added barman - work-in-progress

Andre Wanderley de Souza · Andre Wanderley de Souza · commit 26a85d50395a · 2019-03-21T17:13:58.000-03:00
diff --git a/Dockerfile b/Dockerfile
@@ -15,7 +15,7 @@ ENV PRIMARY_NODE=localhost
 ENV REPMGR_USER=repmgr
 ENV REPMGR_DB=repmgr
  
-RUN apt-get update; apt-get install -y git make postgresql-server-dev-10 libpq-dev postgresql-10-repmgr repmgr-common
+RUN apt-get update; apt-get install -y git make postgresql-server-dev-10 libpq-dev postgresql-10-repmgr repmgr-common openssh-server
 
 RUN git clone https://github.com/mreithub/pg_recall.git /root/pg_recall/
 RUN cd /root/pg_recall/; make install
@@ -29,12 +29,22 @@ COPY scripts/*.sh /docker-entrypoint-initdb.d/
 COPY promote.sh /usr/local/bin/promote.sh
 
 COPY pgbouncer.pem /var/lib/postgresql/.ssh/id_rsa
+COPY ssh_config /var/lib/postgresql/.ssh/config
 
 RUN chown -R postgres:postgres /var/lib/postgresql/.ssh
 RUN chmod 700 /var/lib/postgresql/.ssh
 RUN chmod 600 /var/lib/postgresql/.ssh/id_rsa
 
-COPY ssh_config /var/lib/postgresql/.ssh/config
+ENV \
+	BARMAN_USER=barman \
+	BARMAN_PASSWORD= \
+	BARMAN_SLOT_NAME=barman \
+	STREAMING_USER=streaming_barman \
+	STREAMING_PASSWORD=
+
+COPY barman.pub /var/lib/postgresql/.ssh/authorized_keys
+RUN chmod 600 /var/lib/postgresql/.ssh/authorized_keys
+RUN chown postgres:postgres /var/lib/postgresql/.ssh/authorized_keys
 
 VOLUME /home/postgres/
 VOLUME /var/lib/postgresql/data/
diff --git a/README.md b/README.md
@@ -17,7 +17,11 @@ This docker image uses the following environment variables (with their defaults
 - `REPMGR_DB=repmgr`
 - `REPMGR_PASSWORD` (required)  
   Use something like `pwgen -n 24 1` to generate a random one (and make sure you use the same one on all your nodes
-- `NODE_HOST=`  
+- `BARMAN_PASSWORD` (required)  
+  Use something like `pwgen -n 24 1` to generate a random one (and make sure you use the same one on all your nodes
+- `STREAMING_PASSWORD` (required)  
+  Use something like `pwgen -n 24 1` to generate a random one (and make sure you use the same one on all your nodes
+- `PRIMARY_NODE=`  
   If set, this is used in the `conninfo` string (used by other nodes to connect to this one.  
   If empty, `hostname -f` is used
   Make sure you use a hostname the others can resolve (or an IP address)
@@ -30,30 +34,42 @@ docker build --tag postgres-repmgr .
 
 docker build --tag postgres-pgbouncer pgbouncer
 
+docker build --tag postgres-barman barman
+
 ### RUN IT
-export REPMGR_PASSWORD=RANDONSTRING
+export REPMGR_PASSWORD=`nicepass --password-length 24`
+
+export BARMAN_PASSWORD=`nicepass --password-length 24`
+
+export STREAMING_PASSWORD=`nicepass --password-length 24`
 
-docker run --name pg-repmgr-1 --network pg_stream -e REPMGR_PASSWORD=$REPMGR_PASSWORD -d postgres-repmgr
+docker run --name pg-repmgr-1 --network pg_stream -e REPMGR_PASSWORD=$REPMGR_PASSWORD -e BARMAN_PASSWORD=$BARMAN_PASSWORD -e STREAMING_PASSWORD=$STREAMING_PASSWORD -d postgres-repmgr
 
 sleep 2
 
-docker run --name pg-repmgr-2 --network pg_stream -e REPMGR_PASSWORD=$REPMGR_PASSWORD -e PRIMARY_NODE=pg-repmgr-1 -d postgres-repmgr
+docker run --name pg-repmgr-2 --network pg_stream -e REPMGR_PASSWORD=$REPMGR_PASSWORD -e BARMAN_PASSWORD=$BARMAN_PASSWORD -e STREAMING_PASSWORD=$STREAMING_PASSWORD -e PRIMARY_NODE=pg-repmgr-1 -d postgres-repmgr
 
 sleep 2
 
-docker run --name pg-repmgr-3 --network pg_stream -e REPMGR_PASSWORD=$REPMGR_PASSWORD -e PRIMARY_NODE=pg-repmgr-1 -d postgres-repmgr
+docker run --name pg-repmgr-3 --network pg_stream -e REPMGR_PASSWORD=$REPMGR_PASSWORD -e BARMAN_PASSWORD=$BARMAN_PASSWORD -e STREAMING_PASSWORD=$STREAMING_PASSWORD -e PRIMARY_NODE=pg-repmgr-1 -d postgres-repmgr
 
 sleep 8
 
 docker exec -it pg-repmgr-2 su -c "repmgr cluster show" - postgres
 sleep 3
 
+
+#### PGBOUNCER
 docker run --name pg-pgbouncer-1 --network pg_stream -e PRIMARY_NODE=pg-repmgr-1 -d postgres-pgbouncer
 
 sleep 1
 
 docker exec -it pg-pgbouncer-1 psql -U postgres -c "select client_addr, state, sent_lsn, write_lsn, flush_lsn, replay_lsn from pg_stat_replication;"
 
+#### BARMAN
+docker run --name pg-barman-1 --network pg_stream -e BARMAN_PASSWORD=$BARMAN_PASSWORD -e STREAMING_PASSWORD=$STREAMING_PASSWORD -e PRIMARY_NODE=pg-repmgr-1 -d postgres-barman
+
+docker exec -it pg-barman-1 barman check pg-repmgr-1
 
 ### FORCE FAILOVER
 [ monitor from another shell ] docker logs -f pg-repmgr-2
@@ -90,10 +106,14 @@ docker kill pg-repmgr-3
 
 docker kill pg-pgbouncer-1
 
+docker kill pg-barman-1
+
 docker rm pg-repmgr-1
 
 docker rm pg-repmgr-2
 
 docker rm pg-repmgr-3
 
 docker rm pg-pgbouncer-1
+
+docker rm pg-barman-1
diff --git a/barman.pub b/barman.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDKBPsbe58VZuNhCrAKMUaD3uhcF/+aSl5MLx/aCIasI72mDZa7eTkmWob3Uus/1YotC52UQLohUQY6b4y4nySO0uXCQ1rXj+C8p1soMrGlr0P2TuP808bYwBaUxFiXDUxg+nrujwcXzoPkxWXd/CmJi48SO5uoJ6IBpeIkMnLWU+vSTroYL5OJXN4Pu/SKYbYtfKBBb/098kfpEfR9/f933k+ExPa/bKgfvE2Wf0t2Q+s7YPFih9edk7Cfs24CBeQA4dYgyq72WUJUFPfjcjGq2Cesk7H77BdaHeDlZvkYXdJRBLafROquwX1azDIaw3WDmfZC/S90A6clUDm+G20x+eHmaEN36EmpeUcjc0fLqE3g2nXTSuqDofsgRa7X839Hfu8wHsHbKiEKACch7rI3YdrnVo6SXWS/r9K389qv4hPBqb8zc7epsIKQPpuG1xF0Lv1uqR3V4YN0u/DMyaMD6Z5fL2zT5j2LE26Ku6S32Ymrmvzqwi/qLXIlxF9OBebxzMbyYSb/XXWgGCCsNgAkscT6/F2AM0OSJq2sl2jvrJ95HZJwl98SGD4koss3O2ylUqFQEgycSJ4HuiG8q20nSJFROyggfWWAa/ceQs0eO9lkVXRsFxYQAnS60FZa1Z2Dhw7jAGEF0u0qjZwL1twvglwu5XmWNWfRbSF3RyqJQ== ienliven@mercury.local
diff --git a/barman/Dockerfile b/barman/Dockerfile
@@ -0,0 +1,55 @@
+FROM postgres:10
+
+RUN apt-get update \
+	&& apt-get install -y --no-install-recommends wget cron gcc libpq-dev libpython-dev logrotate openssh-client rsync python3-pip \
+	&& rm -rf /var/lib/apt/lists/* \
+	&& rm -f /etc/crontab /etc/cron.*/* \
+	&& sed -i 's/\(.*pam_loginuid.so\)/#\1/' /etc/pam.d/cron
+
+ENV \
+	BARMAN_VERSION=2.1 \
+	BARMAN_DATA_DIR=/var/lib/barman \
+	BARMAN_LOG_DIR=/var/log/barman
+
+RUN pip3 install barman==${BARMAN_VERSION} requests==2.13.0
+
+RUN useradd --system --shell /bin/bash barman
+RUN install -d -m 0700 -o barman -g barman /home/barman/.ssh
+
+COPY barman.pem /home/barman/.ssh/id_rsa
+RUN chmod 600 /home/barman/.ssh/id_rsa
+RUN chown barman:barman /home/barman/.ssh/id_rsa
+RUN gosu barman bash -c 'echo -e "Host *\n\tCheckHostIP no" > ~/.ssh/config'
+
+ENV \
+	BARMAN_USER=barman \
+	BARMAN_PASSWORD= \
+	BARMAN_SLOT_NAME=barman \
+	STREAMING_USER=streaming_barman \
+	STREAMING_PASSWORD= \
+	PRIMARY_NODE=
+
+RUN rm -f /etc/logrotate.d/*
+
+COPY logrotate.conf /etc/logrotate.conf
+RUN chown root:root /etc/logrotate.conf
+RUN chmod 644 /etc/logrotate.conf
+
+COPY basebackup.cron /etc/cron.d/basebackup
+RUN chown root:root /etc/cron.d/basebackup
+RUN chmod 644 /etc/cron.d/basebackup
+
+COPY crontab /etc/crontab
+RUN chown root:root /etc/crontab
+RUN chmod 644 /etc/crontab
+
+COPY etc /etc/barman
+
+VOLUME /var/log/barman
+
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["cron", "-L", "0",  "-f"]
+
+COPY entrypoint.sh /
+
+WORKDIR ${BARMAN_DATA_DIR}
diff --git a/barman/barman.pem b/barman/barman.pem
@@ -0,0 +1,49 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAgEAwygT7G3ufFWbjYQqwCjFGg97oXBf/mkpeTC8f2giGrCO9pg2Wu3k
+5JlqG91LrP9WKLQudlEC6IVEGOm+MuJ8kjtLlwkNa14/gvKdbKDKxpa9D9k7j/NPG2MAWl
+MRYlw1MYPp67o8HF86D5MVl3fwpiYuPEjubqCeiAaXiJDJy1lPr0k66GC+TiVzeD7v0imG
+2LXygQW/9PfJH6RH0ff3/d95PhMT2v2yoH7xNln9LdkPrO2DxYofXnZOwn7NuAgXkAOHWI
+Mqu9llCVBT343IxqtgnrJOx++wXWh3g5Wb5GF3SUQS2n0TqrsF9WswyGsN1g5n2Qv0vdAO
+nJVA5vhttMfnh5mhDd+hJqXlHI3NHy6hN4Np100rqg6H7IEWu1/N/R37vMB7B2yohCgAnI
+e6yN2Ha51aOkl1kv6/St/Par+ITwam/M3O3qbCCkD6bhtcRdC79bqkd1eGDdLvwzMmjA+m
+eXy9s0+Y9ixNuirukt9mJq5r86sIv6i1yJcRfTgXm8czG8mEm/111oBggrDYAJLHE+vxdg
+DNDkiatrJdo76yfeR2ScJffEhg+JKLLNztspVKhUBIMnEieB7ohvKttJ0iRUTsoIH1lgGv
+3HkLNHjvZZFV0bBcWEAJ0utBWWtWdg4cO4wBhBdLtKo2cC9bcL4JcLuV5ljVn0W0hd0cqi
+UAAAdQheP2w4Xj9sMAAAAHc3NoLXJzYQAAAgEAwygT7G3ufFWbjYQqwCjFGg97oXBf/mkp
+eTC8f2giGrCO9pg2Wu3k5JlqG91LrP9WKLQudlEC6IVEGOm+MuJ8kjtLlwkNa14/gvKdbK
+DKxpa9D9k7j/NPG2MAWlMRYlw1MYPp67o8HF86D5MVl3fwpiYuPEjubqCeiAaXiJDJy1lP
+r0k66GC+TiVzeD7v0imG2LXygQW/9PfJH6RH0ff3/d95PhMT2v2yoH7xNln9LdkPrO2DxY
+ofXnZOwn7NuAgXkAOHWIMqu9llCVBT343IxqtgnrJOx++wXWh3g5Wb5GF3SUQS2n0TqrsF
+9WswyGsN1g5n2Qv0vdAOnJVA5vhttMfnh5mhDd+hJqXlHI3NHy6hN4Np100rqg6H7IEWu1
+/N/R37vMB7B2yohCgAnIe6yN2Ha51aOkl1kv6/St/Par+ITwam/M3O3qbCCkD6bhtcRdC7
+9bqkd1eGDdLvwzMmjA+meXy9s0+Y9ixNuirukt9mJq5r86sIv6i1yJcRfTgXm8czG8mEm/
+111oBggrDYAJLHE+vxdgDNDkiatrJdo76yfeR2ScJffEhg+JKLLNztspVKhUBIMnEieB7o
+hvKttJ0iRUTsoIH1lgGv3HkLNHjvZZFV0bBcWEAJ0utBWWtWdg4cO4wBhBdLtKo2cC9bcL
+4JcLuV5ljVn0W0hd0cqiUAAAADAQABAAACADJxrZSzZa2lwyt1OkepQilWTzKPhYCRVjMJ
+MfAMzqPvd0SuW35td3jPXuoM7X6uEWs8B7Z1gjbwG4YFBTDJ8kEqKoPDx0A1gF0ssRxfA4
+sJc50hHZA75/rAQFsYlanDA8zkuBZCcT80LiHQdwhL7FxGCjVy9I6L3e5zJcAbDM4PK9W3
+LA7c0tQIQiyWuA6uxThG74QCJHgBhG81W4seeW+Z0BEHhV5ZrU5nAZp28EZlkPO2ARWSek
+FEe18yv6IOFWkYQGfUn7smmkMqDEQAtiEEM1lR5aMwhXnfguT0SvNhbh/2BJmNMwQyi3vA
+VT+4zD7EQnuL55sYqG449im9lT1tru2GcN48fb7As3ngb4hDiGLGnG5j7+z/AdNkhWwyyy
+SPPJt2xzgawWjj0euwR1EDKEYsy7SATf+5VdJ04RQ7gV9ZiUZuCibIKG6VgIODEG/pFSt5
+pAd795iTZF7xrweYcigV3YDNVWkkyOf8Crqk8G1SvhArMBbDTAM6oblnOTqcDrHn1FCjVJ
+vgZzC9Vc4+PN5xIpUPyGwpq9lx3155t+rRG/4zj33HDSqNHAYi+NIP5sKGmOx1OxmFR+KN
+cAbKY+qmACocfjjoi6tbu9Pdp2fzAvzqQb7eyzanCN9QiRStFE3e43yHuaqX3i7mlOqnWl
+U+2IOvEnQ1QN5EioWBAAABABDc4THZhxYhh5wQfl+p392njYc7+qT9suutrITY5PkLmu93
+KhV1OiIHPO/eUoHJeZRfJVEobBRHEEixIRmnWHc35OpoAq1KmsWhZyGgkk4Lgt7/5y+H6r
+xXygcl8V5mfTH+lnAJcbbBl5hOoygUUBpuUCyYVNq8sQ0dUPxU+5w749jZzavlCgsa7EVQ
+TanZpu63AaL64e5ogZPyD4xYuosNAZUGuiDytnNXR/rw4n3nnN+m9ufcs9udL4l5pl5BLv
+Z15BvDEvsoJxbL2sdkXQyAmkoH5YFYkKni99X6cmTzwPTufcoEVZhOtufU4+Pdtl7GrlHJ
+OvSIOkox7djTRdsAAAEBAOqVmCBGH/UeiYDEaKhUR/ObCc8JhBaKoK5skke/pSVOlzNc8q
+kdL/VCJECQUlsKvPnLXwgxRZmmIbqgSY3VeMJ8JErngSRSSBr1tCY3sZVGk9k/nF2+nY9F
+IxPJSXCY0SrEoJPsGGUqt3bUTgpRi3xCww7B1VRqFK9roc4CQ3NRWdlJbb7ce9MLj0YtWP
+b2vBKlLB3E3vYBOCt7eF94UVyasqlm6eWXGYTisggfEjF4vLnh5qknZW0RS2z9+EaqEi6T
+zp4U55CT11DWsG1rttmnB2uQF9gHLB35bJvyXv4B22JLkw23HtnL0CCCl5fIQB4zIAEzhW
+WCPiH/rlyn/pkAAAEBANT5BwdAn7xEbHJoapLRRDvM1pz+n/pELGQsubKHAwCog1Gq5haZ
+w14cBzUSmg3vMh2+7jilKH24l6k6c7Vr38jbKQ6skCoc0zOdkW+Vce+/7x4oE0Krrp85DO
+pbVTfLTtHf9yIpGC7TN5psO6IdI66nEpMZuSDghwQg4ynxuefLfSZKq5XlmEhRgZr+Auj9
+zkMnNvZ6Wq2+S/T75PRm+phmbfFkIkWitMEH5JRbfgCGHLbyGn1TKzkG21NK+bTcddg9gc
+5F6ypwtwhPDGEcFNehv0CBuOtk7rWG+l//4DtF5ZhGfQr+mgYYbhiH6yNlOvT+kKo3yN4y
+Yqe1wXooO20AAAAWaWVubGl2ZW5AbWVyY3VyeS5sb2NhbAECAwQF
+-----END OPENSSH PRIVATE KEY-----
diff --git a/barman/basebackup.cron b/barman/basebackup.cron
@@ -0,0 +1 @@
+0 4 * * 0 barman /usr/local/bin/barman backup all >>/var/log/barman/backup.log 2>&1
diff --git a/barman/crontab b/barman/crontab
@@ -0,0 +1,2 @@
+* * * * * barman /usr/local/bin/barman -q cron
+@daily root /usr/sbin/logrotate /etc/logrotate.conf
diff --git a/barman/entrypoint.sh b/barman/entrypoint.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+set -eo pipefail
+
+echo "${PRIMARY_NODE}:*:*:${BARMAN_USER}:${BARMAN_PASSWORD}" > /home/barman/.pgpass
+echo "${PRIMARY_NODE}:*:*:${STREAMING_USER}:${STREAMING_PASSWORD}" >> /home/barman/.pgpass
+
+chmod 600 /home/barman/.pgpass
+chown barman:barman /home/barman/.pgpass
+
+install -d -m 0755 -o barman -g barman "${BARMAN_LOG_DIR}"
+install -d -m 0700 -o barman -g barman "${BARMAN_DATA_DIR}"
+
+sed -i "s#\$BARMAN_LOG_DIR#$BARMAN_LOG_DIR#g" /etc/logrotate.conf
+
+sed -i "s#\$PRIMARY_NODE#$PRIMARY_NODE#g" /etc/barman/barman.d/pg.conf
+sed -i "s#\$BARMAN_USER#$BARMAN_USER#g" /etc/barman/barman.d/pg.conf
+sed -i "s#\$BARMAN_SLOT_NAME#$BARMAN_SLOT_NAME#g" /etc/barman/barman.d/pg.conf
+sed -i "s#\$STREAMING_USER#$STREAMING_USER#g" /etc/barman/barman.d/pg.conf
+
+exec "$@"
diff --git a/barman/etc/barman.conf b/barman/etc/barman.conf
@@ -0,0 +1,23 @@
+; Commented lines show the default values
+
+[barman]
+; archiver = off
+; backup_method = rsync
+; backup_directory = %(barman_home)s/%(name)s
+
+; This must be set to the BARMAN_DATA_DIR environment variable
+barman_home = /var/lib/barman
+
+; barman_lock_directory = %(barman_home)s
+compression = gzip
+configuration_files_directory = /etc/barman/barman.d
+last_backup_maximum_age = 1 week
+log_file = /var/lib/barman/barman.log
+log_level = DEBUG
+minimum_redundancy = 1
+network_compression = true
+retention_policy = RECOVERY WINDOW of 4 WEEKS
+; retention_policy_mode = auto
+reuse_backup = link
+streaming_archiver = on
+; wal_retention_policy = main
diff --git a/barman/etc/barman.d/pg.conf b/barman/etc/barman.d/pg.conf
@@ -0,0 +1,32 @@
+[$PRIMARY_NODE]
+; active = true
+; archiver = off
+; archiver_batch_size = 0
+; backup_directory = %(barman_home)s/%(name)s
+; backup_method = rsync
+; backup_options =
+; basebackup_retry_sleep = 30
+; basebackup_retry_times = 0
+; basebackups_directory = %(backup_directory)s/base
+; check_timeout = 30
+conninfo = host=$PRIMARY_NODE user=$BARMAN_USER dbname=postgres
+description = 'Test database'
+; disabled = false
+; errors_directory = %(backup_directory)s/errors
+; immediate_checkpoint = false
+; incoming_wals_directory = %(backup_directory)s/incoming
+; minimum_redundancy = 0
+; network_compression = false
+path_prefix = /usr/lib/postgresql/10
+; recovery_options =
+; retention_policy_mode = auto
+ssh_command = 'ssh postgres@$PRIMARY_NODE'
+slot_name = $BARMAN_SLOT_NAME
+; streaming_archiver = off
+; streaming_archiver_batch_size = 0
+; streaming_archiver_name = barman_receive_wal
+; streaming_backup_name = barman_streaming_backup
+streaming_conninfo = host=$PRIMARY_NODE user=$STREAMING_USER dbname=postgres
+; streaming_wals_directory = %(backup_directory)s/streaming
+; wal_retention_policy = main
+; wals_directory = %(backup_directory)s/wals
diff --git a/barman/logrotate.conf b/barman/logrotate.conf
@@ -0,0 +1,9 @@
+$BARMAN_LOG_DIR/*.log {
+	weekly
+	rotate 4
+	delaycompress
+	compress
+	missingok
+	notifempty
+	create 0640 barman barman
+}
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
@@ -43,7 +43,9 @@ if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 		chown -R postgres "$POSTGRES_INITDB_WALDIR"
 		chmod 700 "$POSTGRES_INITDB_WALDIR"
 	fi
-
+	
+	/etc/init.d/ssh start
+	
 	exec gosu postgres "$BASH_SOURCE" "$@"
 fi
 
@@ -143,8 +145,7 @@ if [ "$1" = 'postgres' ]; then
 fi
 
 if [ "$1" = postgres ]; then
-	echo "~~ starting PostgreSQL+repmgr..." >&2
-	# TODO maybe we should use pg_ctl here (this way the user can pass commandline arguments to postgres though)
+	echo "~~ starting postgres+repmgr..." >&2
 	"$@" &
 	sleep 5
 	repmgrd --verbose --daemonize=false
diff --git a/pgbouncer/Dockerfile b/pgbouncer/Dockerfile
@@ -14,7 +14,7 @@ RUN chmod +x /usr/local/bin/docker-entrypoint.sh
 
 RUN chown postgres:postgres /etc/pgbouncer /etc/pgbouncer/pgbouncer.database.ini
 
-ENV PRIMARY_NODE=localhost
+ENV PRIMARY_NODE=
 
 COPY pgbouncer.pub /var/lib/postgresql/.ssh/authorized_keys
 
diff --git a/scripts/04-add_barman.sh b/scripts/04-add_barman.sh
@@ -0,0 +1,58 @@
+#!/bin/bash
+
+set -eo pipefail
+ 
+if [ $(grep -c "barman" ${PGDATA}/pg_hba.conf) -gt 0 ]; then
+    return
+fi
+
+if [ -z "$BARMAN_PASSWORD" ]; then
+	echo 'ERROR: Missing $$BARMAN_PASSWORD variable' >&2
+	exit 1
+fi
+
+if [ -z "$STREAMING_PASSWORD" ]; then
+	echo 'ERROR: Missing $STREAMING_PASSWORD variable' >&2
+	exit 1
+fi
+
+echo '~~ 01: add barman' >&2
+
+function add_user {
+	local user=${!1}
+	local pw=${!2}
+	local db=${3}
+	local options="${4}"
+
+	echo "Creating ${user} user in database."
+	local cmd="CREATE USER ${user} WITH ${options}"
+	local auth
+	if [[ -n ${pw} ]]; then
+		cmd+=" ENCRYPTED PASSWORD '<password>'"
+		auth="md5"
+		echo "Be sure to add the following to the .pgpass file on the barman server:"
+		echo "$(hostname):${PGPORT:-5432}:${PGDATABASE}:${user}:<password>"
+	else
+		auth="trust"
+		echo "${user} is being created without any password!!!"
+	fi
+
+	echo "Running ${cmd}"
+	psql -c "${cmd/<password>/${pw//\'/\'\'}}"
+
+	echo "Adding ${user} to pg_hba.conf"
+	echo "host ${db} ${user} 0.0.0.0/0 ${auth}" >> ${PGDATA}/pg_hba.conf
+	echo "host ${db} ${user} ::/0 ${auth}" >> ${PGDATA}/pg_hba.conf
+}
+
+add_user BARMAN_USER BARMAN_PASSWORD all SUPERUSER
+add_user STREAMING_USER STREAMING_PASSWORD replication REPLICATION
+
+if [[ -n ${BARMAN_SLOT_NAME} ]]; then
+  echo "Creating replication slot '${BARMAN_SLOT_NAME}' for barman."
+  psql -v ON_ERROR_STOP=1 -c "SELECT * FROM pg_create_physical_replication_slot('${BARMAN_SLOT_NAME//\'/\'\'}');"
+else
+  echo "BARMAN_SLOT_NAME is empty; not creating replication slot."
+fi
+ 
+sleep 5

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDKBPsbe58VZuNhCrAKMUaD3uhcF/+aSl5MLx/aCIasI72mDZa7eTkmWob3Uus/1YotC52UQLohUQY6b4y4nySO0uXCQ1rXj+C8p1soMrGlr0P2TuP808bYwBaUxFiXDUxg+nrujwcXzoPkxWXd/CmJi48SO5uoJ6IBpeIkMnLWU+vSTroYL5OJXN4Pu/SKYbYtfKBBb/098kfpEfR9/f933k+ExPa/bKgfvE2Wf0t2Q+s7YPFih9edk7Cfs24CBeQA4dYgyq72WUJUFPfjcjGq2Cesk7H77BdaHeDlZvkYXdJRBLafROquwX1azDIaw3WDmfZC/S90A6clUDm+G20x+eHmaEN36EmpeUcjc0fLqE3g2nXTSuqDofsgRa7X839Hfu8wHsHbKiEKACch7rI3YdrnVo6SXWS/r9K389qv4hPBqb8zc7epsIKQPpuG1xF0Lv1uqR3V4YN0u/DMyaMD6Z5fL2zT5j2LE26Ku6S32Ymrmvzqwi/qLXIlxF9OBebxzMbyYSb/XXWgGCCsNgAkscT6/F2AM0OSJq2sl2jvrJ95HZJwl98SGD4koss3O2ylUqFQEgycSJ4HuiG8q20nSJFROyggfWWAa/ceQs0eO9lkVXRsFxYQAnS60FZa1Z2Dhw7jAGEF0u0qjZwL1twvglwu5XmWNWfRbSF3RyqJQ== [email protected]
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+0 4 * * 0 barman /usr/local/bin/barman backup all >>/var/log/barman/backup.log 2>&1`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+* * * * * barman /usr/local/bin/barman -q cron`
	`2`	`+@daily root /usr/sbin/logrotate /etc/logrotate.conf`