OCA, postgres notes for AO setup

source/resources/apps/oca/README.md

@@ -0,0 +1,37 @@
+Dev servers:
+ocadev2 ocadev3 ocadev4
+
+AO Dev servers:
+once-dev1
+
+
+# On development servers, add this to firewall rules to block
+# sending/receiving of mails.
+# Block outgoing traffic to email ports...
+# SMTP, POP, IMAP, plus encrypted ports
+# Be sure to put *before* this line in the firewall rules:
+# -A OUTPUT -j ACCEPT
+#
+# Allow only communications to localhost on port 25 ( -s IP )
+-A OUTPUT -p tcp --dport 25 -o lo -d 127.0.0.1 -j ACCEPT
+# Allow only communications to localhost on IMAP port 993 ( -s IP )
+-A OUTPUT -p tcp --dport 993 -o lo -d 127.0.0.1 -j ACCEPT
+# Block SMTP
+-A OUTPUT -p tcp --dport  25 -j REJECT
+-A INPUT  -p tcp --dport  25 -j REJECT
+# Block POP
+-A OUTPUT -p tcp --dport 110 -j REJECT
+-A INPUT  -p tcp --dport 110 -j REJECT
+# Block IMAP
+-A OUTPUT -p tcp --dport 143 -j REJECT
+-A INPUT  -p tcp --dport 143 -j REJECT
+# Block Email Submission
+-A OUTPUT -p tcp --dport 587 -j REJECT
+-A INPUT  -p tcp --dport 587 -j REJECT
+# Block encrypted IMAPS
+-A OUTPUT -p tcp --dport 993 -j REJECT
+-A INPUT  -p tcp --dport 993 -j REJECT
+# Block encrypted POP
+-A OUTPUT -p tcp --dport 995 -j REJECT
+-A INPUT  -p tcp --dport 995 -j REJECT
+

source/resources/apps/postgres-citus/forksand-postgres-citus-setup

@@ -35,13 +35,13 @@ sudo pg_conftool 10 main set listen_addresses '10.52.1.94'
 # XXX to fix, edit /etc/postgresql/10/main/postgresql.conf and change to be
 # like this (note single quotes ')
 # pg1
-listen_addresses = '10.52.1.91'         # what IP address(es) to listen on;
+listen_addresses = '127.0.0.1,10.53.91,10.52.1.91'         # what IP address(es) to listen on;
 # pg2
-listen_addresses = '10.52.1.92'         # what IP address(es) to listen on;
+listen_addresses = '127.0.0.1,10.53.92,10.52.1.92'         # what IP address(es) to listen on;
 # pg3
-listen_addresses = '10.52.1.93'         # what IP address(es) to listen on;
+listen_addresses = '127.0.0.1,10.53.93,10.52.1.93'         # what IP address(es) to listen on;
 # pg4
-listen_addresses = '10.52.1.94'         # what IP address(es) to listen on;
+listen_addresses = '127.0.0.1,10.53.94,10.52.1.94'         # what IP address(es) to listen on;
 
 
 # Set up access permissions file as root:
@@ -66,6 +66,8 @@ host    all             all             10.52.1.195/32            trust
 host    all             all             10.52.1.196/32            trust
 # ocadev4
 host    all             all             10.52.1.197/32            trust
+# Aleph Objects once-dev1
+host    all             all             10.53.1.195/32            trust
 EOF
 
 # make it start automatically when computer does
@@ -75,6 +77,8 @@ update-rc.d postgresql enable
 vim /etc/iptables.test.rules
 # add rule:
 -A INPUT -s 10.52.1.0/24 -d 10.52.1.0/24 -p tcp -m tcp --dport 5432 -j ACCEPT
+# Aleph Objects Hosts
+-A INPUT -s 10.53.1.0/24 -d 10.52.1.0/24 -p tcp -m tcp --dport 5432 -j ACCEPT
 
 # Run as root:
 iptables-restore < /etc/iptables.test.rules
@@ -103,7 +107,6 @@ sudo -i -u postgres psql -c "SELECT * FROM master_get_active_worker_nodes();"
 # Use postgres:
 sudo -i -u postgres psql
 
-
 # Misc notes:
 postgres=# create database foo;
 NOTICE:  Citus partially supports CREATE DATABASE for distributed databases
@@ -164,3 +167,54 @@ psql --host 10.52.1.91 --user postgres
 psql --host 10.52.1.91 --user ocadev2 ocadev2_forksand
 
 
+##############################################################################
+# AO OCA #
+##########
+# Aleph Objects OCA
+
+echo deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main >  /etc/apt/sources.list.d/pgdg.list
+wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
+
+apt update
+apt install postgresql-client-10
+
+# ao-once-dev1
+# Add "ao-once-dev1" user to Citus database cluster.
+createuser --createdb --host=10.53.1.91 --username=postgres ao-once-dev1
+createuser --createdb --host=10.53.1.92 --username=postgres ao-once-dev1
+createuser --createdb --host=10.53.1.93 --username=postgres ao-once-dev1
+createuser --createdb --host=10.53.1.94 --username=postgres ao-once-dev1
+# Create database on cluster:
+createdb --owner=ao-once-dev1 --host=10.53.1.91 --username=postgres ao-once-dev1
+createdb --owner=ao-once-dev1 --host=10.53.1.92 --username=postgres ao-once-dev1
+createdb --owner=ao-once-dev1 --host=10.53.1.93 --username=postgres ao-once-dev1
+createdb --owner=ao-once-dev1 --host=10.53.1.94 --username=postgres ao-once-dev1
+# Run this logged in to master Postgres/Citus node pg1:
+# (XXX connect to other database ?)
+\connect ao-once-dev1
+SET citus.shard_max_size TO '64MB';
+# How many copies to distribute (just run on master node):
+SET citus.shard_replication_factor TO '2';
+# Upload database dump to Postgres server
+pg_restore --format=custom --no-owner --host=10.53.1.91 --username=ao-once-dev1 --dbname=ao-once-dev1 /srv/oca-live/backup_ao_odoo_20180807.sql
+# To connect to the master node from client node:
+psql --host 10.53.1.91 --user postgres
+# To connect to ao-once-dev1 forksand database:
+psql --host 10.53.1.91 --user ao-once-dev1 ao-once-dev1
+
+# XXX to delete database:
+# dropdb --host=10.53.1.91 --username=postgres ao-once-dev1
+# dropdb --host=10.53.1.92 --username=postgres ao-once-dev1
+# dropdb --host=10.53.1.93 --username=postgres ao-once-dev1
+# dropdb --host=10.53.1.94 --username=postgres ao-once-dev1
+
+# Uh, better to use pg_restore. Remote:
+cat /srv/oca-live/backup_ao_odoo_20180807.sql | psql --quiet --host 10.53.1.91 --user postgres ao-once-dev1
+# Uh, better to use pg_restore. Local:
+sudo su - postgres
+createuser --createdb --pwprompt --superuser ao-once-dev1
+createdb --owner=ao-once-dev1 ao-once-dev1
+cat /srv/oca-live/backup_ao_odoo_20180807.sql | psql --quiet ao-once-dev1
+# Uh, restore, no:
+#bzcat /srv/oca-live/var/lib/dbbackup/postgres-2018-08-07-12-00.bz2 | psql
+##############################################################################