adding PostgreSQL DB lab deployment

2023-04-24 17:00:21 +02:00 · 2023-04-24 17:00:21 +02:00 · f8ba3d56e5
parent d8ff367585
commit f8ba3d56e5
4 changed files with 106 additions and 0 deletions
--- a/postgre/Readme.txt
+++ b/postgre/Readme.txt
@ -0,0 +1,11 @@
+These are lab files. The passowords and grants are not real.
+
+* Ansible Playbook that installs a PostgreSQL DBMS
+* applies configuration for ingest optimization (performance)
+* script generates table to make a database named logs
+* table named logs
+  * log_data JSONB (rows)
+
+* Corresponding Rsyslog server does the ingest, has a LinkedList queue (currently appox 80 MB)
+
+https://code.because-security.com/marius/gist/src/branch/main/rsyslog 
--- a/postgre/postgre/database_init.sh
+++ b/postgre/postgre/database_init.sh
@ -0,0 +1,24 @@
+#!/bin/bash
+set -eu
+
+DB_NAME="logs"
+DB_USER="myuser"
+DB_PASSWORD="mypassword"
+
+# Create the database
+sudo -u postgres psql -c \
+  "CREATE DATABASE ${DB_NAME} WITH ENCODING 'UTF-8' \
+   LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8' TEMPLATE template0;"
+
+# Create the user
+sudo -u postgres psql -c \
+  "CREATE USER ${DB_USER} WITH PASSWORD '${DB_PASSWORD}';"
+sudo -u postgres psql -c \
+  "GRANT ALL PRIVILEGES ON DATABASE ${DB_NAME} TO ${DB_USER};"
+sudo -u postgres psql -c \
+  "ALTER USER ${DB_USER} VALID UNTIL 'infinity';"
+
+# Create the logs table
+sudo -u postgres psql -d "${DB_NAME}" -c \
+  "CREATE TABLE IF NOT EXISTS logs (id SERIAL PRIMARY KEY, log_data JSONB);"
+
--- a/postgre/postgre/install_postgre.yaml
+++ b/postgre/postgre/install_postgre.yaml
@ -0,0 +1,61 @@
+---
+- name: Install PostgreSQL on Ubuntu 20.04 LTS
+  hosts: localhost
+  become: yes
+  gather_facts: yes
+  tasks:
+    - name: Update apt cache
+      apt:
+        update_cache: yes
+        cache_valid_time: 3600
+
+    - name: Install necessary packages
+      apt:
+        name:
+          - python3-psycopg2
+          - postgresql
+          - postgresql-contrib
+        state: present
+
+    - name: Ensure PostgreSQL service is running
+      systemd:
+        name: postgresql
+        state: started
+        enabled: yes
+
+    - name: Update pg_hba.conf for local connections
+      lineinfile:
+        path: /etc/postgresql/12/main/pg_hba.conf
+        regexp: '^local\s+all\s+all\s+'
+        line: 'local all all trust'
+        state: present
+      notify: Restart PostgreSQL
+
+    - name: Configure PostgreSQL to accept connections from specified addresses
+      lineinfile:
+        path: /etc/postgresql/12/main/pg_hba.conf
+        regexp: '^host all all 192.168.1.0/24'
+        line: 'host all all 192.168.1.0/24 scram-sha-256'
+        state: present
+      notify: Restart PostgreSQL
+
+    - name: Configure PostgreSQL for better write performance
+      become: yes
+      lineinfile:
+        path: /etc/postgresql/12/main/postgresql.conf
+        regexp: "{{ item.regexp }}"
+        line: "{{ item.line }}"
+      loop:
+        - { regexp: '^shared_buffers', line: 'shared_buffers = 512MB' }
+        - { regexp: '^wal_buffers', line: 'wal_buffers = 16MB' }
+        - { regexp: '^checkpoint_completion_target', line: 'checkpoint_completion_target = 0.9' }
+        - { regexp: '^random_page_cost', line: 'random_page_cost = 1.0' }
+        - { regexp: '^effective_io_concurrency', line: 'effective_io_concurrency = 200' }
+      notify: Restart PostgreSQL
+
+  handlers:
+    - name: Restart PostgreSQL
+      systemd:
+        name: postgresql
+        state: restarted
+
--- a/postgre/postgre/run.sh
+++ b/postgre/postgre/run.sh
@ -0,0 +1,10 @@
+#!/bin/bash
+
+if [ $# -ne 1 ]; then
+  echo "Usage: $0 <playbook_file>"
+  exit 1
+fi
+
+playbook_file=$1
+
+ansible-playbook $playbook_file --ask-become-pass