Postgresql修改集羣(實例)的配置

1) 修改集羣(實例)的配置,要求以下:
a. 運行日誌路徑/pglog
b. 運行日誌格式修改成'csvlog'
c. 天天生成一個新的日誌文件
d. 不限制單個日誌文件的大小
e. PostgreSQL 的運行 log 日誌須要保留最近 1 個月的 log 日誌文件。
f. 最多容許 100 個非超級用戶的鏈接連入數據庫中。
g. 運行日誌內容中要體現時間戳(帶毫秒,不適用 unix 時間戳),用戶名,數據庫名稱和進程 ID,依照上述順序
h. 須要監聽的地址設置爲*,
i. 開啓全頁寫配置
j. 數據庫用戶的密碼加密算法修改成 scram-sha-256,並確保數據庫用戶能正常登陸。
k. 配置好.pgpass 文件,以便 postgres 用戶能夠免密輸入
pg10@data01 ~]$ psql -d postgres -U postgres
psql (10.14)
Type "help" for help.算法

postgres=# alter system set logging_collector=on;
ALTER SYSTEM
postgres=# \q
[pg10@data01 ~]$ su - root
Password:
Last login: Mon Jan 4 22:27:02 CST 2021 on pts/1
[root@data01 ~]# mkdir /pglog
[root@data01 ~]# chown pg10.pg10 /pglog
[root@data01 ~]# exit
logout
[pg10@data01 ~]$ psql -d postgres -U postgres
psql (10.14)
Type "help" for help.sql

postgres=# show log_directory;
log_directory
---------------
log
(1 row)數據庫

postgres=# alter system set log_directory='/pglog';
ALTER SYSTEM
postgres=# show log_destination;
log_destination
---------------
stderr
(1 row)app

postgres=# alter system set log_destination=csvlog;
ALTER SYSTEM
postgres=# ide

[pg10@data01 ~]$ psql -d postgres -U postgres
psql (10.14)
Type "help" for help.post

postgres=# alter system set logging_collector=on;
ALTER SYSTEM
postgres=# \q
[pg10@data01 ~]$ su - root
Password:
Last login: Mon Jan 4 22:27:02 CST 2021 on pts/1
[root@data01 ~]# mkdir /pglog
[root@data01 ~]# chown pg10.pg10 /pglog
[root@data01 ~]# exit
logout
[pg10@data01 ~]$ psql -d postgres -U postgres
psql (10.14)
Type "help" for help.加密

postgres=# show log_directory;3d

log_directory unix

log
(1 row)**rest

postgres=# alter system set log_directory='/pglog';
ALTER SYSTEM
postgres=# show log_destination;
log_destination
stderr
(1 row)

postgres=# alter system set log_destination=csvlog;
ALTER SYSTEM
postgres=#
postgres=#
postgres=#
postgres=#
postgres=#
postgres=# alter system set password_encryption='scram-sha-256';
ALTER SYSTEM
postgres=# alter system set listen_address='*';
ERROR: unrecognized configuration parameter "listen_address"
postgres=# alter system set listen_addresses='*';
ALTER SYSTEM
postgres=# alter system set log_rotation_size =0;
ALTER SYSTEM
postgres=# alter system set log_truncate_on_rotation=on;
ALTER SYSTEM
postgres=# alter system set log_line_prefix='%m-%u-%d-%p';
ALTER SYSTEM
postgres=# alter system set log_checkpoints=off;
ALTER SYSTEM
postgres=# alter system set log_rotation_age=1440;
ALTER SYSTEM
postgres=# alter system set log_filename='postgresql.%d';
ALTER SYSTEM
postgres=# alter system set full_page_writes=on;
ALTER SYSTEM
postgres=# alter database postgres connection limit 100;
ALTER DATABASE
postgres=# alter database appdb connection limit 100;
ALTER DATABASE
postgres=#
postgres=#
postgres=# \q
[pg10@data01 ~]$

$ pg_ctl restart -D $PGDATA -l /tmp/logfile

[pg10@data01 ~]$ psql -d postgres -U postgres
psql (10.14)
Type "help" for help.

postgres=# select * from pg_authid;

 
 
rolname        | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypa***ls | rolconnlimit |             rolpassword             |     rolvaliduntil

----------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------------------------------+------------------------
pg10 | t | t | t | t | t | t | t | -1 | |
pg_monitor | f | t | f | f | f | f | f | -1 | |
pg_read_all_settings | f | t | f | f | f | f | f | -1 | |
pg_read_all_stats | f | t | f | f | f | f | f | -1 | |
pg_stat_scan_tables | f | t | f | f | f | f | f | -1 | |
pg_signal_backend | f | t | f | f | f | f | f | -1 | |
postgres | t | t | f | f | t | f | f | -1 | md58974bc84228498bd3aed770083258de1 |
xxx | f | t | f | f | t | f | f | -1 | md5ee7cdcdd6c1b0ae3715c921c03a929e1 |
appuser | f | t | f | t | t | f | f | -1 | md53db339d42b581e6c3ffd248be5660325 | 2022-05-01 00:00:00+08
readonlyuser | f | t | f | f | t | f | f | -1 | md59f9b164f064a95803e4f0f0d0251ea7f |

 
 

(10 rows)

postgres=# ALTER USER postgres WITH PASSWORD '1qaz@WSX';
ALTER ROLE
postgres=# ALTER USER appuser WITH PASSWORD '1qaz@WSX';
ALTER ROLE
postgres=# ALTER USER readonlyuser WITH PASSWORD '1qaz@WSX';
ALTER ROLE
postgres=# ALTER USER xxx WITH PASSWORD '1qaz@WSX';
ALTER ROLE
postgres=# select * from pg_authid;
rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypa***ls | rolconnlimit | rolpassword
| rolvaliduntil
----------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+----------------------------------------------------------------------------------------------------------------------
-----------------+------------------------

pg10                 | t        | t          | t             | t           | t           | t              | t            |           -1 |                                                                                                                      
                 | 
 pg_monitor           | f        | t          | f             | f           | f           | f              | f            |           -1 |                                                                                                                      
                 | 
 pg_read_all_settings | f        | t          | f             | f           | f           | f              | f            |           -1 |                                                                                                                      
                 | 
 pg_read_all_stats    | f        | t          | f             | f           | f           | f              | f            |           -1 |                                                                                                                      
                 | 
 pg_stat_scan_tables  | f        | t          | f             | f           | f           | f              | f            |           -1 |                                                                                                                      
                 | 
 pg_signal_backend    | f        | t          | f             | f           | f           | f              | f            |           -1 |                                                                                                                      
                 | 
 postgres             | t        | t          | f             | f           | t           | f              | f            |           -1 | SCRAM-SHA-256$4096:+R8EIMEgg2BPUxJB93UHvQ==$ECWx/3bfao9Cl8UOnuKRGcQALwZo5ES9xFSgQjnVcfs=:29ZHkjRGuPi/kKj+xgqgQ7IHRkr/
eXRaZhWwP5fk/Ew= | 
 appuser              | f        | t          | f             | t           | t           | f              | f            |           -1 | SCRAM-SHA-256$4096:gOzsiSoQaB1Zg/JSCqpfRg==$5Oo8o/RHS6AGKmmu/hFEGb+twK6YchsQMazU9E+L2gk=:bu1YVl3dyj+X1+0XGWQ2KRF/dRGJ
eG0D3B/zEwtnJN4= | 2022-05-01 00:00:00+08
 readonlyuser         | f        | t          | f             | f           | t           | f              | f            |           -1 | SCRAM-SHA-256$4096:DIyZg6JQao2QLdV62onyGA==$ykKdKV3kitcI+M8dYW30LntPcKf+Cfmf4907rcyOg8A=:qlSk1WpcU59OBznTGH+td1zw7v5A
5oeBjBQ9wyqSUno= | 
 xxx                  | f        | t          | f             | f           | t           | f              | f            |           -1 | SCRAM-SHA-256$4096:PY1RyRR7u/WXt7ACaoJKSw==$tFswveoRSs7vwXnCDRnKHi22RdYs97xm7CfwY4qFSpk=:UGppJ9FQU/0f6KWgkZyyFrf7Onc+
Pow8RMr2UkIRMOU= |

(10 rows)

配置pg_hba.conf
[pg10@data01 ~]$ egrep -v "^#" $PGDATA/pg_hba.conf | egrep "scram-sha-256|reject"
local all postgres scram-sha-256
host all postgres 0.0.0.0/0 reject
host all all 0.0.0.0/0 scram-sha-256

而後pg_ctl reload

相關文章
相關標籤/搜索