Skip to content

Commit 318d873

Browse files
souravbiswassantosouravbiswassanto
authored
Add remote replica support for pg 13,14 (#33)
Signed-off-by: souravbiswassanto <[email protected]>
1 parent 4472844 commit 318d873

File tree

11 files changed

+519
-37
lines changed

11 files changed

+519
-37
lines changed

role_scripts/13/primary/start.sh

+20-10
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ echo "max_wal_senders = 90" >>/tmp/postgresql.conf # default is 10. value must
2424
if [ ! -z "${WAL_RETAIN_PARAM:-}" ] && [ ! -z "${WAL_RETAIN_AMOUNT:-}" ]; then
2525
echo "${WAL_RETAIN_PARAM}=${WAL_RETAIN_AMOUNT}" >>/tmp/postgresql.conf
2626
else
27-
echo "wal_keep_segments = 64" >>/tmp/postgresql.conf
27+
echo "wal_keep_size = 1024" >>/tmp/postgresql.conf
2828
fi
2929
echo "max_replication_slots = 90" >>/tmp/postgresql.conf
3030
echo "wal_log_hints = on" >>/tmp/postgresql.conf
@@ -145,18 +145,20 @@ if [[ "${SSL:-0}" == "ON" ]]; then
145145
#*******************client auth with client.crt and key**************
146146

147147
{ echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf
148-
{ echo 'hostssl all all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf
148+
{ echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf
149149
{ echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf
150-
{ echo 'hostssl all all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf
150+
{ echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf
151151

152152
{ echo 'local replication all trust'; } >>tmp/pg_hba.conf
153-
{ echo 'hostssl replication all 127.0.0.1/32 cert clientcert=1'; } >>tmp/pg_hba.conf
154-
{ echo 'hostssl replication all ::1/128 cert clientcert=1'; } >>tmp/pg_hba.conf
155-
156-
{ echo 'hostssl all all 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf
157-
{ echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=1'; } >>tmp/pg_hba.conf
158-
{ echo 'hostssl all all ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf
159-
{ echo 'hostssl replication postgres ::/0 cert clientcert=1'; } >>tmp/pg_hba.conf
153+
{ echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf
154+
{ echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf
155+
156+
{ echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf
157+
{ echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf
158+
{ echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf
159+
{ echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf
160+
{ echo 'hostssl replication all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf
161+
{ echo 'hostssl replication all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf
160162
elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then
161163
{ echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf
162164
{ echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf
@@ -171,6 +173,8 @@ if [[ "${SSL:-0}" == "ON" ]]; then
171173
{ echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf
172174
{ echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf
173175
{ echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf
176+
{ echo 'hostssl replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf
177+
{ echo 'hostssl replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf
174178
else
175179
{ echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf
176180
{ echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf
@@ -185,6 +189,8 @@ if [[ "${SSL:-0}" == "ON" ]]; then
185189
{ echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf
186190
{ echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf
187191
{ echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf
192+
{ echo 'hostssl replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf
193+
{ echo 'hostssl replication all ::/0 md5'; } >>tmp/pg_hba.conf
188194
fi
189195

190196
else
@@ -202,6 +208,8 @@ else
202208
{ echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf
203209
{ echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf
204210
{ echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf
211+
{ echo 'host replication all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf
212+
{ echo 'host replication all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf
205213
else
206214
{ echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf
207215
{ echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf
@@ -216,6 +224,8 @@ else
216224
{ echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf
217225
{ echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf
218226
{ echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf
227+
{ echo 'host replication all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf
228+
{ echo 'host replication all ::/0 md5'; } >>tmp/pg_hba.conf
219229
fi
220230

221231
fi

role_scripts/13/standby/remote-replica.sh

+210
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,210 @@
1+
#!/usr/bin/env bash
2+
3+
# Copyright AppsCode Inc. and Contributors
4+
#
5+
# Licensed under the AppsCode Free Trial License 1.0.0 (the "License");
6+
# you may not use this file except in compliance with the License.
7+
# You may obtain a copy of the License at
8+
#
9+
# https://github.com/appscode/licenses/raw/1.0.0/AppsCode-Free-Trial-1.0.0.md
10+
#
11+
# Unless required by applicable law or agreed to in writing, software
12+
# distributed under the License is distributed on an "AS IS" BASIS,
13+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14+
# See the License for the specific language governing permissions and
15+
# limitations under the License.
16+
17+
export PASSWORD
18+
set -eou pipefail
19+
20+
echo "Running as Remote Replica"
21+
22+
# set password ENV
23+
export PGPASSWORD=${PRIMARY_PASSWORD:-}
24+
25+
# Waiting for running Postgres
26+
while true; do
27+
echo "Attempting pg_isready on primary"
28+
29+
if [[ "${SOURCE_SSL:-0}" == "ON" ]]; then
30+
pg_isready --host="$PRIMARY_HOST" -d "sslmode=$SOURCE_SSL_MODE sslrootcert=/tls/certs/remote/ca.crt sslcert=/tls/certs/remote/client.crt sslkey=/tls/certs/remote/client.key" --username=$PRIMARY_USER_NAME --timeout=2 &>/dev/null && break
31+
else
32+
pg_isready --host="$PRIMARY_HOST" --username=$PRIMARY_USER_NAME --timeout=2 &>/dev/null && break
33+
fi
34+
sleep 2
35+
done
36+
37+
while true; do
38+
echo "Attempting query on primary"
39+
if [[ "${SOURCE_SSL:-0}" == "ON" ]]; then
40+
psql -h "$PRIMARY_HOST" --username=$PRIMARY_USER_NAME -d "dbname=postgres sslmode=$SOURCE_SSL_MODE sslrootcert=/tls/certs/remote/ca.crt sslcert=/tls/certs/remote/client.crt sslkey=/tls/certs/remote/client.key" --command="select now();" &>/dev/null && break
41+
else
42+
psql -h "$PRIMARY_HOST" --username=$PRIMARY_USER_NAME -d postgres --no-password --command="select now();" &>/dev/null && break
43+
fi
44+
45+
sleep 2
46+
done
47+
48+
if [[ ! -e "$PGDATA/PG_VERSION" ]]; then
49+
echo "taking base basebackup..."
50+
mkdir -p "$PGDATA"
51+
rm -rf "$PGDATA"/*
52+
chmod 0700 "$PGDATA"
53+
if [[ "${SOURCE_SSL:-0}" == "ON" ]]; then
54+
pg_basebackup -X fetch --pgdata "$PGDATA" --username=$PRIMARY_USER_NAME --progress --host="$PRIMARY_HOST" -d "sslmode=$SOURCE_SSL_MODE sslrootcert=/tls/certs/remote/ca.crt sslcert=/tls/certs/remote/client.crt sslkey=/tls/certs/remote/client.key"
55+
else
56+
pg_basebackup -X fetch --no-password --pgdata "$PGDATA" --username=$PRIMARY_USER_NAME --progress --host="$PRIMARY_HOST"
57+
fi
58+
fi
59+
60+
# setup postgresql.conf
61+
touch /tmp/postgresql.conf
62+
echo "wal_level = replica" >>/tmp/postgresql.conf
63+
echo "shared_buffers = $SHARED_BUFFERS" >>/tmp/postgresql.conf
64+
echo "max_wal_senders = 90" >>/tmp/postgresql.conf # default is 10. value must be less than max_connections minus superuser_reserved_connections. ref: https://www.postgresql.org/docs/11/runtime-config-replication.html#GUC-MAX-WAL-SENDERS
65+
66+
# echo "wal_keep_size = 64" >>/tmp/postgresql.conf #it was "wal_keep_segments" in earlier version. changed in version 13
67+
if [ ! -z "${WAL_RETAIN_PARAM:-}" ] && [ ! -z "${WAL_RETAIN_AMOUNT:-}" ]; then
68+
echo "${WAL_RETAIN_PARAM}=${WAL_RETAIN_AMOUNT}" >>/tmp/postgresql.conf
69+
else
70+
echo "wal_keep_size = 1024" >>/tmp/postgresql.conf
71+
fi
72+
if [[ "$WAL_LIMIT_POLICY" == "ReplicationSlot" ]]; then
73+
CLEAN_HOSTNAME="${HOSTNAME//[^[:alnum:]]/}"
74+
echo "primary_slot_name="$CLEAN_HOSTNAME"" >>/tmp/postgresql.conf
75+
fi
76+
echo "max_replication_slots = 90" >>/tmp/postgresql.conf
77+
echo "wal_log_hints = on" >>/tmp/postgresql.conf
78+
79+
# we are not doing any archiving by default but it's better to have this config in our postgresql.conf file in case of customization.
80+
echo "archive_mode = always" >>/tmp/postgresql.conf
81+
echo "archive_command = '/bin/true'" >>/tmp/postgresql.conf
82+
83+
echo "shared_preload_libraries = 'pg_stat_statements'" >>/tmp/postgresql.conf
84+
85+
if [ "$STANDBY" == "hot" ]; then
86+
echo "hot_standby = on" >>/tmp/postgresql.conf
87+
fi
88+
89+
if [[ "$STREAMING" == "synchronous" ]]; then
90+
# setup synchronous streaming replication
91+
echo "synchronous_commit = remote_write" >>/tmp/postgresql.conf
92+
echo "synchronous_standby_names = '*'" >>/tmp/postgresql.conf
93+
fi
94+
95+
if [[ "${SSL:-0}" == "ON" ]]; then
96+
echo "ssl = on" >>/tmp/postgresql.conf
97+
98+
echo "ssl_cert_file = '/tls/certs/server/server.crt'" >>/tmp/postgresql.conf
99+
echo "ssl_key_file = '/tls/certs/server/server.key'" >>/tmp/postgresql.conf
100+
echo "ssl_ca_file = '/tls/certs/server/ca.crt'" >>/tmp/postgresql.conf
101+
fi
102+
103+
if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then
104+
echo "password_encryption = scram-sha-256" >>/tmp/postgresql.conf
105+
fi
106+
107+
# ****************** Recovery config **************************
108+
echo "recovery_target_timeline = 'latest'" >>/tmp/postgresql.conf
109+
# primary_conninfo is used for streaming replication
110+
if [[ "${SOURCE_SSL:-0}" == "ON" ]]; then
111+
echo "primary_conninfo = 'application_name=$HOSTNAME host=$PRIMARY_HOST user=$PRIMARY_USER_NAME password=$PRIMARY_PASSWORD sslmode=$SOURCE_SSL_MODE sslrootcert=/tls/certs/remote/ca.crt sslcert=/tls/certs/remote/client.crt sslkey=/tls/certs/remote/client.key'" >>/tmp/postgresql.conf
112+
else
113+
echo "primary_conninfo = 'application_name=$HOSTNAME host=$PRIMARY_HOST user=$PRIMARY_USER_NAME password=$PRIMARY_PASSWORD'" >>/tmp/postgresql.conf
114+
fi
115+
116+
echo "promote_trigger_file = '/run_scripts/tmp/pg-failover-trigger'" >>/tmp/postgresql.conf # [ name whose presence ends recovery]
117+
118+
cat /run_scripts/role/postgresql.conf >>/tmp/postgresql.conf
119+
mv /tmp/postgresql.conf "$PGDATA/postgresql.conf"
120+
121+
touch "$PGDATA/standby.signal"
122+
123+
# setup pg_hba.conf
124+
touch /tmp/pg_hba.conf
125+
{ echo '#TYPE DATABASE USER ADDRESS METHOD'; } >>tmp/pg_hba.conf
126+
{ echo '# "local" is for Unix domain socket connections only'; } >>tmp/pg_hba.conf
127+
{ echo 'local all all trust'; } >>tmp/pg_hba.conf
128+
129+
if [[ "${SSL:-0}" == "ON" ]]; then
130+
if [[ "$CLIENT_AUTH_MODE" == "cert" ]]; then
131+
#*******************client auth with client.crt and key**************
132+
133+
{ echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf
134+
{ echo 'hostssl all all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf
135+
{ echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf
136+
{ echo 'hostssl all all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf
137+
138+
{ echo 'local replication all trust'; } >>tmp/pg_hba.conf
139+
{ echo 'hostssl replication all 127.0.0.1/32 cert clientcert=verify-full'; } >>tmp/pg_hba.conf
140+
{ echo 'hostssl replication all ::1/128 cert clientcert=verify-full'; } >>tmp/pg_hba.conf
141+
142+
{ echo 'hostssl all all 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf
143+
{ echo 'hostssl replication postgres 0.0.0.0/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf
144+
{ echo 'hostssl all all ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf
145+
{ echo 'hostssl replication postgres ::/0 cert clientcert=verify-full'; } >>tmp/pg_hba.conf
146+
elif [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then
147+
{ echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf
148+
{ echo 'hostssl all all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf
149+
{ echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf
150+
{ echo 'hostssl all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf
151+
152+
{ echo 'local replication all trust'; } >>tmp/pg_hba.conf
153+
{ echo 'hostssl replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf
154+
{ echo 'hostssl replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf
155+
156+
{ echo 'hostssl all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf
157+
{ echo 'hostssl replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf
158+
{ echo 'hostssl all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf
159+
{ echo 'hostssl replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf
160+
else
161+
{ echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf
162+
{ echo 'hostssl all all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf
163+
{ echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf
164+
{ echo 'hostssl all all ::1/128 md5'; } >>tmp/pg_hba.conf
165+
166+
{ echo 'local replication all trust'; } >>tmp/pg_hba.conf
167+
{ echo 'hostssl replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf
168+
{ echo 'hostssl replication all ::1/128 md5'; } >>tmp/pg_hba.conf
169+
170+
{ echo 'hostssl all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf
171+
{ echo 'hostssl replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf
172+
{ echo 'hostssl all all ::/0 md5'; } >>tmp/pg_hba.conf
173+
{ echo 'hostssl replication postgres ::/0 md5'; } >>tmp/pg_hba.conf
174+
fi
175+
176+
else
177+
if [[ "$CLIENT_AUTH_MODE" == "scram" ]]; then
178+
{ echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf
179+
{ echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf
180+
{ echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf
181+
{ echo 'host all all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf
182+
183+
{ echo 'local replication all scram-sha-256'; } >>tmp/pg_hba.conf
184+
{ echo 'host replication all 127.0.0.1/32 scram-sha-256'; } >>tmp/pg_hba.conf
185+
{ echo 'host replication all ::1/128 scram-sha-256'; } >>tmp/pg_hba.conf
186+
187+
{ echo 'host all all 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf
188+
{ echo 'host replication postgres 0.0.0.0/0 scram-sha-256'; } >>tmp/pg_hba.conf
189+
{ echo 'host all all ::/0 scram-sha-256'; } >>tmp/pg_hba.conf
190+
{ echo 'host replication postgres ::/0 scram-sha-256'; } >>tmp/pg_hba.conf
191+
else
192+
{ echo '# IPv4 local connections:'; } >>tmp/pg_hba.conf
193+
{ echo 'host all all 127.0.0.1/32 trust'; } >>tmp/pg_hba.conf
194+
{ echo '# IPv6 local connections:'; } >>tmp/pg_hba.conf
195+
{ echo 'host all all ::1/128 trust'; } >>tmp/pg_hba.conf
196+
197+
{ echo 'local replication all trust'; } >>tmp/pg_hba.conf
198+
{ echo 'host replication all 127.0.0.1/32 md5'; } >>tmp/pg_hba.conf
199+
{ echo 'host replication all ::1/128 md5'; } >>tmp/pg_hba.conf
200+
201+
{ echo 'host all all 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf
202+
{ echo 'host replication postgres 0.0.0.0/0 md5'; } >>tmp/pg_hba.conf
203+
{ echo 'host all all ::/0 md5'; } >>tmp/pg_hba.conf
204+
{ echo 'host replication postgres ::/0 md5'; } >>tmp/pg_hba.conf
205+
fi
206+
207+
fi
208+
209+
mv /tmp/pg_hba.conf "$PGDATA/pg_hba.conf"
210+
exec postgres

0 commit comments

Comments
 (0)