From: Sam Hartman Date: Mon, 25 Aug 2008 00:59:27 +0000 (-0400) Subject: Generate pg_hba.conf and install postgresql.conf X-Git-Tag: sipb-xen-database/10.19^0 X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-database.git/commitdiff_plain/888ffabe00bd978fcea16b609f2c65162c44c865 Generate pg_hba.conf and install postgresql.conf so that installing this package works without manual editing svn path=/trunk/packages/sipb-xen-database/; revision=918 --- diff --git a/debian/changelog b/debian/changelog index 3fc0456..c586cd1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +sipb-xen-database (10.19) unstable; urgency=low + + * Generate config files for pg_hba.conf + * replace postgresql.conf + + -- Sam Hartman Mon, 25 Aug 2008 00:38:21 +0000 + sipb-xen-database (10.18) unstable; urgency=low * add 'adminable' column to machines; for selectively, temporarily, diff --git a/debian/control b/debian/control index d36987d..c6231e1 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: sipb-xen-database Section: net Priority: extra Maintainer: SIPB Xen Project -Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 4.2.0), python-support (>= 0.5.3) +Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 4.2.0), python-support (>= 0.5.3), config-package-dev Standards-Version: 3.7.2 Package: sipb-xen-database-common diff --git a/debian/control.in b/debian/control.in deleted file mode 100644 index f9ebc21..0000000 --- a/debian/control.in +++ /dev/null @@ -1,26 +0,0 @@ -Source: sipb-xen-database -Section: net -Priority: extra -Maintainer: SIPB Xen Project -Build-Depends: @cdbs@, python-support (>= 0.5.3) -Standards-Version: 3.7.2 - -Package: sipb-xen-database-common -Architecture: all -Depends: ${misc:Depends}, ${python:Depends}, python-sqlalchemy, python-psycopg2 -Provides: ${python:Provides} -Description: Installs the SIPB Xen database schema files - This contains the python modules to access the SIPB Xen database - -Package: sipb-xen-database-server -Architecture: all -Depends: ${misc:Depends}, ${python:Depends}, postgresql-8.1, python-sqlalchemy, python-psycopg2, sipb-xen-database-common, adduser -Description: Installs the SIPB Xen database server - This tracks all the user VMs and is accessed from the VM host - -Package: sipb-xen-database-client -Architecture: all -Depends: ${misc:Depends}, postgresql-client-8.1, python-sqlalchemy, python-psycopg2, sipb-xen-database-common, python -Description: Installs the SIPB Xen database configuration file - This is a python xen configuration script that talks to the database - to dynamically load xen domU configuration information diff --git a/debian/rules b/debian/rules index e59a28a..27e8995 100755 --- a/debian/rules +++ b/debian/rules @@ -1,8 +1,13 @@ #!/usr/bin/make -f -DEB_AUTO_UPDATE_DEBIAN_CONTROL = 1 + +DEB_DIVERT_EXTENSION = .invert +DEB_DIVERT_FILES_sipb-xen-database-server += \ +/etc/postgresql/8.1/main/postgresql.conf.invert + include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/rules/config-package.mk binary-install/sipb-xen-database-common:: dh_pysupport -psipb-xen-database-common diff --git a/debian/sipb-xen-database-server.init b/debian/sipb-xen-database-server.init new file mode 100644 index 0000000..b4f805e --- /dev/null +++ b/debian/sipb-xen-database-server.init @@ -0,0 +1,77 @@ +#!/bin/bash +### BEGIN INIT INFO +# Provides: sipb-xen-console +# Required-Start: $local_fs $remote_fs +# Required-Stop: $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: sipb-xen Console Server homedir filesystem +# Description: +### END INIT INFO + +# Author: SIPB Xen Project + +# Do NOT "set -e" + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="The sipb-xen database server" +NAME=sipb-xen-database-server + + + +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "/usr/bin/sipb-xen-database-tabales" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +gen_config() +{ + for i in /etc/postgresql/8.1/main/pg_hba.conf + ; do + mako-render $i.mako > $i + done +} + +do_reload() +{ + gen_config + +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" +gen_config + ;; + stop) + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/debian/sipb-xen-database-server.install b/debian/sipb-xen-database-server.install index 808413f..2ba67b2 100644 --- a/debian/sipb-xen-database-server.install +++ b/debian/sipb-xen-database-server.install @@ -1 +1,2 @@ +server/* . sipb-xen-database-tables usr/bin diff --git a/debian/sipb-xen-database-server.postinst b/debian/sipb-xen-database-server.postinst index 3f01ee6..faae517 100644 --- a/debian/sipb-xen-database-server.postinst +++ b/debian/sipb-xen-database-server.postinst @@ -17,6 +17,14 @@ set -e # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. +# Note that by moving this above our generated code we could run into significant problems +# if we happened to start a daemon, and use debconf +# We move this up here because we need the diversion of postgresql.conf to happen before we create tables + +#DEBHELPER# + case "$1" in configure) @@ -27,6 +35,8 @@ case "$1" in su postgres -c 'createdb sipb_xen -O sipb-xen' || true adduser --system sipb-xen fi + mako-render /etc/postgresql/8.1/main/pg_hba.conf.mako >/etc/postgresql/8.1/main/pg_hba.conf + /etc/init.d/postgresql-8.1 restart su sipb-xen -s /bin/sh -c 'sipb-xen-database-tables create' ;; @@ -39,11 +49,6 @@ case "$1" in ;; esac -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - exit 0 diff --git a/server/etc/postgresql/8.1/main/pg_hba.conf.mako b/server/etc/postgresql/8.1/main/pg_hba.conf.mako new file mode 100644 index 0000000..cc02053 --- /dev/null +++ b/server/etc/postgresql/8.1/main/pg_hba.conf.mako @@ -0,0 +1,88 @@ +<% from invirt.config import structs as cfg %>\ +# PostgreSQL Client Authentication Configuration File +# =================================================== +# +# Refer to the PostgreSQL Administrator's Guide, chapter "Client +# Authentication" for a complete description. A short synopsis +# follows. +# +# This file controls: which hosts are allowed to connect, how clients +# are authenticated, which PostgreSQL user names they can use, which +# databases they can access. Records take one of these forms: +# +# local DATABASE USER METHOD [OPTION] +# host DATABASE USER CIDR-ADDRESS METHOD [OPTION] +# hostssl DATABASE USER CIDR-ADDRESS METHOD [OPTION] +# hostnossl DATABASE USER CIDR-ADDRESS METHOD [OPTION] +# +# (The uppercase items must be replaced by actual values.) +# +# The first field is the connection type: "local" is a Unix-domain socket, +# "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl" is an +# SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP socket. +# +# DATABASE can be "all", "sameuser", "samerole", a database name, or +# a comma-separated list thereof. +# +# USER can be "all", a user name, a group name prefixed with "+", or +# a comma-separated list thereof. In both the DATABASE and USER fields +# you can also write a file name prefixed with "@" to include names from +# a separate file. +# +# CIDR-ADDRESS specifies the set of hosts the record matches. +# It is made up of an IP address and a CIDR mask that is an integer +# (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies +# the number of significant bits in the mask. Alternatively, you can write +# an IP address and netmask in separate columns to specify the set of hosts. +# +# METHOD can be "trust", "reject", "md5", "crypt", "password", +# "krb5", "ident", or "pam". Note that "password" sends passwords +# in clear text; "md5" is preferred since it sends encrypted passwords. +# +# OPTION is the ident map or the name of the PAM service, depending on METHOD. +# +# Database and user names containing spaces, commas, quotes and other special +# characters must be quoted. Quoting one of the keywords "all", "sameuser" or +# "samerole" makes the name lose its special character, and just match a +# database or username with that name. +# +# This file is read on server startup and when the postmaster receives +# a SIGHUP signal. If you edit the file on a running system, you have +# to SIGHUP the postmaster for the changes to take effect. You can use +# "pg_ctl reload" to do that. + +# Put your actual configuration here +# ---------------------------------- +# +# If you want to allow non-local connections, you need to add more +# "host" records. In that case you will also need to make PostgreSQL listen +# on a non-local interface via the listen_addresses configuration parameter, +# or via the -i or -h command line switches. +# + + + + +# DO NOT DISABLE! +# If you change this first entry you will need to make sure that the +# database +# super user can access the database using some other method. +# Noninteractive +# access to all databases is required during automatic maintenance +# (autovacuum, daily cronjob, replication, and similar tasks). +# +# Database administrative login by UNIX sockets +local all postgres ident sameuser + +# TYPE DATABASE USER CIDR-ADDRESS METHOD + +# "local" is for Unix domain socket connections only +local all all ident sameuser +# IPv4 local connections: +host all all 127.0.0.1/32 md5 +# IPv6 local connections: +host all all ::1/128 md5 +host ${cfg.db.dbname} ${cfg.db.user} ${cfg.db.ip}/32 trust +% for h in cfg.hosts: +host ${cfg.db.dbname} ${cfg.db.user} ${h.ip}/32 trust +% endfor diff --git a/server/etc/postgresql/8.1/main/postgresql.conf.invert b/server/etc/postgresql/8.1/main/postgresql.conf.invert new file mode 100644 index 0000000..0e8b0f8 --- /dev/null +++ b/server/etc/postgresql/8.1/main/postgresql.conf.invert @@ -0,0 +1,431 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The '=' is optional.) White space may be used. Comments are introduced +# with '#' anywhere on a line. The complete list of option names and +# allowed values can be found in the PostgreSQL documentation. The +# commented-out settings shown in this file represent the default values. +# +# Please note that re-commenting a setting is NOT sufficient to revert it +# to the default value, unless you restart the postmaster. +# +# Any option can also be given as a command line switch to the +# postmaster, e.g. 'postmaster -c log_connections=on'. Some options +# can be changed at run-time with the 'SET' SQL command. +# +# This file is read on postmaster startup and when the postmaster +# receives a SIGHUP. If you edit the file on a running system, you have +# to SIGHUP the postmaster for the changes to take effect, or use +# "pg_ctl reload". Some settings, such as listen_addresses, require +# a postmaster shutdown and restart to take effect. + + +#--------------------------------------------------------------------------- +# FILE LOCATIONS +#--------------------------------------------------------------------------- + +# The default values of these variables are driven from the -D command line +# switch or PGDATA environment variable, represented here as ConfigDir. + +#data_directory = 'ConfigDir' # use data in another directory +hba_file = '/etc/postgresql/8.1/main/pg_hba.conf' # host-based authentication file +ident_file = '/etc/postgresql/8.1/main/pg_ident.conf' # IDENT configuration file + +# If external_pid_file is not explicitly set, no extra pid file is written. +external_pid_file = '/var/run/postgresql/8.1-main.pid' # write an extra pid file + + +#--------------------------------------------------------------------------- +# CONNECTIONS AND AUTHENTICATION +#--------------------------------------------------------------------------- + +# - Connection Settings - + +listen_addresses = '*' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost', '*' = all +port = 5432 +max_connections = 100 +# note: increasing max_connections costs ~400 bytes of shared memory per +# connection slot, plus lock space (see max_locks_per_transaction). You +# might also need to raise shared_buffers to support more connections. +#superuser_reserved_connections = 2 +unix_socket_directory = '/var/run/postgresql' +#unix_socket_group = '' +#unix_socket_permissions = 0777 # octal +#bonjour_name = '' # defaults to the computer name + +# - Security & Authentication - + +#authentication_timeout = 60 # 1-600, in seconds +ssl = true +#password_encryption = on +#db_user_namespace = off + +# Kerberos +#krb_server_keyfile = '' +#krb_srvname = 'postgres' +#krb_server_hostname = '' # empty string matches any keytab entry +#krb_caseins_users = off + +# - TCP Keepalives - +# see 'man 7 tcp' for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + +#--------------------------------------------------------------------------- +# RESOURCE USAGE (except WAL) +#--------------------------------------------------------------------------- + +# - Memory - + +shared_buffers = 1000 # min 16 or max_connections*2, 8KB each +#temp_buffers = 1000 # min 100, 8KB each +#max_prepared_transactions = 5 # can be 0 or more +# note: increasing max_prepared_transactions costs ~600 bytes of shared memory +# per transaction slot, plus lock space (see max_locks_per_transaction). +#work_mem = 1024 # min 64, size in KB +#maintenance_work_mem = 16384 # min 1024, size in KB +#max_stack_depth = 2048 # min 100, size in KB + +# - Free Space Map - + +#max_fsm_pages = 20000 # min max_fsm_relations*16, 6 bytes each +#max_fsm_relations = 1000 # min 100, ~70 bytes each + +# - Kernel Resource Usage - + +#max_files_per_process = 1000 # min 25 +#preload_libraries = '' + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-1000 milliseconds +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 0-10000 credits + +# - Background writer - + +#bgwriter_delay = 200 # 10-10000 milliseconds between rounds +#bgwriter_lru_percent = 1.0 # 0-100% of LRU buffers scanned/round +#bgwriter_lru_maxpages = 5 # 0-1000 buffers max written/round +#bgwriter_all_percent = 0.333 # 0-100% of all buffers scanned/round +#bgwriter_all_maxpages = 5 # 0-1000 buffers max written/round + + +#--------------------------------------------------------------------------- +# WRITE AHEAD LOG +#--------------------------------------------------------------------------- + +# - Settings - + +#fsync = on # turns forced synchronization on or off +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_buffers = 8 # min 4, 8KB each +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_segments = 3 # in logfile segments, min 1, 16MB each +#checkpoint_timeout = 300 # range 30-3600, in seconds +#checkpoint_warning = 30 # in seconds, 0 is off + +# - Archiving - + +#archive_command = '' # command to use to archive a logfile + # segment + + +#--------------------------------------------------------------------------- +# QUERY TUNING +#--------------------------------------------------------------------------- + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on + +# - Planner Cost Constants - + +#effective_cache_size = 1000 # typically 8KB each +#random_page_cost = 4 # units are one sequential page fetch + # cost +#cpu_tuple_cost = 0.01 # (same) +#cpu_index_tuple_cost = 0.001 # (same) +#cpu_operator_cost = 0.0025 # (same) + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 + +# - Other Planner Options - + +#default_statistics_target = 10 # range 1-1000 +#constraint_exclusion = off +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOINs + + +#--------------------------------------------------------------------------- +# ERROR REPORTING AND LOGGING +#--------------------------------------------------------------------------- + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, syslog and eventlog, + # depending on platform. + +# This is used when logging to stderr: +#redirect_stderr = off # Enable capturing of stderr into log + # files + +# These are only used if redirect_stderr is on: +#log_directory = 'pg_log' # Directory where log files are written + # Can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # Log file name pattern. + # Can include strftime() escapes +#log_truncate_on_rotation = off # If on, any existing log file of the same + # name as the new log file will be + # truncated rather than appended to. But + # such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1440 # Automatic rotation of logfiles will + # happen after so many minutes. 0 to + # disable. +#log_rotation_size = 10240 # Automatic rotation of logfiles will + # happen after so many kilobytes of log + # output. 0 to disable. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' + + +# - When to Log - + +#client_min_messages = notice # Values, in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + +#log_min_messages = notice # Values, in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_error_verbosity = default # terse, default, or verbose messages + +#log_min_error_statement = panic # Values in order of increasing severity: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # panic(off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, in milliseconds. + +#silent_mode = off # DO NOT USE without syslog or + # redirect_stderr + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = off +#log_connections = off +#log_disconnections = off +#log_duration = off +log_line_prefix = '%t ' # Special values: + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = PID + # %t = timestamp (no milliseconds) + # %m = timestamp with milliseconds + # %i = command tag + # %c = session id + # %l = session line number + # %s = session start timestamp + # %x = transaction id + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_statement = 'none' # none, mod, ddl, all +#log_hostname = off + + +#--------------------------------------------------------------------------- +# RUNTIME STATISTICS +#--------------------------------------------------------------------------- + +# - Statistics Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + +# - Query/Index Statistics Collector - + +#stats_start_collector = on +#stats_command_string = off +#stats_block_level = off +stats_row_level = on +#stats_reset_on_server_start = off + + +#--------------------------------------------------------------------------- +# AUTOVACUUM PARAMETERS +#--------------------------------------------------------------------------- + +autovacuum = on # enable autovacuum subprocess? +#autovacuum_naptime = 60 # time between autovacuum runs, in secs +#autovacuum_vacuum_threshold = 1000 # min # of tuple updates before + # vacuum +#autovacuum_analyze_threshold = 500 # min # of tuple updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.4 # fraction of rel size before + # vacuum +#autovacuum_analyze_scale_factor = 0.2 # fraction of rel size before + # analyze +#autovacuum_vacuum_cost_delay = -1 # default vacuum cost delay for + # autovac, -1 means use + # vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovac, -1 means use + # vacuum_cost_limit + + +#--------------------------------------------------------------------------- +# CLIENT CONNECTION DEFAULTS +#--------------------------------------------------------------------------- + +# - Statement Behavior - + +#search_path = '$user,public' # schema names +#default_tablespace = '' # a tablespace name, '' uses + # the default +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#statement_timeout = 0 # 0 is disabled, in milliseconds + +# - Locale and Formatting - + +#datestyle = 'iso, mdy' +#timezone = unknown # actually, defaults to TZ + # environment setting +#australian_timezones = off +#extra_float_digits = 0 # min -15, max 2 +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb -- they might be changed +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# - Other Defaults - + +#explain_pretty_print = on +#dynamic_library_path = '$libdir' + + +#--------------------------------------------------------------------------- +# LOCK MANAGEMENT +#--------------------------------------------------------------------------- + +#deadlock_timeout = 1000 # in milliseconds +#max_locks_per_transaction = 64 # min 10 +# note: each lock table slot uses ~220 bytes of shared memory, and there are +# max_locks_per_transaction * (max_connections + max_prepared_transactions) +# lock table slots. + + +#--------------------------------------------------------------------------- +# VERSION/PLATFORM COMPATIBILITY +#--------------------------------------------------------------------------- + +# - Previous Postgres Versions - + +#add_missing_from = off +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = off +#regex_flavor = advanced # advanced, extended, or basic +#sql_inheritance = on + +# - Other Platforms & Clients - + +#transform_null_equals = off + + +#--------------------------------------------------------------------------- +# CUSTOMIZED OPTIONS +#--------------------------------------------------------------------------- + +#custom_variable_classes = '' # list of custom variable class names