PostgreSQL repmgr + VIP + logical replication 高可用性與邏輯同步架構安裝實做版本 PostgreSQL 14.2 repmgr 5.3 (7) Config log rotation & systemd & selinux

4/03/2022 02:00:00 上午

Config Log rotation

[root@pgrep1 bin]# vim /etc/logrotate.d/repmgr

/tmp/repmgr.log {
        missingok
        compress
        rotate 52
        maxsize 100M
        weekly
        create 0600 pgadm postgres
}

Config systemd on PostgreSQL & repmgr

Create systemd on repmgr

[root@pgrep1 ~]# vim /lib/systemd/system/repmgrd.service

[Unit]
Description=repmgrd monitor service
After=network.target auditd.service

[Service]
Type=sample
User=pgadm
ExecStart=/pgbin/pghome_1/bin/repmgrd -f /pgdata/repmgr.conf -d
KillMode=process
Restart=on-failure
ExecStop=/bin/kill -s TERM $MAINPID

[Install]
WantedBy=multi-user.target

[root@pgrep1 ~]# systemctl enable repmgrd.service

Create systemd on PostgreSQL

[root@pgrep1 ~]# vim /lib/systemd/system/postgresql.service

[Unit]
Description=PostgreSQL Database Server
After=network.target

[Service]
Type=forking
User=pgadm
Group=postgres
Environment=PGDATA=/pgdata/dbdata
Environment=PGHOME=/pgbin/pghome_1
ExecStart=/pgbin/pghome_1/bin/pg_ctl start -D ${PGDATA} -s
ExecStop=/pgbin/pghome_1/bin/pg_ctl stop -D ${PGDATA} -s
ExecReload=/pgbin/pghome_1/bin/pg_ctl reload -D ${PGDATA} -s
TimeoutSec=0

[Install]
WantedBy=multi-user.target

[root@pgrep1 ~]# systemctl enable postgresql.service

Config selinux for PostgreSQL

[root@pgrep2 ~]# audit2allow -a > init_t.te
[root@pgrep2 ~]# cat init_t.te

#============= init_t ==============

#!!!! This avc is allowed in the current policy
allow init_t default_t:file { execute execute_no_trans map open read };

#!!!! This avc is allowed in the current policy
allow init_t hugetlbfs_t:file { map read write };

#!!!! This avc is allowed in the current policy
allow init_t initrc_t:shm unix_read;

#!!!! This avc is allowed in the current policy
allow init_t tmp_t:sock_file { create setattr unlink };

#!!!! This avc is allowed in the current policy
allow init_t unlabeled_t:dir { add_name remove_name };

#!!!! This avc is allowed in the current policy
allow init_t unlabeled_t:file { append create rename unlink write };

#!!!! This avc is allowed in the current policy
allow init_t unlabeled_t:lnk_file read;

#!!!! This avc is allowed in the current policy
allow init_t unreserved_port_t:tcp_socket name_connect;

#!!!! This avc is allowed in the current policy
allow init_t user_home_t:file { open read };

#============= unconfined_t ==============

#!!!! This avc is allowed in the current policy
allow unconfined_t init_t:file relabelto;

build pp from te

# Compile the module
[root@pgrep2 ~] checkmodule -M -m -o init_t.mod init_t.te

# Create the package
[root@pgrep2 ~] semodule_package -o init_t.pp -m init_t.mod

# Load the module into the kernel
[root@pgrep2 ~] semodule -i init_t.pp

PostgreSQL repmgr + VIP + logical replication 高可用性與邏輯同步架構安裝實做版本 PostgreSQL 14.2 repmgr 5.3 (1) 架構介紹與前置作業

PostgreSQL repmgr + VIP + logical replication 高可用性與邏輯同步架構安裝實做版本 PostgreSQL 14.2 repmgr 5.3 (2) PostgreSQL、repmgr 安裝與 PostgreSQL 資料庫設定

PostgreSQL repmgr + VIP + logical replication 高可用性與邏輯同步架構安裝實做版本 PostgreSQL 14.2 repmgr 5.3 (3) repmgr Cluster設定

PostgreSQL repmgr + VIP + logical replication 高可用性與邏輯同步架構安裝實做版本 PostgreSQL 14.2 repmgr 5.3 (4) repmgr switchover/failover 與 VIP 權限設定

PostgreSQL repmgr + VIP + logical replication 高可用性與邏輯同步架構安裝實做版本 PostgreSQL 14.2 repmgr 5.3 (5) repmgr auto failover

PostgreSQL repmgr + VIP + logical replication 高可用性與邏輯同步架構安裝實做版本 PostgreSQL 14.2 repmgr 5.3 (6) logical replication

PostgreSQL repmgr + VIP + logical replication 高可用性與邏輯同步架構安裝實做版本 PostgreSQL 14.2 repmgr 5.3 (7) Config log rotation & systemd & selinux