca.crt sslcert=/tls/certs/client/client.crt sslkey=/tls/certs/client/client.key" else - pg_basebackup -X fetch --no-password --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" + pg_basebackup -Xs -c fast --no-password --max-rate=1024M --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" fi + touch $PGDATA/recovery.conf else /run_scripts/role/warm_stanby.sh fi @@ -112,6 +131,11 @@ export PGWAL="$PGDATA/pg_wal" # setup postgresql.conf touch /tmp/postgresql.conf + +if [[ "${TUNING_ENABLED:-}" == "true" ]]; then + echo "include_if_exists = '${TUNING_FILE_PATH:-/etc/tune/user.conf}'" >>/tmp/postgresql.conf +fi + echo "wal_level = replica" >>/tmp/postgresql.conf echo "shared_buffers = $SHARED_BUFFERS" >>/tmp/postgresql.conf echo "max_wal_senders = 90" >>/tmp/postgresql.conf # default is 10. value must be less than max_connections minus superuser_reserved_connections. ref: https://www.postgresql.org/docs/11/runtime-config-replication.html#GUC-MAX-WAL-SENDERS @@ -167,58 +191,66 @@ mv /tmp/postgresql.conf "$PGDATA/postgresql.conf" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" +if [[ -e /var/pv/BOOTSTRAP_INITIALIZATION_STARTED ]]; then + rm /var/pv/BOOTSTRAP_INITIALIZATION_STARTED +fi + +if [[ -e /var/pv/data/postgresql.conf ]]; then + cp /var/pv/data/postgresql.conf /var/pv/postgresql.conf +fi + exec postgres diff --git a/role_scripts/10/standby/warm_stanby.sh b/role_scripts/10/standby/warm_stanby.sh index d49edf2..518c8ed 100755 --- a/role_scripts/10/standby/warm_stanby.sh +++ b/role_scripts/10/standby/warm_stanby.sh @@ -71,56 +71,56 @@ mv /tmp/postgresql.conf "$PGDATA/postgresql.conf" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" diff --git a/role_scripts/11/primary/postgresql.conf b/role_scripts/11/primary/postgresql.conf index 7ad7178..a63fd27 100755 --- a/role_scripts/11/primary/postgresql.conf +++ b/role_scripts/11/primary/postgresql.conf @@ -61,7 +61,7 @@ listen_addresses = '*' # what IP address(es) to listen on; # defaults to 'localhost'; use '*' for all # (change requires restart) #port = 5432 # (change requires restart) -max_connections = 100 # (change requires restart) +# max_connections = 100 # (change requires restart) #superuser_reserved_connections = 3 # (change requires restart) #unix_socket_directories = '/tmp' # comma-separated list of directories # (change requires restart) diff --git a/role_scripts/11/primary/run.sh b/role_scripts/11/primary/run.sh index cbce176..0d0c386 100755 --- a/role_scripts/11/primary/run.sh +++ b/role_scripts/11/primary/run.sh @@ -25,6 +25,24 @@ export PGWAL="$PGDATA/pg_wal" export ARCHIVE=${ARCHIVE:-} if [ ! -e "$PGDATA/PG_VERSION" ]; then + if [[ ! -e "/var/pv/IGNORE_FILESYSTEM_MOUNT_CHECK" ]]; then + pv_df_output=$(df -hP 2>&1) + # Fail if kernel reports a broken FUSE mount anywhere + if echo "$pv_df_output" | grep -qi "Transport endpoint is not connected"; then + echo "ERROR: /var/pv mount not healthy (Transport endpoint is not connected)." + exit 1 + fi + # Ensure /var/pv is actually mounted (present in df output) + if ! echo "$pv_df_output" | awk '{print $NF}' | grep -qx "/var/pv"; then + echo "ERROR: /var/pv is not mounted (not listed in df)." + exit 1 + fi + # Ensure the mountpoint is accessible + if ! ls /var/pv >/dev/null 2>&1; then + echo "ERROR: /var/pv is not accessible." + exit 1 + fi + fi mkdir -p "$PGDATA" rm -rf "$PGDATA"/* chmod 0700 "$PGDATA" @@ -33,4 +51,9 @@ if [ ! -e "$PGDATA/PG_VERSION" ]; then fi /run_scripts/role/start.sh $BOOTSTRAP + +if [[ -e /var/pv/data/postgresql.conf ]]; then + cp /var/pv/data/postgresql.conf /var/pv/postgresql.conf +fi + exec postgres diff --git a/role_scripts/11/primary/start.sh b/role_scripts/11/primary/start.sh index 8307663..ca85232 100755 --- a/role_scripts/11/primary/start.sh +++ b/role_scripts/11/primary/start.sh @@ -16,6 +16,11 @@ BOOTSTRAP=${1} # setup postgresql.conf touch /tmp/postgresql.conf + +if [[ "${TUNING_ENABLED:-}" == "true" ]]; then + echo "include_if_exists = '${TUNING_FILE_PATH:-/etc/tune/user.conf}'" >>/tmp/postgresql.conf +fi + echo "wal_level = replica" >>/tmp/postgresql.conf echo "shared_buffers = $SHARED_BUFFERS" >>/tmp/postgresql.conf echo "max_wal_senders = 90" >>/tmp/postgresql.conf # default is 10. value must be less than max_connections minus superuser_reserved_connections. ref: https://www.postgresql.org/docs/11/runtime-config-replication.html#GUC-MAX-WAL-SENDERS @@ -53,11 +58,11 @@ mv /tmp/postgresql.conf "$PGDATA/postgresql.conf" # setup pg_hba.conf for initial start. this one is just for initialization touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf -{ echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf -{ echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf +{ echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf +{ echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" # start postgres @@ -121,86 +126,86 @@ pg_ctl -D "$PGDATA" -m fast -w stop # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" = "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi fi @@ -237,3 +242,4 @@ if [[ "$STREAMING" == "synchronous" ]]; then fi # ref: https://superuser.com/a/246841/985093 cat /tmp/postgresql.conf $PGDATA/postgresql.conf >"/tmp/postgresql.conf.tmp" && mv "/tmp/postgresql.conf.tmp" "$PGDATA/postgresql.conf" + diff --git a/role_scripts/11/standby/ha_backup_job.sh b/role_scripts/11/standby/ha_backup_job.sh index 07480e8..6ad580a 100755 --- a/role_scripts/11/standby/ha_backup_job.sh +++ b/role_scripts/11/standby/ha_backup_job.sh @@ -133,86 +133,86 @@ mv /tmp/postgresql.conf "$PGDATA/postgresql.conf" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" = "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/11/standby/postgresql.conf b/role_scripts/11/standby/postgresql.conf index 7ad7178..a63fd27 100755 --- a/role_scripts/11/standby/postgresql.conf +++ b/role_scripts/11/standby/postgresql.conf @@ -61,7 +61,7 @@ listen_addresses = '*' # what IP address(es) to listen on; # defaults to 'localhost'; use '*' for all # (change requires restart) #port = 5432 # (change requires restart) -max_connections = 100 # (change requires restart) +# max_connections = 100 # (change requires restart) #superuser_reserved_connections = 3 # (change requires restart) #unix_socket_directories = '/tmp' # comma-separated list of directories # (change requires restart) diff --git a/role_scripts/11/standby/run.sh b/role_scripts/11/standby/run.sh index 2eff2eb..518a2cf 100755 --- a/role_scripts/11/standby/run.sh +++ b/role_scripts/11/standby/run.sh @@ -90,16 +90,35 @@ if [[ "$WAL_LIMIT_POLICY" == "ReplicationSlot" ]]; then fi if [[ ! -e "$PGDATA/PG_VERSION" ]]; then + if [[ ! -e "/var/pv/IGNORE_FILESYSTEM_MOUNT_CHECK" ]]; then + # Robust /var/pv mount availability check before any destructive operation or basebackup + pv_df_output=$(df -hP 2>&1) + if echo "$pv_df_output" | grep -qi "Transport endpoint is not connected"; then + echo "ERROR: /var/pv mount not healthy (Transport endpoint is not connected). Aborting basebackup." + exit 1 + fi + if ! echo "$pv_df_output" | awk '{print $NF}' | grep -qx "/var/pv"; then + echo "ERROR: /var/pv is not mounted (not listed in df). Aborting basebackup." + echo "$pv_df_output" + exit 1 + fi + if ! ls /var/pv >/dev/null 2>&1; then + echo "ERROR: /var/pv is not accessible. Aborting basebackup." + exit 1 + fi + fi + touch /var/pv/BOOTSTRAP_INITIALIZATION_STARTED echo "take base basebackup..." # get basebackup mkdir -p "$PGDATA" rm -rf "$PGDATA"/* chmod 0700 "$PGDATA" if [[ "${SSL:-0}" == "ON" ]]; then - pg_basebackup -X fetch --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" -d "sslmode=$SSL_MODE sslrootcert=/tls/certs/client/ca.crt sslcert=/tls/certs/client/client.crt sslkey=/tls/certs/client/client.key" + pg_basebackup -Xs -c fast --pgdata "$PGDATA" --max-rate=1024M --username=postgres --progress --host="$PRIMARY_HOST" -d "sslmode=$SSL_MODE sslrootcert=/tls/certs/client/ca.crt sslcert=/tls/certs/client/client.crt sslkey=/tls/certs/client/client.key" else - pg_basebackup -X fetch --no-password --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" + pg_basebackup -Xs -c fast --no-password --max-rate=1024M --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" fi + touch /var/pv/data/standby.signal else /run_scripts/role/warm_stanby.sh fi @@ -111,6 +130,11 @@ export PGWAL="$PGDATA/pg_wal" # setup postgresql.conf touch /tmp/postgresql.conf + +if [[ "${TUNING_ENABLED:-}" == "true" ]]; then + echo "include_if_exists = '${TUNING_FILE_PATH:-/etc/tune/user.conf}'" >>/tmp/postgresql.conf +fi + echo "wal_level = replica" >>/tmp/postgresql.conf echo "shared_buffers = $SHARED_BUFFERS" >>/tmp/postgresql.conf echo "max_wal_senders = 90" >>/tmp/postgresql.conf # default is 10. value must be less than max_connections minus superuser_reserved_connections. ref: https://www.postgresql.org/docs/11/runtime-config-replication.html#GUC-MAX-WAL-SENDERS @@ -174,90 +198,98 @@ mv /tmp/postgresql.conf "$PGDATA/postgresql.conf" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" = "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi fi mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" +if [[ -e /var/pv/BOOTSTRAP_INITIALIZATION_STARTED ]]; then + rm /var/pv/BOOTSTRAP_INITIALIZATION_STARTED +fi + +if [[ -e /var/pv/data/postgresql.conf ]]; then + cp /var/pv/data/postgresql.conf /var/pv/postgresql.conf +fi + exec postgres diff --git a/role_scripts/11/standby/warm_stanby.sh b/role_scripts/11/standby/warm_stanby.sh index 9d36fcb..ba5a474 100755 --- a/role_scripts/11/standby/warm_stanby.sh +++ b/role_scripts/11/standby/warm_stanby.sh @@ -75,86 +75,86 @@ mv /tmp/postgresql.conf "$PGDATA/postgresql.conf" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" = "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/12/primary/postgresql.conf b/role_scripts/12/primary/postgresql.conf index ee2369b..3c76da7 100755 --- a/role_scripts/12/primary/postgresql.conf +++ b/role_scripts/12/primary/postgresql.conf @@ -61,7 +61,7 @@ listen_addresses = '*' # what IP address(es) to listen on; # defaults to 'localhost'; use '*' for all # (change requires restart) #port = 5432 # (change requires restart) -max_connections = 100 # (change requires restart) +# max_connections = 100 # (change requires restart) #superuser_reserved_connections = 3 # (change requires restart) #unix_socket_directories = '/tmp' # comma-separated list of directories # (change requires restart) diff --git a/role_scripts/12/primary/run.sh b/role_scripts/12/primary/run.sh index cbce176..0d0c386 100755 --- a/role_scripts/12/primary/run.sh +++ b/role_scripts/12/primary/run.sh @@ -25,6 +25,24 @@ export PGWAL="$PGDATA/pg_wal" export ARCHIVE=${ARCHIVE:-} if [ ! -e "$PGDATA/PG_VERSION" ]; then + if [[ ! -e "/var/pv/IGNORE_FILESYSTEM_MOUNT_CHECK" ]]; then + pv_df_output=$(df -hP 2>&1) + # Fail if kernel reports a broken FUSE mount anywhere + if echo "$pv_df_output" | grep -qi "Transport endpoint is not connected"; then + echo "ERROR: /var/pv mount not healthy (Transport endpoint is not connected)." + exit 1 + fi + # Ensure /var/pv is actually mounted (present in df output) + if ! echo "$pv_df_output" | awk '{print $NF}' | grep -qx "/var/pv"; then + echo "ERROR: /var/pv is not mounted (not listed in df)." + exit 1 + fi + # Ensure the mountpoint is accessible + if ! ls /var/pv >/dev/null 2>&1; then + echo "ERROR: /var/pv is not accessible." + exit 1 + fi + fi mkdir -p "$PGDATA" rm -rf "$PGDATA"/* chmod 0700 "$PGDATA" @@ -33,4 +51,9 @@ if [ ! -e "$PGDATA/PG_VERSION" ]; then fi /run_scripts/role/start.sh $BOOTSTRAP + +if [[ -e /var/pv/data/postgresql.conf ]]; then + cp /var/pv/data/postgresql.conf /var/pv/postgresql.conf +fi + exec postgres diff --git a/role_scripts/12/primary/start.sh b/role_scripts/12/primary/start.sh index 6a485bb..7df969e 100755 --- a/role_scripts/12/primary/start.sh +++ b/role_scripts/12/primary/start.sh @@ -16,6 +16,11 @@ BOOTSTRAP=${1} # setup postgresql.conf touch /tmp/postgresql.conf + +if [[ "${TUNING_ENABLED:-}" == "true" ]]; then + echo "include_if_exists = '${TUNING_FILE_PATH:-/etc/tune/user.conf}'" >>/tmp/postgresql.conf +fi + echo "wal_level = replica" >>/tmp/postgresql.conf echo "shared_buffers = $SHARED_BUFFERS" >>/tmp/postgresql.conf echo "max_wal_senders = 90" >>/tmp/postgresql.conf # default is 10. value must be less than max_connections minus superuser_reserved_connections. ref: https://www.postgresql.org/docs/11/runtime-config-replication.html#GUC-MAX-WAL-SENDERS @@ -69,11 +74,11 @@ mv /tmp/postgresql.conf "$PGDATA/postgresql.conf" # setup pg_hba.conf for initial start. this one is just for initialization touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf -{ echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf -{ echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf +{ echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf +{ echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" # start postgres @@ -137,86 +142,86 @@ pg_ctl -D "$PGDATA" -m fast -w stop # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/12/standby/ha_backup_job.sh b/role_scripts/12/standby/ha_backup_job.sh index d17e479..4d645a9 100755 --- a/role_scripts/12/standby/ha_backup_job.sh +++ b/role_scripts/12/standby/ha_backup_job.sh @@ -152,86 +152,86 @@ touch "$PGDATA/standby.signal" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/12/standby/postgresql.conf b/role_scripts/12/standby/postgresql.conf index ee2369b..3c76da7 100755 --- a/role_scripts/12/standby/postgresql.conf +++ b/role_scripts/12/standby/postgresql.conf @@ -61,7 +61,7 @@ listen_addresses = '*' # what IP address(es) to listen on; # defaults to 'localhost'; use '*' for all # (change requires restart) #port = 5432 # (change requires restart) -max_connections = 100 # (change requires restart) +# max_connections = 100 # (change requires restart) #superuser_reserved_connections = 3 # (change requires restart) #unix_socket_directories = '/tmp' # comma-separated list of directories # (change requires restart) diff --git a/role_scripts/12/standby/run.sh b/role_scripts/12/standby/run.sh index 68e8558..1fe4175 100755 --- a/role_scripts/12/standby/run.sh +++ b/role_scripts/12/standby/run.sh @@ -91,21 +91,45 @@ fi if [[ ! -e "$PGDATA/PG_VERSION" ]]; then + if [[ ! -e "/var/pv/IGNORE_FILESYSTEM_MOUNT_CHECK" ]]; then + # Robust /var/pv mount availability check before any destructive operation or basebackup + pv_df_output=$(df -hP 2>&1) + if echo "$pv_df_output" | grep -qi "Transport endpoint is not connected"; then + echo "ERROR: /var/pv mount not healthy (Transport endpoint is not connected). Aborting basebackup." + exit 1 + fi + if ! echo "$pv_df_output" | awk '{print $NF}' | grep -qx "/var/pv"; then + echo "ERROR: /var/pv is not mounted (not listed in df). Aborting basebackup." + echo "$pv_df_output" + exit 1 + fi + if ! ls /var/pv >/dev/null 2>&1; then + echo "ERROR: /var/pv is not accessible. Aborting basebackup." + exit 1 + fi + fi + touch /var/pv/BOOTSTRAP_INITIALIZATION_STARTED echo "take base basebackup..." mkdir -p "$PGDATA" rm -rf "$PGDATA"/* chmod 0700 "$PGDATA" if [[ "${SSL:-0}" == "ON" ]]; then - pg_basebackup -X fetch --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" -d "sslmode=$SSL_MODE sslrootcert=/tls/certs/client/ca.crt sslcert=/tls/certs/client/client.crt sslkey=/tls/certs/client/client.key" + pg_basebackup -Xs -c fast --pgdata "$PGDATA" --max-rate=1024M --username=postgres --progress --host="$PRIMARY_HOST" -d "sslmode=$SSL_MODE sslrootcert=/tls/certs/client/ca.crt sslcert=/tls/certs/client/client.crt sslkey=/tls/certs/client/client.key" else - pg_basebackup -X fetch --no-password --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" + pg_basebackup -Xs -c fast --no-password --max-rate=1024M --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" fi + touch /var/pv/data/standby.signal else /run_scripts/role/warm_stanby.sh fi # setup postgresql.conf touch /tmp/postgresql.conf + +if [[ "${TUNING_ENABLED:-}" == "true" ]]; then + echo "include_if_exists = '${TUNING_FILE_PATH:-/etc/tune/user.conf}'" >>/tmp/postgresql.conf +fi + echo "wal_level = replica" >>/tmp/postgresql.conf echo "shared_buffers = $SHARED_BUFFERS" >>/tmp/postgresql.conf echo "max_wal_senders = 90" >>/tmp/postgresql.conf # default is 10. value must be less than max_connections minus superuser_reserved_connections. ref: https://www.postgresql.org/docs/11/runtime-config-replication.html#GUC-MAX-WAL-SENDERS @@ -190,90 +214,98 @@ touch "$PGDATA/standby.signal" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi fi mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" +if [[ -e /var/pv/BOOTSTRAP_INITIALIZATION_STARTED ]]; then + rm /var/pv/BOOTSTRAP_INITIALIZATION_STARTED +fi + +if [[ -e /var/pv/data/postgresql.conf ]]; then + cp /var/pv/data/postgresql.conf /var/pv/postgresql.conf +fi + exec postgres diff --git a/role_scripts/12/standby/warm_stanby.sh b/role_scripts/12/standby/warm_stanby.sh index 6f7ab49..20a73ac 100755 --- a/role_scripts/12/standby/warm_stanby.sh +++ b/role_scripts/12/standby/warm_stanby.sh @@ -100,86 +100,86 @@ touch "$PGDATA/standby.signal" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/13/primary/postgresql.conf b/role_scripts/13/primary/postgresql.conf index bc71614..f6c4d98 100755 --- a/role_scripts/13/primary/postgresql.conf +++ b/role_scripts/13/primary/postgresql.conf @@ -61,7 +61,7 @@ listen_addresses = '*' # what IP address(es) to listen on; # defaults to 'localhost'; use '*' for all # (change requires restart) #port = 5432 # (change requires restart) -max_connections = 100 # (change requires restart) +# max_connections = 100 # (change requires restart) #superuser_reserved_connections = 3 # (change requires restart) #unix_socket_directories = '/tmp' # comma-separated list of directories # (change requires restart) diff --git a/role_scripts/13/primary/run.sh b/role_scripts/13/primary/run.sh index cbce176..0d0c386 100755 --- a/role_scripts/13/primary/run.sh +++ b/role_scripts/13/primary/run.sh @@ -25,6 +25,24 @@ export PGWAL="$PGDATA/pg_wal" export ARCHIVE=${ARCHIVE:-} if [ ! -e "$PGDATA/PG_VERSION" ]; then + if [[ ! -e "/var/pv/IGNORE_FILESYSTEM_MOUNT_CHECK" ]]; then + pv_df_output=$(df -hP 2>&1) + # Fail if kernel reports a broken FUSE mount anywhere + if echo "$pv_df_output" | grep -qi "Transport endpoint is not connected"; then + echo "ERROR: /var/pv mount not healthy (Transport endpoint is not connected)." + exit 1 + fi + # Ensure /var/pv is actually mounted (present in df output) + if ! echo "$pv_df_output" | awk '{print $NF}' | grep -qx "/var/pv"; then + echo "ERROR: /var/pv is not mounted (not listed in df)." + exit 1 + fi + # Ensure the mountpoint is accessible + if ! ls /var/pv >/dev/null 2>&1; then + echo "ERROR: /var/pv is not accessible." + exit 1 + fi + fi mkdir -p "$PGDATA" rm -rf "$PGDATA"/* chmod 0700 "$PGDATA" @@ -33,4 +51,9 @@ if [ ! -e "$PGDATA/PG_VERSION" ]; then fi /run_scripts/role/start.sh $BOOTSTRAP + +if [[ -e /var/pv/data/postgresql.conf ]]; then + cp /var/pv/data/postgresql.conf /var/pv/postgresql.conf +fi + exec postgres diff --git a/role_scripts/13/primary/start.sh b/role_scripts/13/primary/start.sh index 98db98d..d6a3ed9 100755 --- a/role_scripts/13/primary/start.sh +++ b/role_scripts/13/primary/start.sh @@ -16,6 +16,11 @@ BOOTSTRAP=${1} # setup postgresql.conf touch /tmp/postgresql.conf + +if [[ "${TUNING_ENABLED:-}" == "true" ]]; then + echo "include_if_exists = '${TUNING_FILE_PATH:-/etc/tune/user.conf}'" >>/tmp/postgresql.conf +fi + echo "wal_level = replica" >>/tmp/postgresql.conf echo "shared_buffers = $SHARED_BUFFERS" >>/tmp/postgresql.conf echo "max_wal_senders = 90" >>/tmp/postgresql.conf # default is 10. value must be less than max_connections minus superuser_reserved_connections. ref: https://www.postgresql.org/docs/11/runtime-config-replication.html#GUC-MAX-WAL-SENDERS @@ -70,11 +75,11 @@ mv /tmp/postgresql.conf "$PGDATA/postgresql.conf" # setup pg_hba.conf for initial start. this one is just for initialization touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf -{ echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf -{ echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf +{ echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf +{ echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" # start postgres @@ -138,96 +143,96 @@ pg_ctl -D "$PGDATA" -m fast -w stop # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/13/standby/ha_backup_job.sh b/role_scripts/13/standby/ha_backup_job.sh index c896589..b62d3c2 100755 --- a/role_scripts/13/standby/ha_backup_job.sh +++ b/role_scripts/13/standby/ha_backup_job.sh @@ -152,86 +152,86 @@ touch "$PGDATA/standby.signal" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/13/standby/postgresql.conf b/role_scripts/13/standby/postgresql.conf index bc71614..f6c4d98 100755 --- a/role_scripts/13/standby/postgresql.conf +++ b/role_scripts/13/standby/postgresql.conf @@ -61,7 +61,7 @@ listen_addresses = '*' # what IP address(es) to listen on; # defaults to 'localhost'; use '*' for all # (change requires restart) #port = 5432 # (change requires restart) -max_connections = 100 # (change requires restart) +# max_connections = 100 # (change requires restart) #superuser_reserved_connections = 3 # (change requires restart) #unix_socket_directories = '/tmp' # comma-separated list of directories # (change requires restart) diff --git a/role_scripts/13/standby/remote-replica.sh b/role_scripts/13/standby/remote-replica.sh index 34fed89..65bf38d 100755 --- a/role_scripts/13/standby/remote-replica.sh +++ b/role_scripts/13/standby/remote-replica.sh @@ -46,6 +46,22 @@ while true; do done if [[ ! -e "$PGDATA/PG_VERSION" ]]; then + pv_df_output=$(df -hP 2>&1) + # Fail if kernel reports a broken FUSE mount anywhere + if echo "$pv_df_output" | grep -qi "Transport endpoint is not connected"; then + echo "ERROR: /var/pv mount not healthy (Transport endpoint is not connected)." + exit 1 + fi + # Ensure /var/pv is actually mounted (present in df output) + if ! echo "$pv_df_output" | awk '{print $NF}' | grep -qx "/var/pv"; then + echo "ERROR: /var/pv is not mounted (not listed in df)." + exit 1 + fi + # Ensure the mountpoint is accessible + if ! ls /var/pv >/dev/null 2>&1; then + echo "ERROR: /var/pv is not accessible." + exit 1 + fi echo "taking base basebackup..." mkdir -p "$PGDATA" rm -rf "$PGDATA"/* @@ -124,86 +140,86 @@ touch "$PGDATA/standby.signal" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/13/standby/run.sh b/role_scripts/13/standby/run.sh index 776e9b2..f0a395c 100755 --- a/role_scripts/13/standby/run.sh +++ b/role_scripts/13/standby/run.sh @@ -91,21 +91,45 @@ fi if [[ ! -e "$PGDATA/PG_VERSION" ]]; then + if [[ ! -e "/var/pv/IGNORE_FILESYSTEM_MOUNT_CHECK" ]]; then + # Robust /var/pv mount availability check before any destructive operation or basebackup + pv_df_output=$(df -hP 2>&1) + if echo "$pv_df_output" | grep -qi "Transport endpoint is not connected"; then + echo "ERROR: /var/pv mount not healthy (Transport endpoint is not connected). Aborting basebackup." + exit 1 + fi + if ! echo "$pv_df_output" | awk '{print $NF}' | grep -qx "/var/pv"; then + echo "ERROR: /var/pv is not mounted (not listed in df). Aborting basebackup." + echo "$pv_df_output" + exit 1 + fi + if ! ls /var/pv >/dev/null 2>&1; then + echo "ERROR: /var/pv is not accessible. Aborting basebackup." + exit 1 + fi + fi + touch /var/pv/BOOTSTRAP_INITIALIZATION_STARTED echo "take base basebackup..." mkdir -p "$PGDATA" rm -rf "$PGDATA"/* chmod 0700 "$PGDATA" if [[ "${SSL:-0}" == "ON" ]]; then - pg_basebackup -X fetch --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" -d "sslmode=$SSL_MODE sslrootcert=/tls/certs/client/ca.crt sslcert=/tls/certs/client/client.crt sslkey=/tls/certs/client/client.key" + pg_basebackup -Xs -c fast --pgdata "$PGDATA" --max-rate=1024M --username=postgres --progress --host="$PRIMARY_HOST" -d "sslmode=$SSL_MODE sslrootcert=/tls/certs/client/ca.crt sslcert=/tls/certs/client/client.crt sslkey=/tls/certs/client/client.key" else - pg_basebackup -X fetch --no-password --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" + pg_basebackup -Xs -c fast --no-password --max-rate=1024M --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" fi + touch /var/pv/data/standby.signal else /run_scripts/role/warm_stanby.sh fi # setup postgresql.conf touch /tmp/postgresql.conf + +if [[ "${TUNING_ENABLED:-}" == "true" ]]; then + echo "include_if_exists = '${TUNING_FILE_PATH:-/etc/tune/user.conf}'" >>/tmp/postgresql.conf +fi + echo "wal_level = replica" >>/tmp/postgresql.conf echo "shared_buffers = $SHARED_BUFFERS" >>/tmp/postgresql.conf echo "max_wal_senders = 90" >>/tmp/postgresql.conf # default is 10. value must be less than max_connections minus superuser_reserved_connections. ref: https://www.postgresql.org/docs/11/runtime-config-replication.html#GUC-MAX-WAL-SENDERS @@ -195,100 +219,108 @@ touch "$PGDATA/standby.signal" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi fi mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" +if [[ -e /var/pv/BOOTSTRAP_INITIALIZATION_STARTED ]]; then + rm /var/pv/BOOTSTRAP_INITIALIZATION_STARTED +fi + +if [[ -e /var/pv/data/postgresql.conf ]]; then + cp /var/pv/data/postgresql.conf /var/pv/postgresql.conf +fi + exec postgres diff --git a/role_scripts/13/standby/warm_stanby.sh b/role_scripts/13/standby/warm_stanby.sh index d1d7ec2..6eb8c8d 100755 --- a/role_scripts/13/standby/warm_stanby.sh +++ b/role_scripts/13/standby/warm_stanby.sh @@ -96,96 +96,96 @@ touch "$PGDATA/standby.signal" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/14/primary/postgresql.conf b/role_scripts/14/primary/postgresql.conf index bc71614..f6c4d98 100755 --- a/role_scripts/14/primary/postgresql.conf +++ b/role_scripts/14/primary/postgresql.conf @@ -61,7 +61,7 @@ listen_addresses = '*' # what IP address(es) to listen on; # defaults to 'localhost'; use '*' for all # (change requires restart) #port = 5432 # (change requires restart) -max_connections = 100 # (change requires restart) +# max_connections = 100 # (change requires restart) #superuser_reserved_connections = 3 # (change requires restart) #unix_socket_directories = '/tmp' # comma-separated list of directories # (change requires restart) diff --git a/role_scripts/14/primary/run.sh b/role_scripts/14/primary/run.sh index cbce176..0d0c386 100755 --- a/role_scripts/14/primary/run.sh +++ b/role_scripts/14/primary/run.sh @@ -25,6 +25,24 @@ export PGWAL="$PGDATA/pg_wal" export ARCHIVE=${ARCHIVE:-} if [ ! -e "$PGDATA/PG_VERSION" ]; then + if [[ ! -e "/var/pv/IGNORE_FILESYSTEM_MOUNT_CHECK" ]]; then + pv_df_output=$(df -hP 2>&1) + # Fail if kernel reports a broken FUSE mount anywhere + if echo "$pv_df_output" | grep -qi "Transport endpoint is not connected"; then + echo "ERROR: /var/pv mount not healthy (Transport endpoint is not connected)." + exit 1 + fi + # Ensure /var/pv is actually mounted (present in df output) + if ! echo "$pv_df_output" | awk '{print $NF}' | grep -qx "/var/pv"; then + echo "ERROR: /var/pv is not mounted (not listed in df)." + exit 1 + fi + # Ensure the mountpoint is accessible + if ! ls /var/pv >/dev/null 2>&1; then + echo "ERROR: /var/pv is not accessible." + exit 1 + fi + fi mkdir -p "$PGDATA" rm -rf "$PGDATA"/* chmod 0700 "$PGDATA" @@ -33,4 +51,9 @@ if [ ! -e "$PGDATA/PG_VERSION" ]; then fi /run_scripts/role/start.sh $BOOTSTRAP + +if [[ -e /var/pv/data/postgresql.conf ]]; then + cp /var/pv/data/postgresql.conf /var/pv/postgresql.conf +fi + exec postgres diff --git a/role_scripts/14/primary/start.sh b/role_scripts/14/primary/start.sh index 43b34c1..dd92cdd 100755 --- a/role_scripts/14/primary/start.sh +++ b/role_scripts/14/primary/start.sh @@ -16,6 +16,11 @@ BOOTSTRAP=${1} # setup postgresql.conf touch /tmp/postgresql.conf + +if [[ "${TUNING_ENABLED:-}" == "true" ]]; then + echo "include_if_exists = '${TUNING_FILE_PATH:-/etc/tune/user.conf}'" >>/tmp/postgresql.conf +fi + echo "wal_level = replica" >>/tmp/postgresql.conf echo "shared_buffers = $SHARED_BUFFERS" >>/tmp/postgresql.conf echo "max_wal_senders = 90" >>/tmp/postgresql.conf # default is 10. value must be less than max_connections minus superuser_reserved_connections. ref: https://www.postgresql.org/docs/11/runtime-config-replication.html#GUC-MAX-WAL-SENDERS @@ -76,11 +81,11 @@ mv /tmp/postgresql.conf "$PGDATA/postgresql.conf" # setup pg_hba.conf for initial start. this one is just for initialization touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf -{ echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf -{ echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf +{ echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf +{ echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" # start postgres @@ -144,96 +149,96 @@ pg_ctl -D "$PGDATA" -m fast -w stop # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/14/standby/ha_backup_job.sh b/role_scripts/14/standby/ha_backup_job.sh index 16c253f..983a51f 100755 --- a/role_scripts/14/standby/ha_backup_job.sh +++ b/role_scripts/14/standby/ha_backup_job.sh @@ -152,86 +152,86 @@ touch "$PGDATA/standby.signal" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/14/standby/postgresql.conf b/role_scripts/14/standby/postgresql.conf index bc71614..f6c4d98 100755 --- a/role_scripts/14/standby/postgresql.conf +++ b/role_scripts/14/standby/postgresql.conf @@ -61,7 +61,7 @@ listen_addresses = '*' # what IP address(es) to listen on; # defaults to 'localhost'; use '*' for all # (change requires restart) #port = 5432 # (change requires restart) -max_connections = 100 # (change requires restart) +# max_connections = 100 # (change requires restart) #superuser_reserved_connections = 3 # (change requires restart) #unix_socket_directories = '/tmp' # comma-separated list of directories # (change requires restart) diff --git a/role_scripts/14/standby/remote-replica.sh b/role_scripts/14/standby/remote-replica.sh index dfdcb44..1c6c02e 100755 --- a/role_scripts/14/standby/remote-replica.sh +++ b/role_scripts/14/standby/remote-replica.sh @@ -46,6 +46,22 @@ while true; do done if [[ ! -e "$PGDATA/PG_VERSION" ]]; then + pv_df_output=$(df -hP 2>&1) + # Fail if kernel reports a broken FUSE mount anywhere + if echo "$pv_df_output" | grep -qi "Transport endpoint is not connected"; then + echo "ERROR: /var/pv mount not healthy (Transport endpoint is not connected)." + exit 1 + fi + # Ensure /var/pv is actually mounted (present in df output) + if ! echo "$pv_df_output" | awk '{print $NF}' | grep -qx "/var/pv"; then + echo "ERROR: /var/pv is not mounted (not listed in df)." + exit 1 + fi + # Ensure the mountpoint is accessible + if ! ls /var/pv >/dev/null 2>&1; then + echo "ERROR: /var/pv is not accessible." + exit 1 + fi echo "taking base basebackup..." mkdir -p "$PGDATA" rm -rf "$PGDATA"/* @@ -124,86 +140,86 @@ touch "$PGDATA/standby.signal" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/14/standby/run.sh b/role_scripts/14/standby/run.sh index dd49229..db013a8 100755 --- a/role_scripts/14/standby/run.sh +++ b/role_scripts/14/standby/run.sh @@ -91,21 +91,45 @@ fi if [[ ! -e "$PGDATA/PG_VERSION" ]]; then + if [[ ! -e "/var/pv/IGNORE_FILESYSTEM_MOUNT_CHECK" ]]; then + # Robust /var/pv mount availability check before any destructive operation or basebackup + pv_df_output=$(df -hP 2>&1) + if echo "$pv_df_output" | grep -qi "Transport endpoint is not connected"; then + echo "ERROR: /var/pv mount not healthy (Transport endpoint is not connected). Aborting basebackup." + exit 1 + fi + if ! echo "$pv_df_output" | awk '{print $NF}' | grep -qx "/var/pv"; then + echo "ERROR: /var/pv is not mounted (not listed in df). Aborting basebackup." + echo "$pv_df_output" + exit 1 + fi + if ! ls /var/pv >/dev/null 2>&1; then + echo "ERROR: /var/pv is not accessible. Aborting basebackup." + exit 1 + fi + fi + touch /var/pv/BOOTSTRAP_INITIALIZATION_STARTED echo "take base basebackup..." mkdir -p "$PGDATA" rm -rf "$PGDATA"/* chmod 0700 "$PGDATA" if [[ "${SSL:-0}" == "ON" ]]; then - pg_basebackup -X fetch --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" -d "sslmode=$SSL_MODE sslrootcert=/tls/certs/client/ca.crt sslcert=/tls/certs/client/client.crt sslkey=/tls/certs/client/client.key" + pg_basebackup -Xs -c fast --pgdata "$PGDATA" --max-rate=1024M --username=postgres --progress --host="$PRIMARY_HOST" -d "sslmode=$SSL_MODE sslrootcert=/tls/certs/client/ca.crt sslcert=/tls/certs/client/client.crt sslkey=/tls/certs/client/client.key" else - pg_basebackup -X fetch --no-password --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" + pg_basebackup -Xs -c fast --no-password --max-rate=1024M --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" fi + touch /var/pv/data/standby.signal else /run_scripts/role/warm_stanby.sh fi # setup postgresql.conf touch /tmp/postgresql.conf + +if [[ "${TUNING_ENABLED:-}" == "true" ]]; then + echo "include_if_exists = '${TUNING_FILE_PATH:-/etc/tune/user.conf}'" >>/tmp/postgresql.conf +fi + echo "wal_level = replica" >>/tmp/postgresql.conf echo "shared_buffers = $SHARED_BUFFERS" >>/tmp/postgresql.conf echo "max_wal_senders = 90" >>/tmp/postgresql.conf # default is 10. value must be less than max_connections minus superuser_reserved_connections. ref: https://www.postgresql.org/docs/11/runtime-config-replication.html#GUC-MAX-WAL-SENDERS @@ -195,100 +219,108 @@ touch "$PGDATA/standby.signal" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi fi mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" +if [[ -e /var/pv/BOOTSTRAP_INITIALIZATION_STARTED ]]; then + rm /var/pv/BOOTSTRAP_INITIALIZATION_STARTED +fi + +if [[ -e /var/pv/data/postgresql.conf ]]; then + cp /var/pv/data/postgresql.conf /var/pv/postgresql.conf +fi + exec postgres diff --git a/role_scripts/14/standby/warm_stanby.sh b/role_scripts/14/standby/warm_stanby.sh index d6c4d45..9ad3e8b 100755 --- a/role_scripts/14/standby/warm_stanby.sh +++ b/role_scripts/14/standby/warm_stanby.sh @@ -96,96 +96,96 @@ touch "$PGDATA/standby.signal" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/15/primary/postgresql.conf b/role_scripts/15/primary/postgresql.conf index a04585d..02bec19 100755 --- a/role_scripts/15/primary/postgresql.conf +++ b/role_scripts/15/primary/postgresql.conf @@ -62,7 +62,7 @@ listen_addresses = '*' # what IP address(es) to listen on; # defaults to 'localhost'; use '*' for all # (change requires restart) #port = 5432 # (change requires restart) -max_connections = 100 # (change requires restart) +# max_connections = 100 # (change requires restart) #superuser_reserved_connections = 3 # (change requires restart) #unix_socket_directories = '/tmp' # comma-separated list of directories # (change requires restart) diff --git a/role_scripts/15/primary/run.sh b/role_scripts/15/primary/run.sh index cbce176..0d0c386 100755 --- a/role_scripts/15/primary/run.sh +++ b/role_scripts/15/primary/run.sh @@ -25,6 +25,24 @@ export PGWAL="$PGDATA/pg_wal" export ARCHIVE=${ARCHIVE:-} if [ ! -e "$PGDATA/PG_VERSION" ]; then + if [[ ! -e "/var/pv/IGNORE_FILESYSTEM_MOUNT_CHECK" ]]; then + pv_df_output=$(df -hP 2>&1) + # Fail if kernel reports a broken FUSE mount anywhere + if echo "$pv_df_output" | grep -qi "Transport endpoint is not connected"; then + echo "ERROR: /var/pv mount not healthy (Transport endpoint is not connected)." + exit 1 + fi + # Ensure /var/pv is actually mounted (present in df output) + if ! echo "$pv_df_output" | awk '{print $NF}' | grep -qx "/var/pv"; then + echo "ERROR: /var/pv is not mounted (not listed in df)." + exit 1 + fi + # Ensure the mountpoint is accessible + if ! ls /var/pv >/dev/null 2>&1; then + echo "ERROR: /var/pv is not accessible." + exit 1 + fi + fi mkdir -p "$PGDATA" rm -rf "$PGDATA"/* chmod 0700 "$PGDATA" @@ -33,4 +51,9 @@ if [ ! -e "$PGDATA/PG_VERSION" ]; then fi /run_scripts/role/start.sh $BOOTSTRAP + +if [[ -e /var/pv/data/postgresql.conf ]]; then + cp /var/pv/data/postgresql.conf /var/pv/postgresql.conf +fi + exec postgres diff --git a/role_scripts/15/primary/start.sh b/role_scripts/15/primary/start.sh index bcf17a2..8ceedf7 100755 --- a/role_scripts/15/primary/start.sh +++ b/role_scripts/15/primary/start.sh @@ -16,6 +16,11 @@ BOOTSTRAP=${1} # setup postgresql.conf touch /tmp/postgresql.conf + +if [[ "${TUNING_ENABLED:-}" == "true" ]]; then + echo "include_if_exists = '${TUNING_FILE_PATH:-/etc/tune/user.conf}'" >>/tmp/postgresql.conf +fi + echo "wal_level = replica" >>/tmp/postgresql.conf echo "shared_buffers = $SHARED_BUFFERS" >>/tmp/postgresql.conf echo "max_wal_senders = 90" >>/tmp/postgresql.conf # default is 10. value must be less than max_connections minus superuser_reserved_connections. ref: https://www.postgresql.org/docs/11/runtime-config-replication.html#GUC-MAX-WAL-SENDERS @@ -74,11 +79,11 @@ mv /tmp/postgresql.conf "$PGDATA/postgresql.conf" # setup pg_hba.conf for initial start. this one is just for initialization touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf -{ echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf -{ echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf +{ echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf +{ echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" # start postgres @@ -142,96 +147,96 @@ pg_ctl -D "$PGDATA" -m fast -w stop # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/15/standby/ha_backup_job.sh b/role_scripts/15/standby/ha_backup_job.sh index a416a9e..663df8f 100755 --- a/role_scripts/15/standby/ha_backup_job.sh +++ b/role_scripts/15/standby/ha_backup_job.sh @@ -154,86 +154,86 @@ touch "$PGDATA/standby.signal" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/15/standby/postgresql.conf b/role_scripts/15/standby/postgresql.conf index a04585d..02bec19 100755 --- a/role_scripts/15/standby/postgresql.conf +++ b/role_scripts/15/standby/postgresql.conf @@ -62,7 +62,7 @@ listen_addresses = '*' # what IP address(es) to listen on; # defaults to 'localhost'; use '*' for all # (change requires restart) #port = 5432 # (change requires restart) -max_connections = 100 # (change requires restart) +# max_connections = 100 # (change requires restart) #superuser_reserved_connections = 3 # (change requires restart) #unix_socket_directories = '/tmp' # comma-separated list of directories # (change requires restart) diff --git a/role_scripts/15/standby/remote-replica.sh b/role_scripts/15/standby/remote-replica.sh index dfdcb44..1c6c02e 100755 --- a/role_scripts/15/standby/remote-replica.sh +++ b/role_scripts/15/standby/remote-replica.sh @@ -46,6 +46,22 @@ while true; do done if [[ ! -e "$PGDATA/PG_VERSION" ]]; then + pv_df_output=$(df -hP 2>&1) + # Fail if kernel reports a broken FUSE mount anywhere + if echo "$pv_df_output" | grep -qi "Transport endpoint is not connected"; then + echo "ERROR: /var/pv mount not healthy (Transport endpoint is not connected)." + exit 1 + fi + # Ensure /var/pv is actually mounted (present in df output) + if ! echo "$pv_df_output" | awk '{print $NF}' | grep -qx "/var/pv"; then + echo "ERROR: /var/pv is not mounted (not listed in df)." + exit 1 + fi + # Ensure the mountpoint is accessible + if ! ls /var/pv >/dev/null 2>&1; then + echo "ERROR: /var/pv is not accessible." + exit 1 + fi echo "taking base basebackup..." mkdir -p "$PGDATA" rm -rf "$PGDATA"/* @@ -124,86 +140,86 @@ touch "$PGDATA/standby.signal" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/15/standby/run.sh b/role_scripts/15/standby/run.sh index 70096a3..d3db7d8 100755 --- a/role_scripts/15/standby/run.sh +++ b/role_scripts/15/standby/run.sh @@ -91,21 +91,45 @@ fi if [[ ! -e "$PGDATA/PG_VERSION" ]]; then + if [[ ! -e "/var/pv/IGNORE_FILESYSTEM_MOUNT_CHECK" ]]; then + # Robust /var/pv mount availability check before any destructive operation or basebackup + pv_df_output=$(df -hP 2>&1) + if echo "$pv_df_output" | grep -qi "Transport endpoint is not connected"; then + echo "ERROR: /var/pv mount not healthy (Transport endpoint is not connected). Aborting basebackup." + exit 1 + fi + if ! echo "$pv_df_output" | awk '{print $NF}' | grep -qx "/var/pv"; then + echo "ERROR: /var/pv is not mounted (not listed in df). Aborting basebackup." + echo "$pv_df_output" + exit 1 + fi + if ! ls /var/pv >/dev/null 2>&1; then + echo "ERROR: /var/pv is not accessible. Aborting basebackup." + exit 1 + fi + fi + touch /var/pv/BOOTSTRAP_INITIALIZATION_STARTED echo "take base basebackup..." mkdir -p "$PGDATA" rm -rf "$PGDATA"/* chmod 0700 "$PGDATA" if [[ "${SSL:-0}" == "ON" ]]; then - pg_basebackup -X fetch --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" -d "sslmode=$SSL_MODE sslrootcert=/tls/certs/client/ca.crt sslcert=/tls/certs/client/client.crt sslkey=/tls/certs/client/client.key" + pg_basebackup -Xs -c fast --pgdata "$PGDATA" --max-rate=1024M --username=postgres --progress --host="$PRIMARY_HOST" -d "sslmode=$SSL_MODE sslrootcert=/tls/certs/client/ca.crt sslcert=/tls/certs/client/client.crt sslkey=/tls/certs/client/client.key" else - pg_basebackup -X fetch --no-password --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" + pg_basebackup -Xs -c fast --no-password --max-rate=1024M --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" fi + touch /var/pv/data/standby.signal else /run_scripts/role/warm_stanby.sh fi # setup postgresql.conf touch /tmp/postgresql.conf + +if [[ "${TUNING_ENABLED:-}" == "true" ]]; then + echo "include_if_exists = '${TUNING_FILE_PATH:-/etc/tune/user.conf}'" >>/tmp/postgresql.conf +fi + echo "wal_level = replica" >>/tmp/postgresql.conf echo "shared_buffers = $SHARED_BUFFERS" >>/tmp/postgresql.conf echo "max_wal_senders = 90" >>/tmp/postgresql.conf # default is 10. value must be less than max_connections minus superuser_reserved_connections. ref: https://www.postgresql.org/docs/11/runtime-config-replication.html#GUC-MAX-WAL-SENDERS @@ -195,100 +219,108 @@ touch "$PGDATA/standby.signal" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi fi mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" +if [[ -e /var/pv/BOOTSTRAP_INITIALIZATION_STARTED ]]; then + rm /var/pv/BOOTSTRAP_INITIALIZATION_STARTED +fi + +if [[ -e /var/pv/data/postgresql.conf ]]; then + cp /var/pv/data/postgresql.conf /var/pv/postgresql.conf +fi + exec postgres diff --git a/role_scripts/15/standby/warm_stanby.sh b/role_scripts/15/standby/warm_stanby.sh index d7565c7..ac133a6 100755 --- a/role_scripts/15/standby/warm_stanby.sh +++ b/role_scripts/15/standby/warm_stanby.sh @@ -97,96 +97,96 @@ touch "$PGDATA/standby.signal" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/16/primary/postgresql.conf b/role_scripts/16/primary/postgresql.conf index f3749c6..8d76156 100755 --- a/role_scripts/16/primary/postgresql.conf +++ b/role_scripts/16/primary/postgresql.conf @@ -62,7 +62,7 @@ listen_addresses = '*' # what IP address(es) to listen on; # defaults to 'localhost'; use '*' for all # (change requires restart) #port = 5432 # (change requires restart) -max_connections = 100 # (change requires restart) +# max_connections = 100 # (change requires restart) #superuser_reserved_connections = 3 # (change requires restart) #unix_socket_directories = '/tmp' # comma-separated list of directories # (change requires restart) diff --git a/role_scripts/16/primary/run.sh b/role_scripts/16/primary/run.sh index f8b3bcd..530c8f2 100755 --- a/role_scripts/16/primary/run.sh +++ b/role_scripts/16/primary/run.sh @@ -25,6 +25,24 @@ export PGWAL="$PGDATA/pg_wal" export ARCHIVE=${ARCHIVE:-} if [ ! -e "$PGDATA/PG_VERSION" ]; then + if [[ ! -e "/var/pv/IGNORE_FILESYSTEM_MOUNT_CHECK" ]]; then + pv_df_output=$(df -hP 2>&1) + # Fail if kernel reports a broken FUSE mount anywhere + if echo "$pv_df_output" | grep -qi "Transport endpoint is not connected"; then + echo "ERROR: /var/pv mount not healthy (Transport endpoint is not connected)." + exit 1 + fi + # Ensure /var/pv is actually mounted (present in df output) + if ! echo "$pv_df_output" | awk '{print $NF}' | grep -qx "/var/pv"; then + echo "ERROR: /var/pv is not mounted (not listed in df)." + exit 1 + fi + # Ensure the mountpoint is accessible + if ! ls /var/pv >/dev/null 2>&1; then + echo "ERROR: /var/pv is not accessible." + exit 1 + fi + fi mkdir -p "$PGDATA" rm -rf "$PGDATA"/* chmod 0700 "$PGDATA" @@ -33,4 +51,9 @@ if [ ! -e "$PGDATA/PG_VERSION" ]; then fi /run_scripts/role/start.sh $BOOTSTRAP + +if [[ -e /var/pv/data/postgresql.conf ]]; then + cp /var/pv/data/postgresql.conf /var/pv/postgresql.conf +fi + exec postgres diff --git a/role_scripts/16/primary/start.sh b/role_scripts/16/primary/start.sh index 0f8ce40..7e32674 100755 --- a/role_scripts/16/primary/start.sh +++ b/role_scripts/16/primary/start.sh @@ -17,6 +17,11 @@ BOOTSTRAP=${1} # setup postgresql.conf touch /tmp/postgresql.conf + +if [[ "${TUNING_ENABLED:-}" == "true" ]]; then + echo "include_if_exists = '${TUNING_FILE_PATH:-/etc/tune/user.conf}'" >>/tmp/postgresql.conf +fi + echo "wal_level = replica" >>/tmp/postgresql.conf echo "shared_buffers = $SHARED_BUFFERS" >>/tmp/postgresql.conf echo "max_wal_senders = 90" >>/tmp/postgresql.conf # default is 10. value must be less than max_connections minus superuser_reserved_connections. ref: https://www.postgresql.org/docs/11/runtime-config-replication.html#GUC-MAX-WAL-SENDERS @@ -73,11 +78,11 @@ mv /tmp/postgresql.conf "$PGDATA/postgresql.conf" # setup pg_hba.conf for initial start. this one is just for initialization touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf -{ echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf -{ echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf +{ echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf +{ echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" # start postgres @@ -142,96 +147,96 @@ pg_ctl -D "$PGDATA" -m fast -w stop # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/16/standby/ha_backup_job.sh b/role_scripts/16/standby/ha_backup_job.sh index 201fc36..e5e654a 100755 --- a/role_scripts/16/standby/ha_backup_job.sh +++ b/role_scripts/16/standby/ha_backup_job.sh @@ -152,86 +152,86 @@ touch "$PGDATA/standby.signal" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/16/standby/postgresql.conf b/role_scripts/16/standby/postgresql.conf index c7011d1..2114a8b 100755 --- a/role_scripts/16/standby/postgresql.conf +++ b/role_scripts/16/standby/postgresql.conf @@ -62,7 +62,7 @@ listen_addresses = '*' # what IP address(es) to listen on; # defaults to 'localhost'; use '*' for all # (change requires restart) #port = 5432 # (change requires restart) -max_connections = 100 # (change requires restart) +# max_connections = 100 # (change requires restart) #superuser_reserved_connections = 3 # (change requires restart) #unix_socket_directories = '/tmp' # comma-separated list of directories # (change requires restart) diff --git a/role_scripts/16/standby/remote-replica.sh b/role_scripts/16/standby/remote-replica.sh index bcac541..c1dfb9e 100755 --- a/role_scripts/16/standby/remote-replica.sh +++ b/role_scripts/16/standby/remote-replica.sh @@ -46,6 +46,22 @@ while true; do done if [[ ! -e "$PGDATA/PG_VERSION" ]]; then + pv_df_output=$(df -hP 2>&1) + # Fail if kernel reports a broken FUSE mount anywhere + if echo "$pv_df_output" | grep -qi "Transport endpoint is not connected"; then + echo "ERROR: /var/pv mount not healthy (Transport endpoint is not connected)." + exit 1 + fi + # Ensure /var/pv is actually mounted (present in df output) + if ! echo "$pv_df_output" | awk '{print $NF}' | grep -qx "/var/pv"; then + echo "ERROR: /var/pv is not mounted (not listed in df)." + exit 1 + fi + # Ensure the mountpoint is accessible + if ! ls /var/pv >/dev/null 2>&1; then + echo "ERROR: /var/pv is not accessible." + exit 1 + fi echo "taking base basebackup..." mkdir -p "$PGDATA" rm -rf "$PGDATA"/* @@ -122,86 +138,86 @@ touch "$PGDATA/standby.signal" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/16/standby/run.sh b/role_scripts/16/standby/run.sh index 92a2897..8cba94b 100755 --- a/role_scripts/16/standby/run.sh +++ b/role_scripts/16/standby/run.sh @@ -90,15 +90,34 @@ if [[ "$WAL_LIMIT_POLICY" == "ReplicationSlot" ]]; then fi if [[ ! -e "$PGDATA/PG_VERSION" ]]; then + if [[ ! -e "/var/pv/IGNORE_FILESYSTEM_MOUNT_CHECK" ]]; then + # Robust /var/pv mount availability check before any destructive operation or basebackup + pv_df_output=$(df -hP 2>&1) + if echo "$pv_df_output" | grep -qi "Transport endpoint is not connected"; then + echo "ERROR: /var/pv mount not healthy (Transport endpoint is not connected). Aborting basebackup." + exit 1 + fi + if ! echo "$pv_df_output" | awk '{print $NF}' | grep -qx "/var/pv"; then + echo "ERROR: /var/pv is not mounted (not listed in df). Aborting basebackup." + echo "$pv_df_output" + exit 1 + fi + if ! ls /var/pv >/dev/null 2>&1; then + echo "ERROR: /var/pv is not accessible. Aborting basebackup." + exit 1 + fi + fi + touch /var/pv/BOOTSTRAP_INITIALIZATION_STARTED echo "take base basebackup..." mkdir -p "$PGDATA" rm -rf "$PGDATA"/* chmod 0700 "$PGDATA" if [[ "${SSL:-0}" == "ON" ]]; then - pg_basebackup -X fetch --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" -d "sslmode=$SSL_MODE sslrootcert=/tls/certs/client/ca.crt sslcert=/tls/certs/client/client.crt sslkey=/tls/certs/client/client.key" + pg_basebackup -Xs -c fast --pgdata "$PGDATA" --max-rate=1024M --username=postgres --progress --host="$PRIMARY_HOST" -d "sslmode=$SSL_MODE sslrootcert=/tls/certs/client/ca.crt sslcert=/tls/certs/client/client.crt sslkey=/tls/certs/client/client.key" else - pg_basebackup -X fetch --no-password --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" + pg_basebackup -Xs -c fast --no-password --max-rate=1024M --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" fi + touch /var/pv/data/standby.signal else /run_scripts/role/warm_stanby.sh fi @@ -107,6 +126,11 @@ fi # setup postgresql.conf touch /tmp/postgresql.conf + +if [[ "${TUNING_ENABLED:-}" == "true" ]]; then + echo "include_if_exists = '${TUNING_FILE_PATH:-/etc/tune/user.conf}'" >>/tmp/postgresql.conf +fi + echo "wal_level = replica" >>/tmp/postgresql.conf echo "shared_buffers = $SHARED_BUFFERS" >>/tmp/postgresql.conf echo "max_wal_senders = 90" >>/tmp/postgresql.conf # default is 10. value must be less than max_connections minus superuser_reserved_connections. ref: https://www.postgresql.org/docs/11/runtime-config-replication.html#GUC-MAX-WAL-SENDERS @@ -194,100 +218,108 @@ touch "$PGDATA/standby.signal" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi fi mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" +if [[ -e /var/pv/BOOTSTRAP_INITIALIZATION_STARTED ]]; then + rm /var/pv/BOOTSTRAP_INITIALIZATION_STARTED +fi + +if [[ -e /var/pv/data/postgresql.conf ]]; then + cp /var/pv/data/postgresql.conf /var/pv/postgresql.conf +fi + exec postgres diff --git a/role_scripts/16/standby/warm_stanby.sh b/role_scripts/16/standby/warm_stanby.sh index 0c173bb..6dd0a33 100755 --- a/role_scripts/16/standby/warm_stanby.sh +++ b/role_scripts/16/standby/warm_stanby.sh @@ -95,96 +95,96 @@ touch "$PGDATA/standby.signal" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/17/primary/postgresql.conf b/role_scripts/17/primary/postgresql.conf index f3749c6..8d76156 100755 --- a/role_scripts/17/primary/postgresql.conf +++ b/role_scripts/17/primary/postgresql.conf @@ -62,7 +62,7 @@ listen_addresses = '*' # what IP address(es) to listen on; # defaults to 'localhost'; use '*' for all # (change requires restart) #port = 5432 # (change requires restart) -max_connections = 100 # (change requires restart) +# max_connections = 100 # (change requires restart) #superuser_reserved_connections = 3 # (change requires restart) #unix_socket_directories = '/tmp' # comma-separated list of directories # (change requires restart) diff --git a/role_scripts/17/primary/run.sh b/role_scripts/17/primary/run.sh index 9792e30..68c97b6 100755 --- a/role_scripts/17/primary/run.sh +++ b/role_scripts/17/primary/run.sh @@ -26,6 +26,24 @@ export PGWAL="$PGDATA/pg_wal" export ARCHIVE=${ARCHIVE:-} if [ ! -e "$PGDATA/PG_VERSION" ]; then + if [[ ! -e "/var/pv/IGNORE_FILESYSTEM_MOUNT_CHECK" ]]; then + pv_df_output=$(df -hP 2>&1) + # Fail if kernel reports a broken FUSE mount anywhere + if echo "$pv_df_output" | grep -qi "Transport endpoint is not connected"; then + echo "ERROR: /var/pv mount not healthy (Transport endpoint is not connected)." + exit 1 + fi + # Ensure /var/pv is actually mounted (present in df output) + if ! echo "$pv_df_output" | awk '{print $NF}' | grep -qx "/var/pv"; then + echo "ERROR: /var/pv is not mounted (not listed in df)." + exit 1 + fi + # Ensure the mountpoint is accessible + if ! ls /var/pv >/dev/null 2>&1; then + echo "ERROR: /var/pv is not accessible." + exit 1 + fi + fi mkdir -p "$PGDATA" rm -rf "$PGDATA"/* chmod 0700 "$PGDATA" @@ -34,4 +52,9 @@ if [ ! -e "$PGDATA/PG_VERSION" ]; then fi /run_scripts/role/start.sh $BOOTSTRAP + +if [[ -e /var/pv/data/postgresql.conf ]]; then + cp /var/pv/data/postgresql.conf /var/pv/postgresql.conf +fi + exec postgres diff --git a/role_scripts/17/primary/start.sh b/role_scripts/17/primary/start.sh index b4e881e..dec1aed 100755 --- a/role_scripts/17/primary/start.sh +++ b/role_scripts/17/primary/start.sh @@ -18,6 +18,11 @@ BOOTSTRAP=${1} # setup postgresql.conf touch /tmp/postgresql.conf + +if [[ "${TUNING_ENABLED:-}" == "true" ]]; then + echo "include_if_exists = '${TUNING_FILE_PATH:-/etc/tune/user.conf}'" >>/tmp/postgresql.conf +fi + echo "wal_level = replica" >>/tmp/postgresql.conf echo "shared_buffers = $SHARED_BUFFERS" >>/tmp/postgresql.conf echo "max_wal_senders = 90" >>/tmp/postgresql.conf # default is 10. value must be less than max_connections minus superuser_reserved_connections. ref: https://www.postgresql.org/docs/11/runtime-config-replication.html#GUC-MAX-WAL-SENDERS @@ -74,11 +79,11 @@ mv /tmp/postgresql.conf "$PGDATA/postgresql.conf" # setup pg_hba.conf for initial start. this one is just for initialization touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf -{ echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf -{ echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf +{ echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf +{ echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" # start postgres @@ -143,96 +148,96 @@ pg_ctl -D "$PGDATA" -m fast -w stop # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/17/standby/ha_backup_job.sh b/role_scripts/17/standby/ha_backup_job.sh index 201fc36..e5e654a 100755 --- a/role_scripts/17/standby/ha_backup_job.sh +++ b/role_scripts/17/standby/ha_backup_job.sh @@ -152,86 +152,86 @@ touch "$PGDATA/standby.signal" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/17/standby/postgresql.conf b/role_scripts/17/standby/postgresql.conf index c7011d1..2114a8b 100755 --- a/role_scripts/17/standby/postgresql.conf +++ b/role_scripts/17/standby/postgresql.conf @@ -62,7 +62,7 @@ listen_addresses = '*' # what IP address(es) to listen on; # defaults to 'localhost'; use '*' for all # (change requires restart) #port = 5432 # (change requires restart) -max_connections = 100 # (change requires restart) +# max_connections = 100 # (change requires restart) #superuser_reserved_connections = 3 # (change requires restart) #unix_socket_directories = '/tmp' # comma-separated list of directories # (change requires restart) diff --git a/role_scripts/17/standby/remote-replica.sh b/role_scripts/17/standby/remote-replica.sh index bcac541..c1dfb9e 100755 --- a/role_scripts/17/standby/remote-replica.sh +++ b/role_scripts/17/standby/remote-replica.sh @@ -46,6 +46,22 @@ while true; do done if [[ ! -e "$PGDATA/PG_VERSION" ]]; then + pv_df_output=$(df -hP 2>&1) + # Fail if kernel reports a broken FUSE mount anywhere + if echo "$pv_df_output" | grep -qi "Transport endpoint is not connected"; then + echo "ERROR: /var/pv mount not healthy (Transport endpoint is not connected)." + exit 1 + fi + # Ensure /var/pv is actually mounted (present in df output) + if ! echo "$pv_df_output" | awk '{print $NF}' | grep -qx "/var/pv"; then + echo "ERROR: /var/pv is not mounted (not listed in df)." + exit 1 + fi + # Ensure the mountpoint is accessible + if ! ls /var/pv >/dev/null 2>&1; then + echo "ERROR: /var/pv is not accessible." + exit 1 + fi echo "taking base basebackup..." mkdir -p "$PGDATA" rm -rf "$PGDATA"/* @@ -122,86 +138,86 @@ touch "$PGDATA/standby.signal" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/17/standby/run.sh b/role_scripts/17/standby/run.sh index 92a2897..2a1a52a 100755 --- a/role_scripts/17/standby/run.sh +++ b/role_scripts/17/standby/run.sh @@ -89,16 +89,36 @@ if [[ "$WAL_LIMIT_POLICY" == "ReplicationSlot" ]]; then done fi + if [[ ! -e "$PGDATA/PG_VERSION" ]]; then + if [[ ! -e "/var/pv/IGNORE_FILESYSTEM_MOUNT_CHECK" ]]; then + # Robust /var/pv mount availability check before any destructive operation or basebackup + pv_df_output=$(df -hP 2>&1) + if echo "$pv_df_output" | grep -qi "Transport endpoint is not connected"; then + echo "ERROR: /var/pv mount not healthy (Transport endpoint is not connected). Aborting basebackup." + exit 1 + fi + if ! echo "$pv_df_output" | awk '{print $NF}' | grep -qx "/var/pv"; then + echo "ERROR: /var/pv is not mounted (not listed in df). Aborting basebackup." + echo "$pv_df_output" + exit 1 + fi + if ! ls /var/pv >/dev/null 2>&1; then + echo "ERROR: /var/pv is not accessible. Aborting basebackup." + exit 1 + fi + fi + touch /var/pv/BOOTSTRAP_INITIALIZATION_STARTED echo "take base basebackup..." mkdir -p "$PGDATA" rm -rf "$PGDATA"/* chmod 0700 "$PGDATA" if [[ "${SSL:-0}" == "ON" ]]; then - pg_basebackup -X fetch --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" -d "sslmode=$SSL_MODE sslrootcert=/tls/certs/client/ca.crt sslcert=/tls/certs/client/client.crt sslkey=/tls/certs/client/client.key" + pg_basebackup -Xs -c fast --pgdata "$PGDATA" --max-rate=1024M --username=postgres --progress --host="$PRIMARY_HOST" -d "sslmode=$SSL_MODE sslrootcert=/tls/certs/client/ca.crt sslcert=/tls/certs/client/client.crt sslkey=/tls/certs/client/client.key" else - pg_basebackup -X fetch --no-password --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" + pg_basebackup -Xs -c fast --no-password --max-rate=1024M --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" fi + touch /var/pv/data/standby.signal else /run_scripts/role/warm_stanby.sh fi @@ -107,6 +127,11 @@ fi # setup postgresql.conf touch /tmp/postgresql.conf + +if [[ "${TUNING_ENABLED:-}" == "true" ]]; then + echo "include_if_exists = '${TUNING_FILE_PATH:-/etc/tune/user.conf}'" >>/tmp/postgresql.conf +fi + echo "wal_level = replica" >>/tmp/postgresql.conf echo "shared_buffers = $SHARED_BUFFERS" >>/tmp/postgresql.conf echo "max_wal_senders = 90" >>/tmp/postgresql.conf # default is 10. value must be less than max_connections minus superuser_reserved_connections. ref: https://www.postgresql.org/docs/11/runtime-config-replication.html#GUC-MAX-WAL-SENDERS @@ -194,100 +219,108 @@ touch "$PGDATA/standby.signal" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi fi mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" +if [[ -e /var/pv/BOOTSTRAP_INITIALIZATION_STARTED ]]; then + rm /var/pv/BOOTSTRAP_INITIALIZATION_STARTED +fi + +if [[ -e /var/pv/data/postgresql.conf ]]; then + cp /var/pv/data/postgresql.conf /var/pv/postgresql.conf +fi + exec postgres diff --git a/role_scripts/17/standby/warm_stanby.sh b/role_scripts/17/standby/warm_stanby.sh index 0c173bb..6dd0a33 100755 --- a/role_scripts/17/standby/warm_stanby.sh +++ b/role_scripts/17/standby/warm_stanby.sh @@ -95,96 +95,96 @@ touch "$PGDATA/standby.signal" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>/tmp/pg_hba.conf elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi else if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'local replication all scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 scram-sha-256'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 scram-sha-256'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::/0 md5'; } >>/tmp/pg_hba.conf fi fi diff --git a/role_scripts/9/primary/postgresql.conf b/role_scripts/9/primary/postgresql.conf index 7a8ce11..7c136c7 100755 --- a/role_scripts/9/primary/postgresql.conf +++ b/role_scripts/9/primary/postgresql.conf @@ -61,7 +61,7 @@ listen_addresses = '*' # what IP address(es) to listen on; # defaults to 'localhost'; use '*' for all # (change requires restart) #port = 5432 # (change requires restart) -max_connections = 100 # (change requires restart) +# max_connections = 100 # (change requires restart) #superuser_reserved_connections = 3 # (change requires restart) #unix_socket_directories = '/tmp' # comma-separated list of directories # (change requires restart) diff --git a/role_scripts/9/primary/run.sh b/role_scripts/9/primary/run.sh index 1215476..870c592 100755 --- a/role_scripts/9/primary/run.sh +++ b/role_scripts/9/primary/run.sh @@ -25,6 +25,24 @@ export PGWAL="$PGDATA/pg_xlog" export ARCHIVE=${ARCHIVE:-} if [ ! -e "$PGDATA/PG_VERSION" ]; then + if [[ ! -e "/var/pv/IGNORE_FILESYSTEM_MOUNT_CHECK" ]]; then + pv_df_output=$(df -hP 2>&1) + # Fail if kernel reports a broken FUSE mount anywhere + if echo "$pv_df_output" | grep -qi "Transport endpoint is not connected"; then + echo "ERROR: /var/pv mount not healthy (Transport endpoint is not connected)." + exit 1 + fi + # Ensure /var/pv is actually mounted (present in df output) + if ! echo "$pv_df_output" | awk '{print $NF}' | grep -qx "/var/pv"; then + echo "ERROR: /var/pv is not mounted (not listed in df)." + exit 1 + fi + # Ensure the mountpoint is accessible + if ! ls /var/pv >/dev/null 2>&1; then + echo "ERROR: /var/pv is not accessible." + exit 1 + fi + fi mkdir -p "$PGDATA" rm -rf "$PGDATA"/* chmod 0700 "$PGDATA" diff --git a/role_scripts/9/primary/start.sh b/role_scripts/9/primary/start.sh index 0e3366c..7bd5a5b 100755 --- a/role_scripts/9/primary/start.sh +++ b/role_scripts/9/primary/start.sh @@ -44,11 +44,11 @@ mv /tmp/postgresql.conf "$PGDATA/postgresql.conf" # setup pg_hba.conf for initial start. this one is just for initialization touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf -{ echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf -{ echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf +{ echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf +{ echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" # start postgres @@ -112,56 +112,56 @@ pg_ctl -D "$PGDATA" -m fast -w stop # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" @@ -197,3 +197,4 @@ fi # ref: https://superuser.com/a/246841/985093 cat /tmp/postgresql.conf $PGDATA/postgresql.conf >"/tmp/postgresql.conf.tmp" && mv "/tmp/postgresql.conf.tmp" "$PGDATA/postgresql.conf" + diff --git a/role_scripts/9/standby/ha_backup_job.sh b/role_scripts/9/standby/ha_backup_job.sh index 2181db4..27e68fd 100755 --- a/role_scripts/9/standby/ha_backup_job.sh +++ b/role_scripts/9/standby/ha_backup_job.sh @@ -131,56 +131,56 @@ mv /tmp/postgresql.conf "$PGDATA/postgresql.conf" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" diff --git a/role_scripts/9/standby/postgresql.conf b/role_scripts/9/standby/postgresql.conf index 7a8ce11..7c136c7 100755 --- a/role_scripts/9/standby/postgresql.conf +++ b/role_scripts/9/standby/postgresql.conf @@ -61,7 +61,7 @@ listen_addresses = '*' # what IP address(es) to listen on; # defaults to 'localhost'; use '*' for all # (change requires restart) #port = 5432 # (change requires restart) -max_connections = 100 # (change requires restart) +# max_connections = 100 # (change requires restart) #superuser_reserved_connections = 3 # (change requires restart) #unix_socket_directories = '/tmp' # comma-separated list of directories # (change requires restart) diff --git a/role_scripts/9/standby/run.sh b/role_scripts/9/standby/run.sh index 5fcfc40..e642bfd 100755 --- a/role_scripts/9/standby/run.sh +++ b/role_scripts/9/standby/run.sh @@ -90,6 +90,28 @@ if [[ "$WAL_LIMIT_POLICY" == "ReplicationSlot" ]]; then fi if [[ ! -e "$PGDATA/PG_VERSION" ]]; then + if [[ ! -e "/var/pv/IGNORE_FILESYSTEM_MOUNT_CHECK" ]]; then + # Robust /var/pv mount availability check before any destructive operation or basebackup + pv_df_output=$(df -hP 2>&1) + # Fail if kernel reports a broken FUSE mount anywhere + if echo "$pv_df_output" | grep -qi "Transport endpoint is not connected"; then + echo "ERROR: /var/pv mount not healthy (Transport endpoint is not connected). Aborting basebackup." + exit 1 + fi + # Ensure /var/pv is actually mounted (present in df output) + if ! echo "$pv_df_output" | awk '{print $NF}' | grep -qx "/var/pv"; then + echo "ERROR: /var/pv is not mounted (not listed in df). Aborting basebackup." + echo "$pv_df_output" + exit 1 + fi + # Ensure the mountpoint is accessible + if ! ls /var/pv >/dev/null 2>&1; then + echo "ERROR: /var/pv is not accessible. Aborting basebackup." + exit 1 + fi + fi + + touch /var/pv/BOOTSTRAP_INITIALIZATION_STARTED echo "take base basebackup..." # get basebackup mkdir -p "$PGDATA" @@ -167,56 +189,56 @@ mv /tmp/postgresql.conf "$PGDATA/postgresql.conf" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" diff --git a/role_scripts/9/standby/warm_stanby.sh b/role_scripts/9/standby/warm_stanby.sh index 139112a..32d18e9 100755 --- a/role_scripts/9/standby/warm_stanby.sh +++ b/role_scripts/9/standby/warm_stanby.sh @@ -73,56 +73,56 @@ mv /tmp/postgresql.conf "$PGDATA/postgresql.conf" # setup pg_hba.conf touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf if [[ "${SSL:-0}" == "ON" ]]; then if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then #*******************client auth with client.crt and key************** - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>/tmp/pg_hba.conf - { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf + { echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>/tmp/pg_hba.conf else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'hostssl all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'hostssl replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi else - { echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf - { echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf - { echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf - - { echo 'local replication all trust'; } >>tmp/pg_hba.conf - { echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf - { echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf - - { echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf - { echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf - { echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf + { echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf + { echo '# IPv6 local connections:'; } >>/tmp/pg_hba.conf + { echo 'host all all ::1/128 trust'; } >>/tmp/pg_hba.conf + + { echo 'local replication all trust'; } >>/tmp/pg_hba.conf + { echo 'host replication all 127.0.0.1/32 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication all ::1/128 md5'; } >>/tmp/pg_hba.conf + + { echo 'host all all 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres 0.0.0.0/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host all all ::/0 md5'; } >>/tmp/pg_hba.conf + { echo 'host replication postgres ::/0 md5'; } >>/tmp/pg_hba.conf fi mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" diff --git a/scripts/do_pg_basebackup.sh b/scripts/do_pg_basebackup.sh index 614af99..6341b98 100755 --- a/scripts/do_pg_basebackup.sh +++ b/scripts/do_pg_basebackup.sh @@ -9,7 +9,7 @@ chmod 0700 "$PGDATA" echo "attempting pg_basebackup..." if [[ "${SSL:-0}" == "ON" ]]; then - pg_basebackup -X fetch --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" -d "password=$POSTGRES_PASSWORD sslmode=$SSL_MODE sslrootcert=/tls/certs/client/ca.crt sslcert=/tls/certs/client/client.crt sslkey=/tls/certs/client/client.key" &>/dev/null + pg_basebackup -Xs -c fast --pgdata "$PGDATA" --max-rate=1024M --username=postgres --progress --host="$PRIMARY_HOST" -d "password=$POSTGRES_PASSWORD sslmode=$SSL_MODE sslrootcert=/tls/certs/client/ca.crt sslcert=/tls/certs/client/client.crt sslkey=/tls/certs/client/client.key" &>/dev/null else - pg_basebackup -X fetch --no-password --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" -d "password=$POSTGRES_PASSWORD" &>/dev/null + pg_basebackup -Xs -c fast --no-password --max-rate=1024M --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" -d "password=$POSTGRES_PASSWORD" &>/dev/null fi diff --git a/scripts/recover_replica.sh b/scripts/recover_replica.sh new file mode 100755 index 0000000..7744474 --- /dev/null +++ b/scripts/recover_replica.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash + +export PGPASSWORD=$POSTGRES_PASSWORD +export PGDATA=/var/pv/data +export SSL=${SSL:-0} +touch /var/pv/MAINTENANCE +mv /run_scripts/role/run.sh /run_scripts/role/run.sh.bc +pg_ctl stop -D $PGDATA +rm -rf /var/pv/data + +if [[ "${SSL:-0}" == "ON" ]]; then + pg_basebackup -Xs -c fast --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" -d "password=$POSTGRES_PASSWORD sslmode=$SSL_MODE sslrootcert=/tls/certs/client/ca.crt sslcert=/tls/certs/client/client.crt sslkey=/tls/certs/client/client.key" &>/dev/null +else + pg_basebackup -Xs -c fast --no-password --pgdata "$PGDATA" --username=postgres --progress --host="$PRIMARY_HOST" -d "password=$POSTGRES_PASSWORD" &>/dev/null +fi + +touch /var/pv/data/standby.signal +mv /run_scripts/role/run.sh.bc /run_scripts/role/run.sh +rm /var/pv/MAINTENANCE \ No newline at end of file diff --git a/scripts/restore.sh b/scripts/restore.sh index a098040..39b36cd 100755 --- a/scripts/restore.sh +++ b/scripts/restore.sh @@ -90,11 +90,11 @@ mv /tmp/postgresql.conf "$PGDATA/postgresql.conf" echo "max_replication_slots = 90" >>/tmp/postgresql.conf # setup pg_hba.conf for initial start. this one is just for initialization touch /tmp/pg_hba.conf -{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf -{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf -{ echo 'local all all trust'; } >>tmp/pg_hba.conf -{ echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf -{ echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf +{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>/tmp/pg_hba.conf +{ echo '# "local" is for Unix domain socket connections only'; } >>/tmp/pg_hba.conf +{ echo 'local all all trust'; } >>/tmp/pg_hba.conf +{ echo '# IPv4 local connections:'; } >>/tmp/pg_hba.conf +{ echo 'host all all 127.0.0.1/32 trust'; } >>/tmp/pg_hba.conf mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf" # start postgres diff --git a/scripts/run.sh b/scripts/run.sh index 1b46308..5bc0654 100755 --- a/scripts/run.sh +++ b/scripts/run.sh @@ -23,6 +23,8 @@ fi rm -f "$PGDATA"/postmaster.pid echo "waiting for the role to be decided ..." while true; do + # Robust /var/pv mount availability check before any destructive operation or basebackup + if [[ -d $PGDATA ]];then DIR="$PGDATA" CURRENT_PERMS=$(stat -c "%a" "$DIR") @@ -42,8 +44,10 @@ while true; do echo "running the initial script ..." if [[ $REMOTE_REPLICA == "true" ]]; then /run_scripts/role/remote-replica.sh - else + elif [[ ! -f "/var/split-brain/SPLIT_BRAIN" ]]; then /run_scripts/role/run.sh + elif [[ -f "/var/split-brain/SPLIT_BRAIN" ]]; then + echo "Split brain detected. Not starting the database server." fi if [[ $STANDALONE == "false" ]]; then