feat: 补充数据库脚本和配置
This commit is contained in:
贺爱泽
47
deploy/postgres/README.md
Normal file
47
deploy/postgres/README.md
Normal file
@@ -0,0 +1,47 @@
|
||||
# PostgreSQL 部署脚本
|
||||
|
||||
本目录提供在测试/预发布环境快速拉起 PostgreSQL 的脚本,复用线上同名数据库与账号,方便迁移/恢复。
|
||||
|
||||
## 目录结构
|
||||
|
||||
- `create_databases.sql`:创建四个业务库与对应角色(可多次执行,存在则跳过)。
|
||||
- `bootstrap.ps1`:PowerShell 包装脚本,调用 `psql` 执行 SQL。
|
||||
|
||||
## 前置条件
|
||||
|
||||
1. 已安装 PostgreSQL 12+,并能以管理员身份访问(默认使用 `postgres`)。
|
||||
2. 本地已配置 `psql` 可执行命令。
|
||||
|
||||
## 使用方法
|
||||
|
||||
```powershell
|
||||
cd deploy/postgres
|
||||
.\bootstrap.ps1 `
|
||||
-Host 120.53.222.17 `
|
||||
-Port 5432 `
|
||||
-AdminUser postgres `
|
||||
-AdminPassword "超级管理员密码"
|
||||
```
|
||||
|
||||
脚本会:
|
||||
|
||||
1. 创建/更新以下角色与库:
|
||||
- `app_user` / `takeout_app_db`
|
||||
- `identity_user` / `takeout_identity_db`
|
||||
- `dictionary_user` / `takeout_dictionary_db`
|
||||
- `hangfire_user` / `takeout_hangfire_db`
|
||||
2. 为库设置 COMMENT,授予 Schema `public` 的 CRUD 权限。
|
||||
3. 输出执行日志,失败时终止。
|
||||
|
||||
## 自定义
|
||||
|
||||
- 如需修改密码或新增库,编辑 `create_databases.sql` 后重新运行脚本。
|
||||
- 若在本地拉起测试库,可把 `Host` 指向 `localhost`,其余参数保持一致。
|
||||
|
||||
## 常见问题
|
||||
|
||||
| 问题 | 处理方式 |
|
||||
| --- | --- |
|
||||
| `psql : command not found` | 确认 PostgreSQL bin 目录已加入 PATH。 |
|
||||
| `permission denied to create database` | 改用具有 `CREATEDB` 权限的管理员执行脚本。 |
|
||||
| 需要删除库 | 先 `DROP DATABASE xxx`,再运行脚本重新创建。 |
|
||||
37
deploy/postgres/bootstrap.ps1
Normal file
37
deploy/postgres/bootstrap.ps1
Normal file
@@ -0,0 +1,37 @@
|
||||
param(
|
||||
[string]$Host = "120.53.222.17",
|
||||
[int]$Port = 5432,
|
||||
[string]$AdminUser = "postgres",
|
||||
[string]$AdminPassword = ""
|
||||
)
|
||||
|
||||
if (-not (Get-Command psql -ErrorAction SilentlyContinue)) {
|
||||
throw "psql command not found. Add PostgreSQL bin directory to PATH."
|
||||
}
|
||||
|
||||
if ([string]::IsNullOrWhiteSpace($AdminPassword)) {
|
||||
Write-Warning "AdminPassword not provided. You will be prompted by psql."
|
||||
}
|
||||
|
||||
$sqlPath = Join-Path $PSScriptRoot "create_databases.sql"
|
||||
if (-not (Test-Path $sqlPath)) {
|
||||
throw "Cannot find create_databases.sql under $PSScriptRoot."
|
||||
}
|
||||
|
||||
$env:PGPASSWORD = $AdminPassword
|
||||
|
||||
$arguments = @(
|
||||
"-h", $Host,
|
||||
"-p", $Port,
|
||||
"-U", $AdminUser,
|
||||
"-f", $sqlPath
|
||||
)
|
||||
|
||||
Write-Host "Executing create_databases.sql on $Host:$Port as $AdminUser ..."
|
||||
& psql @arguments
|
||||
|
||||
if ($LASTEXITCODE -ne 0) {
|
||||
throw "psql returned non-zero exit code ($LASTEXITCODE)."
|
||||
}
|
||||
|
||||
Write-Host "PostgreSQL databases and roles ensured successfully."
|
||||
83
deploy/postgres/create_databases.sql
Normal file
83
deploy/postgres/create_databases.sql
Normal file
@@ -0,0 +1,83 @@
|
||||
-- Reusable provisioning script for Takeout SaaS PostgreSQL databases.
|
||||
-- Execute with a superuser (e.g. postgres). Safe to re-run.
|
||||
|
||||
DO $$
|
||||
BEGIN
|
||||
IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'app_user') THEN
|
||||
CREATE ROLE app_user LOGIN PASSWORD 'AppUser112233';
|
||||
END IF;
|
||||
IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'identity_user') THEN
|
||||
CREATE ROLE identity_user LOGIN PASSWORD 'IdentityUser112233';
|
||||
END IF;
|
||||
IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'dictionary_user') THEN
|
||||
CREATE ROLE dictionary_user LOGIN PASSWORD 'DictionaryUser112233';
|
||||
END IF;
|
||||
IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'hangfire_user') THEN
|
||||
CREATE ROLE hangfire_user LOGIN PASSWORD 'HangFire112233';
|
||||
END IF;
|
||||
END $$;
|
||||
|
||||
DO $$
|
||||
BEGIN
|
||||
IF NOT EXISTS (SELECT 1 FROM pg_database WHERE datname = 'takeout_app_db') THEN
|
||||
CREATE DATABASE takeout_app_db OWNER app_user ENCODING 'UTF8';
|
||||
END IF;
|
||||
END $$;
|
||||
COMMENT ON DATABASE takeout_app_db IS 'Takeout SaaS 业务域数据库';
|
||||
|
||||
DO $$
|
||||
BEGIN
|
||||
IF NOT EXISTS (SELECT 1 FROM pg_database WHERE datname = 'takeout_identity_db') THEN
|
||||
CREATE DATABASE takeout_identity_db OWNER identity_user ENCODING 'UTF8';
|
||||
END IF;
|
||||
END $$;
|
||||
COMMENT ON DATABASE takeout_identity_db IS 'Takeout SaaS 身份域数据库';
|
||||
|
||||
DO $$
|
||||
BEGIN
|
||||
IF NOT EXISTS (SELECT 1 FROM pg_database WHERE datname = 'takeout_dictionary_db') THEN
|
||||
CREATE DATABASE takeout_dictionary_db OWNER dictionary_user ENCODING 'UTF8';
|
||||
END IF;
|
||||
END $$;
|
||||
COMMENT ON DATABASE takeout_dictionary_db IS 'Takeout SaaS 字典域数据库';
|
||||
|
||||
DO $$
|
||||
BEGIN
|
||||
IF NOT EXISTS (SELECT 1 FROM pg_database WHERE datname = 'takeout_hangfire_db') THEN
|
||||
CREATE DATABASE takeout_hangfire_db OWNER hangfire_user ENCODING 'UTF8';
|
||||
END IF;
|
||||
END $$;
|
||||
COMMENT ON DATABASE takeout_hangfire_db IS 'Takeout SaaS 调度/Hangfire 数据库';
|
||||
|
||||
-- Ensure privileges and default schema permissions
|
||||
\connect takeout_app_db
|
||||
GRANT CONNECT, TEMP ON DATABASE takeout_app_db TO app_user;
|
||||
GRANT USAGE ON SCHEMA public TO app_user;
|
||||
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO app_user;
|
||||
GRANT USAGE, SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO app_user;
|
||||
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO app_user;
|
||||
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT, UPDATE ON SEQUENCES TO app_user;
|
||||
|
||||
\connect takeout_identity_db
|
||||
GRANT CONNECT, TEMP ON DATABASE takeout_identity_db TO identity_user;
|
||||
GRANT USAGE ON SCHEMA public TO identity_user;
|
||||
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO identity_user;
|
||||
GRANT USAGE, SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO identity_user;
|
||||
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO identity_user;
|
||||
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT, UPDATE ON SEQUENCES TO identity_user;
|
||||
|
||||
\connect takeout_dictionary_db
|
||||
GRANT CONNECT, TEMP ON DATABASE takeout_dictionary_db TO dictionary_user;
|
||||
GRANT USAGE ON SCHEMA public TO dictionary_user;
|
||||
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO dictionary_user;
|
||||
GRANT USAGE, SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO dictionary_user;
|
||||
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO dictionary_user;
|
||||
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT, UPDATE ON SEQUENCES TO dictionary_user;
|
||||
|
||||
\connect takeout_hangfire_db
|
||||
GRANT CONNECT, TEMP ON DATABASE takeout_hangfire_db TO hangfire_user;
|
||||
GRANT USAGE ON SCHEMA public TO hangfire_user;
|
||||
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO hangfire_user;
|
||||
GRANT USAGE, SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO hangfire_user;
|
||||
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO hangfire_user;
|
||||
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT, UPDATE ON SEQUENCES TO hangfire_user;
|
||||
Reference in New Issue
Block a user