diff options
| author | Silvino Silva <silvino@bk.ru> | 2016-10-03 22:48:38 +0100 |
|---|---|---|
| committer | Silvino Silva <silvino@bk.ru> | 2016-10-03 22:49:20 +0100 |
| commit | c30b14dbcfb60418a0d7fd050a096c9bc20a380b (patch) | |
| tree | 0aa945da5a98a0a1d837ff55338800d0a46db820 /tools/postgresql.html | |
| parent | cf0657e1b62b59e2f54bc0cb88870c4db1e36769 (diff) | |
| parent | e6d81cddaba6e3a1583a193ddf1b7405fbdd9889 (diff) | |
| download | doc-c30b14dbcfb60418a0d7fd050a096c9bc20a380b.tar.gz | |
Release 0.2.3
Diffstat (limited to 'tools/postgresql.html')
| -rw-r--r-- | tools/postgresql.html | 239 |
1 files changed, 157 insertions, 82 deletions
diff --git a/tools/postgresql.html b/tools/postgresql.html index e160ae2..0399ec6 100644 --- a/tools/postgresql.html +++ b/tools/postgresql.html @@ -11,53 +11,26 @@ <h1>Postgresql</h1> - <h2 id="install">1.1. Install Postgresql</h2> + <h2 id="install">1. Install Postgresql</h2> - <pre> - $ prt-get depinst postgresql - </pre> - - <p>Mount Point;</p> + <p>Install postgresql;</p> <pre> - # mkdir -p /srv/pgsql - # mount /srv/pgsql + $ prt-get depinst postgresql </pre> - <p>Create user;</p> - <pre> - # useradd -U -m -d /srv/pgsql -s /bin/false postgres - useradd: warning: the home directory already exists. - Not copying any file from skel directory into it. + # mkdir /srv/pgsql/ + # touch /var/log/postgresql + # chown postgres:postgres /srv/pgsql /var/log/postgresql + # sudo -u postgres initdb -D /srv/pgsql/data </pre> - <pre> - # passwd -l postgres - passwd: password expiry information changed. - # touch /var/log/pgsql - # chown -R postgres:postgres /srv/pgsql /var/log/pgsql - # ldconfig /user/lib/postgresql - </pre> + <h2 id="config">2. Configure Server</h2> - $ sudo -u postgres mkdir -p /srv/pgsql/data - # sudo -u postgres touch /srv/pgsql/.psql_history - </pre> + <h3>2.1. Init script</h3> - <p>Create /etc/logrotate.d/postgres;</p> - - <pre> - /var/log/pgsql { - weekly - compress - delaycompress - rotate 10 - notifempty - create 660 postgres postgres - } - </pre> - - <p>Edit /etc/rc.d/postgresql;</p> + <p>Change <a href="conf/etc/rc.d/postgresql">/etc/rc.d/postgresql</a>;</p> <pre> # @@ -65,26 +38,85 @@ # PG_DATA=/srv/pgsql/data - PG_HOME=/srv/pgsql case "$1" in - start|stop|status|restart|reload) - (cd $PG_HOME && sudo -u postgres pg_ctl -D "$PG_DATA" -l /var/log/pgsql "$1") - ;; - *) - echo "usage: $0 start|stop|restart|reload|status" - ;; + start|stop|status|restart|reload) + sudo -u postgres pg_ctl -D "$PG_DATA" -l /var/log/postgresql "$1" + ;; + *) + echo "usage: $0 start|stop|restart|reload|status" + ;; esac # End of file </pre> - <h2 id="config">1.2. Configure Server</h2> + <h3>2.2. Certificates</h3> <pre> - # sudo -u postgres initdb -D /srv/pgsql/data + $ sudo openssl genrsa -des3 -out /etc/ssl/keys/pg.key 2048 + Password: + Generating RSA private key, 2048 bit long modulus + ..............................+++ + ............+++ + e is 65537 (0x10001) + Enter pass phrase for /etc/ssl/keys/pg.key: + Verifying - Enter pass phrase for /etc/ssl/keys/pg.key: </pre> + <p>Create ceritificate signing request. For "Common Name" + provide domain name or ip address, leave challange password + and optional company name blank;</p> + + <pre> + $ sudo openssl req -x509 -in server.req -text -key /etc/ssl/keys/pg.key -out /etc/ssl/certs/pg.crt + + Enter pass phrase for /etc/ssl/keys/pg.key: + You are about to be asked to enter information that will be incorporated + into your certificate request. + What you are about to enter is what is called a Distinguished Name or a DN. + There are quite a few fields but you can leave some blank + For some fields there will be a default value, + If you enter '.', the field will be left blank. + ----- + Country Name (2 letter code) [AU]:PT + State or Province Name (full name) [Some-State]: + Locality Name (eg, city) []: + Organization Name (eg, company) [Internet Widgits Pty Ltd]: + Organizational Unit Name (eg, section) []: + Common Name (e.g. server FQDN or YOUR name) []:core.privat-network.net + Email Address []: + + Please enter the following 'extra' attributes + to be sent with your certificate request + A challenge password []: + An optional company name []: + $ + </pre> + + <p>Having password is a good idea, but requires it every + time pg is restarted. To remove;</p> + + <pre> + $ sudo cp /etc/ssl/keys/pg.key /etc/ssl/keys/pg.key.pass + $ sudo openssl rsa \ + -in /etc/ssl/keys/pg.key.pass \ + -out /etc/ssl/keys/pg.key + </pre> + + <pre> + Enter pass phrase for /etc/ssl/keys/pg.key.pass: + writing RSA key + </pre> + + <pre> + $ sudo chown postgres:postgres /etc/ssl/keys/pg.key* + $ sudo chmod 0600 /etc/ssl/keys/pg.key* + $ sudo chmod 644 /etc/ssl/certs/pg.cert + </pre> + + <h3>2.3. Super user password</h3> + <p>Create password for super user;</p> <pre> @@ -92,17 +124,31 @@ $ psql -U postgres </pre> - <p>Edit /pgsql/data/<a href="../conf/srv/pgsql/data/postgresql.conf">postgresql.conf</a>;</p> + <h3>2.4. Configure postgresql.conf</h3> + + <p>Edit <a href="conf/srv/pgsql/data/postgresql.conf">/srv/pgsql/data/postgresql.conf</a>;</p> <pre> - log_destination = 'syslog' # Can specify multiple destinations - syslog_facility='LOCAL0' - syslog_ident='postgres' - log_connections = on - password_encryption=on + # - Security and Authentication - + + #authentication_timeout = 1min # 1s-600s + ssl = on # (change requires restart) + #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers + # (change requires restart) + #ssl_prefer_server_ciphers = on # (change requires restart) + #ssl_ecdh_curve = 'prime256v1' # (change requires restart) + ssl_cert_file = '/etc/ssl/certs/pg.crt' # (change requires restart) + ssl_key_file = '/etc/ssl/keys/pg.key' # (change requires restart) + #ssl_ca_file = '' # (change requires restart) + #ssl_crl_file = '' # (change requires restart) + password_encryption = on </pre> - <p>Edit /srv/pgsql/data/<a href="../conf/srv/pgsql/data/pg_hba.conf">pg_hba.conf</a>;</p> + <h3>2.5. Configure pg_hba.conf</h3> + + <p>Edit + <a href="conf/srv/pgsql/data/pg_hba.conf">/srv/pgsql/data/pg_hba.conf</a>; + </p> <pre> # TYPE DATABASE USER ADDRESS METHOD @@ -111,7 +157,8 @@ #local all all trust local all postgres ident # IPv4 local connections: - hostssl all all 127.0.0.1/32 md5 + host all all 127.0.0.1/32 trust + #hostssl all all 192.168.0.0/32 md5 # IPv6 local connections: #host all all ::1/128 trust # Allow replication connections from localhost, by a user with the @@ -121,62 +168,88 @@ #host replication postgres ::1/128 trust </pre> + <p>Start server and alter postgres password</p> + + <pre> + # /etc/rc.d/postgresql start + </pre> + + <pre> + postgres=# alter user postgres with password 'new_password'; + </pre> + + <h3 id="syslog">2.6. Configure syslog-ng</h3> + <p><a href="syslog-ng.html">Configure Syslog-ng</a>, check <a href="http://michael.otacoo.com/postgresql-2/postgres-settings-simple-syslog-configuration-with-syslog-ng/">Michael at otacoo</a> article. Example;</p> + <p>Edit /pgsql/data/<a href="../conf/srv/pgsql/data/postgresql.conf">postgresql.conf</a>;</p> + <pre> - destination postgres { file("/var/log/pgsql"); }; - filter f_postgres { facility(local0); }; - log { source(s_log); filter(f_postgres); destination(postgres); }; + log_destination = 'syslog' # Can specify multiple destinations + syslog_facility='LOCAL0' + syslog_ident='postgres' + log_connections = on </pre> - <p>Start server and alter postgres password</p> + + <p>Create /etc/logrotate.d/postgres;</p> <pre> - # /etc/rc.d/postgresql start + /var/log/pgsql { + weekly + compress + delaycompress + rotate 10 + notifempty + create 660 postgres postgres + } </pre> + <pre> - postgres=# alter user postgres with password 'new_password'; + destination postgres { file("/var/log/pgsql"); }; + filter f_postgres { facility(local0); }; + log { source(s_log); filter(f_postgres); destination(postgres); }; </pre> - <h2 id="createuser">1.3. Create User</h2> + + <h2 id="createuser">3. Create User</h2> <p>Create a new user with createuser command;</p> <pre> $ sudo -u postgres createuser --pwprompt --encrypted \ - --no-createrole --no-createdb laravel_user + --no-createrole --no-createdb flyspray Enter password for new user: Enter it again: </pre> - <h2 id="createdb">1.4. Create Database</h2> + <h2 id="createdb">4. Create Database</h2> <p>Create a new database for new user with createdb command;</p> <pre> $ sudo -u postgres createdb --template=template0 --encoding=UTF8 \ - --owner=laravel_user laravel_db + --owner=flyspray db_flyspray </pre> - <h2 id="dropdb">1.5. Drop Database</h2> + <h2 id="dropdb">5. Drop Database</h2> <p>Deleting database with dropdb command;</p> <pre> - sudo -u postgres dropdb laravel_db + sudo -u postgres dropdb db_flyspray </pre> - <h2 id="dropuser">1.6. Drop User</h2> + <h2 id="dropuser">6. Drop User</h2> <p>Deleting user with dropuser command;</p> <pre> - sudo -u postgres dropuser laravel_user + sudo -u postgres dropuser flyspray </pre> - - <h2 id="psql">1.7. Psql</h2> + <h2 id="psql">7. Psql</h2> <p>Lets check with psql, login with user postgres;</p> @@ -190,7 +263,7 @@ postgres=# \? </pre> - <h3 id="listdb">Psql - List Databases and Roles</h3> + <h3 id="listdb">7.1. List Databases and Roles</h3> <p>List roles then list databases;</p> @@ -199,39 +272,43 @@ postgres=# \l </pre> - <h3 id="psqldb">Psql - Create Database</h3> + <h3 id="psqldb">7.2. Create Database</h3> <pre> - postgres=# create database laravel_db_ext owner laravel_user encoding 'UTF-8' template template0; + postgres=# create database db_flyspray_ext owner flyspray encoding 'UTF-8' template template0; </pre> - <h3 id="droptables">Psql - Drop Tables</h3> + <h3 id="droptables">7.3. Drop Tables</h3> <p>This example assumes that all tables, are in public schema. First connect to database and list tables;</p> <pre> - postgres=# \c laravel_db + postgres=# revoke SELECT on db_flyspray from flyspray; + </pre> + + <pre> + postgres=# \c db_flyspray postgres=# \dt </pre> <p>Drop all tables on public schema and recreate public schema;</p> <pre> - laravel_db=# drop schema public cascade; - laravel_db=# create schema public; + db_flyspray=# drop schema public cascade; + db_flyspray=# create schema public; </pre> - <h3 id="backup">Backup</h3> + <h3 id="backup">7.4. Backup</h3> <p>Backup Database</p> - <h3 id="backup">Restore</h3> + <h3 id="backup">7.5. Restore</h3> <pre> - $ psql laravel_db < database_dump + $ psql db_flyspray < database_dump </pre> <a href="index.html">Tools Index</a> @@ -242,7 +319,5 @@ See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> for copying conditions.</p> - - </body> </html> |