Ajout : sauvegardes automatiques des bases postgresql.

[lhc/ateliers.git] / etc / sv / postgres / local.sh

# DOC: http://wiki.postgresql.org/wiki/Shared_Database_Hosting

"$tool"/local/apt-get-install postgresql-9.1
"$tool"/local/insserv-remove  postgresql
"$tool"/local/adduser postgres \
 --disabled-login \
 --disabled-password \
 --group \
 --home /home/postgresql \
 --shell /bin/false \
 --system
"$tool"/local/adduser postgres-data \
 --disabled-login \
 --disabled-password \
 --group \
 --home /home/postgresql/data \
 --no-create-home \
 --shell /bin/false \
 --system
sudo usermod --home /home/postgresql postgres
sudo adduser postgres postgres-data
sudo install -d -m 1751 -o postgres -g postgres-data \
 /home/postgresql \
 /home/postgresql/etc \
 /etc/postgresql \
 /etc/postgresql/9.1 \
 /etc/postgresql/9.1/main
sudo ln -fns \
                 /etc/postgresql \
 /home/postgresql/etc/postgresql

if sudo test ! -d /home/postgresql/data
 then
        sudo install -d -m 750 -o postgres -g postgres \
         /home/postgresql/data
        sudo -u postgres pg_createcluster \
         --datadir=/home/postgresql/data \
         --logfile=/home/postgresql/log/9.1/main/cluster.log  \
         --socketdir=/run/postgresql \
         9.1 main
 fi

sudo install -m 640 -o postgres -g postgres /dev/stdin \
 /etc/postgresql/9.1/main/pg_ctl.conf <<-EOF
        pg_ctl_options = ''
        EOF
sudo install -m 640 -o postgres -g postgres /dev/stdin \
 /etc/postgresql/9.1/main/pg_ident.conf <<-EOF
        # MAPNAME       SYSTEM-USERNAME         PG-USERNAME
        admin           postgres                postgres
        admin           root                    postgres
        EOF
sudo install -m 640 -o postgres -g postgres /dev/stdin \
 /etc/postgresql/9.1/main/start.conf <<-EOF
        EOF
sudo install -m 640 -o postgres -g postgres /dev/stdin \
 /etc/postgresql/9.1/main/pg_hba.conf <<-EOF
        local all postgres peer map=admin
        local all all      peer
        hostssl all postgres samehost cert
        EOF
sudo install -m 640 -o postgres -g postgres-data \
 "$tool"/etc/postgresql/9.1/main/postgresql.conf \
        /etc/postgresql/9.1/main/postgresql.conf
sudo install -m 640 -o postgres -g postgres \
 "$tool"/var/pub/x509/postgresql."$local_domainname"/crt+ca.pem \
 /etc/postgresql/9.1/main/server.crt
sudo install -m 640 -o postgres -g postgres \
 "$tool"/var/pub/x509/postgresql."$local_domainname"/crt.self-signed.pem \
 /etc/postgresql/9.1/main/root.crt
sudo install -m 640 -o postgres -g postgres \
 "$tool"/var/pub/x509/postgresql."$local_domainname"/crl.self-signed.pem \
 /etc/postgresql/9.1/main/root.crl
for f in server.crt server.key root.crt root.crl
 do sudo ln -fns \
         /etc/postgresql/9.1/main/$f \
         /home/postgresql/data/$f
 done

sudo ln -fns \
        ../sv/"$sv" \
 /etc/service/"$sv"
"$tool"/local/runit-sv-start "$sv"
while ! sudo -u postgres psql </dev/null
do sleep 1; done

# NOTE: supprime l'accès au schéma public depuis public,
#       de sorte à ce que les différents utilisateurices
#       ne voient pas leurs bases de données entre-elleux ;
sudo -u postgres psql template1 -a -f - <<-EOF
        \set ON_ERROR_STOP on
        REVOKE ALL ON DATABASE template1 FROM public;
        REVOKE ALL ON SCHEMA   public    FROM public;
        GRANT  ALL ON SCHEMA   public    TO   postgres;
        EOF
# NOTE: ajoute le support de PL/PGSQL s'il ne l'est pas déjà.
sudo -u postgres psql template1 -a -f - <<-EOF
        \set ON_ERROR_STOP on
        CREATE OR REPLACE FUNCTION create_language_plpgsql()
                RETURNS BOOLEAN AS \$\$
                        CREATE LANGUAGE plpgsql;
                        SELECT TRUE;
                \$\$ LANGUAGE SQL;
        SELECT CASE WHEN NOT (
                SELECT  TRUE AS exists
                FROM    pg_language
                WHERE   lanname = 'plpgsql'
                UNION
                SELECT  FALSE AS exists
                ORDER BY exists DESC
                LIMIT 1
         )
        THEN
                create_language_plpgsql()
        ELSE
                FALSE
        END AS plpgsql_created;
        DROP FUNCTION create_language_plpgsql();
        EOF
sudo -u postgres psql template1 -a -f - <<-EOF
        \set ON_ERROR_STOP on
        REVOKE ALL ON ALL TABLES IN SCHEMA pg_catalog FROM public;
        REVOKE ALL ON               SCHEMA pg_catalog FROM public;
        EOF
"$tool"/local/postgresql-user-create backup
sudo -u postgres psql template1 -a -f - <<-EOF
        \set ON_ERROR_STOP on
        ALTER USER backup WITH SUPERUSER;
                -- NOTE: permet VACUUM
        GRANT USAGE  ON                  SCHEMA pg_catalog TO backup;
        GRANT USAGE  ON                  SCHEMA public     TO backup;
        GRANT SELECT ON ALL TABLES    IN SCHEMA pg_catalog TO backup;
        GRANT SELECT ON ALL TABLES    IN SCHEMA public     TO backup;
        GRANT SELECT ON ALL SEQUENCES IN SCHEMA public     TO backup;
        GRANT CONNECT ON DATABASE template1 TO backup;
        GRANT CONNECT ON DATABASE postgres  TO backup;
        EOF
sudo adduser backup postgres-data

sudo find "$tool"/local/backup \
 -mindepth 1 -maxdepth 1 -type f -perm /+x \
 -name 'postgresql-*' \
 -exec install -m 750 -o backup -g backup \
 -t ~backup/bin {} +
sudo install -m 640 -o root -g root \
 "$tool"/etc/cron.d/postgresql-backup \
        /etc/cron.d/postgresql-backup