diff --git a/bundles/postgresql/files/pg_hba.conf b/bundles/postgresql/files/pg_hba.conf new file mode 100644 index 0000000..36c863b --- /dev/null +++ b/bundles/postgresql/files/pg_hba.conf @@ -0,0 +1,8 @@ +% for custom_rule in sorted(node.metadata.get('postgresql', {}).get('custom_rules', [])): +${custom_rule} +% endfor +local all postgres peer +local all all peer +host all all 127.0.0.1/32 md5 +host all all ::1/128 md5 +host all all all md5 diff --git a/bundles/postgresql/files/postgresql.conf b/bundles/postgresql/files/postgresql.conf new file mode 100644 index 0000000..6414f3a --- /dev/null +++ b/bundles/postgresql/files/postgresql.conf @@ -0,0 +1,30 @@ +data_directory = '/var/lib/postgresql/${version}/main' +hba_file = '/etc/postgresql/${version}/main/pg_hba.conf' +ident_file = '/etc/postgresql/${version}/main/pg_ident.conf' +external_pid_file = '/var/run/postgresql/${version}-main.pid' +% if version == '9.1': +unix_socket_directory = '/var/run/postgresql' +% else: +unix_socket_directories = '/var/run/postgresql' +% endif +port = 5432 +listen_addresses = 'localhost' +max_connections = ${max_connections} +autovacuum_max_workers = ${autovacuum_max_workers} +maintenance_work_mem = ${maintenance_work_mem}MB +work_mem = ${work_mem}MB +shared_buffers = ${shared_buffers}MB +temp_buffers = ${temp_buffers}MB +log_destination = syslog +datestyle = 'iso, ymd' +timezone = 'localtime' +lc_messages = 'en_US.UTF-8' +lc_monetary = 'en_US.UTF-8' +lc_numeric = 'en_US.UTF-8' +lc_time = 'en_US.UTF-8' +default_text_search_config = 'pg_catalog.english' +% if slow_query_log_sec > 0: +log_min_duration_statement = ${slow_query_log_sec*1000} +% else: +log_min_duration_statement = -1 +% endif diff --git a/bundles/postgresql/items.py b/bundles/postgresql/items.py index f51a355..f36e4bd 100644 --- a/bundles/postgresql/items.py +++ b/bundles/postgresql/items.py @@ -1,19 +1,56 @@ +postgresql_version = node.metadata['postgresql']['version'] + pkg_apt = { - 'postgresql-11': {}, - 'postgresql-client-11': {}, - 'postgresql-server-dev-11': {}, + 'postgresql-common': {}, + 'postgresql-client-common': {}, + 'postgresql-{}'.format(postgresql_version): {}, + 'postgresql-client-{}'.format(postgresql_version): {}, + 'postgresql-server-dev-{}'.format(postgresql_version): {}, } if node.has_bundle('zfs'): - pkg_apt['postgresql-11']['needs'] = { - 'zfs_dataset:tank/postgresql', - } - pkg_apt['postgresql-client-11']['needs'] = { - 'zfs_dataset:tank/postgresql', - } - pkg_apt['postgresql-server-dev-11']['needs'] = { - 'zfs_dataset:tank/postgresql', - } + for pkgname, pkgconfig in pkg_apt.items(): + pkg_apt[pkgname]['needs'] = { + 'zfs_dataset:tank/postgresql', + } + + +directories = { + '/etc/postgresql': { + 'owner': None, + 'group': None, + 'mode': None, + # Keeping old configs messes with cluster-auto-detection. + 'purge': True, + }, + # This is needed so the above purge does not remove the version + # currently installed. + '/etc/postgresql/{}'.format(postgresql_version): { + 'owner': None, + 'group': None, + 'mode': None, + }, +} + +files = { + "/etc/postgresql/{}/main/pg_hba.conf".format(postgresql_version): { + 'content_type': 'mako', + 'owner': 'postgres', + 'group': 'postgres', + 'triggers': { + 'svc_systemd:postgresql:restart', + }, + }, + "/etc/postgresql/{}/main/postgresql.conf".format(postgresql_version): { + 'content_type': 'mako', + 'context': node.metadata['postgresql'], + 'owner': 'postgres', + 'group': 'postgres', + 'triggers': { + 'svc_systemd:postgresql:restart', + }, + }, +} postgres_roles = { 'root': { diff --git a/bundles/postgresql/metadata.py b/bundles/postgresql/metadata.py index 0e0b759..a0212d3 100644 --- a/bundles/postgresql/metadata.py +++ b/bundles/postgresql/metadata.py @@ -13,6 +13,15 @@ defaults = { }, }, }, + 'postgresql': { + 'max_connections': 100, + 'autovacuum_max_workers': 3, + 'maintenance_work_mem': 64, + 'work_mem': 4, + 'shared_buffers': 128, + 'temp_buffers': 8, + 'slow_query_log_sec': 0, + }, } if node.has_bundle('zfs'): @@ -23,3 +32,39 @@ if node.has_bundle('zfs'): }, }, } + + +@metadata_reactor.provides( + 'apt/repos/postgresql', + 'postgresql/version', +) +def default_postgresql_version_for_debian(metadata): + # + versions_in_debian = { + '10': '11', # buster + '11': '13', # bullseye + } + os = str(node.os_version[0]) + version_to_be_installed = metadata.get('postgresql/version', versions_in_debian[os]) + + if version_to_be_installed != versions_in_debian[os]: + return { + 'apt': { + 'repos': { + 'postgresql': { + 'items': { + 'deb https://apt.postgresql.org/pub/repos/apt/ {os_release}-pgdg main', + }, + }, + }, + }, + 'postgresql': { + 'version': version_to_be_installed, + }, + } + else: + return { + 'postgresql': { + 'version': version_to_be_installed, + }, + } diff --git a/data/apt/files/gpg-keys/postgresql.asc b/data/apt/files/gpg-keys/postgresql.asc new file mode 100644 index 0000000..f75c51f --- /dev/null +++ b/data/apt/files/gpg-keys/postgresql.asc @@ -0,0 +1,92 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: SKS 1.1.6 +Comment: Hostname: keyserver.ubuntu.com + +mQINBE6XR8IBEACVdDKT2HEH1IyHzXkb4nIWAY7echjRxo7MTcj4vbXAyBKOfjjaUrBEJWHN +6fjKJXOYWXHLIYg0hOGeW9qcSiaa1/rYIbOzjfGfhE4x0Y+NJHS1db0VG6GUj3qXaeyqIJGS +2z7m0Thy4Lgr/LpZlZ78Nf1fliSzBlMo1sV7PpP/7zUO+aA4bKa8Rio3weMXQOZgclzgeSdq +twKnyKTQdXY5MkH1QXyFIk1nTfWwyqpJjHlgtwMic2cxjqG5nnV9rIYlTTjYG6RBglq0SmzF +/raBnF4Lwjxq4qRqvRllBXdFu5+2pMfCIZ10HPRdqDCTN60DUix+BTzBUT30NzaLhZbOMT5R +vQtvTVgWpeIn20i2NrPWNCUhhj490dKDLpK/v+A5/i8zPvN4c6MkDHi1FZfaoz3863dylUBR +3Ip26oM0hHXf4/2UA/oA4pCl2W0hc4aNtozjKHkVjRx5Q8/hVYu+39csFWxo6YSB/KgIEw+0 +W8DiTII3RQj/OlD68ZDmGLyQPiJvaEtY9fDrcSpI0Esm0i4sjkNbuuh0Cvwwwqo5EF1zfkVj +Tqz2REYQGMJGc5LUbIpk5sMHo1HWV038TWxlDRwtOdzw08zQA6BeWe9FOokRPeR2AqhyaJJw +OZJodKZ76S+LDwFkTLzEKnYPCzkoRwLrEdNt1M7wQBThnC5z6wARAQABtBxQb3N0Z3JlU1FM +IERlYmlhbiBSZXBvc2l0b3J5iEYEEBEIAAYFAk6XSO4ACgkQxa93SlhRC1qmjwCg9U7U+XN7 +Gc/dhY/eymJqmzUGT/gAn0guvoX75Y+BsZlI6dWnqaFU6N8HiQEcBBABAgAGBQJTTm0vAAoJ +EGpPXKmnj2dZqJUH/1mMYpxYj9/F9hw7s54PpK1aUPx/BjAb66vYvo6YNkP0YXXfwWyynmJZ +3XAlnV0y7ofS+BMvfLQMaRyV9KTdV0Xv76xHmB7WiqPzNNW3nnLAqfVfFjJm3NUpFzOlBtY8 +1izfMSjeZgia1aQ+e0ZRnXcQP18k6pApfCYbD01LSWrwAjcM6JSyaMxyAAdDnUY/EvhL5gW+ +ZHGP/fqKWjauJP7jB7d/INlaCmWSAhuM1wFnujf55QgjIYuYi4H9CKwVuRKqNKTKp7LHgetF +id1mh5KY+95c8bEatpFvGezyhRsvuWw11/KhJrSjr4WLWMq8MiWr1OdqUHizsGO3IQ684XOJ +ATMEEAEKAB0WIQQqMv4G2oYBiHLWyD6Awfu1WW3ZmwUCW4OctgAKCRCAwfu1WW3Zm4diCACu +7Y2Rr1/2sZY1tmIHI6jeA4pv7pDWtKwbOpujdaOZrJj2MwMW5KosLa9OU9b/i+ByBOkTvAb6 +CxLbX4o9hn9Fdvci/jTnGDsZKozN5ijVXTuTrYfZhn5xxAL/5rIPz0O8duKhdsj8XltITHFT +tuJlTdHENbPvw+ITEnxPaaz2ioVg3C2/7dCeJZnpFCwAiuM8B2Sip/WDA9wRnEHHib6jLYLj +VZ8RCWfUk6r+nMTAS6SL50CB5V4nzZ6PlTc6qNtzUSKVcyJldc5RNqa1vfuaOJYxCy3qxxlU +gAM76yJ/LdbqNoHPCIpx5Pl+yBHKZDLmyVxY+qsLr9k8XHSx3TRQiQIcBBABCAAGBQJOl0kL +AAoJEExaa6sS0qeuBfEP/3AnLrcKx+dFKERXo4NBCGWr+i1CnowupKS3rm2xLbmiB969szG5 +TxnOIvnjECqPz6skK3HkV3jTZajuv3sR6M2ItpnrncWuiLnYcCSDp9TEMpCWzTEgtrBlKdVu +TNTeRGILeIcvqoZX5w+ui0eBvvbeRbHEyUsvOEnYjrqoAjqUJj5FUZtR1+V9fnZp8zDgpOSx +x0LomnFdKnhjuyXAQlRCA6/roVNR9ruRjxTR5ubteZ9ubTsVYr2/eMYOjQ46LhAgR+3Alblu +/WHBMR/9F9//RuOa43R5Sjx9TiFCYol+Ozk8XRt3QGweEH51YkSYY3oRbHBb2Fkql6N6YFql +LBL7/aiWnNmRDEs/cdpo9HpFsbjOv4RlsSXQfvvfOayHpT5nO1UQFzoyMVpJ615zwmQDJT5Q +y7uvr2eQYRV9AXt8t/H+xjQsRZCc5YVmeAo91qIzI/tA2gtXik496yeziZbfUvcZzuzjjxFE +xss4DSAwMgorvBeIbiz2k2qXukbqcTjB2XqAlZasd6LlnLXpQdqDV3McYkP/MvttWh3w+J/w +oiBcA7yEI5e3YJk97uS6+ssbqLEd0CcdT+qz+Waw0z/ZIU99Lfh2Qm77OT6vr//Zulw5ovjZ +VO2boRIcve7S97gQ4KC+G/+QaRS+VPZ67j5UMxqtT/Y4+NHcQGgwF/1iiQIcBBABCgAGBQJY +rsscAAoJEH8YKMd1okYD+jkP/3XV4+G6yCetLUEVz4gxkRSKOaAmEhDcljZGzyinPrq9M+We +hr5507JoBZZBQzXQ0RELPDpVSj5KzQh4dB935iUazJqQwYZWXOiNdWo0BIVCoX0Di+6JU0aq +heUg52j5FK1G2+WPRTvv0ItRyUg6lkYezrx1GwjcrYSZLOMMOA6Wr5JuYQSBI3njaq1Hu8Aw +FP4Y5qH2xVVZj7X7SM86Dge22JPvKfmnWP3KLa8MpGMdq0ZXdDuwt/WijD7PhcfCzpk+xBmo +ExofnFsm7MdU2ri40gCpJpa+luZEyOp3B9JXwvAmizNkjHT1rW+dPXTcAhNSEnFGvqQtvBni +SFKYaCiXu9MoZ093TqTKWfxsovOiwdp2gz81Aq/NHFqjhVnFG+a4u4IgX5C6pttvzfSBYNjF +0aq+7HaI66KIMpqUn+jqSjvurJayXuEDkvnU4bTtl54c5/fxF5SQdyD1yap3I9jVHT7m6laZ +xyU3XWKpr9BbPku8Up3glZuXfWta1JcknRA6JIDlleOORtnTxsoPJaXzw/eXZtiuHZb4b6Ea +IPQuD2h1QKvab9SuXmKJh20iZ5NczFc1D/0kjOo9o4eA1QyqBuGoN0ao9c6hk9va1fHQBxBB +rmZbm97x2Yd0JgJ7wYu9bU8K5oPve+OEVJX+zuGhHZBb6ntSaB5ip3fbpwRpiQI9BBMBCAAn +AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheABQJQeSssBQkDwxbfAAoJEH/MfUaszEz4bgkP +/0AI0UgDgkNNqplAIpE/pkwem2jgGpJGKurh2xDu6j2ZL+BPzPhzyCeMHZwTXkkI373TXGQQ +P8dIa+RDHAZ3iijw4+ISdKWpziEUJjUk04UMPTlN+dYJt2EHLQDD0VLtX0yQC/wLmVEH/REp +oclbVjZR/+ehwX2IxOIlXmkZJDSycl975FnSUjMAvyzty8P9DN0fIrQ7Ju+BfMOMTnUkOdp0 +kRUYez7pxbURJfkM0NxAP1geACI91aISBpFg3zxQs1d3MmUIhJ4wHvYBuaR7Fx1FkLAxWddr +e/OCYJBsjucE9uqc04rgKVjN5P/VfqNxyUoB+YZ+8Lk4t03pRBcD9XzcyOYlFLWXbcWxTn1j +J2QMqRIWi5lzZIOMw5B+OK9LLPX0dAwIFGr9WtuVJ2zp+D4CBEMtn4Byh8EaQsttHeqAkpZo +MlrEeNBDz2L7RquPQNmiuom15nb7xU/k7PGfqtkpBaaGBV9tJkdp7BdH27dZXx+uT+uHbpMX +kRrXliHjWpAw+NGwADh/PjmqExlQSdgAiXy1TTOdzxKH7WrwMFGDK0fddKr8GH3f+Oq4eOoN +Ra6/UhTCmBPbryCSIA7EAd0Aae9YaLlOB+eTORg/F1EWLPm34kKSRtae3gfHuY2cdUmoDVnO +F8C9hc0PbL65G4NWPt+fW7lIj+0+kF19s2PviQI9BBMBCAAnAhsDBQsJCAcDBRUKCQgLBRYC +AwEAAh4BAheABQJRKm2VBQkINsBBAAoJEH/MfUaszEz4RTEP/1sQHyjHaUiAPaCAv8jw/3Sa +WP/g8qLjpY6ROjLnDMvwKwRAoxUwcIv4/TWDOMpwJN+CJIbjXsXNYvf9OX+UTOvq4iwi4ADr +AAw2xw+Jomc6EsYla+hkN2FzGzhpXfZFfUsuphjY3FKL+4hXH+R8ucNwIz3yrkfc17MMn8yF +NWFzm4omU9/JeeaafwUoLxlULL2zY7H3+QmxCl0u6t8VvlszdEFhemLHzVYRY0Ro/ISrR78C +nANNsMIy3i11U5uvdeWVCoWV1BXNLzOD4+BIDbMB/Do8PQCWiliSGZi8lvmj/sKbumMFQonM +QWOfQswTtqTyQ3yhUM1LaxK5PYq13rggi3rA8oq8SYb/KNCQL5pzACji4TRVK0kNpvtxJxe8 +4X8+9IB1vhBvF/Ji/xDd/3VDNPY+k1a47cON0S8Qc8DA3mq4hRfcgvuWy7ZxoMY7AfSJOhle +b9+PzRBBn9agYgMxZg1RUWZazQ5KuoJqbxpwOYVFja/stItNS4xsmi0lh2I4MNlBEDqnFLUx +SvTDc22c3uJlWhzBM/f2jH19uUeqm4jaggob3iJvJmK+Q7Ns3WcfhuWwCnc1+58diFAMRUCR +BPeFS0qd56QGk1r97B6+3UfLUslCfaaA8IMOFvQSHJwDO87xWGyxeRTYIIP9up4xwgje9LB7 +fMxsSkCDTHOkiQI9BBMBCAAnAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheABQJS6RUZBQkO +hCctAAoJEH/MfUaszEz4zmQP/2adHtuaXL5Xu3C3NGLha/aQb9iSJC8z5vN55HMCpsWlmslC +BuEr+qR+oZvPkvwh0Io/8hQl/qN54DMNifRwVL2n2eG52yNERie9BrAMK2kNFZZCH4OxlMN0 +876BmDuNq2U67vUtCv+pxT+g9R1LvlPgLCTjS3m+qMqUICJ310BMT2cpYlJx3YqXouFkdWBV +urI0pGU/+QtydcJALz5eZbzlbYSPWbOm2ZSS2cLrCsVNFDOAbYLtUn955yXB5s4rIscEvTzB +xPgID1iBknnPzdu2tCpk07yJleiupxI1yXstCtvhGCbiAbGFDaKzhgcAxSIX0ZPahpaYLdCk +coLlfgD+ar4K8veSK2LazrhO99O0onRG0p7zuXszXphO4E/WdbTOyDD35qCqYeAX6TaB+2l4 +kIdVqPgoXT/doWVLUK2NjZtd3JpMWI0OGYDFn2DAvgwPxqKEoGTOYuoWKssnwLlA/ZMETega +k27gFAKfoQlmHjeA/PLC2KRYd6Wg2DSifhn+2MouoE4XFfeekVBQx98rOQ5NLwy/TYlsHXm1 +n0RW86ETN3chj/PPWjsi80t5oepx82azRoVu95LJUkHpPLYyqwfueoVzp2+B2hJU2Rg7w+cJ +q64TfeJG8hrc93MnSKIbzTvXfdPtvYdHhhA2LYu4+5mh5ASlAMJXD7zIOZt2iQJOBBMBCAA4 +AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEEuXsK/KoaR/BE8kSgf8x9RqzMTPgFAlht +CD8ACgkQf8x9RqzMTPgECxAAk8uL+dwveTv6eH21tIHcltt8U3Ofajdo+D/ayO53LiYOxi27 +kdHD0zvFMUWXLGxQtWyeqqDRvDagfWglHucIcaLxoxNwL8+e+9hVFIEskQAYkVToBCKMXTQD +Larz8/J030Pmcv3ihbwB+jhnykMuyyNmht4kq0CNgnlcMCdVz0d3z/09puryIHJrD+A8y3TD +4RM74snQuwc9u5bsckvRtRJKbP3GX5JaFZAqUyZNRJRJTn2OQRBhCpxhlZ2afkAPFIq2aVnE +t/Ie6tmeRCzsW3lOxEH2K7MQSfSu/kRz7ELfCz3NJHj7rMzC+76Rhsas60t9CjmvMuGONEpc +tijDWONLCuch3Pdj6XpC+MVxpgBy2VUdkunb48YhXNW0jgFGM/BFRj+dMQOUbY8PjJjsmVV0 +joDruWATQG/M4C7O8iU0B7o6yVv4m8LDEN9CiR6r7H17m4xZseT3f+0QpMe7iQjz6XxTUFRQ +xXqzmNnloA1T7VjwPqIIzkj/u0V8nICG/ktLzp1OsCFatWXh7LbU+hwYl6gsFH/mFDqVxJ3+ +DKQivyf1NatzEwl62foVjGUSpvh3ymtmtUQ4JUkNDsXiRBWczaiGSuzD9Qi0ONdkAX3bewqm +N4TfE+XIpCPxxHXwGq9Rv1IFjOdCX0iG436GHyTLC1tTUIKF5xV4Y0+cXIM= +=hqgj +-----END PGP PUBLIC KEY BLOCK-----