WAL-E needs to be installed on all machines, masters and slaves.
Only one machine, the master, writes WAL segments via continuous archiving. The configuration for the master postgresql.conf is:
archive_mode = on
archive_command = 'envdir /etc/wal-e.d/env wal-e wal-push %p'
archive_timeout = 60
| # Zookeeper | |
| job "zookeeper" { | |
| # Specify Region | |
| region = "uswest-fremont" | |
| # Specify Datacenter | |
| datacenters = [ "fremont-dc1"] | |
| # Specify job type |
| -- show running queries (pre 9.2) | |
| SELECT procpid, age(clock_timestamp(), query_start), usename, current_query | |
| FROM pg_stat_activity | |
| WHERE current_query != '<IDLE>' AND current_query NOT ILIKE '%pg_stat_activity%' | |
| ORDER BY query_start desc; | |
| -- show running queries (9.2) | |
| SELECT pid, age(clock_timestamp(), query_start), usename, query | |
| FROM pg_stat_activity | |
| WHERE query != '<IDLE>' AND query NOT ILIKE '%pg_stat_activity%' |
| #cloud-config | |
| coreos: | |
| etcd2: | |
| # generate a token from https://discovery.etcd.io/new?size=3 | |
| discovery: https://discovery.etcd.io/<token> | |
| advertise-client-urls: http://$private_ipv4:2379 | |
| initial-advertise-peer-urls: http://$private_ipv4:2380 | |
| listen-client-urls: http://0.0.0.0:2379 | |
| listen-peer-urls: http://$private_ipv4:2380 |
| groups: | |
| - name: datetime | |
| rules: | |
| - record: daily_saving_time_belgium | |
| expr: | | |
| (vector(0) and (month() < 3 or month() > 10)) | |
| or | |
| (vector(1) and (month() > 3 and month() < 10)) | |
| or | |
| ( |
| *nat | |
| -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -m statistic --mode nth --every 8 --packet 0 -j REDIRECT --to-ports 8087 | |
| -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -m statistic --mode nth --every 7 --packet 0 -j REDIRECT --to-ports 8086 | |
| -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -m statistic --mode nth --every 6 --packet 0 -j REDIRECT --to-ports 8085 | |
| -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -m statistic --mode nth --every 5 --packet 0 -j REDIRECT --to-ports 8084 | |
| -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -m statistic --mode nth --every 4 --packet 0 -j REDIRECT --to-ports 8083 | |
| -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -m statistic --mode nth --every 3 --packet 0 -j REDIRECT --to-ports 8082 | |
| -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -m statistic --mode nth --every 2 --packet 0 -j REDIRECT --to-ports 8081 | |
| -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 |
| # set prefix to control-f | |
| set -g prefix C-f | |
| #unbind system defined prefix | |
| unbind C-b | |
| # helps in faster key repetition | |
| set -sg escape-time 0 | |
| # start session number from 1 rather than 0 |
| ## AWS | |
| # Amazon Web Services (No Header Required) | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname |
I hereby claim:
To claim this, I am signing this object:
This step is recommended if you are running your server in the cloud, such as a droplet made on Digital Ocean. If this is the case, you need to secure the server for your safety as well as others to prevent aiding in DDoS attacks.
In addition to the risk of being an open resolver, your Web interface is also open to the world increasing the risk. So you will want to prevent ports 53 and 80, respectively, from being accessible from the public Internet.
It's recommended that you clear out your entire firewall so you have full control over it's setup. You have two options for setting up your firewall with your VPN.