mirror of
https://github.com/ubicloud/ubicloud.git
synced 2025-10-06 23:01:56 +08:00
91b34ec49bFor major version upgrades, we change the boot image to allow running
multiple versions of PG simultaneously. For this, we only **download**
the relevant packages for all supported PG versions at image generation
time. Additionally, the image generation step places the required
package list as text files at
/usr/local/share/postgresql/packages/#{version}.txt,common.txt.
While initializing a new server, we install the
required packages by referring to the package list. With the download
already completed at image generation time, this step should be fairly
quick to allow for quick startup and upgrades. For rolling out this
change , we need to ensure all older servers have these files in place.
64 lines
1.9 KiB
Ruby
Executable file
64 lines
1.9 KiB
Ruby
Executable file
#!/bin/env ruby
|
|
# frozen_string_literal: true
|
|
|
|
require_relative "../../common/lib/util"
|
|
require_relative "../lib/postgres_setup"
|
|
|
|
if ARGV.count != 1
|
|
fail "Wrong number of arguments. Expected 1, Given #{ARGV.count}"
|
|
end
|
|
|
|
v = ARGV[0]
|
|
|
|
r "chown postgres /dat"
|
|
|
|
pg_setup = PostgresSetup.new(v)
|
|
pg_setup.setup_packages
|
|
pg_setup.setup_data_directory
|
|
pg_setup.create_cluster
|
|
|
|
role_creation_queries = <<~ROLE_CREATION
|
|
/**
|
|
* Create system roles.
|
|
*/
|
|
CREATE ROLE ubi_replication WITH REPLICATION LOGIN;
|
|
CREATE ROLE ubi_monitoring WITH LOGIN IN ROLE pg_monitor;
|
|
CREATE ROLE pgbouncer LOGIN;
|
|
ROLE_CREATION
|
|
|
|
database_init_queries = <<~DATABASE_INIT
|
|
/**
|
|
* Lock down the privileges of the pgbouncer role.
|
|
*/
|
|
REVOKE ALL PRIVILEGES ON SCHEMA public FROM pgbouncer;
|
|
|
|
/**
|
|
* Create the pgbouncer schema if it does not exist. All of the
|
|
* administrative functions for pgbouncer will live in its own schema.
|
|
*/
|
|
CREATE SCHEMA IF NOT EXISTS pgbouncer;
|
|
|
|
/**
|
|
* Lock down the privileges of the pgbouncer schema.
|
|
*/
|
|
REVOKE ALL PRIVILEGES ON SCHEMA pgbouncer FROM pgbouncer;
|
|
GRANT USAGE ON SCHEMA pgbouncer TO pgbouncer;
|
|
|
|
/**
|
|
* The "get_auth" function is used by pgbouncer to authenticate users.
|
|
* See: http://www.pgbouncer.org/config.html#auth_query
|
|
*/
|
|
CREATE OR REPLACE FUNCTION pgbouncer.get_auth (
|
|
INOUT p_user name,
|
|
OUT p_password text
|
|
) RETURNS record
|
|
LANGUAGE sql SECURITY DEFINER SET search_path = pg_catalog AS
|
|
$$SELECT usename, passwd FROM pg_shadow WHERE usename = p_user$$;
|
|
|
|
REVOKE ALL ON FUNCTION pgbouncer.get_auth(name) FROM PUBLIC, pgbouncer;
|
|
GRANT EXECUTE ON FUNCTION pgbouncer.get_auth(name) TO pgbouncer;
|
|
DATABASE_INIT
|
|
|
|
r "sudo -u postgres psql -v 'ON_ERROR_STOP=1'", stdin: role_creation_queries
|
|
r "sudo -u postgres psql -v 'ON_ERROR_STOP=1'", stdin: database_init_queries
|
|
r "sudo -u postgres psql -d template1 -v 'ON_ERROR_STOP=1'", stdin: database_init_queries
|