mirror of https://github.com/zulip/zulip.git
Add easy support for using a remote postgres database.
This commit is contained in:
parent
e3435b9613
commit
a6a47aacde
|
@ -859,3 +859,32 @@ understanding what's going on as you try to debug:
|
||||||
Again, most issues with this setup tend to be subtle issues with the
|
Again, most issues with this setup tend to be subtle issues with the
|
||||||
hostname/DNS side of the configuration. Suggestions for how to
|
hostname/DNS side of the configuration. Suggestions for how to
|
||||||
improve this SSO setup documentation are very welcome!
|
improve this SSO setup documentation are very welcome!
|
||||||
|
|
||||||
|
|
||||||
|
Remote Postgresql database
|
||||||
|
==========================
|
||||||
|
|
||||||
|
If you want to use a remote Postgresql database, you should configure the information about the connection with the server. You need a user called "zulip" in your database server. You can configure these options in /etc/zulip/settings.py
|
||||||
|
|
||||||
|
* REMOTE_POSTGRES_HOST: Name or IP address of the remote host
|
||||||
|
* REMOTE_POSTGRES_SSLMODE: SSL Mode used to connect to the server, different options you can use are:
|
||||||
|
* disable: I don't care about security, and I don't want to pay the overhead of encryption.
|
||||||
|
* allow: I don't care about security, but I will pay the overhead of encryption if the server insists on it.
|
||||||
|
* prefer: I don't care about encryption, but I wish to pay the overhead of encryption if the server supports it.
|
||||||
|
* require: I want my data to be encrypted, and I accept the overhead. I trust that the network will make sure I always connect to the server I want.
|
||||||
|
* verify-ca: I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server that I trust.
|
||||||
|
* verify-full: I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server I trust, and that it's the one I specify.
|
||||||
|
|
||||||
|
Then you should specify the password of the user zulip for the database in /etc/zulip/zulip-secrets.conf:
|
||||||
|
|
||||||
|
```
|
||||||
|
postgres_password = xxxx
|
||||||
|
```
|
||||||
|
|
||||||
|
Finally you can stop your database in the zulip server to save some memory, you can do it with:
|
||||||
|
|
||||||
|
```
|
||||||
|
sudo service postgresql stop
|
||||||
|
sudo update-rc.d postgresql disable
|
||||||
|
```
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,9 @@ import psycopg2.extensions
|
||||||
import select
|
import select
|
||||||
import time
|
import time
|
||||||
import logging
|
import logging
|
||||||
|
from django.conf import settings
|
||||||
|
import sys
|
||||||
|
import os
|
||||||
|
|
||||||
def update_fts_columns(cursor):
|
def update_fts_columns(cursor):
|
||||||
cursor.execute("SELECT id, message_id FROM fts_update_log;")
|
cursor.execute("SELECT id, message_id FROM fts_update_log;")
|
||||||
|
@ -27,7 +30,26 @@ logger.setLevel(logging.DEBUG)
|
||||||
|
|
||||||
logger.info("process_fts_updates starting")
|
logger.info("process_fts_updates starting")
|
||||||
|
|
||||||
conn = psycopg2.connect("user=zulip")
|
sys.path.insert(0, '/home/zulip/deployments/current')
|
||||||
|
sys.path.insert(0, '/srv/zulip')
|
||||||
|
os.environ['DJANGO_SETTINGS_MODULE'] = 'zproject.settings'
|
||||||
|
try:
|
||||||
|
import zproject.settings
|
||||||
|
remote_postgres_host = settings.REMOTE_POSTGRES_HOST
|
||||||
|
except:
|
||||||
|
remote_postgres_host = ''
|
||||||
|
|
||||||
|
if remote_postgres_host != '':
|
||||||
|
postgres_password = ''
|
||||||
|
if settings.DATABASES['default']['PASSWORD'] is not None:
|
||||||
|
postgres_password = "password='%s'" % settings.DATABASES['default']['PASSWORD']
|
||||||
|
if settings.REMOTE_POSTGRES_SSLMODE != '':
|
||||||
|
postgres_sslmode = settings.REMOTE_POSTGRES_SSLMODE
|
||||||
|
else:
|
||||||
|
postgres_sslmode = 'verify-full'
|
||||||
|
conn = psycopg2.connect("user=zulip %s host='%s' dbname=zulip connect_timeout=600 sslmode='%s'" % (postgres_password, remote_postgres_host, postgres_sslmode))
|
||||||
|
else:
|
||||||
|
conn = psycopg2.connect("user=zulip")
|
||||||
cursor = conn.cursor()
|
cursor = conn.cursor()
|
||||||
|
|
||||||
conn.set_isolation_level(psycopg2.extensions.ISOLATION_LEVEL_AUTOCOMMIT)
|
conn.set_isolation_level(psycopg2.extensions.ISOLATION_LEVEL_AUTOCOMMIT)
|
||||||
|
@ -51,4 +73,3 @@ while True:
|
||||||
while conn.notifies:
|
while conn.notifies:
|
||||||
conn.notifies.pop()
|
conn.notifies.pop()
|
||||||
update_fts_columns(cursor)
|
update_fts_columns(cursor)
|
||||||
|
|
||||||
|
|
|
@ -149,6 +149,19 @@ ENABLE_GRAVATAR = True
|
||||||
# and uncomment the following line.
|
# and uncomment the following line.
|
||||||
#DEFAULT_AVATAR_URI = '/local-static/default-avatar.png'
|
#DEFAULT_AVATAR_URI = '/local-static/default-avatar.png'
|
||||||
|
|
||||||
|
# To access an external postgres database you should define the host name in
|
||||||
|
# REMOTE_POSTGRES_HOST, you can define the password in the secrets file in the
|
||||||
|
# property postgres_password, and the SSL connection mode in REMOTE_POSTGRES_SSLMODE
|
||||||
|
# Different options are:
|
||||||
|
# disable: I don't care about security, and I don't want to pay the overhead of encryption.
|
||||||
|
# allow: I don't care about security, but I will pay the overhead of encryption if the server insists on it.
|
||||||
|
# prefer: I don't care about encryption, but I wish to pay the overhead of encryption if the server supports it.
|
||||||
|
# require: I want my data to be encrypted, and I accept the overhead. I trust that the network will make sure I always connect to the server I want.
|
||||||
|
# verify-ca: I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server that I trust.
|
||||||
|
# verify-full: I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server I trust, and that it's the one I specify.
|
||||||
|
#REMOTE_POSTGRES_HOST = 'dbserver.example.com'
|
||||||
|
#REMOTE_POSTGRES_SSLMODE = 'require'
|
||||||
|
|
||||||
### TWITTER INTEGRATION
|
### TWITTER INTEGRATION
|
||||||
|
|
||||||
# Zulip supports showing inline Tweet previews when a tweet is linked
|
# Zulip supports showing inline Tweet previews when a tweet is linked
|
||||||
|
|
|
@ -150,6 +150,7 @@ DEFAULT_SETTINGS = {'TWITTER_CONSUMER_KEY': '',
|
||||||
'ZULIP_COM_STAGING': False,
|
'ZULIP_COM_STAGING': False,
|
||||||
'STATSD_HOST': '',
|
'STATSD_HOST': '',
|
||||||
'REMOTE_POSTGRES_HOST': '',
|
'REMOTE_POSTGRES_HOST': '',
|
||||||
|
'REMOTE_POSTGRES_SSLMODE': '',
|
||||||
'GOOGLE_CLIENT_ID': '',
|
'GOOGLE_CLIENT_ID': '',
|
||||||
'DBX_APNS_CERT_FILE': None,
|
'DBX_APNS_CERT_FILE': None,
|
||||||
}
|
}
|
||||||
|
@ -312,7 +313,14 @@ elif REMOTE_POSTGRES_HOST != '':
|
||||||
DATABASES['default'].update({
|
DATABASES['default'].update({
|
||||||
'HOST': REMOTE_POSTGRES_HOST,
|
'HOST': REMOTE_POSTGRES_HOST,
|
||||||
})
|
})
|
||||||
DATABASES['default']['OPTIONS']['sslmode'] = 'verify-full'
|
if get_secret("postgres_password") is not None:
|
||||||
|
DATABASES['default'].update({
|
||||||
|
'PASSWORD': get_secret("postgres_password"),
|
||||||
|
})
|
||||||
|
if REMOTE_POSTGRES_SSLMODE != '':
|
||||||
|
DATABASES['default']['OPTIONS']['sslmode'] = REMOTE_POSTGRES_SSLMODE
|
||||||
|
else:
|
||||||
|
DATABASES['default']['OPTIONS']['sslmode'] = 'verify-full'
|
||||||
|
|
||||||
########################################################################
|
########################################################################
|
||||||
# RABBITMQ CONFIGURATION
|
# RABBITMQ CONFIGURATION
|
||||||
|
|
Loading…
Reference in New Issue