mirror
/
docker-postgis
kopia lustrzana https://github.com/kartoza/docker-postgis
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

use predefined pg roles (#337) 

* use predefined pg roles

* remove sql for specifying default priviledges
pull/341/head
mazano 2021-11-09 17:24:55 +02:00 zatwierdzone przez GitHub
rodzic c32d905c86
commit bb31561819
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: 4AEE18F83AFDEB23
3 zmienionych plików z 6 dodań i 12 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

15
README.md
Wyświetl plik

@ -568,17 +568,12 @@ we can't write new data to it. The whole database cluster will be replicated.
#### Database permissions #### Database permissions
Since we are using a role ${REPLICATION_USER}, we need to ensure that it has access to all The role ${REPLICATION_USER} uses the default group role `pg_read_all_data`.
the tables in a particular schema. So if a user adds another schema called `data` You can read more about this from the [PostgreSQL documentation](https://www.postgresql.org/docs/14/predefined-roles.html)
to the database `gis` he also has to update the permission for the user
with the following SQL assuming the ${REPLICATION_USER} is called replicator
```sql **NB** If you do not pass the env variable `-e REPLICATION_PASS` a random strong
ALTER DEFAULT PRIVILEGES IN SCHEMA data GRANT SELECT ON TABLES TO replicator; password will be generated. This is visible in the startup logs as well
``` as a text file within the container in `/tmp`.
**NB** You need to set up a strong password for replication otherwise the
default password for ${REPLICATION_USER} will default to `replicator`
To experiment with the replication abilities, you can see a [docker-compose.yml](sample/replication/docker-compose.yml) To experiment with the replication abilities, you can see a [docker-compose.yml](sample/replication/docker-compose.yml)
sample. There are several environment variables that you can set, such as: sample. There are several environment variables that you can set, such as:

1
scripts/setup-database.sh
Wyświetl plik

@ -122,7 +122,6 @@ for db in $(echo ${POSTGRES_DBNAME} | tr ',' ' '); do
echo "Loading legacy sql" echo "Loading legacy sql"
su - postgres -c "psql ${db} -f ${SQLDIR}/legacy_minimal.sql" || true su - postgres -c "psql ${db} -f ${SQLDIR}/legacy_minimal.sql" || true
su - postgres -c "psql ${db} -f ${SQLDIR}/legacy_gist.sql" || true su - postgres -c "psql ${db} -f ${SQLDIR}/legacy_gist.sql" || true
PGPASSWORD=${POSTGRES_PASS} psql ${db} -U ${POSTGRES_USER} -p 5432 -h localhost -c "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO ${REPLICATION_USER};"
if [[ "$WAL_LEVEL" == 'logical' ]];then if [[ "$WAL_LEVEL" == 'logical' ]];then
PGPASSWORD=${POSTGRES_PASS} psql ${db} -U ${POSTGRES_USER} -p 5432 -h localhost -c "CREATE PUBLICATION logical_replication;" PGPASSWORD=${POSTGRES_PASS} psql ${db} -U ${POSTGRES_USER} -p 5432 -h localhost -c "CREATE PUBLICATION logical_replication;"
fi fi

2
scripts/setup-user.sh
Wyświetl plik

@ -37,4 +37,4 @@ if [ -z "$RESULT_REPLICATION" ]; then
COMMANDS="CREATE" COMMANDS="CREATE"
fi fi
su - postgres -c "psql postgres -c \"$COMMANDS USER $REPLICATION_USER WITH REPLICATION ENCRYPTED PASSWORD '$REPLICATION_PASS';\"" su - postgres -c "psql postgres -c \"$COMMANDS USER $REPLICATION_USER WITH REPLICATION ENCRYPTED PASSWORD '$REPLICATION_PASS';\""
su - postgres -c "psql postgres -c \"GRANT pg_read_all_data TO $REPLICATION_USER;\""