add postgresql bdr role

roles/postgresql_server_bdr/files/backup-database

@@ -0,0 +1,10 @@
+#!/bin/bash
+# Backup a database *locally* to /backups/.
+
+DB=$1
+
+# Make our latest backup
+/usr/bin/pg_dump --exclude-table-data=sessions -C $DB | /usr/bin/xz > /backups/$DB-$(date +%F).dump.xz
+
+# Also, delete the backup from a few days ago.
+rm -f /backups/$DB-$(date --date="2 days ago" +%F).dump.xz

roles/postgresql_server_bdr/files/fasdb-cleanup-sessions

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+PGOPTIONS='-c maintenance_work_mem=1048576'
+SESSIONDBS='fas2'
+
+# Clean out old sessions since TurboGears doesn't
+for db in $SESSIONDBS; do
+/usr/bin/psql $db > /dev/null <<EOF
+delete from visit where expiry < now() - interval '1h';
+delete from visit_identity where visit_key not in (select visit_key from visit);
+EOF
+done

roles/postgresql_server_bdr/files/fasdb-cleanup-sessions.cron

@@ -0,0 +1,6 @@
+SHELL=/bin/bash
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+MAILTO=root@fedoraproject.org
+HOME=/
+
+*/10 * * * * postgres /usr/local/bin/fasdb-cleanup-sessions

roles/postgresql_server_bdr/files/kill_idle_xact_92.sh

@@ -0,0 +1,76 @@
+#!/bin/bash
+
+# please configure by setting the folloiwng shell variables
+
+# REQUIRED: set location of log file for logging killed transactions
+LOGFILE=/var/lib/pgsql/kill_idle.log
+
+# REQUIRED: set timelimit for oldest idle transaction, in minutes
+IDLETIME=30
+
+# REQUIRED: set time limit for the oldest lock wait, in minutes
+LOCKWAIT=30
+
+# REQUIRED: set time limit for the oldest active transaction, in minutes
+XACTTIME=120
+
+# REQUIRED: set users to be ignored and not kill idle transactions
+# generally you want to omit the postgres superuser and the user
+# pg_dump runs as from being killed
+# if you have no users like this, just set both to XXXXX
+SUPERUSER=postgres
+BACKUPUSER=XXXXX
+
+# REQUIRED: path to psql, since cron often lacks search paths
+PSQL=/bin/psql
+
+# OPTIONAL: set these connection variables.  if you are running as the
+# postgres user on the local machine with passwordless login, you will
+# not needto set any of these
+PGHOST=
+PGUSER=postgres
+PGPORT=
+PGPASSWORD=
+PGDATABASE=koji
+
+# you should not need to change code below this line
+####################################################
+
+export PGHOST
+export PGUSER
+export PGPORT
+export PGPASSWORD
+export PGDATABASE
+exec >> $LOGFILE 2>&1
+
+date
+
+$PSQL -q -t -c "SELECT lock_monitor.log_table_locks()"
+$PSQL -q -t -c "SELECT lock_monitor.log_txn_locks()"
+
+KILLQUERY="WITH idles AS (
+SELECT now() as ts, datname, pid, usename, application_name,
+    client_addr, backend_start, xact_start, state_change,
+    waiting, query, pg_terminate_backend(pid)
+FROM pg_stat_activity
+WHERE
+  -- avoid system users
+  usename != '${SUPERUSER}'
+  AND usename != '${BACKUPUSER}'
+  AND (
+  -- terminate idle txns
+    ( state = 'idle in transaction' AND ( now() - state_change ) > '${IDLETIME} minutes' )
+    -- terminate lock waits
+    OR
+    ( state = 'active' AND waiting AND ( now() - state_change ) > '${LOCKWAIT} minutes' )
+    -- terminate old txns
+    OR
+    ( state = 'active' AND ( now() - xact_start ) > '${XACTTIME} minutes' )
+  )
+)
+INSERT INTO lock_monitor.activity
+SELECT * FROM idles;"
+
+$PSQL -q -t -c "${KILLQUERY}"
+
+exit 0

roles/postgresql_server_bdr/files/koji-cleanup-locks.cron

@@ -0,0 +1,6 @@
+SHELL=/bin/bash
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+MAILTO=root@fedoraproject.org
+HOME=/
+
+*/10 * * * * postgres /usr/local/bin/kill_idle_xact_92.sh

roles/postgresql_server_bdr/files/koji-cleanup-sessions.cron

@@ -0,0 +1,6 @@
+SHELL=/bin/bash
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+MAILTO=root@fedoraproject.org
+HOME=/
+
+0 0 * * * postgres /usr/bin/psql -q -c "DELETE FROM sessions WHERE update_time < now() - '1 day'::interval" koji

roles/postgresql_server_bdr/files/pg_hba.conf

@@ -0,0 +1,80 @@
+# PostgreSQL Client Authentication Configuration File
+# ===================================================
+#
+# Refer to the PostgreSQL Administrator's Guide, chapter "Client
+# Authentication" for a complete description.  A short synopsis
+# follows.
+#
+# This file controls: which hosts are allowed to connect, how clients
+# are authenticated, which PostgreSQL user names they can use, which
+# databases they can access.  Records take one of these forms:
+#
+# local      DATABASE  USER  METHOD  [OPTION]
+# host       DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
+# hostssl    DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
+# hostnossl  DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
+#
+# (The uppercase items must be replaced by actual values.)
+#
+# The first field is the connection type: "local" is a Unix-domain socket,
+# "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl" is an
+# SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP socket.
+#
+# DATABASE can be "all", "sameuser", "samerole", a database name, or
+# a comma-separated list thereof.
+#
+# USER can be "all", a user name, a group name prefixed with "+", or
+# a comma-separated list thereof.  In both the DATABASE and USER fields
+# you can also write a file name prefixed with "@" to include names from
+# a separate file.
+#
+# CIDR-ADDRESS specifies the set of hosts the record matches.
+# It is made up of an IP address and a CIDR mask that is an integer
+# (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies
+# the number of significant bits in the mask.  Alternatively, you can write
+# an IP address and netmask in separate columns to specify the set of hosts.
+#
+# METHOD can be "trust", "reject", "md5", "crypt", "password",
+# "krb5", "ident", or "pam".  Note that "password" sends passwords
+# in clear text; "md5" is preferred since it sends encrypted passwords.
+#
+# OPTION is the ident map or the name of the PAM service, depending on METHOD.
+#
+# Database and user names containing spaces, commas, quotes and other special
+# characters must be quoted. Quoting one of the keywords "all", "sameuser" or
+# "samerole" makes the name lose its special character, and just match a
+# database or username with that name.
+#
+# This file is read on server startup and when the postmaster receives
+# a SIGHUP signal.  If you edit the file on a running system, you have
+# to SIGHUP the postmaster for the changes to take effect.  You can use
+# "pg_ctl reload" to do that.
+
+# Put your actual configuration here
+# ----------------------------------
+#
+# If you want to allow non-local connections, you need to add more
+# "host" records. In that case you will also need to make PostgreSQL listen
+# on a non-local interface via the listen_addresses configuration parameter,
+# or via the -i or -h command line switches.
+#
+
+#@authcomment@
+
+# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
+
+#@remove-line-for-nolocal@# "local" is for Unix domain socket connections only
+#@remove-line-for-nolocal@local   all         all                               @authmethod@
+# IPv4 local connections:
+#host    all         all         127.0.0.1/32          @authmethod@
+# IPv6 local connections:
+#host    all         all         ::1/128               @authmethod@
+
+local  all    all             ident
+host koji koji 10.5.126.61 255.255.255.255 md5
+host all all 0.0.0.0 0.0.0.0 md5
+# Note, I can't think of a reason to make this more restrictive than ipv4 but
+# only fakefas needs it so far
+host all all ::1/128 md5
+
+