}

typeconfigstruct {

}

cmdKeeper.PersistentFlags().StringVar(&cfg.pgConfDir,"pg-conf-dir","","absolute path to user provided postgres configuration. If empty a default dir under $dataDir/postgres/conf.d will be used")

cmdKeeper.PersistentFlags().StringVar(&cfg.pgSUUsername,"pg-su-username","","postgres superuser user name (required by pg_rewind)")

cmdKeeper.PersistentFlags().StringVar(&cfg.pgSUPassword,"pg-su-password","","postgres superuser password (required by pg_rewind)")

cmdKeeper.PersistentFlags().StringVar(&cfg.pgInitialSUUsername,"initial-pg-su-username","","postgres initial superuser username")

cmdKeeper.PersistentFlags().StringVar(&cfg.pgInitialSUPasswordFile,"initial-pg-su-password-file","","postgres initial superuser password secret file")

cmdKeeper.PersistentFlags().BoolVar(&cfg.debug,"debug",false,"enable debug logging")

}

"hot_standby":"on",

}

func (p*PostgresKeeper)getSUConnParams(keeperState*cluster.KeeperState,setPasswordbool) pg.ConnParams {

func (p*PostgresKeeper)getPgInitialSUPassword()string {

ifp.cfg.pgInitialSUPasswordFile!="" {

fi,err:=os.Lstat(p.cfg.pgInitialSUPasswordFile)

iferr!=nil {

log.Errorf("Unable to read password from file %s, error: %v",p.cfg.pgInitialSUPasswordFile,err)

}

iffi.Mode()>0600 {

log.Warningf("Password file %s permissions %#o are too open. This file should only be readable to the user executing stolon! Continuing...",p.cfg.pgInitialSUPasswordFile,fi.Mode())

}

pwBytes,err:=ioutil.ReadFile(p.cfg.pgInitialSUPasswordFile)

iferr!=nil {

log.Errorf("Unable to read password from file %s, error: %v",p.cfg.pgInitialSUPasswordFile,err)

}

pw=strings.TrimSpace(string(pwBytes))

}

}

func (p*PostgresKeeper)getSUConnParams(keeperState*cluster.KeeperState) pg.ConnParams {

cp:= pg.ConnParams{

"user":p.cfg.pgSUUsername,

"password":p.cfg.pgSUPassword,

"dbname":"postgres",

"sslmode":"disable",

}

ifsetPassword {

cp["password"]=p.cfg.pgSUPassword

}

}

followersIDs:=cv.GetFollowersIDs(p.id)

pgParameters:=p.createPGParameters(followersIDs)

pgm:=postgresql.NewManager(p.id,p.cfg.pgBinPath,p.cfg.dataDir,p.cfg.pgConfDir,pgParameters,p.getOurConnParams().ConnString(),p.getOurReplConnParams().ConnString(),p.clusterConfig.PGReplUser,p.clusterConfig.PGReplPassword,p.clusterConfig.RequestTimeout)

pgm:=postgresql.NewManager(p.id,p.cfg.pgBinPath,p.cfg.dataDir,p.cfg.pgConfDir,pgParameters,p.getOurConnParams().ConnString(),

p.getOurReplConnParams().ConnString(),p.clusterConfig.PGReplUser,p.clusterConfig.PGReplPassword,

p.cfg.pgInitialSUUsername,p.getPgInitialSUPassword(),p.clusterConfig.RequestTimeout)

p.pgm=pgm

p.pgm.Stop(true)

ifinitialized&&p.clusterConfig.UsePGRewind&&p.cfg.hasPGRewindRequiredOptions() {

connParams:=p.getSUConnParams(followed,false)

connParams:=p.getSUConnParams(followed)

log.Infof("syncing using pg_rewind from followed instance %q",followed.ID)

iferr:=pgm.SyncFromFollowedPGRewind(connParams,p.cfg.pgSUPassword);err!=nil {

}

cmdSentinel.PersistentFlags().StringVar(&cfg.keeperKubeLabelSelector,"keeper-kube-label-selector","","label selector for discoverying stolon-keeper(s) under kubernetes")

cmdSentinel.PersistentFlags().StringVar(&cfg.keeperPort,"keeper-port","5431","stolon-keeper(s) listening port (used by kubernetes discovery)")

cmdSentinel.PersistentFlags().StringVar(&cfg.initialClusterConfig,"initial-cluster-config","","a file providing the initial cluster config, used only at cluster initialization, ignored if cluster is already initialized")

cmdSentinel.PersistentFlags().StringVar(&cfg.kubernetesNamespace,"kubernetes-namespace","default","the Kubernetes namespace stolon is deployed under")

cmdSentinel.PersistentFlags().BoolVar(&cfg.debug,"debug",false,"enable debug logging")

}

}

host:=os.Getenv("KUBERNETES_SERVICE_HOST")

port:=os.Getenv("KUBERNETES_SERVICE_PORT")

u,err:=url.Parse(fmt.Sprintf("https://%s:%s/api/v1/namespaces/default/pods",host,port))

u,err:=url.Parse(fmt.Sprintf("https://%s:%s/api/v1/namespaces/%s/pods",host,port,cfg.kubernetesNamespace))

iferr!=nil {

returnnil,err

}

This will create a replication controller with one pod executing the stolon sentinel. You can also increase the number of replicas for stolon sentinels in the rc definition or do it later.

This creates a password secret that can be used by the keeper to set up the initial database user. This example uses the value 'password1' but you will want to replace the value with a Base64-encoded password of your choice.

Note: In this example the stolon keeper is a replication controller that, for every pod replica, uses a volume for stolon and postgreSQL data of`emptyDir` type. So it'll go away when the related pod is destroyed. This is just for easy testing. In production you should use a persistent volume. Actually (kubernetes 1.0), for working with persistent volumes you should define a different replication controller with`replicas=1` for every keeper instance.

now become the`stolon` user:

connect to the postgres instance and create a password for the`stolon` superuser:

you can now exit the shell.

The password for the stolon user will be the value specified in your`secret.yaml` above (or`password1` if you did not change it).

---

apiVersion:v1

kind:Secret

metadata:

name:stolon

type:Opaque

data:

password:cGFzc3dvcmQxCg==

-name:STKEEPER_DEBUG

value:"true"

-name:STKEEPER_INITIAL_PG_SU_USERNAME

value:"stolon"

-name:STKEEPER_INITIAL_PG_SU_PASSWORD_FILE

value:"/etc/secrets/stolon/password"

ports:

-containerPort:5431

-containerPort:5432

volumeMounts:

-mountPath:/stolon-data

name:data

-mountPath:/etc/secrets/stolon

name:stolon

volumes:

-name:data

emptyDir:{}

-name:stolon

secret:

secretName:stolon

-name:STSENTINEL_DEBUG

value:"true"

-name:STSENTINEL_KUBERNETES_NAMESPACE

value:"default"

ports:

-containerPort:6431

)

typeManagerstruct {

requestTimeout time.Duration

requestTimeout time.Duration

}

typeParametersmap[string]string

returnreflect.DeepEqual(s,is)

}

funcNewManager(namestring,pgBinPathstring,dataDirstring,confDirstring,parametersParameters,localConnString,replConnString,replUser,replPasswordstring,requestTimeout time.Duration)*Manager {

funcNewManager(namestring,pgBinPathstring,dataDirstring,confDirstring,parametersParameters,localConnString,replConnString,replUser,replPassword,initialSUUsername,initialSUPasswordstring,requestTimeout time.Duration)*Manager {

return&Manager{

name:name,

dataDir:filepath.Join(dataDir,"postgres"),

replUser:replUser,

replPassword:replPassword,

localConnString:localConnString,

replConnString:replConnString,

pgBinPath:pgBinPath,

requestTimeout:requestTimeout,

parameters:parameters,

confDir:confDir,

name:name,

dataDir:filepath.Join(dataDir,"postgres"),

replUser:replUser,

replPassword:replPassword,

localConnString:localConnString,

replConnString:replConnString,

pgBinPath:pgBinPath,

requestTimeout:requestTimeout,

parameters:parameters,

confDir:confDir,

initialSUUsername:initialSUUsername,

initialSUPassword:initialSUPassword,

}

}

err=fmt.Errorf("error starting instance: %v",err)

goto out

}

ifp.initialSUPassword!=""&&p.initialSUUsername!="" {

log.Infof("Setting initial PostgreSQL password")

iferr=p.SetInitialPassword();err!=nil {

err=fmt.Errorf("error setting initial password for '%s' user: %v",p.initialSUUsername,err)

goto out

}

}

log.Infof("Creating replication role")

iferr=p.CreateReplRole();err!=nil {

err=fmt.Errorf("error creating replication role: %v",err)

err=fmt.Errorf("error stopping instance: %v",err)

goto out

}

out:

iferr!=nil {

}

func (p*Manager)SetInitialPassword()error {

ctx,cancel:=context.WithTimeout(context.Background(),p.requestTimeout)

defercancel()

returnSetInitialPassword(ctx,p.localConnString,p.initialSUUsername,p.initialSUPassword)

}

func (p*Manager)CreateReplRole()error {

ctx,cancel:=context.WithTimeout(context.Background(),p.requestTimeout)

defercancel()

}

funcSetInitialPassword(ctx context.Context,connString,superuser,initialPasswordstring)error {

db,err:=sql.Open("postgres",connString)

iferr!=nil {

}

deferdb.Close()

_,err=Exec(ctx,db,fmt.Sprintf(`alter user %s with password '%s';`,superuser,initialPassword))

}

funcCreateReplRole(ctx context.Context,connString,replUser,replPasswordstring)error {

db,err:=sql.Open("postgres",connString)

iferr!=nil {