Updated

djthorpe · djthorpe · commit 2a31cae35cf5 · 2025-01-23T18:36:21.000+01:00
diff --git a/scripts/10_primary.sh b/scripts/10_primary.sh
@@ -1,4 +1,6 @@
 #!/bin/bash
+# Script runs on a primary instance to set up replication slots
+# The primary instance should be started before the replicas
 set -e
 
 # Script should only run on the primary node
diff --git a/scripts/20_replica.sh b/scripts/20_replica.sh
@@ -1,4 +1,6 @@
 #!/bin/bash
+# Script runs on a replica node to backup from the primary and set up replication
+# The primary instance should be running before starting the replica
 set -e
 
 # Script should only run on the primary node
diff --git a/scripts/30_ssl.sh b/scripts/30_ssl.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+# Script runs on any instance to set up SSL
+# https://www.postgresql.org/docs/current/ssl-tcp.html#SSL-OPENSSL-CONFIG
+set -e
+
+# Set configuration for replication
+CONF="${PGDATA}/postgresql.conf"
+
+if [ ! -z "${POSTGRES_SSL_CERT}" ]; then
+    if [ ! -f "${POSTGRES_SSL_CERT}" ]; then
+        echo "POSTGRES_SSL_CERT file not found."
+        exit 1
+    fi
+    sed -i -e"s/^#ssl_cert_file.*$/ssl_cert_file=${POSTGRES_SSL_CERT}/" ${CONF}
+fi
+
+if [ ! -z "${POSTGRES_SSL_KEY}" ]; then
+    if [ ! -f "${POSTGRES_SSL_KEY}" ]; then
+        echo "POSTGRES_SSL_KEY file not found."
+        exit 1
+    fi
+    sed -i -e"s/^#ssl_key_file.*$/ssl_key_file=${POSTGRES_SSL_KEY}/" ${CONF}
+fi
+
+if [ ! -z "${POSTGRES_SSL_CA}" ]; then
+    if [ ! -f "${POSTGRES_SSL_CA}" ]; then
+        echo "POSTGRES_SSL_CA file not found."
+        exit 1
+    fi
+    sed -i -e"s/^#ssl_ca_file.*$/ssl_ca_file=${POSTGRES_SSL_CA}/" ${CONF}
+fi
diff --git a/scripts/40_databases.sh b/scripts/40_databases.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+# Script runs on a primary instance to create databases and roles
+set -e
+
+# Script should only run on the primary node
+if [ ! -z "${POSTGRES_REPLICATION_PRIMARY}" ]; then
+    echo "Skipping database initialisation on a replica."
+    exit 0
+fi
+
+# Create the databases
+IFS=',' read -r -a array <<< "${POSTGRES_DATABASES}"
+for NAME in "${array[@]}"; do
+    # if there is an environment variable called POSTGRES_PASSWORD_<NAME>, then use that password
+    if [ ! -z "${!POSTGRES_PASSWORD_${NAME}}" ]; then
+        ALTER_ROLE="ALTER ROLE ${NAME} WITH PASSWORD ${!POSTGRES_PASSWORD_${NAME}}"
+    else
+        ALTER_ROLE="ALTER ROLE ${NAME} WITH NOLOGIN"
+    fi
+    # Execute SQL to create the database and role
+    psql -v ON_ERROR_STOP=1 --username "${POSTGRES_USER}" --dbname "${POSTGRES_DB}" <<-EOSQL
+        DO $$ BEGIN
+            -- Create database
+            CREATE EXTENSION IF NOT EXISTS dblink;
+            IF NOT EXISTS (
+                SELECT 1 FROM pg_database WHERE datname = '${NAME}'
+            ) THEN
+                PERFORM dblink_exec('dbname=${POSTGRES_DB}', 'CREATE DATABASE ${NAME}');
+            END IF;
+
+            -- Create role
+            CREATE ROLE ${NAME};
+            ${ALTER_ROLE};
+            ALTER DATABASE ${NAME} OWNER TO ${NAME};
+            EXCEPTION WHEN duplicate_object THEN RAISE NOTICE '%, skipping', SQLERRM USING ERRCODE = SQLSTATE;
+        END $$;
+EOSQL
+done
