adding PostgreSQL DB lab deployment
This commit is contained in:
parent
d8ff367585
commit
f8ba3d56e5
11
postgre/Readme.txt
Normal file
11
postgre/Readme.txt
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
These are lab files. The passowords and grants are not real.
|
||||||
|
|
||||||
|
* Ansible Playbook that installs a PostgreSQL DBMS
|
||||||
|
* applies configuration for ingest optimization (performance)
|
||||||
|
* script generates table to make a database named logs
|
||||||
|
* table named logs
|
||||||
|
* log_data JSONB (rows)
|
||||||
|
|
||||||
|
* Corresponding Rsyslog server does the ingest, has a LinkedList queue (currently appox 80 MB)
|
||||||
|
|
||||||
|
https://code.because-security.com/marius/gist/src/branch/main/rsyslog
|
24
postgre/postgre/database_init.sh
Normal file
24
postgre/postgre/database_init.sh
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -eu
|
||||||
|
|
||||||
|
DB_NAME="logs"
|
||||||
|
DB_USER="myuser"
|
||||||
|
DB_PASSWORD="mypassword"
|
||||||
|
|
||||||
|
# Create the database
|
||||||
|
sudo -u postgres psql -c \
|
||||||
|
"CREATE DATABASE ${DB_NAME} WITH ENCODING 'UTF-8' \
|
||||||
|
LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8' TEMPLATE template0;"
|
||||||
|
|
||||||
|
# Create the user
|
||||||
|
sudo -u postgres psql -c \
|
||||||
|
"CREATE USER ${DB_USER} WITH PASSWORD '${DB_PASSWORD}';"
|
||||||
|
sudo -u postgres psql -c \
|
||||||
|
"GRANT ALL PRIVILEGES ON DATABASE ${DB_NAME} TO ${DB_USER};"
|
||||||
|
sudo -u postgres psql -c \
|
||||||
|
"ALTER USER ${DB_USER} VALID UNTIL 'infinity';"
|
||||||
|
|
||||||
|
# Create the logs table
|
||||||
|
sudo -u postgres psql -d "${DB_NAME}" -c \
|
||||||
|
"CREATE TABLE IF NOT EXISTS logs (id SERIAL PRIMARY KEY, log_data JSONB);"
|
||||||
|
|
61
postgre/postgre/install_postgre.yaml
Normal file
61
postgre/postgre/install_postgre.yaml
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
---
|
||||||
|
- name: Install PostgreSQL on Ubuntu 20.04 LTS
|
||||||
|
hosts: localhost
|
||||||
|
become: yes
|
||||||
|
gather_facts: yes
|
||||||
|
tasks:
|
||||||
|
- name: Update apt cache
|
||||||
|
apt:
|
||||||
|
update_cache: yes
|
||||||
|
cache_valid_time: 3600
|
||||||
|
|
||||||
|
- name: Install necessary packages
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- python3-psycopg2
|
||||||
|
- postgresql
|
||||||
|
- postgresql-contrib
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure PostgreSQL service is running
|
||||||
|
systemd:
|
||||||
|
name: postgresql
|
||||||
|
state: started
|
||||||
|
enabled: yes
|
||||||
|
|
||||||
|
- name: Update pg_hba.conf for local connections
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/postgresql/12/main/pg_hba.conf
|
||||||
|
regexp: '^local\s+all\s+all\s+'
|
||||||
|
line: 'local all all trust'
|
||||||
|
state: present
|
||||||
|
notify: Restart PostgreSQL
|
||||||
|
|
||||||
|
- name: Configure PostgreSQL to accept connections from specified addresses
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/postgresql/12/main/pg_hba.conf
|
||||||
|
regexp: '^host all all 192.168.1.0/24'
|
||||||
|
line: 'host all all 192.168.1.0/24 scram-sha-256'
|
||||||
|
state: present
|
||||||
|
notify: Restart PostgreSQL
|
||||||
|
|
||||||
|
- name: Configure PostgreSQL for better write performance
|
||||||
|
become: yes
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/postgresql/12/main/postgresql.conf
|
||||||
|
regexp: "{{ item.regexp }}"
|
||||||
|
line: "{{ item.line }}"
|
||||||
|
loop:
|
||||||
|
- { regexp: '^shared_buffers', line: 'shared_buffers = 512MB' }
|
||||||
|
- { regexp: '^wal_buffers', line: 'wal_buffers = 16MB' }
|
||||||
|
- { regexp: '^checkpoint_completion_target', line: 'checkpoint_completion_target = 0.9' }
|
||||||
|
- { regexp: '^random_page_cost', line: 'random_page_cost = 1.0' }
|
||||||
|
- { regexp: '^effective_io_concurrency', line: 'effective_io_concurrency = 200' }
|
||||||
|
notify: Restart PostgreSQL
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
- name: Restart PostgreSQL
|
||||||
|
systemd:
|
||||||
|
name: postgresql
|
||||||
|
state: restarted
|
||||||
|
|
10
postgre/postgre/run.sh
Executable file
10
postgre/postgre/run.sh
Executable file
@ -0,0 +1,10 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
if [ $# -ne 1 ]; then
|
||||||
|
echo "Usage: $0 <playbook_file>"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
playbook_file=$1
|
||||||
|
|
||||||
|
ansible-playbook $playbook_file --ask-become-pass
|
Loading…
Reference in New Issue
Block a user