From f8ba3d56e5fb783187335cfca7000ed1d2e89687 Mon Sep 17 00:00:00 2001 From: marius Date: Mon, 24 Apr 2023 17:00:21 +0200 Subject: [PATCH] adding PostgreSQL DB lab deployment --- postgre/Readme.txt | 11 +++++ postgre/postgre/database_init.sh | 24 +++++++++++ postgre/postgre/install_postgre.yaml | 61 ++++++++++++++++++++++++++++ postgre/postgre/run.sh | 10 +++++ 4 files changed, 106 insertions(+) create mode 100644 postgre/Readme.txt create mode 100644 postgre/postgre/database_init.sh create mode 100644 postgre/postgre/install_postgre.yaml create mode 100755 postgre/postgre/run.sh diff --git a/postgre/Readme.txt b/postgre/Readme.txt new file mode 100644 index 0000000..99e2ee3 --- /dev/null +++ b/postgre/Readme.txt @@ -0,0 +1,11 @@ +These are lab files. The passowords and grants are not real. + +* Ansible Playbook that installs a PostgreSQL DBMS +* applies configuration for ingest optimization (performance) +* script generates table to make a database named logs +* table named logs + * log_data JSONB (rows) + +* Corresponding Rsyslog server does the ingest, has a LinkedList queue (currently appox 80 MB) + +https://code.because-security.com/marius/gist/src/branch/main/rsyslog diff --git a/postgre/postgre/database_init.sh b/postgre/postgre/database_init.sh new file mode 100644 index 0000000..dcacbfb --- /dev/null +++ b/postgre/postgre/database_init.sh @@ -0,0 +1,24 @@ +#!/bin/bash +set -eu + +DB_NAME="logs" +DB_USER="myuser" +DB_PASSWORD="mypassword" + +# Create the database +sudo -u postgres psql -c \ + "CREATE DATABASE ${DB_NAME} WITH ENCODING 'UTF-8' \ + LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8' TEMPLATE template0;" + +# Create the user +sudo -u postgres psql -c \ + "CREATE USER ${DB_USER} WITH PASSWORD '${DB_PASSWORD}';" +sudo -u postgres psql -c \ + "GRANT ALL PRIVILEGES ON DATABASE ${DB_NAME} TO ${DB_USER};" +sudo -u postgres psql -c \ + "ALTER USER ${DB_USER} VALID UNTIL 'infinity';" + +# Create the logs table +sudo -u postgres psql -d "${DB_NAME}" -c \ + "CREATE TABLE IF NOT EXISTS logs (id SERIAL PRIMARY KEY, log_data JSONB);" + diff --git a/postgre/postgre/install_postgre.yaml b/postgre/postgre/install_postgre.yaml new file mode 100644 index 0000000..acbfb5b --- /dev/null +++ b/postgre/postgre/install_postgre.yaml @@ -0,0 +1,61 @@ +--- +- name: Install PostgreSQL on Ubuntu 20.04 LTS + hosts: localhost + become: yes + gather_facts: yes + tasks: + - name: Update apt cache + apt: + update_cache: yes + cache_valid_time: 3600 + + - name: Install necessary packages + apt: + name: + - python3-psycopg2 + - postgresql + - postgresql-contrib + state: present + + - name: Ensure PostgreSQL service is running + systemd: + name: postgresql + state: started + enabled: yes + + - name: Update pg_hba.conf for local connections + lineinfile: + path: /etc/postgresql/12/main/pg_hba.conf + regexp: '^local\s+all\s+all\s+' + line: 'local all all trust' + state: present + notify: Restart PostgreSQL + + - name: Configure PostgreSQL to accept connections from specified addresses + lineinfile: + path: /etc/postgresql/12/main/pg_hba.conf + regexp: '^host all all 192.168.1.0/24' + line: 'host all all 192.168.1.0/24 scram-sha-256' + state: present + notify: Restart PostgreSQL + + - name: Configure PostgreSQL for better write performance + become: yes + lineinfile: + path: /etc/postgresql/12/main/postgresql.conf + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + loop: + - { regexp: '^shared_buffers', line: 'shared_buffers = 512MB' } + - { regexp: '^wal_buffers', line: 'wal_buffers = 16MB' } + - { regexp: '^checkpoint_completion_target', line: 'checkpoint_completion_target = 0.9' } + - { regexp: '^random_page_cost', line: 'random_page_cost = 1.0' } + - { regexp: '^effective_io_concurrency', line: 'effective_io_concurrency = 200' } + notify: Restart PostgreSQL + + handlers: + - name: Restart PostgreSQL + systemd: + name: postgresql + state: restarted + diff --git a/postgre/postgre/run.sh b/postgre/postgre/run.sh new file mode 100755 index 0000000..e3e95f2 --- /dev/null +++ b/postgre/postgre/run.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +if [ $# -ne 1 ]; then + echo "Usage: $0 " + exit 1 +fi + +playbook_file=$1 + +ansible-playbook $playbook_file --ask-become-pass