From 254fa9d2a414492162f72c81a7ab949ebcc25ae6 Mon Sep 17 00:00:00 2001 From: Felix Kunde Date: Fri, 20 Sep 2024 16:41:52 +0200 Subject: [PATCH] still provide daily log and auth views --- postgres-appliance/scripts/post_init.sh | 28 ++++++++++++++++++------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/postgres-appliance/scripts/post_init.sh b/postgres-appliance/scripts/post_init.sh index fe7ef747..f04a50ff 100755 --- a/postgres-appliance/scripts/post_init.sh +++ b/postgres-appliance/scripts/post_init.sh @@ -147,7 +147,7 @@ if [ "$PGVER" -ge 14 ]; then fi # Sunday could be 0 or 7 depending on the format, we just create both -LOG_SHIP_HOURLY=$(echo -e "SELECT text(current_setting('log_rotation_age') = '1h')" | psql -tAX -d postgres 2> /dev/null | tail -n 1) +LOG_SHIP_HOURLY=$(echo "SELECT text(current_setting('log_rotation_age') = '1h')" | psql -tAX -d postgres 2> /dev/null | tail -n 1) for i in $(seq 0 7); do if [ "$LOG_SHIP_HOURLY" != "true" ]; then echo "CREATE FOREIGN TABLE IF NOT EXISTS public.postgres_log_${i} () INHERITS (public.postgres_log) SERVER pglog @@ -162,19 +162,31 @@ for i in $(seq 0 7); do ALTER VIEW public.failed_authentication_${i} OWNER TO postgres; GRANT SELECT ON TABLE public.failed_authentication_${i} TO robot_zmon;" else - for h in $(seq 0 23); do + daily_log="CREATE OR REPLACE VIEW public.postgres_log_${i} AS\n" + daily_auth="CREATE OR REPLACE VIEW public.failed_authentication_${i} WITH (security_barrier) AS\n" + daily_union="" + + echo "DROP FOREIGN TABLE IF EXISTS public.postgres_log_${i};" + + for h in $(seq -w 0 23); do + filter_logs="SELECT * FROM public.postgres_log_${i}_${h} WHERE command_tag = 'authentication' AND error_severity = 'FATAL'" + echo "CREATE FOREIGN TABLE IF NOT EXISTS public.postgres_log_${i}_${h} () INHERITS (public.postgres_log) SERVER pglog OPTIONS (filename '../pg_log/postgresql-${i}-${h}.csv', format 'csv', header 'false'); GRANT SELECT ON public.postgres_log_${i}_${h} TO admin; CREATE OR REPLACE VIEW public.failed_authentication_${i}_${h} WITH (security_barrier) AS - SELECT * - FROM public.postgres_log_${i}_${h} - WHERE command_tag = 'authentication' - AND error_severity = 'FATAL'; + ${filter_logs}; ALTER VIEW public.failed_authentication_${i}_${h} OWNER TO postgres; GRANT SELECT ON TABLE public.failed_authentication_${i}_${h} TO robot_zmon;" + + daily_log="${daily_log}${daily_union}SELECT * FROM public.postgres_log_${i}_${h}\n" + daily_auth="${daily_auth}${daily_union}${filter_logs}\n" + daily_union="UNION ALL\n" done + + echo -e "${daily_log};" + echo -e "${daily_auth};" fi done @@ -192,10 +204,10 @@ while IFS= read -r db_name; do if [ "$UPGRADE_TIMESCALEDB_TOOLKIT" = "t" ]; then echo "ALTER EXTENSION timescaledb_toolkit UPDATE;" fi - UPGRADE_POSTGIS=$(echo -e "SELECT COUNT(*) FROM pg_catalog.pg_extension WHERE extname = 'postgis'" | psql -tAX -d "${db_name}" 2> /dev/null | tail -n 1) + UPGRADE_POSTGIS=$(echo "SELECT COUNT(*) FROM pg_catalog.pg_extension WHERE extname = 'postgis'" | psql -tAX -d "${db_name}" 2> /dev/null | tail -n 1) if [ "$UPGRADE_POSTGIS" = "1" ]; then # public.postgis_lib_version() is available only if postgis extension is created - UPGRADE_POSTGIS=$(echo -e "SELECT extversion != public.postgis_lib_version() FROM pg_catalog.pg_extension WHERE extname = 'postgis'" | psql -tAX -d "${db_name}" 2> /dev/null | tail -n 1) + UPGRADE_POSTGIS=$(echo "SELECT extversion != public.postgis_lib_version() FROM pg_catalog.pg_extension WHERE extname = 'postgis'" | psql -tAX -d "${db_name}" 2> /dev/null | tail -n 1) if [ "$UPGRADE_POSTGIS" = "t" ]; then echo "ALTER EXTENSION postgis UPDATE;" echo "SELECT public.postgis_extensions_upgrade();"