Replace barman with pgmoneta

README.md

@@ -13,7 +13,7 @@ The images makes use of
 * SSL support
 * `pg_stat_statements` integration
 * Pooling using [pgagroal](https://agroal.github.io/pgagroal/)
-* Backup using [barman](https://www.pgbarman.org/)
+* Backup using [pgmoneta](https://pgmoneta.github.io/)
 * Administration with [pgadmin4](https://www.pgadmin.org/)
 * Monitoring with [Grafana](https://grafana.com/), [Prometheus](https://prometheus.io/) and [TimescaleDB](https://www.timescale.com/)
 * Asynchronous replication, up to 5 slaves

pgsql13-barman-centos8/Dockerfile → pgsql13-pgmoneta-centos8/Dockerfile

@@ -19,45 +19,46 @@
 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
 # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
-# pgsql13-barman-centos8
+# pgsql13-pgmoneta-centos8
 FROM centos:centos8
 
 LABEL maintainer="Jesper Pedersen <[email protected]>"
 
-LABEL summary="PostgreSQL 13 Barman" \
-      description="PostgreSQL 13 Barman"
+LABEL summary="PostgreSQL 13 pgmoneta" \
+      description="PostgreSQL 13 pgmoneta"
 
 # COPY conf/licenses /licenses
 
-ENV PGVERSION="13"
-ENV PGROOT="/usr/pgsql-${PGVERSION}"
-
 RUN rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm \
  && rpm -Uvh https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm \
 # && dnf -y update \
- && dnf -y module disable postgresql \
  && dnf -y install wget tar \
- && dnf -y install postgresql13 postgresql13-libs barman crontabs \
+ && dnf -y install pgmoneta \
  && dnf -y clean all
 
+RUN useradd -ms /bin/bash pgmoneta
+
 COPY root/ /
 
-RUN mkdir -p /conf /pgconf /pgbackup
+RUN mkdir -p /conf /pgconf /pgmoneta
 COPY conf/* /conf/
-RUN chown barman:barman /etc/barman.conf
-RUN chown -R barman:barman /conf /pgconf /pgbackup
-RUN chmod 700 /conf /pgconf /pgbackup
+RUN chown -R pgmoneta:pgmoneta /conf /pgconf /pgmoneta
+RUN chmod 700 /conf /pgconf /pgmoneta
 
 RUN mkdir -p /usr/local/bin
 RUN cd /tmp \
- && wget https://github.com/prometheus/node_exporter/releases/download/v1.1.1/node_exporter-1.1.1.linux-amd64.tar.gz \
- && tar xzf node_exporter-1.1.1.linux-amd64.tar.gz \
- && mv node_exporter-1.1.1.linux-amd64/node_exporter /usr/local/bin/node_exporter \
- && rm -Rf node_exporter-1.1.1.linux-amd64 node_exporter-1.1.1.linux-amd64.tar.gz \
- && chown barman:barman /usr/local/bin/node_exporter
+ && wget https://github.com/prometheus/node_exporter/releases/download/v1.2.1/node_exporter-1.2.1.linux-amd64.tar.gz \
+ && tar xzf node_exporter-1.2.1.linux-amd64.tar.gz \
+ && mv node_exporter-1.2.1.linux-amd64/node_exporter /usr/local/bin/node_exporter \
+ && rm -Rf node_exporter-1.2.1.linux-amd64 node_exporter-1.2.1.linux-amd64.tar.gz \
+ && chown pgmoneta:pgmoneta /usr/local/bin/node_exporter
+
+VOLUME ["/pgconf", "/pgmoneta"]
 
-VOLUME ["/pgconf", "/pgbackup"]
+EXPOSE 5001
+EXPOSE 9100
 
-USER barman
+USER pgmoneta
+WORKDIR /home/pgmoneta
 
-CMD ["/usr/bin/run-barman"]
+CMD ["/usr/bin/run-pgmoneta"]

pgsql13-barman-centos8/Makefile → pgsql13-pgmoneta-centos8/Makefile

@@ -19,7 +19,7 @@
 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
 # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
-IMAGE_NAME = pgsql13-barman-centos8
+IMAGE_NAME = pgsql13-pgmoneta-centos8
 
 .PHONY: build
 build:

pgsql13-pgmoneta-centos8/README.md

@@ -0,0 +1,44 @@
+# PostgreSQL pgmoneta
+
+This project contains the PostgreSQL pgmoneta image.
+
+## Getting Started
+
+```bash
+# Create the image
+make build
+
+# Run, and register the container under postgresql-pgmoneta
+podman run -p 5001:5001 -p 9102:9100 --name postgresql-pgmoneta -d -e PG_PRIMARY_NAME=192.168.1.12 -e PG_PRIMARY_PORT=5432 -e PG_REPL_NAME=repl -e PG_REPL_PASSWORD=mypass -e PG_WAL_NAME=backup pgsql13-pgmoneta-centos8
+
+# Shell to postgresql-
+podman exec -it postgresql-pgmoneta /usr/bin/bash
+
+# Stop the container
+podman stop postgresql-pgmoneta
+
+# Start the container
+podman start postgresql-pgmoneta
+
+# Remove the container
+podman rm postgresql-pgmoneta
+```
+
+## Configuration
+
+| Property | Default | Unit | Required | Description |
+|----------|---------|------|----------|-------------|
+| PG_PRIMARY_NAME | | String | Yes | The IP of the PostgreSQL server |
+| PG_PRIMARY_PORT | | String | Yes | The port of the PostgreSQL server |
+| PG_BACKUP_NAME | | String | Yes | The replication user name |
+| PG_BACKUP_PASSWORD | | String | Yes | The replication user password |
+| PG_BACKUP_SLOT | | String | Yes | The name of the WAL slot |
+
+## SSL support
+
+SSL support will be enabled when `/pgconf` contains the files `root.crt`, `server.crt` and `server.key`.
+
+Remember to disable passphase such that the server can boot without a password prompt.
+
+A guide to this can be found [here](https://www.howtoforge.com/postgresql-ssl-certificates).
+Test and production environments should **NOT** be using self-signed certificates.

pgsql13-pgmoneta-centos8/conf/pgmoneta.conf

@@ -0,0 +1,27 @@
+[pgmoneta]
+host = *
+metrics = 5001
+
+base_dir = /home/pgmoneta
+
+compression = zstd
+
+retention = 7
+
+log_type = file
+log_level = info
+log_path = /tmp/pgmoneta.log
+
+unix_socket_dir = /tmp/
+pgsql_dir = /usr/bin/
+
+tls = off
+tls_cert_file = /pgmoneta/server.crt
+tls_key_file = /pgmoneta/server.key
+tls_ca_file = /pgmoneta/root.crt
+
+[primary]
+host = PG_PRIMARY_NAME
+port = PG_PRIMARY_PORT
+user = PG_REPL_NAME
+wal_slot = PG_WAL_NAME

pgsql13-pgmoneta-centos8/root/usr/bin/run-pgmoneta

@@ -0,0 +1,73 @@
+#!/bin/bash
+# The MIT License (MIT)
+#
+# Copyright (c) 2021 Jesper Pedersen <[email protected]>
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the Software
+# is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+# PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+NODE_EXPORTER_PIDFILE=/tmp/node_exporter.pid
+
+function trap_sigterm() {
+    kill -SIGINT $(head -1 $NODE_EXPORTER_PIDFILE)
+}
+
+trap 'trap_sigterm' SIGINT SIGTERM
+
+if [ ! -f /pgmoneta/pgmoneta.conf ]; then
+    export PG_PRIMARY_NAME=${PG_PRIMARY_NAME}
+    export PG_PRIMARY_PORT=${PG_PRIMARY_PORT}
+    export PG_BACKUP_NAME=${PG_BACKUP_NAME}
+    export PG_BACKUP_PASSWORD=${PG_BACKUP_PASSWORD}
+    export PG_BACKUP_SLOT=${PG_BACKUP_SLOT}
+
+    if [ -z "${PG_PRIMARY_NAME}" ] || [ -z "${PG_PRIMARY_PORT}" ] ||
+       [ -z "${PG_BACKUP_NAME}" ] || [ -z "${PG_BACKUP_PASSWORD}" ] || [ -z "${PG_BACKUP_SLOT}" ]; then
+        echo "PG_PRIMARY_NAME, PG_PRIMARY_PORT, PG_BACKUP_NAME, PG_BACKUP_PASSWORD, and PG_BACKUP_SLOT needs to be defined."
+        exit 1
+    fi
+
+    sed -i "s/PG_PRIMARY_NAME/$PG_PRIMARY_NAME/g" /conf/pgmoneta.conf
+    sed -i "s/PG_PRIMARY_PORT/$PG_PRIMARY_PORT/g" /conf/pgmoneta.conf
+    sed -i "s/PG_BACKUP_NAME/$PG_BACKUP_NAME/g" /conf/pgmoneta.conf
+    sed -i "s/PG_BACKUP_SLOT/$PG_BACKUP_SLOT/g" /conf/pgmoneta.conf
+
+    if [ -f /pgconf/root.crt ] && [ -f /pgconf/server.crt ] && [ -f /pgconf/server.key ]; then
+        sed -i "s/tls = off/tls = on/g" /conf/pgmoneta.conf
+
+        cp /pgconf/root.crt /pgmoneta
+        cp /pgconf/server.crt /pgmoneta
+        cp /pgconf/server.key /pgmoneta
+        chmod 0600 /pgmoneta/server.key
+    fi
+
+    cp /conf/pgmoneta.conf /pgmoneta
+
+    pgmoneta-admin -g master-key
+    pgmoneta-admin -f /pgmoneta/pgmoneta_users.conf -U ${PG_BACKUP_NAME} -P ${PG_BACKUP_PASSWORD} add-user
+
+    echo "PATH=/usr/pgsql-13/bin:$PATH" > /home/pgmoneta/.bashrc
+    echo "export PATH" >> /home/pgmoneta/.bashrc
+
+    (crontab -l ; echo "00 06  *   *   0     /usr/bin/pgmoneta-cli -c /pgmoneta/pgmoneta.conf backup primary") | crontab -
+fi
+
+/usr/local/bin/node_exporter >> /tmp/node_exporter.log 2>&1 &
+echo $! > $NODE_EXPORTER_PIDFILE
+
+exec pgmoneta -c /pgmoneta/pgmoneta.conf -a /pgmoneta/pgmoneta_hba.conf -u /pgmoneta/pgmoneta_users.conf "$@"

pgsql13-primary-centos8/README.md

@@ -9,7 +9,7 @@ This project contains the PostgreSQL Primary image.
 make build
 
 # Run, and register the container under postgresql-primary
-podman run -p 5432:5432 -p 9100:9100 --name postgresql-primary -d -e PG_DATABASE=mydb -e PG_USER_NAME=myuser -e PG_USER_PASSWORD=mypass -e PG_REPLICATION_NAME=repl -e PG_REPLICATION_PASSWORD=replpass -e PG_NETWORK_MASK=all -e PG_MONITOR_NAME=monuser -e PG_MONITOR_PASSWORD=monpass pgsql13-primary-centos8
+podman run -p 5432:5432 -p 9100:9100 --name postgresql-primary -d -e PG_DATABASE=mydb -e PG_USER_NAME=myuser -e PG_USER_PASSWORD=mypass -e PG_REPLICATION_NAME=repl -e PG_REPLICATION_PASSWORD=replpass -e PG_BACKUP_NAME=backupuser -e PG_BACKUP_SLOT=backup -e PG_BACKUP_PASSWORD=backuppass -e PG_NETWORK_MASK=all -e PG_MONITOR_NAME=monuser -e PG_MONITOR_PASSWORD=monpass pgsql13-primary-centos8
 
 # psql to postgresql-primary
 psql -h localhost -p 5432 -U myuser mydb
@@ -39,6 +39,9 @@ podman rm postgresql-primary
 | PG_USER_PASSWORD | | | Yes | The password for the user |
 | PG_REPLICATION_NAME | | | Yes | The replication user |
 | PG_REPLICATION_PASSWORD | | | Yes | The password for the replication user |
+| PG_BACKUP_NAME | | | Yes | The backup user |
+| PG_BACKUP_PASSWORD | | | Yes | The password for the backup user |
+| PG_BACKUP_SLOT | | | Yes | The WAL slot for backup |
 | PG_NETWORK_MASK | | | Yes | The network mask for database access |
 | PG_DATABASE_ENCODING | UTF8 | | | The encoding of the database |
 | PG_MAX_CONNECTIONS | 100 | | | `max_connections` setting |

pgsql13-primary-centos8/conf/pg_hba.conf

@@ -88,12 +88,12 @@ local   all             all                                     trust
 #host    all             all             ::1/128                 trust
 # Allow connections from all hosts.
 hostSSL PG_DATABASE     PG_USER_NAME    PG_NETWORK_MASK         PG_PASSWORD_ENCRYPTION
-hostSSL PG_DATABASE     barman          PG_NETWORK_MASK         PG_PASSWORD_ENCRYPTION
+hostSSL postgres        PG_BACKUP_NAME  PG_NETWORK_MASK         PG_PASSWORD_ENCRYPTION
 # Allow replication connections from localhost, by a user with the
 # replication privilege.
 local   replication     all                                     trust
 #host    replication     all             127.0.0.1/32            trust
 #host    replication     all             ::1/128                 trust
 # Allow replication connections from all hosts.
 hostSSL replication     PG_REPLICATION_NAME  PG_NETWORK_MASK    PG_PASSWORD_ENCRYPTION
-hostSSL replication     barman               PG_NETWORK_MASK    PG_PASSWORD_ENCRYPTION
+hostSSL replication     PG_BACKUP_NAME       PG_NETWORK_MASK    PG_PASSWORD_ENCRYPTION