#!/bin/bash # fail-herd.sh # # This script is provided for debugging purposes. It should not be used for deploying Bucardo or Postgres, as it has not been vetted for safe Postgres security practices. # # This script is meant to be run on a fresh and patched Ubuntu 14.04 virtual machine with an administrator-privileged account. It was tested on an up-to-date Ubuntu 14.04 VM with patches up to date and openssh-server installed. # # This version of the script FAILS at the last written statement. There is an issue with peer authentication, even when using the 'trust' authentication mode. # # Author: AJN 2015-07-20 set -x set -e # Install packages. sudo apt-get install -y \ bucardo \ postgresql \ postgresql-contrib-9.3 # Set superuser password. The bucardo installation script prompts for the 'postgres' user password on each operation. # (This is but one reason this is not a Bucardo deployment script.) set +x echo -n "Enter a password to use for Postgres superuser (MAY BE VISIBLE AFTER ENTRY):" read -s postgres_superuser_password echo sudo -u postgres psql -U postgres <. sudo sed -i '/# TYPE DATABASE/i \ host bucardo bucardo 127.0.0.1/32 trust' "$pg_hba" #This line appears in the shell transcript if restarting before Bucardo's installation is complete: # # NOTICE: database "bucardo" does not exist, skipping # #Restarting Postgres after Bucardo installation fixes the problem if 'trust' is used, fortunately. sudo service postgresql restart fi # Reset bucardo-related data in case this script is re-run while testing. sudo -u postgres psql -U postgres <. sudo -u postgres createdb test1 sudo -u postgres createdb test2 sudo -u postgres pgbench -i test1 sudo -u postgres pgbench -i test2 # Verify data exists. sudo -u postgres psql -U postgres test1 -c "SELECT COUNT(*) AS tally FROM pgbench_accounts;" sudo -u postgres psql -U postgres test2 -c "SELECT COUNT(*) AS tally FROM pgbench_accounts;" # Set up Bucardo rules. # Additions to wiki statements mainly c/o examples at: . # Modified from wiki statement: 'bucardo_ctl add db test1' # Error from simple adaptation: # # $ sudo -u bucardo bucardo add db test1 # Cannot add database: must supply a database name to connect to # # This wiki documentation no longer appears to be true: "Since we did not provide one, they default to the actual database names." sudo -u bucardo bucardo add db pgbench_generated_test1 dbname=test1 sudo -u bucardo bucardo add db pgbench_generated_test2 dbname=test2 # Modified from wiki statement: 'bucardo_ctl add all tables db=test1 -T history --herd=alpha --verbose' # Error from simple adaptation: # # $ sudo -u bucardo bucardo add all tables db=pgbench_generated_test1 -T pgbench_history --herd=alpha --verbose # Creating relgroup: alpha # DBD::Pg::st execute failed: ERROR: DBI connect('dbname=test1','bucardo',...) failed: FATAL: Peer authentication failed for user "bucardo" at line 62. # CONTEXT: PL/Perl function "validate_goat" at /usr/bin/bucardo line 6237. # # Peer authentication? What happened to the 'trust' setting above? This script also fails here if the sed line above inserts this line: # # host bucardo bucardo localhost trust sudo -u bucardo bucardo add all tables db=pgbench_generated_test1 -T pgbench_history --herd=alpha --verbose