不過現在流行把設置步驟整理成自動化作業,其中一個好處就是避免上面這狀況。其中一個流行的工具叫做 ansible,我最近才開始認識它~
EDB 公司也基於 ansible 提供了這樣的免費取得的工具(BSD 風格的授權),方便一般 PGSQL 使用者或是 EDB 訂閱客戶使用~不但避免了以上困擾,還可以讓大家直接套用原廠的最佳設置建議,同時又省下設定電腦流逝的光陰~
EnterpriseDB/edb-ansible: Ansible code for deploying EDB Postgres database clusters and related products.
Ansible Galaxy - edb_postgres
這篇筆記紀錄一些 EDB/Postgres 的 Ansible 佈署第一次操作體驗。
這邊筆記的方式,採用目前容易取得的主要 Ansible 2.9 版,並使用 2.9 版開始提供的 ansible-galaxy 功能,以簡化操作(我是一個很懶的人~)。不過紀錄之時 Ansible 已經出版 v2.10,但還只能利用 Python 方式安裝。新版 Ansible 會有一些新功能,以下有一兩處有紀錄但還不能用,就留存參考~
設置 edb-ansible Ansible Collection
首先先弄一個測試環境作為 Ansible 操作主機:這邊一樣選 Red Hat 系列的 LXC Container,這次新鮮一點選近期的熱門話題 Rocky Linux 8~labuser@lxdlab:~$ lxc launch images:rockylinux/8/amd64 ansible-control-node Creating ansible-control-node Retrieving image: Unpack: 100% (2.96GB/s) Starting ansible-control-node labuser@lxdlab:~$ labuser@lxdlab:~$ lxc list ansible-control-node +----------------------+---------+----------------------+-----------------------------------------------+-----------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +----------------------+---------+----------------------+-----------------------------------------------+-----------+-----------+ | ansible-control-node | RUNNING | 10.208.102.48 (eth0) | fd42:d985:155b:9a98:216:3eff:fe26:e8a3 (eth0) | CONTAINER | 0 | +----------------------+---------+----------------------+-----------------------------------------------+-----------+-----------+ labuser@lxdlab:~$ labuser@lxdlab:~$ lxc shell ansible-control-node [root@ansible-control-node ~]# cat /etc/*release NAME="Rocky Linux" VERSION="8.4 (Green Obsidian)" ID="rocky" ID_LIKE="rhel fedora" VERSION_ID="8.4" PLATFORM_ID="platform:el8" PRETTY_NAME="Rocky Linux 8.4 (Green Obsidian)" ANSI_COLOR="0;32" CPE_NAME="cpe:/o:rocky:rocky:8.4:GA" HOME_URL="https://rockylinux.org/" BUG_REPORT_URL="https://bugs.rockylinux.org/" ROCKY_SUPPORT_PRODUCT="Rocky Linux" ROCKY_SUPPORT_PRODUCT_VERSION="8" Rocky Linux release 8.4 (Green Obsidian) Rocky Linux release 8.4 (Green Obsidian) Rocky Linux release 8.4 (Green Obsidian) [root@ansible-control-node ~]#
然後就是安裝 ansible,RHEL 會使用產品提供的 Repo 安裝,而免費版的 CentOS Stream 或是 Rocky Linux 則是用 EPEL Repo。
[root@ansible-control-node ~]# dnf install -y epel-release
[root@ansible-control-node ~]# dnf search ansible
Extra Packages for Enterprise Linux Modular 8 - x86_64 564 kB/s | 663 kB 00:01
Extra Packages for Enterprise Linux 8 - x86_64 12 MB/s | 10 MB 00:00
Last metadata expiration check: 0:00:01 ago on Sat Jul 10 15:40:06 2021.
=============================== Name Exactly Matched: ansible ================================
ansible.noarch : SSH-based configuration management, deployment, and task execution system
============================== Name & Summary Matched: ansible ===============================
ansible-collection-ansible-posix.noarch : Ansible Collection targeting POSIX and POSIX-ish
: platforms
ansible-collection-community-general.noarch : Modules and plugins supported by Ansible
: community
ansible-doc.noarch : Documentation for Ansible
ansible-test.noarch : Tool for testing ansible plugin and module code
vim-ansible.noarch : Vim plugin for syntax highlighting ansible's common filetypes
=================================== Name Matched: ansible ====================================
ansible-freeipa.noarch : Roles and playbooks to deploy FreeIPA servers, replicas and clients
================================== Summary Matched: ansible ==================================
ara.noarch : Records Ansible playbooks and makes them easier to understand and troubleshoot
paternoster.noarch : Allows to run ansible playbooks like ordinary python or bash scripts
python3-ara.noarch : Records Ansible playbooks and makes them easier to understand and
: troubleshoot
standard-test-roles.noarch : Standard Test Interface Ansible roles
[root@ansible-control-node ~]#
[root@ansible-control-node ~]# dnf install -y ansible
Last metadata expiration check: 0:12:45 ago on Sat Jul 10 15:40:06 2021.
Dependencies resolved.
==============================================================================================
Package Arch Version Repository Size
==============================================================================================
Installing:
ansible noarch 2.9.23-1.el8 epel 17 M
Installing dependencies:
libsodium x86_64 1.0.18-2.el8 epel 162 k
python3-babel noarch 2.5.1-5.el8 appstream 4.8 M
python3-bcrypt x86_64 3.1.6-2.el8.1 epel 44 k
python3-cffi x86_64 1.11.5-5.el8 baseos 237 k
python3-cryptography x86_64 3.2.1-4.el8 baseos 558 k
python3-jinja2 noarch 2.10.1-2.el8_0 appstream 536 k
python3-jmespath noarch 0.9.0-11.el8 appstream 44 k
python3-markupsafe x86_64 0.23-19.el8 appstream 38 k
python3-pip noarch 9.0.3-19.el8.rocky appstream 19 k
python3-ply noarch 3.9-9.el8 baseos 110 k
python3-pyasn1 noarch 0.3.7-6.el8 appstream 125 k
python3-pycparser noarch 2.14-14.el8 baseos 108 k
python3-pynacl x86_64 1.3.0-5.el8 epel 100 k
python3-pytz noarch 2017.2-9.el8 appstream 53 k
python3-pyyaml x86_64 3.12-12.el8 baseos 192 k
python3-setuptools noarch 39.2.0-6.el8 baseos 162 k
python3-six noarch 1.11.0-8.el8 baseos 37 k
python36 x86_64 3.6.8-2.module+el8.4.0+597+ddf0ddea appstream 18 k
sshpass x86_64 1.06-9.el8 epel 27 k
Installing weak dependencies:
python3-paramiko noarch 2.4.3-1.el8 epel 289 k
Enabling module streams:
python36 3.6
Transaction Summary
==============================================================================================
Install 21 Packages
Total download size: 24 M
Installed size: 128 M
. . .
Installed:
ansible-2.9.23-1.el8.noarch libsodium-1.0.18-2.el8.x86_64
python3-babel-2.5.1-5.el8.noarch python3-bcrypt-3.1.6-2.el8.1.x86_64
python3-cffi-1.11.5-5.el8.x86_64 python3-cryptography-3.2.1-4.el8.x86_64
python3-jinja2-2.10.1-2.el8_0.noarch python3-jmespath-0.9.0-11.el8.noarch
python3-markupsafe-0.23-19.el8.x86_64 python3-paramiko-2.4.3-1.el8.noarch
python3-pip-9.0.3-19.el8.rocky.noarch python3-ply-3.9-9.el8.noarch
python3-pyasn1-0.3.7-6.el8.noarch python3-pycparser-2.14-14.el8.noarch
python3-pynacl-1.3.0-5.el8.x86_64 python3-pytz-2017.2-9.el8.noarch
python3-pyyaml-3.12-12.el8.x86_64 python3-setuptools-39.2.0-6.el8.noarch
python3-six-1.11.0-8.el8.noarch python36-3.6.8-2.module+el8.4.0+597+ddf0ddea.x86_64
sshpass-1.06-9.el8.x86_64
Complete!
[root@ansible-control-node ~]#
[root@ansible-control-node ~]# ansible<Tab><Tab>
ansible ansible-console ansible-inventory ansible-vault
ansible-config ansible-doc ansible-playbook
ansible-connection ansible-galaxy ansible-pull
[root@ansible-control-node ~]#
[root@ansible-control-node ~]# ansible --version
ansible 2.9.23
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, May 19 2021, 03:00:47) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1)]
[root@ansible-control-node ~]#
[root@ansible-control-node ~]# tree /etc/ansible/
/etc/ansible/
|-- ansible.cfg
|-- hosts
`-- roles
1 directory, 2 files
[root@ansible-control-node ~]#
接著就可以取得 edb-ansible 了。
以下指令可以直接在連接外網的環境安裝 ansible 劇本:
[root@ansible-control-node ~]# ansible-galaxy collection install edb_devops.edb_postgres
或是下載劇本再丟到內網環境:取得來源可以從 EDB 的 Ansible Galaxy 頁面看到下載連結,或是從 Github 取得 master branch 下載連結。
[root@ansible-control-node ~]# wget https://galaxy.ansible.com/download/edb_devops-edb_postgres-3.3.2.tar.gz [root@ansible-control-node ~]# ansible-galaxy collection install edb_devops-edb_postgres-3.3.2.tar.gz Process install dependency map Starting collection install process Installing 'edb_devops.edb_postgres:3.3.2' to '/root/.ansible/collections/ansible_collections/edb_devops/edb_postgres' Installing 'community.postgresql:1.1.1' to '/root/.ansible/collections/ansible_collections/community/postgresql' Installing 'ansible.posix:1.1.1' to '/root/.ansible/collections/ansible_collections/ansible/posix' Installing 'community.general:2.1.1' to '/root/.ansible/collections/ansible_collections/community/general' Installing 'community.crypto:1.4.0' to '/root/.ansible/collections/ansible_collections/community/crypto' [root@ansible-control-node ~]#
[root@ansible-control-node ~]# ## Ansible v2.10 才有 [root@ansible-control-node ~]# ansible-galaxy collection download edb_devops.edb_postgres usage: ansible-galaxy collection [-h] COLLECTION_ACTION ... ansible-galaxy collection: error: argument COLLECTION_ACTION: invalid choice: 'download' (choose from 'init', 'build', 'publish', 'install') [root@ansible-control-node ~]#
安裝完之後檢視劇本安裝的狀況
[root@ansible-control-node ~]# tree -L 2 ~/.ansible/collections/
/root/.ansible/collections/
`-- ansible_collections
|-- ansible
|-- community
`-- edb_devops
4 directories, 0 files
[root@ansible-control-node ~]#
[root@ansible-control-node ~]# ## Ansible v2.10 才有 [root@ansible-control-node ~]# ansible-galaxy collection list usage: ansible-galaxy collection [-h] COLLECTION_ACTION ... ansible-galaxy collection: error: argument COLLECTION_ACTION: invalid choice: 'list' (choose from 'init', 'build', 'publish', 'install') [root@ansible-control-node ~]#
接著只要準備適當的主機資產檔(inventory)以及各齣劇本,就可以進行佈署。
以下針對幾個常見場合作演練,分別會進行:
- 標的主機的準備&資產檔準備
- 調整劇本設定
- 安裝檔準備與微調 EDB Ansible
- 佈署&檢驗設置
- 後續收尾(Optional,拔 root 密碼)
測試環境準備與 inventory 設定檔
以下準備兩組裝資料庫的主機,這邊換成嘗試 CentOS 8Stream~其實這完全不影響~labuser@lxdlab:~$ lxc launch images:centos/8-Stream/amd64 pg1 labuser@lxdlab:~$ lxc launch images:centos/8-Stream/amd64 pg2 labuser@lxdlab:~$ lxc list +----------------------+---------+-----------------------+-----------------------------------------------+-----------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +----------------------+---------+-----------------------+-----------------------------------------------+-----------+-----------+ | ansible-control-node | RUNNING | 10.208.102.48 (eth0) | fd42:d985:155b:9a98:216:3eff:fe26:e8a3 (eth0) | CONTAINER | 0 | +----------------------+---------+-----------------------+-----------------------------------------------+-----------+-----------+ | pg1 | RUNNING | 10.208.102.248 (eth0) | fd42:d985:155b:9a98:216:3eff:fecb:6fd1 (eth0) | CONTAINER | 0 | +----------------------+---------+-----------------------+-----------------------------------------------+-----------+-----------+ | pg2 | RUNNING | 10.208.102.188 (eth0) | fd42:d985:155b:9a98:216:3eff:fe36:2f20 (eth0) | CONTAINER | 0 | +----------------------+---------+-----------------------+-----------------------------------------------+-----------+-----------+ labuser@lxdlab:~$ labuser@lxdlab:~$ lxc exec pg1 -- dnf install -y openssh-server sudo labuser@lxdlab:~$ lxc exec pg2 -- dnf install -y openssh-server sudo labuser@lxdlab:~$ lxc exec pg1 -- service sshd start labuser@lxdlab:~$ lxc exec pg2 -- service sshd start
Ansible 號稱用 ssh 進行佈署,因此當然得先開後門打通 ssh 金鑰免密碼登入。
一般安裝軟體都會用 root 帳號或是 sudoer,處置完畢再回收這些高權限帳號,這邊先把 root 相互連通免金鑰登入,後面再拔密碼,或選擇性連金鑰一起移除
labuser@lxdlab:~$ lxc exec pg1 -- passwd root Changing password for user root. New password: BAD PASSWORD: The password is shorter than 8 characters Retype new password: passwd: all authentication tokens updated successfully. labuser@lxdlab:~$ lxc exec pg2 -- passwd root Changing password for user root. New password: BAD PASSWORD: The password is shorter than 8 characters Retype new password: passwd: all authentication tokens updated successfully. labuser@lxdlab:~$
[root@ansible-control-node ~]# ssh-keygen [root@ansible-control-node ~]# ssh-copy-id root@10.208.102.248 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '10.208.102.248 (10.208.102.248)' can't be established. ECDSA key fingerprint is SHA256:eeu5czZ0ofiCEb6f6nDa41DKyxCImTQCsv58kULGVwc. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@10.208.102.248's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@10.208.102.248'" and check to make sure that only the key(s) you wanted were added. [root@ansible-control-node ~]# [root@ansible-control-node ~]# ssh-copy-id root@10.208.102.188 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '10.208.102.188 (10.208.102.188)' can't be established. ECDSA key fingerprint is SHA256:uM83rh8tYxxC2vobxxZyDKBjvN2C3gLLMsC/sM85h4. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@10.208.102.188's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@10.208.102.188'" and check to make sure that only the key(s) you wanted were added. [root@ansible-control-node ~]#
labuser@lxdlab:~$ lxc exec pg1 -- passwd -d root labuser@lxdlab:~$ lxc exec pg2 -- passwd -d root
inventory.yaml 放置:ansible 可以支援 ini 或是 yaml 格式的資產檔,EDB 提供的 Ansible 以 YAML 格式設定。
以下給 pg_inventory.yaml 用來試驗 PGSQL 佈署
---
all:
children:
primary:
hosts:
primary1:
ansible_host: 10.208.102.248
private_ip: 10.208.102.248
standby:
hosts:
standby1:
ansible_host: 10.208.102.188
private_ip: 10.208.102.188
upstream_node_private_ip: 10.208.102.248
replication_type: asynchronous
透過以下指令檢查沒有填錯:注意這邊有多指定 --playbook-dir 以便 ansible 辨識額外擴充的參數
[root@ansible-control-node ~]# ansible-inventory -i pg_inventory.yaml --playbook-dir ~/.ansible/collections/ansible_collections/edb_devops/ --list
{
"_meta": {
"hostvars": {
"primary1": {
"ansible_host": "10.208.102.248",
"private_ip": "10.208.102.248"
},
"standby1": {
"ansible_host": "10.208.102.188",
"private_ip": "10.208.102.188",
"replication_type": "asynchronous",
"upstream_node_private_ip": "10.208.102.248"
}
}
},
"all": {
"children": [
"primary",
"standby",
"ungrouped"
]
},
"primary": {
"hosts": [
"primary1"
]
},
"standby": {
"hosts": [
"standby1"
]
}
}
[root@ansible-control-node ~]#
初步嘗試佈署劇本
各段落角色都有一份可以參考的 Playbook 引用 edb-ansible 的範例,這些都匯集在 roles/ 目錄底下。這邊練習之時,edb-ansible 有提供以下這些功能:- 安裝前準備
- EDB/PGSQL 安裝
- Barman 備份工具安裝
- EFM 高可用工具安裝
- PEM 監控安裝
- pgBouncer / pgPool-II 安裝
- 安裝後設定:可以跟以上分開操作
- 額外的壓測工具
可以參考的參數設定都在個別的 vars/ 底下,而 role 執行作業都在個別的 tasks/ 底下。
Playbook 小節包含:
Playbook 小節包含:
- 標準的內容,如 hosts、name 等,詳情請見其他更好的 Ansible 教學文
- collections 是用來引用 ansible galaxy 的部份
- pretask 部份要參考引用的 collection 的 roles 支援的變數作具體調整,可以利用 ansible-playbook 的 --extra-vars 代入。
- roles 是具體的演員,執行不同功能,可以挑選著用;放置在 roles 章節(廢話~),有些角色有登場次序。
---
- hosts: all
name: Postgres streaming replication deployment playbook
become: yes
gather_facts: yes
collections:
- edb_devops.edb_postgres
pre_tasks:
- name: Initialize the user defined variables
set_fact:
pg_version: 13
pg_type: "PG"
repo_username: "xx"
repo_password: "xx"
disable_logging: false
pg_data: "/pgdata/{{ pg_version }}/data"
pg_wal: "/pgdata/{{ pg_version }}/pg_wal"
pg_log: "/pgdata/{{ pg_version }}/log"
roles:
- role: setup_repo
when: "'setup_repo' in lookup('edb_devops.edb_postgres.supported_roles', wantlist=True)"
- role: install_dbserver
when: "'install_dbserver' in lookup('edb_devops.edb_postgres.supported_roles', wantlist=True)"
- role: init_dbserver
when: "'init_dbserver' in lookup('edb_devops.edb_postgres.supported_roles', wantlist=True)"
- role: setup_replication
when: "'setup_replication' in lookup('edb_devops.edb_postgres.supported_roles', wantlist=True)"
跟上面資產檔檢查一樣,試著找指令檢查一下 Playbook 內容,因為感覺 YAML 總會少個空格就錯..
找到底下這指令會空轉檢查,不過執行到半途會錯
[root@ansible-control-node ~]# ansible-playbook streaming_rep_setup.yml -i pg_inventory.yaml --check
而語法檢查則是以下方式,這邊跟資產檔檢查有一樣狀況,需要指定搭配的資產檔才能檢查完整
[root@ansible-control-node ~]# ansible-playbook streaming_rep_setup.yml -i pg_inventory.yaml --syntax-check
playbook: streaming_rep_setup.yml
[root@ansible-control-node ~]#
以上準備妥當,可以用來執行了。
不過由於這版的 edb-ansible 統一採用 EDB Repo(裡面也有一般 PostgreSQL 套件供標準版訂閱用),這邊修正一下
[root@ansible-control-node ~]# diff -Naur ~/.ansible/collections/ansible_collections/edb_devops/edb_postgres/roles/setup_repo/tasks/PG_RedHat_setuprepos.yml.orig ~/.ansible/collections/ansible_collections/edb_devops/edb_postgres/roles/setup_repo/tasks/PG_RedHat_setuprepos.yml
--- /root/.ansible/collections/ansible_collections/edb_devops/edb_postgres/roles/setup_repo/tasks/PG_RedHat_setuprepos.yml.orig 2021-07-16 16:57:03.888896959 +0000
+++ /root/.ansible/collections/ansible_collections/edb_devops/edb_postgres/roles/setup_repo/tasks/PG_RedHat_setuprepos.yml 2021-07-16 16:22:04.304913695 +0000
@@ -61,6 +61,8 @@
name: "{{ edb_rpm_repo }}"
state: present
become: yes
+ when:
+ - pg_type == 'EPAS'
- name: Set Credentials for EDB Yum Repo
replace:
@@ -68,3 +70,5 @@
regexp: '<username>:<password>'
replace: "{{ repo_username }}:{{ repo_password }}"
become: yes
+ when:
+ - pg_type == 'EPAS'
[root@ansible-control-node ~]#
接著就來執行:通常 Ansible 輸出的執行步驟會一大串,這邊就不完整紀錄,之後再找找把 log 導向檔案的合適方法。
[root@ansible-control-node ~]# ansible-playbook streaming_rep_setup.yml -i pg_inventory.yaml PLAY [Postgres streaming replication deployment playbook] *********************************************************************** TASK [Gathering Facts] ********************************************************************************************************** ok: [standby1] ok: [primary1] . . . 略 . . . TASK [Call manage_dbserver tasks for synchronous_standby_names] ***************************************************************** skipping: [standby1] TASK [edb_devops.edb_postgres.setup_replication : Reset the variables based on the user input] ********************************** ok: [standby1] PLAY RECAP ********************************************************************************************************************** primary1 : ok=72 changed=29 unreachable=0 failed=0 skipped=29 rescued=0 ignored=0 standby1 : ok=58 changed=25 unreachable=0 failed=0 skipped=32 rescued=0 ignored=0 [root@ansible-control-node ~]#
執行完畢之後,ansible 會總結成功失敗的狀況。
不過好像跟指令操作一樣,不能預設出現錯誤後一模一樣方式執行可以重複,因此這塊要留意錯誤訊息。
由於以上體驗操作成功,於是先登入兩個測試環境查看~
注意這邊啟用的是 LXC container,因此查看 ps 指令顯示的東西比較精簡~
labuser@lxdlab:~$ lxc shell pg1 [root@pg1 ~]# ps axu USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.2 172448 7648 ? Ss 07:07 0:04 /sbin/init root 423 0.0 0.1 89480 6036 ? Ss 07:07 0:00 /usr/lib/systemd/systemd-journald root 438 0.0 0.1 91404 5012 ? Ss 07:07 0:00 /usr/lib/systemd/systemd-udevd root 444 0.0 0.1 81612 5024 ? Ss 07:07 0:00 /usr/lib/systemd/systemd-logind dbus 445 0.0 0.0 54048 2928 ? Ss 07:07 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --no root 638 0.0 0.1 81860 3400 ? Ss 07:07 0:00 /sbin/dhclient -1 -q -lf /var/lib/dhclient/dhclient--eth0.leas root 705 0.0 0.1 211600 4552 ? Ssl 07:07 0:00 /usr/sbin/rsyslogd -n root 706 0.0 0.0 22896 2064 ? Ss 07:07 0:00 /usr/sbin/crond -n root 707 0.0 0.0 6548 1088 console Ss+ 07:07 0:00 /sbin/agetty -o -p -- \u --noclear --keep-baud console 115200, root 1201 0.0 0.1 76548 4592 ? Ss 07:14 0:00 /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-po root 1228 0.0 0.2 89300 6836 ? Ss 07:47 0:00 /usr/lib/systemd/systemd --user root 1229 0.0 0.1 214256 3148 ? S 07:47 0:00 (sd-pam) root 2281 0.0 0.0 379164 492 ? Ss 07:51 0:00 gpg-agent --homedir /var/cache/dnf/pgdg-common-38b6c5045045f84 root 2319 0.0 0.0 379164 568 ? Ss 07:51 0:00 gpg-agent --homedir /var/cache/dnf/pgdg13-e81daebfc8b779ec/pub root 2358 0.0 0.0 379164 536 ? Ss 07:51 0:00 gpg-agent --homedir /var/cache/dnf/pgdg12-64e2194e85277659/pub root 2397 0.0 0.0 379164 564 ? Ss 07:51 0:00 gpg-agent --homedir /var/cache/dnf/pgdg11-bf9717a855ad766b/pub root 2436 0.0 0.0 379164 576 ? Ss 07:51 0:00 gpg-agent --homedir /var/cache/dnf/pgdg10-091ccb5136a8fa80/pub root 2475 0.0 0.0 379164 520 ? Ss 07:51 0:00 gpg-agent --homedir /var/cache/dnf/pgdg96-b6cbc5f1e3bd22e1/pub postgres 5543 0.0 0.7 500880 24240 ? Ss 07:53 0:00 /usr/pgsql-13/bin/postmaster -D /var/lib/pgsql/13/data/ postgres 5544 0.0 0.1 351352 5276 ? Ss 07:53 0:00 postgres: logger postgres 5546 0.0 0.2 500820 6476 ? Ss 07:53 0:00 postgres: checkpointer postgres 5547 0.0 0.2 500740 6348 ? Ss 07:53 0:00 postgres: background writer postgres 5548 0.0 0.3 500600 10404 ? Ss 07:53 0:00 postgres: walwriter postgres 5549 0.0 0.2 501176 7364 ? Ss 07:53 0:00 postgres: autovacuum launcher postgres 5550 0.0 0.1 353532 5444 ? Ss 07:53 0:00 postgres: archiver last was 000000010000000000000002.00000028. postgres 5551 0.0 0.1 353508 5144 ? Ss 07:53 0:00 postgres: stats collector postgres 5552 0.0 0.2 501160 7284 ? Ss 07:53 0:00 postgres: logical replication launcher postgres 10683 0.0 0.3 501612 10620 ? Ss 07:54 0:00 postgres: walsender repuser 10.208.102.188(40974) streaming 0/ root 11223 0.0 0.1 321748 4368 pts/0 Ss 08:32 0:00 su -l root 11224 0.0 0.0 12056 2688 pts/0 S 08:32 0:00 -bash root 11244 0.0 0.0 44668 2528 pts/0 R+ 08:33 0:00 ps axu [root@pg1 ~]# [root@pg1 ~]# ls /pgdata/13/ data log pg_wal [root@pg1 ~]# cat /pgdata/13/data/postgresql.auto.conf # Do not edit this file manually! # It will be overwritten by the ALTER SYSTEM command. unix_socket_directories = '/var/run/postgresql' listen_addresses = '*' wal_level = 'replica' max_wal_senders = '10' hot_standby = 'on' max_replication_slots = '10' wal_compression = 'on' wal_log_hints = 'on' wal_keep_size = '160' checkpoint_timeout = '15min' password_encryption = 'scram-sha-256' checkpoint_completion_target = '0.9' archive_mode = 'on' archive_command = '/bin/true' random_page_cost = '1.1' cpu_tuple_cost = '0.03' logging_collector = 'on' log_directory = '/pgdata/13/log' log_line_prefix = '%m [%p%l] %u@%d app=%a ' log_lock_waits = 'on' log_min_duration_statement = '1000' log_temp_files = '0' log_autovacuum_min_duration = '0' autovacuum_max_workers = '5' autovacuum_vacuum_cost_limit = '3000' idle_in_transaction_session_timeout = '10min' shared_preload_libraries = '$libdir/pg_stat_statements' primary_slot_name = 'primary1' ssl = 'on' ssl_ca_file = '/pgdata/13/data/root.crt' ssl_key_file = '/pgdata/13/data/server.key' ssl_cert_file = '/pgdata/13/data/server.crt' ssl_crl_file = '/pgdata/13/data/root.crl' [root@pg1 ~]# [root@pg1 ~]# su - postgres [postgres@pg1 ~]$ echo $PGDATA /var/lib/pgsql/13/data [postgres@pg1 ~]$ psql psql (13.3) Type "help" for help. postgres=# show archive_mode ; archive_mode -------------- on (1 row) postgres=# show archive_command ; archive_command ----------------- /bin/true (1 row) postgres=# postgres=# \x Expanded display is on. postgres=# select * from pg_stat_replication ; -[ RECORD 1 ]----+------------------------------ pid | 10683 usesysid | 16393 usename | repuser application_name | standby1 client_addr | 10.208.102.188 client_hostname | client_port | 40974 backend_start | 2021-07-17 07:54:12.651997+00 backend_xmin | state | streaming sent_lsn | 0/3000148 write_lsn | 0/3000148 flush_lsn | 0/3000148 replay_lsn | 0/3000148 write_lag | flush_lag | replay_lag | sync_priority | 0 sync_state | async reply_time | 2021-07-17 08:37:03.304728+00 postgres=# \q [postgres@pg1 ~]$ ls -a ~ . .. .ansible .bash_profile .pgpass .psql_history 13 [root@pg1 ~]# ls -l /var/lib/pgsql/13/ total 3 drwx------ 2 postgres postgres 2 May 18 13:24 backups lrwxrwxrwx 1 root root 15 Jul 17 07:52 data -> /pgdata/13/data -rw------- 1 postgres postgres 910 Jul 17 07:53 initdb.log [root@pg1 ~]# [postgres@pg1 ~]$ cat ~/.pgpass *:5432:*:repuser:VWXXXpjOVRXXoaAuowAO [postgres@pg1 ~]$
labuser@lxdlab:~$ lxc shell pg2 [root@pg2 ~]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.2 172456 7604 ? Ss 07:07 0:01 /sbin/init root 425 0.0 0.1 89456 5808 ? Ss 07:07 0:00 /usr/lib/systemd/systemd-journald root 437 0.0 0.1 91404 4876 ? Ss 07:07 0:00 /usr/lib/systemd/systemd-udevd dbus 445 0.0 0.0 54048 2768 ? Ss 07:07 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --no root 446 0.0 0.1 81612 4956 ? Ss 07:07 0:00 /usr/lib/systemd/systemd-logind root 638 0.0 0.1 81860 3368 ? Ss 07:07 0:00 /sbin/dhclient -1 -q -lf /var/lib/dhclient/dhclient--eth0.leas root 705 0.0 0.1 211600 4600 ? Ssl 07:07 0:00 /usr/sbin/rsyslogd -n root 706 0.0 0.0 22892 2212 ? Ss 07:07 0:00 /usr/sbin/crond -n root 707 0.0 0.0 6548 1120 console Ss+ 07:07 0:00 /sbin/agetty -o -p -- \u --noclear --keep-baud console 115200, root 1201 0.0 0.1 76548 4540 ? Ss 07:15 0:00 /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-po root 1228 0.0 0.2 89300 6804 ? Ss 07:47 0:00 /usr/lib/systemd/systemd --user root 1229 0.0 0.1 214256 3184 ? S 07:47 0:00 (sd-pam) root 2274 0.0 0.0 379164 580 ? Ss 07:51 0:00 gpg-agent --homedir /var/cache/dnf/pgdg-common-38b6c5045045f84 root 2312 0.0 0.0 379164 500 ? Ss 07:51 0:00 gpg-agent --homedir /var/cache/dnf/pgdg13-e81daebfc8b779ec/pub root 2351 0.0 0.0 379164 584 ? Ss 07:51 0:00 gpg-agent --homedir /var/cache/dnf/pgdg12-64e2194e85277659/pub root 2390 0.0 0.0 379164 548 ? Ss 07:51 0:00 gpg-agent --homedir /var/cache/dnf/pgdg11-bf9717a855ad766b/pub root 2429 0.0 0.0 379164 512 ? Ss 07:51 0:00 gpg-agent --homedir /var/cache/dnf/pgdg10-091ccb5136a8fa80/pub root 2468 0.0 0.0 379164 508 ? Ss 07:51 0:00 gpg-agent --homedir /var/cache/dnf/pgdg96-b6cbc5f1e3bd22e1/pub postgres 5038 0.0 0.7 500788 22452 ? Ss 07:54 0:00 /usr/pgsql-13/bin/postmaster -D /var/lib/pgsql/13/data/ postgres 5040 0.0 0.1 351564 4056 ? Ss 07:54 0:00 postgres: logger postgres 5041 0.0 0.1 501184 5576 ? Ss 07:54 0:00 postgres: startup recovering 000000010000000000000003 postgres 5042 0.0 0.1 500952 5080 ? Ss 07:54 0:00 postgres: checkpointer postgres 5043 0.0 0.1 500788 5120 ? Ss 07:54 0:00 postgres: background writer postgres 5044 0.0 0.1 353564 4184 ? Ss 07:54 0:00 postgres: stats collector postgres 5045 0.0 0.2 507764 9132 ? Ss 07:54 0:02 postgres: walreceiver streaming 0/3000148 root 5917 0.0 0.1 321748 4444 pts/0 Ss 08:33 0:00 su -l root 5918 0.0 0.0 12056 2660 pts/0 S 08:33 0:00 -bash root 5941 0.0 0.0 44668 2508 pts/0 R+ 08:33 0:00 ps aux [root@pg2 ~]# [root@pg2 ~]# ls /pgdata/13/ data log pg_wal [root@pg2 ~]# [root@pg2 ~]# cat /pgdata/13/data/postgresql.auto.conf # Do not edit this file manually! # It will be overwritten by the ALTER SYSTEM command. unix_socket_directories = '/var/run/postgresql' listen_addresses = '*' wal_level = 'replica' max_wal_senders = '10' hot_standby = 'on' max_replication_slots = '10' wal_compression = 'on' wal_log_hints = 'on' wal_keep_size = '160' checkpoint_timeout = '15min' password_encryption = 'scram-sha-256' checkpoint_completion_target = '0.9' archive_mode = 'on' archive_command = '/bin/true' random_page_cost = '1.1' cpu_tuple_cost = '0.03' logging_collector = 'on' log_directory = '/pgdata/13/log' log_line_prefix = '%m [%p%l] %u@%d app=%a ' log_lock_waits = 'on' log_min_duration_statement = '1000' log_temp_files = '0' log_autovacuum_min_duration = '0' autovacuum_max_workers = '5' autovacuum_vacuum_cost_limit = '3000' idle_in_transaction_session_timeout = '10min' shared_preload_libraries = '$libdir/pg_stat_statements' primary_slot_name = 'primary1' ssl = 'on' ssl_ca_file = '/pgdata/13/data/root.crt' ssl_key_file = '/pgdata/13/data/server.key' ssl_cert_file = '/pgdata/13/data/server.crt' ssl_crl_file = '/pgdata/13/data/root.crl' primary_conninfo = 'user=repuser passfile=''/var/lib/pgsql/.pgpass'' channel_binding=prefer host=10.208.102.248 port=5432 application_name=standby1 sslmode=prefer sslcompression=0 ssl_min_protocol_version=TLSv1.2 gssencmode=prefer krbsrvname=postgres target_session_attrs=any' primary_slot_name = 'standby1' [root@pg2 ~]#
從上述觀察這版的 edb-ansible 對資料庫預設安裝行為:
- 連到網路的 Repo 取得套件(這段應該可以自訂~)
- 指定非預設資料庫路徑,透過 soft link 指向,不是調整 systemd unit file
- 自動產生 self-sign SSL 憑證(pg_ssl 參數)
- 使用 replication slot 但沒有設定熔斷(max_slot_wal_keep_size)
- 用 IP 作同步設定,不是用 /etc/hosts 給別名
- 只使用以上 roles 不包含 WAL Archiving
- 預設啟用不少 DB 參數
這邊先紀錄到這邊~這份筆記還只是初步的體驗,而 edb-ansible 也會不斷進步~~
若有興趣讀到這邊的人,歡迎試著使用跟回饋到 edb-ansible~
之後再來進一步熟悉這個東西,紀錄進階筆記~
當然更歡迎各位紀錄自己筆記分享出來~~~~
參考資料
EDB Ansible Playbook 取得連結
EnterpriseDB/edb-ansible: Ansible code for deploying EDB Postgres database clusters and related products.
Ansible Galaxy - edb_postgres
EnterpriseDB/postgres-deployment: EDB Postgres Deployment
EDB Ansible Playbook 資料庫佈署劇本教學
https://www.enterprisedb.com/postgres-tutorials/how-deploy-ansible-scripts-edb-postgres-platform
https://www.enterprisedb.com/blog/provisioning-postgresql-cluster-terraform-and-ansible
https://www.enterprisedb.com/blog/deployment-made-easy-ansible
https://www.enterprisedb.com/blog/ansible-collection-postgresql-and-edb-components
https://www.enterprisedb.com/blog/ansible-tower-and-postgres-reference-architectures
https://github.com/EnterpriseDB/postgres-deployment
https://www.slideshare.net/EnterpriseDB/automating-a-postgresql-high-availability-architecture-with-ansible-german
https://www.enterprisedb.com/blog/get-more-out-edb-ansible-scripts-creating-inventories-ansible-tower
https://www.enterprisedb.com/blog/get-more-out-edb-ansible-scripts-how-create-template-edb-ansible-scripts-ansible-tower
https://www.enterprisedb.com/blog/get-more-out-edb-ansible-scripts-creating-ansible-tower-projects
https://github.com/EnterpriseDB/postgres-deployment/blob/master/edbdeploy/data/ansible/EDB-RA-1.yml
部份有參考過的 Ansible 教學:這實在是太多惹~不過還是放一些意思一下。。
https://www.itzgeek.com/how-tos/linux/centos-how-tos/how-to-install-configure-ansible-on-centos-8-rhel-8.html
https://computingforgeeks.com/how-to-install-and-configure-ansible-on-rhel-8-centos-8/
https://www.tecmint.com/install-ansible-on-centos-rhel-8/
https://stribny.name/blog/ansible-dev/
https://steampunk.si/blog/getting-started-with-ansible/
https://www.digitalocean.com/community/cheatsheets/how-to-execute-ansible-playbooks-to-automate-server-setup
https://www.redhat.com/sysadmin/troubleshoot-ansible-playbooks
https://medium.com/@chihsuan/ansible-自動化部署工具-b2e8b8534a8d
https://tso-liang-wu.gitbook.io/learn-ansible-and-jenkins-in-30-days/ansible/ansible/ansible-role-intro
https://tso-liang-wu.gitbook.io/learn-ansible-and-jenkins-in-30-days/ansible/ansible/ansible-playbook-intro
https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html#directory-layout
https://www.redhat.com/sysadmin/install-ansible-disconnected-node
https://www.reddit.com/r/ansible/comments/lh1do0/ansible_newbie_trying_to_install_an_ansible/
https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-rhel-centos-or-fedora
https://docs.ansible.com/ansible/latest/reference_appendices/logging.html
https://docs.ansible.com/ansible-tower/latest/html/userguide/organizations.html
https://chusiang.gitbooks.io/automate-with-ansible/content/03.how-to-deploy-the-ansible.html
http://dic.vbird.tw/network_project/zunit92.php
[Day 06] 撰寫第一個 Ansible Playbook - iT 邦幫忙::一起幫忙解決難題,拯救 IT 人的一天
https://chusiang.gitbooks.io/automate-with-ansible/content/06.how-to-use-the-ansible.html
https://chusiang.gitbooks.io/automate-with-ansible/content/21.how-to-use-the-roles.html
https://www.digitalocean.com/community/tags/ansible?subtype=tutorial
https://docs.ansible.com/ansible/latest/user_guide/playbooks_tags.html
https://docs.ansible.com/ansible/latest/network/getting_started/first_inventory.html
rothgar/main.yml: Generate /etc/hosts with Ansible · GitHub Gist
https://serverfault.com/questions/832799/ansible-add-ips-from-inventory-to-etc-hosts-of-all-nodes
ansible基础用法5_修改/etc/hosts 文件_zuopiezia的博客
https://docs.ansible.com/ansible/latest/user_guide/playbooks_checkmode.html
https://stackoverflow.com/questions/35339512/ansible-fast-way-to-check-syntax
EnterpriseDB/edb-ansible: Ansible code for deploying EDB Postgres database clusters and related products.
Ansible Galaxy - edb_postgres
EnterpriseDB/postgres-deployment: EDB Postgres Deployment
EDB Ansible Playbook 資料庫佈署劇本教學
https://www.enterprisedb.com/postgres-tutorials/how-deploy-ansible-scripts-edb-postgres-platform
https://www.enterprisedb.com/blog/provisioning-postgresql-cluster-terraform-and-ansible
https://www.enterprisedb.com/blog/deployment-made-easy-ansible
https://www.enterprisedb.com/blog/ansible-collection-postgresql-and-edb-components
https://www.enterprisedb.com/blog/ansible-tower-and-postgres-reference-architectures
https://github.com/EnterpriseDB/postgres-deployment
https://www.slideshare.net/EnterpriseDB/automating-a-postgresql-high-availability-architecture-with-ansible-german
https://www.enterprisedb.com/blog/get-more-out-edb-ansible-scripts-creating-inventories-ansible-tower
https://www.enterprisedb.com/blog/get-more-out-edb-ansible-scripts-how-create-template-edb-ansible-scripts-ansible-tower
https://www.enterprisedb.com/blog/get-more-out-edb-ansible-scripts-creating-ansible-tower-projects
https://github.com/EnterpriseDB/postgres-deployment/blob/master/edbdeploy/data/ansible/EDB-RA-1.yml
部份有參考過的 Ansible 教學:這實在是太多惹~不過還是放一些意思一下。。
https://www.itzgeek.com/how-tos/linux/centos-how-tos/how-to-install-configure-ansible-on-centos-8-rhel-8.html
https://computingforgeeks.com/how-to-install-and-configure-ansible-on-rhel-8-centos-8/
https://www.tecmint.com/install-ansible-on-centos-rhel-8/
https://stribny.name/blog/ansible-dev/
https://steampunk.si/blog/getting-started-with-ansible/
https://www.digitalocean.com/community/cheatsheets/how-to-execute-ansible-playbooks-to-automate-server-setup
https://www.redhat.com/sysadmin/troubleshoot-ansible-playbooks
https://medium.com/@chihsuan/ansible-自動化部署工具-b2e8b8534a8d
https://tso-liang-wu.gitbook.io/learn-ansible-and-jenkins-in-30-days/ansible/ansible/ansible-role-intro
https://tso-liang-wu.gitbook.io/learn-ansible-and-jenkins-in-30-days/ansible/ansible/ansible-playbook-intro
https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html#directory-layout
https://www.redhat.com/sysadmin/install-ansible-disconnected-node
https://www.reddit.com/r/ansible/comments/lh1do0/ansible_newbie_trying_to_install_an_ansible/
https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-rhel-centos-or-fedora
https://docs.ansible.com/ansible/latest/reference_appendices/logging.html
https://docs.ansible.com/ansible-tower/latest/html/userguide/organizations.html
https://chusiang.gitbooks.io/automate-with-ansible/content/03.how-to-deploy-the-ansible.html
http://dic.vbird.tw/network_project/zunit92.php
[Day 06] 撰寫第一個 Ansible Playbook - iT 邦幫忙::一起幫忙解決難題,拯救 IT 人的一天
https://chusiang.gitbooks.io/automate-with-ansible/content/06.how-to-use-the-ansible.html
https://chusiang.gitbooks.io/automate-with-ansible/content/21.how-to-use-the-roles.html
https://www.digitalocean.com/community/tags/ansible?subtype=tutorial
https://docs.ansible.com/ansible/latest/user_guide/playbooks_tags.html
https://docs.ansible.com/ansible/latest/network/getting_started/first_inventory.html
rothgar/main.yml: Generate /etc/hosts with Ansible · GitHub Gist
https://serverfault.com/questions/832799/ansible-add-ips-from-inventory-to-etc-hosts-of-all-nodes
ansible基础用法5_修改/etc/hosts 文件_zuopiezia的博客
https://docs.ansible.com/ansible/latest/user_guide/playbooks_checkmode.html
https://stackoverflow.com/questions/35339512/ansible-fast-way-to-check-syntax
沒有留言:
張貼留言