├── lib
├── __init__.py
├── tests
│ ├── __init__.py
│ ├── checksums
│ │ ├── test_directory
│ │ │ ├── test_file_1.txt
│ │ │ ├── dir
│ │ │ │ ├── nested_file_1.txt
│ │ │ │ ├── nested_file_3.yml
│ │ │ │ └── nested_file_2.json
│ │ │ ├── test_file_2.json
│ │ │ └── test_file_3.yml
│ │ ├── tampered_test_directory
│ │ │ ├── test_file_1.txt
│ │ │ ├── test_file_2.json
│ │ │ └── test_file_3.yml
│ │ ├── tampered_nested_test_directory
│ │ │ ├── test_file_1.txt
│ │ │ ├── dir
│ │ │ │ ├── nested_file_1.txt
│ │ │ │ ├── nested_file_3.yml
│ │ │ │ └── nested_file_2.json
│ │ │ ├── test_file_2.json
│ │ │ └── test_file_3.yml
│ │ ├── tampered_missing_test_directory
│ │ │ ├── test_file_1.txt
│ │ │ └── test_file_2.json
│ │ └── checksums.json
│ ├── architectures
│ │ └── lib
│ │ │ └── hostnames
│ ├── test_password.py
│ └── test_tpa_platforms.py
├── action_plugins
│ └── __init__.py
├── callback_plugins
│ └── __init__.py
├── filter_plugins
│ ├── __init__.py
│ └── fnmatch.py
├── tpa
│ ├── __init__.py
│ ├── commands
│ │ └── __init__.py
│ ├── platforms
│ │ ├── __init__.py
│ │ └── bare.py
│ └── architectures
│ │ ├── m1.py
│ │ ├── bdr_always_on.py
│ │ ├── pgd_always_on.py
│ │ └── __init__.py
└── tpaexec
│ ├── platforms
│ └── bare.py
│ └── __init__.py
├── ansible
├── ansible-doc
├── ansible-vault
├── ansible-config
├── ansible-galaxy
├── ansible-inventory
├── ansible-playbook
├── ansible-vaultpw
└── hosts
├── roles
├── postgres
│ ├── bdr
│ │ └── tasks
│ │ │ ├── bdr1
│ │ │ ├── bdr2
│ │ │ ├── post-join.yml
│ │ │ └── join.yml
│ │ │ ├── bdr3
│ │ │ ├── post-join.yml
│ │ │ └── create-node.yml
│ │ │ ├── bdr4
│ │ │ ├── init.yml
│ │ │ ├── join.yml
│ │ │ ├── create-node.yml
│ │ │ └── witness-repset.yml
│ │ │ ├── bdr5
│ │ │ ├── init.yml
│ │ │ ├── join.yml
│ │ │ └── create-node.yml
│ │ │ ├── noop.yml
│ │ │ ├── bdr6
│ │ │ └── create-node.yml
│ │ │ └── version.yml
│ ├── pkg
│ │ ├── handlers
│ │ ├── vars
│ │ │ └── main.yml
│ │ └── tasks
│ │ │ ├── os
│ │ │ ├── RedHat
│ │ │ │ └── list-packages.yml
│ │ │ └── SUSE
│ │ │ │ └── list-packages.yml
│ │ │ ├── src.yml
│ │ │ ├── list-client-packages.yml
│ │ │ └── main.yml
│ ├── config
│ │ ├── handlers
│ │ ├── templates
│ │ │ ├── variable.j2
│ │ │ ├── pg_hba.lines.j2
│ │ │ ├── override.conf.j2
│ │ │ ├── bdr.conf.j2
│ │ │ ├── settings.conf.j2
│ │ │ └── syslog-postgres.conf.j2
│ │ ├── vars
│ │ │ ├── main.yml
│ │ │ └── conf_extensions.yml
│ │ └── tasks
│ │ │ ├── bdr.yml
│ │ │ ├── set_postgres_conf_settings_facts.yml
│ │ │ ├── camo.yml
│ │ │ ├── set_preload_library_facts.yml
│ │ │ ├── conf_ssn.yml
│ │ │ ├── ssn.yml
│ │ │ └── set-variable.yml
│ ├── pgpass
│ │ ├── defaults
│ │ │ └── main.yml
│ │ └── vars
│ │ │ └── main.yml
│ ├── update
│ │ └── tasks
│ │ │ ├── src.yml
│ │ │ └── pkg.yml
│ ├── initdb
│ │ └── defaults
│ │ │ └── main.yml
│ ├── service
│ │ └── templates
│ │ │ └── postgres-monitor.service.j2
│ ├── src
│ │ └── templates
│ │ │ └── rebuild-sources.sh.j2
│ ├── handlers
│ │ └── main.yml
│ └── cleanup
│ │ └── tasks
│ │ └── pglogical-extension.yml
├── efm
│ ├── switchover
│ │ ├── templates
│ │ │ └── efm.properties.j2
│ │ └── defaults
│ │ │ └── main.yml
│ ├── update
│ │ ├── templates
│ │ │ └── efm.notification.sh.j2
│ │ └── tasks
│ │ │ └── cleanup.yml
│ ├── pkg
│ │ ├── vars
│ │ │ ├── main.yml
│ │ │ ├── SLES.yml
│ │ │ ├── Debian-12.yml
│ │ │ ├── Debian-9.yml
│ │ │ ├── Debian.yml
│ │ │ ├── RedHat-7.6.yml
│ │ │ ├── Ubuntu.yml
│ │ │ └── RedHat.yml
│ │ ├── defaults
│ │ │ └── main.yml
│ │ └── tasks
│ │ │ └── main.yml
│ ├── config
│ │ ├── defaults
│ │ │ └── main.yml
│ │ ├── templates
│ │ │ ├── efm.notification.sh.j2
│ │ │ └── efm.nodes.j2
│ │ └── vars
│ │ │ └── log-server-defined.yml
│ ├── handlers
│ │ └── main.yml
│ ├── final
│ │ └── tasks
│ │ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ ├── service
│ │ └── tasks
│ │ │ ├── status.yml
│ │ │ └── main.yml
│ └── restart
│ │ └── tasks
│ │ └── main.yml
├── sys
│ ├── rsyslog
│ │ ├── files
│ │ │ ├── 01-enable-udp-reception.conf
│ │ │ ├── 55-barman.conf
│ │ │ └── 00-enable-tcp-reception.conf
│ │ ├── handlers
│ │ │ └── main.yml
│ │ └── templates
│ │ │ └── 23-postgres.conf.j2
│ ├── openvpn
│ │ ├── pkg
│ │ │ ├── vars
│ │ │ │ └── main.yml
│ │ │ ├── defaults
│ │ │ │ └── main.yml
│ │ │ └── tasks
│ │ │ │ ├── list-packages.yml
│ │ │ │ └── main.yml
│ │ ├── server
│ │ │ └── templates
│ │ │ │ └── ccd.j2
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── defaults
│ │ │ └── main.yml
│ │ ├── client
│ │ │ └── tasks
│ │ │ │ └── main.yml
│ │ ├── ip
│ │ │ └── tasks
│ │ │ │ └── main.yml
│ │ └── common
│ │ │ └── templates
│ │ │ └── openssl.cnf.j2
│ ├── upgrade
│ │ └── tasks
│ │ │ ├── os
│ │ │ ├── Debian.yml
│ │ │ └── RedHat.yml
│ │ │ └── main.yml
│ ├── locale
│ │ ├── tasks
│ │ │ ├── main.yml
│ │ │ └── os
│ │ │ │ ├── SUSE
│ │ │ │ └── locale.yml
│ │ │ │ ├── RedHat
│ │ │ │ └── locale.yml
│ │ │ │ └── Debian
│ │ │ │ └── locale.yml
│ │ └── pkg
│ │ │ └── tasks
│ │ │ ├── main.yml
│ │ │ └── list-packages.yml
│ ├── sysstat
│ │ └── templates
│ │ │ ├── sysstat-collect.timer.j2
│ │ │ ├── sysstat-summary.timer.j2
│ │ │ ├── sysstat-collect.service.j2
│ │ │ ├── sysstat-summary.service.j2
│ │ │ └── sysstat.service.j2
│ ├── fs
│ │ ├── defaults
│ │ │ └── main.yml
│ │ └── vars
│ │ │ └── main.yml
│ ├── repositories
│ │ ├── tasks
│ │ │ ├── repositories.yml
│ │ │ ├── os
│ │ │ │ └── RedHat
│ │ │ │ │ ├── add-repository-rpm.yml
│ │ │ │ │ └── add-repository.yml
│ │ │ ├── extension-repositories.yml
│ │ │ └── main.yml
│ │ └── templates
│ │ │ └── 2ndquadrant-pins.j2
│ ├── ssl
│ │ ├── ca
│ │ │ ├── defaults
│ │ │ │ └── main.yml
│ │ │ ├── vars
│ │ │ │ └── main.yml
│ │ │ └── final
│ │ │ │ ├── tasks
│ │ │ │ └── main.yml
│ │ │ │ └── defaults
│ │ │ │ └── main.yml
│ │ ├── vars
│ │ │ └── main.yml
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── server
│ │ │ ├── vars
│ │ │ │ └── main.yml
│ │ │ └── defaults
│ │ │ │ └── main.yml
│ │ └── client
│ │ │ ├── vars
│ │ │ └── main.yml
│ │ │ └── defaults
│ │ │ └── main.yml
│ ├── defaults
│ │ └── main.yml
│ ├── hostkeys
│ │ └── templates
│ │ │ └── known_hosts.j2
│ ├── ssh
│ │ ├── vars
│ │ │ └── main.yml
│ │ └── tasks
│ │ │ └── main.yml
│ ├── rebuild-sources.sh
│ ├── hosts
│ │ └── tasks
│ │ │ └── main.yml
│ ├── logrotate
│ │ ├── templates
│ │ │ └── postgres.j2
│ │ └── tasks
│ │ │ ├── postgres.yml
│ │ │ └── main.yml
│ ├── local_repo
│ │ └── handlers
│ │ │ └── main.yml
│ ├── sysctl
│ │ └── templates
│ │ │ └── hugepages.j2
│ ├── pkg
│ │ └── tasks
│ │ │ └── list-unwanted-packages.yml
│ ├── tasks
│ │ └── artifact.yml
│ ├── paths
│ │ └── tasks
│ │ │ └── main.yml
│ └── cloudinit
│ │ └── tasks
│ │ └── main.yml
├── patroni
│ ├── api
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── vars
│ │ │ └── main.yml
│ ├── service
│ │ ├── handlers
│ │ │ └── main.yml
│ │ └── tasks
│ │ │ ├── restart.yml
│ │ │ └── status.yml
│ ├── pkg
│ │ ├── tasks
│ │ │ ├── list-dependency-packages.yml
│ │ │ ├── dependencies.yml
│ │ │ └── main.yml
│ │ └── defaults
│ │ │ └── main.yml
│ ├── config
│ │ ├── defaults
│ │ │ └── main.yml
│ │ └── handlers
│ │ │ └── main.yml
│ ├── facts
│ │ └── tasks
│ │ │ ├── main.yml
│ │ │ └── gather.yml
│ ├── update
│ │ └── tasks
│ │ │ └── main.yml
│ └── src
│ │ └── defaults
│ │ └── main.yml
├── beacon-agent
│ ├── config
│ │ ├── vars
│ │ │ └── main.yml
│ │ └── templates
│ │ │ └── beacon_agent.yaml.j2
│ ├── pkg
│ │ ├── vars
│ │ │ └── main.yml
│ │ ├── defaults
│ │ │ └── main.yml
│ │ └── tasks
│ │ │ ├── main.yml
│ │ │ └── list-packages.yml
│ ├── tasks
│ │ └── main.yml
│ ├── service
│ │ ├── files
│ │ │ └── beacon-agent.service
│ │ └── tasks
│ │ │ └── main.yml
│ ├── final
│ │ └── tasks
│ │ │ └── main.yml
│ └── restart
│ │ └── tasks
│ │ └── main.yml
├── etcd
│ ├── pkg
│ │ ├── vars
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ ├── main.yml
│ │ │ └── list-packages.yml
│ │ └── templates
│ │ │ └── etcd.service.j2
│ ├── service
│ │ ├── defaults
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── templates
│ │ │ └── etcd.service.j2
│ ├── handlers
│ │ └── main.yml
│ ├── config
│ │ ├── handlers
│ │ │ └── main.yml
│ │ └── defaults
│ │ │ └── main.yml
│ ├── final
│ │ └── tasks
│ │ │ └── main.yml
│ ├── tasks
│ │ └── upgrade.yml
│ └── restart
│ │ └── tasks
│ │ └── main.yml
├── harp
│ ├── pkg
│ │ ├── vars
│ │ │ └── main.yml
│ │ ├── defaults
│ │ │ └── main.yml
│ │ └── tasks
│ │ │ └── main.yml
│ ├── final
│ │ └── tasks
│ │ │ └── restart-one-proxy.yml
│ ├── service
│ │ └── templates
│ │ │ └── harp-postgres.target.j2
│ ├── config
│ │ ├── defaults
│ │ │ └── main.yml
│ │ ├── handlers
│ │ │ └── main.yml
│ │ └── vars
│ │ │ └── main.yml
│ ├── tasks
│ │ └── upgrade.yml
│ ├── restart
│ │ └── tasks
│ │ │ └── main.yml
│ └── handlers
│ │ └── main.yml
├── barman
│ ├── pkg
│ │ ├── vars
│ │ │ └── main.yml
│ │ └── defaults
│ │ │ └── main.yml
│ ├── first_backup
│ │ └── defaults
│ │ │ └── main.yml
│ ├── handlers
│ │ └── main.yml
│ ├── tasks
│ │ └── server-start-receive-wal.yml
│ ├── templates
│ │ └── barman-home-ok.j2
│ └── final
│ │ └── tasks
│ │ └── main.yml
├── pgdcli
│ ├── pkg
│ │ └── vars
│ │ │ └── main.yml
│ ├── config
│ │ └── templates
│ │ │ └── pgd-cli-config.j2
│ ├── tasks
│ │ ├── upgrade.yml
│ │ └── main.yml
│ └── update
│ │ └── tasks
│ │ └── main.yml
├── repmgr
│ ├── pkg
│ │ └── vars
│ │ │ └── main.yml
│ ├── common
│ │ ├── templates
│ │ │ └── follow_command.sh.j2
│ │ ├── vars
│ │ │ └── main.yml
│ │ └── defaults
│ │ │ └── main.yml
│ ├── handlers
│ │ └── main.yml
│ ├── src
│ │ ├── templates
│ │ │ └── rebuild-sources.sh.j2
│ │ └── defaults
│ │ │ └── main.yml
│ ├── service
│ │ ├── tasks
│ │ │ ├── status.yml
│ │ │ ├── pause.yml
│ │ │ └── unpause.yml
│ │ └── templates
│ │ │ └── repmgrd.service.j2
│ ├── replica
│ │ └── final
│ │ │ └── tasks
│ │ │ └── recovery.yml
│ └── tasks
│ │ └── main.yml
├── haproxy
│ ├── pkg
│ │ ├── vars
│ │ │ └── main.yml
│ │ ├── defaults
│ │ │ └── main.yml
│ │ └── tasks
│ │ │ ├── list-packages.yml
│ │ │ └── main.yml
│ ├── final
│ │ └── tasks
│ │ │ └── main.yml
│ ├── handlers
│ │ └── main.yml
│ ├── config
│ │ ├── files
│ │ │ └── 49-haproxy.conf
│ │ ├── handlers
│ │ │ └── main.yml
│ │ └── defaults
│ │ │ └── main.yml
│ ├── restart
│ │ └── tasks
│ │ │ └── main.yml
│ └── facts
│ │ └── defaults
│ │ └── main.yml
├── pem
│ ├── agent
│ │ ├── pkg
│ │ │ ├── vars
│ │ │ │ └── main.yml
│ │ │ ├── defaults
│ │ │ │ └── main.yml
│ │ │ └── tasks
│ │ │ │ └── main.yml
│ │ ├── handlers
│ │ │ └── main.yml
│ │ └── tasks
│ │ │ └── main.yml
│ ├── server
│ │ ├── pkg
│ │ │ ├── vars
│ │ │ │ └── main.yml
│ │ │ └── tasks
│ │ │ │ ├── main.yml
│ │ │ │ └── v10-packages.yml
│ │ ├── config
│ │ │ ├── webserver
│ │ │ │ └── handlers
│ │ │ │ │ └── main.yml
│ │ │ └── final
│ │ │ │ └── defaults
│ │ │ │ └── main.yml
│ │ └── tasks
│ │ │ └── upgrade.yml
│ └── final
│ │ └── tasks
│ │ └── main.yml
├── pgbackupapi
│ ├── pkg
│ │ ├── vars
│ │ │ └── main.yml
│ │ ├── templates
│ │ │ └── pg-backup-api.service.j2
│ │ └── tasks
│ │ │ ├── list-packages.yml
│ │ │ └── main.yml
│ ├── service
│ │ ├── handlers
│ │ │ └── main.yml
│ │ └── templates
│ │ │ └── pg-backup-api.conf.j2
│ ├── tasks
│ │ └── main.yml
│ └── update
│ │ └── tasks
│ │ └── main.yml
├── pgbouncer
│ ├── pkg
│ │ ├── vars
│ │ │ └── main.yml
│ │ ├── defaults
│ │ │ └── main.yml
│ │ └── tasks
│ │ │ ├── main.yml
│ │ │ └── list-packages.yml
│ ├── handlers
│ │ └── main.yml
│ ├── redirect
│ │ └── defaults
│ │ │ └── main.yml
│ ├── service
│ │ ├── defaults
│ │ │ └── main.yml
│ │ ├── templates
│ │ │ └── pgbouncer.service.j2
│ │ └── tasks
│ │ │ └── main.yml
│ ├── config
│ │ ├── defaults
│ │ │ └── main.yml
│ │ ├── vars
│ │ │ └── main.yml
│ │ └── templates
│ │ │ ├── pgbouncer.databases.ini.j2
│ │ │ └── userlist.txt.j2
│ ├── final
│ │ └── tasks
│ │ │ └── main.yml
│ ├── restart
│ │ └── tasks
│ │ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ └── update
│ │ └── tasks
│ │ └── main.yml
├── pgd_proxy
│ ├── pkg
│ │ ├── vars
│ │ │ └── main.yml
│ │ ├── defaults
│ │ │ └── main.yml
│ │ └── tasks
│ │ │ ├── list-packages.yml
│ │ │ └── main.yml
│ ├── defaults
│ │ └── main.yml
│ ├── handlers
│ │ └── main.yml
│ ├── final
│ │ └── tasks
│ │ │ └── main.yml
│ ├── config
│ │ ├── handlers
│ │ │ └── main.yml
│ │ └── defaults
│ │ │ └── main.yml
│ ├── restart
│ │ └── tasks
│ │ │ └── main.yml
│ ├── tasks
│ │ ├── upgrade.yml
│ │ └── main.yml
│ ├── service
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── templates
│ │ │ └── pgd-proxy.service.j2
│ ├── dbuser
│ │ └── tasks
│ │ │ └── main.yml
│ └── update
│ │ └── tasks
│ │ └── main.yml
├── secret
│ └── vars
│ │ └── main.yml
├── pkg
│ ├── download
│ │ ├── vars
│ │ │ └── main.yml
│ │ └── tasks
│ │ │ └── main.yml
│ └── add_to_list
│ │ └── tasks
│ │ └── main.yml
├── test
│ └── tasks
│ │ ├── failures
│ │ └── none.yml
│ │ ├── compliance
│ │ ├── cis.yml
│ │ ├── stig.yml
│ │ └── fips.yml
│ │ ├── sys.yml
│ │ ├── sys
│ │ ├── package-list.yml
│ │ ├── os
│ │ │ ├── Debian
│ │ │ │ └── package-list.yml
│ │ │ ├── RedHat
│ │ │ │ └── package-list.yml
│ │ │ └── SUSE
│ │ │ │ └── package-list.yml
│ │ └── locale.yml
│ │ ├── proxy-monitor
│ │ └── stop.yml
│ │ ├── haproxy.yml
│ │ ├── barman
│ │ └── check-running-backup.yml
│ │ ├── pgbouncer.yml
│ │ ├── pgd-proxy.yml
│ │ ├── harp-proxy.yml
│ │ ├── postgres
│ │ └── controldata.yml
│ │ ├── camo
│ │ └── bdr_camo_client_teardown.yml
│ │ └── prereqs.yml
├── zabbix_agent
│ ├── config
│ │ ├── templates
│ │ │ └── userparameters
│ │ │ │ ├── pgbouncer.j2
│ │ │ │ └── barman.j2
│ │ └── tasks
│ │ │ └── main.yml
│ ├── vars
│ │ ├── Debian.yml
│ │ └── RedHat.yml
│ ├── pkg
│ │ └── tasks
│ │ │ ├── list-packages.yml
│ │ │ └── main.yml
│ ├── handlers
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── watchdog
│ └── defaults
│ │ └── main.yml
├── pgbench
│ ├── init
│ │ └── defaults
│ │ │ └── main.yml
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ └── pgbench.yml
├── init
│ ├── platforms
│ │ ├── bare
│ │ │ └── tasks
│ │ │ │ └── main.yml
│ │ └── aws
│ │ │ └── tasks
│ │ │ ├── main.yml
│ │ │ └── firstboot.yml
│ └── tasks
│ │ └── distribution.yml
├── post_deploy
│ └── tasks
│ │ └── main.yml
└── src
│ └── install
│ └── templates
│ └── general_rebuild_script.sh.j2
├── .coveragerc
├── architectures
├── M1
│ ├── deploy.yml
│ ├── README.md
│ └── _metadata
├── PGD-S
│ ├── deploy.yml
│ └── _metadata
├── PGD-X
│ ├── deploy.yml
│ ├── _metadata
│ └── upgrade_major_4to6.yml
├── Lightweight
│ ├── deploy.yml
│ ├── README.md
│ └── _metadata
├── lib
│ ├── commands
│ │ ├── show-vault
│ │ ├── stop-containers.yml
│ │ ├── start-containers.yml
│ │ ├── rebuild-sources.yml
│ │ ├── eval.yml
│ │ ├── check_cis.yml
│ │ ├── check_stig.yml
│ │ └── test.yml
│ ├── selftest.yml
│ ├── templates
│ │ └── platforms
│ │ │ ├── docker
│ │ │ └── instance_defaults.yml.j2
│ │ │ └── aws
│ │ │ └── instance_defaults.yml.j2
│ ├── tests
│ │ └── default.yml
│ └── password
├── BDR-Always-ON
│ ├── deploy.yml
│ ├── README.md
│ └── _metadata
├── PGD-Always-ON
│ ├── deploy.yml
│ ├── README.md
│ └── _metadata
├── Images
│ ├── _metadata
│ ├── templates
│ │ └── platforms
│ │ │ ├── docker
│ │ │ └── instance_defaults.yml.j2
│ │ │ └── aws
│ │ │ └── instance_defaults.yml.j2
│ └── README.md
└── common
│ └── playbooks
│ └── repository_update.yml
├── .github
├── workflows
│ ├── relnotes
│ │ ├── requirements.txt
│ │ └── relnotes
│ │ │ ├── __init__.py
│ │ │ └── exceptions.py
│ └── sonarqube
│ │ └── configure-env.sh
├── act-events
│ └── default.json
├── actions
│ ├── update-requirements
│ │ ├── template.txt
│ │ └── body.template.md
│ └── initialise_integration_test
│ │ └── efm_ping.yml
├── ISSUE_TEMPLATE
│ ├── config.yml
│ └── 03-question.yml
├── examples
│ ├── bdr-always-on-event.json
│ ├── bdrao-pg.json
│ └── README.md
└── foundation
│ └── security
│ └── scan-hooks.sh
├── platforms
├── aws
│ ├── README.md
│ ├── _metadata
│ ├── prehydrate-vars.yml.j2
│ ├── user-data
│ │ ├── authorized-key.j2
│ │ ├── attach-volumes.j2
│ │ └── sshd-config.j2
│ ├── inventory
│ │ └── write.yml
│ └── ec2-tag-volumes.yml
├── bare
│ ├── README.md
│ ├── deprovision.yml
│ └── _metadata
├── docker
│ ├── README.md
│ ├── images
│ │ ├── .gitignore
│ │ └── Dockerfile
│ └── _metadata
├── common
│ ├── set-provisioning-var.yml
│ ├── set-provisioning-vars.yml
│ ├── inventory
│ │ ├── inventory.j2
│ │ ├── ssh_config.j2
│ │ └── known_hosts.j2
│ └── write-provisioning-vars.yml
└── deprovision.yml
├── docs
├── .gitignore
├── src
│ ├── images
│ │ ├── m1.png
│ │ ├── Cluster1.jpg
│ │ ├── bdr-always-on.png
│ │ └── m1.dot
│ ├── legal-notice.md
│ ├── templates
│ │ └── styles.scss
│ ├── pg_ident.conf.md
│ └── locale.md
├── pdf
│ └── .gitignore
└── Makefile
├── requirements
├── dep.in
├── document.txt
├── lint.in
└── testing.in
├── tpa-ee
└── aap24
│ └── build-requirements.in
├── .actrc
├── .idea
├── copyright
│ ├── profiles_settings.xml
│ └── EDB.xml
├── .gitignore
├── inspectionProfiles
│ └── profiles_settings.xml
├── modules.xml
└── vcs.xml
├── requirements-ppc64le.in
├── requirements-s390x.in
├── runtime.txt
├── .prospector.yaml
├── .yamllint.yaml
├── sonar-project.properties
├── pyrightconfig.json
├── .git-ignore-revs
├── collections
└── requirements.yml
├── .editorconfig
├── requirements.in
├── .dockerignore
├── entrypoint.sh
└── release_notes
└── relnote.yml.template
/lib/__init__.py:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lib/tests/__init__.py:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/ansible/ansible-doc:
--------------------------------------------------------------------------------
1 | ansible
--------------------------------------------------------------------------------
/ansible/ansible-vault:
--------------------------------------------------------------------------------
1 | ansible
--------------------------------------------------------------------------------
/ansible/ansible-config:
--------------------------------------------------------------------------------
1 | ansible
--------------------------------------------------------------------------------
/ansible/ansible-galaxy:
--------------------------------------------------------------------------------
1 | ansible
--------------------------------------------------------------------------------
/ansible/ansible-inventory:
--------------------------------------------------------------------------------
1 | ansible
--------------------------------------------------------------------------------
/ansible/ansible-playbook:
--------------------------------------------------------------------------------
1 | ansible
--------------------------------------------------------------------------------
/ansible/ansible-vaultpw:
--------------------------------------------------------------------------------
1 | ansible
--------------------------------------------------------------------------------
/lib/action_plugins/__init__.py:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lib/callback_plugins/__init__.py:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lib/filter_plugins/__init__.py:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/roles/postgres/bdr/tasks/bdr1:
--------------------------------------------------------------------------------
1 | bdr2
--------------------------------------------------------------------------------
/roles/postgres/pkg/handlers:
--------------------------------------------------------------------------------
1 | ../handlers
--------------------------------------------------------------------------------
/roles/postgres/config/handlers:
--------------------------------------------------------------------------------
1 | ../handlers
--------------------------------------------------------------------------------
/.coveragerc:
--------------------------------------------------------------------------------
1 | [run]
2 | omit = lib/tests/*
3 |
--------------------------------------------------------------------------------
/ansible/hosts:
--------------------------------------------------------------------------------
1 | ♡ ansible_connection=local
2 |
--------------------------------------------------------------------------------
/architectures/M1/deploy.yml:
--------------------------------------------------------------------------------
1 | ../lib/deploy.yml
--------------------------------------------------------------------------------
/architectures/PGD-S/deploy.yml:
--------------------------------------------------------------------------------
1 | ../lib/deploy.yml
--------------------------------------------------------------------------------
/architectures/PGD-X/deploy.yml:
--------------------------------------------------------------------------------
1 | ../lib/deploy.yml
--------------------------------------------------------------------------------
/.github/workflows/relnotes/requirements.txt:
--------------------------------------------------------------------------------
1 | PyYAML
--------------------------------------------------------------------------------
/architectures/Lightweight/deploy.yml:
--------------------------------------------------------------------------------
1 | ../lib/deploy.yml
--------------------------------------------------------------------------------
/architectures/lib/commands/show-vault:
--------------------------------------------------------------------------------
1 | ../use-vault
--------------------------------------------------------------------------------
/platforms/aws/README.md:
--------------------------------------------------------------------------------
1 | ../../docs/src/platform-aws.md
--------------------------------------------------------------------------------
/architectures/BDR-Always-ON/deploy.yml:
--------------------------------------------------------------------------------
1 | ../lib/deploy.yml
--------------------------------------------------------------------------------
/architectures/PGD-Always-ON/deploy.yml:
--------------------------------------------------------------------------------
1 | ../lib/deploy.yml
--------------------------------------------------------------------------------
/platforms/bare/README.md:
--------------------------------------------------------------------------------
1 | ../../docs/src/platform-bare.md
--------------------------------------------------------------------------------
/roles/postgres/bdr/tasks/bdr2/post-join.yml:
--------------------------------------------------------------------------------
1 | ../noop.yml
--------------------------------------------------------------------------------
/roles/postgres/bdr/tasks/bdr3/post-join.yml:
--------------------------------------------------------------------------------
1 | ../noop.yml
--------------------------------------------------------------------------------
/roles/postgres/bdr/tasks/bdr4/init.yml:
--------------------------------------------------------------------------------
1 | ../bdr3/init.yml
--------------------------------------------------------------------------------
/roles/postgres/bdr/tasks/bdr4/join.yml:
--------------------------------------------------------------------------------
1 | ../bdr3/join.yml
--------------------------------------------------------------------------------
/roles/postgres/bdr/tasks/bdr5/init.yml:
--------------------------------------------------------------------------------
1 | ../bdr3/init.yml
--------------------------------------------------------------------------------
/roles/postgres/bdr/tasks/bdr5/join.yml:
--------------------------------------------------------------------------------
1 | ../bdr3/join.yml
--------------------------------------------------------------------------------
/.github/act-events/default.json:
--------------------------------------------------------------------------------
1 | {
2 | "act": true
3 | }
4 |
--------------------------------------------------------------------------------
/architectures/M1/README.md:
--------------------------------------------------------------------------------
1 | ../../docs/src/architecture-M1.md
--------------------------------------------------------------------------------
/docs/.gitignore:
--------------------------------------------------------------------------------
1 | header.md
2 | tpaexec.md
3 | tpaexec.pdf
4 |
--------------------------------------------------------------------------------
/lib/tests/checksums/test_directory/test_file_1.txt:
--------------------------------------------------------------------------------
1 | hello, world
--------------------------------------------------------------------------------
/platforms/docker/README.md:
--------------------------------------------------------------------------------
1 | ../../docs/src/platform-docker.md
--------------------------------------------------------------------------------
/platforms/docker/images/.gitignore:
--------------------------------------------------------------------------------
1 | *.log
2 | *.image-id
3 |
--------------------------------------------------------------------------------
/roles/postgres/bdr/tasks/bdr4/create-node.yml:
--------------------------------------------------------------------------------
1 | ../bdr3/create-node.yml
--------------------------------------------------------------------------------
/lib/tests/checksums/tampered_test_directory/test_file_1.txt:
--------------------------------------------------------------------------------
1 | hello, EDB
--------------------------------------------------------------------------------
/requirements/dep.in:
--------------------------------------------------------------------------------
1 | # tox dependency for dep environment
2 | pipdeptree
--------------------------------------------------------------------------------
/lib/tests/checksums/tampered_nested_test_directory/test_file_1.txt:
--------------------------------------------------------------------------------
1 | hello, EDB
--------------------------------------------------------------------------------
/lib/tests/checksums/test_directory/dir/nested_file_1.txt:
--------------------------------------------------------------------------------
1 | hello, nested world
--------------------------------------------------------------------------------
/roles/postgres/bdr/tasks/bdr4/witness-repset.yml:
--------------------------------------------------------------------------------
1 | ../bdr3/witness-repset.yml
--------------------------------------------------------------------------------
/.github/workflows/relnotes/relnotes/__init__.py:
--------------------------------------------------------------------------------
1 | """Create :mod:`relnotes`."""
2 |
--------------------------------------------------------------------------------
/architectures/BDR-Always-ON/README.md:
--------------------------------------------------------------------------------
1 | ../../docs/src/architecture-BDR-Always-ON.md
--------------------------------------------------------------------------------
/architectures/Lightweight/README.md:
--------------------------------------------------------------------------------
1 | ../../docs/src/architecture-PGD-Lightweight.md
--------------------------------------------------------------------------------
/architectures/PGD-Always-ON/README.md:
--------------------------------------------------------------------------------
1 | ../../docs/src/architecture-PGD-Always-ON.md
--------------------------------------------------------------------------------
/lib/tests/checksums/tampered_missing_test_directory/test_file_1.txt:
--------------------------------------------------------------------------------
1 | hello, world
--------------------------------------------------------------------------------
/lib/tests/checksums/test_directory/test_file_2.json:
--------------------------------------------------------------------------------
1 | {
2 | "hello": "world"
3 | }
--------------------------------------------------------------------------------
/lib/tests/checksums/test_directory/test_file_3.yml:
--------------------------------------------------------------------------------
1 | ---
2 | hello:
3 | - world
4 |
--------------------------------------------------------------------------------
/platforms/docker/_metadata:
--------------------------------------------------------------------------------
1 | STATUS="testing"
2 | DESCRIPTION="Docker containers"
3 |
--------------------------------------------------------------------------------
/tpa-ee/aap24/build-requirements.in:
--------------------------------------------------------------------------------
1 | ansible-navigator
2 | ansible-builder
3 |
4 |
--------------------------------------------------------------------------------
/platforms/aws/_metadata:
--------------------------------------------------------------------------------
1 | STATUS="production"
2 | DESCRIPTION="Amazon EC2 instances"
3 |
--------------------------------------------------------------------------------
/roles/efm/switchover/templates/efm.properties.j2:
--------------------------------------------------------------------------------
1 | ../../config/templates/efm.properties.j2
--------------------------------------------------------------------------------
/.github/actions/update-requirements/template.txt:
--------------------------------------------------------------------------------
1 | $name==$version \
2 | $hash_set
3 | $comment
--------------------------------------------------------------------------------
/lib/tests/checksums/tampered_nested_test_directory/dir/nested_file_1.txt:
--------------------------------------------------------------------------------
1 | hello, nested EDB
--------------------------------------------------------------------------------
/lib/tests/checksums/tampered_test_directory/test_file_2.json:
--------------------------------------------------------------------------------
1 | {
2 | "hello": "EDB"
3 | }
--------------------------------------------------------------------------------
/lib/tests/checksums/tampered_test_directory/test_file_3.yml:
--------------------------------------------------------------------------------
1 | ---
2 | hello:
3 | - EDB
4 |
--------------------------------------------------------------------------------
/roles/sys/rsyslog/files/01-enable-udp-reception.conf:
--------------------------------------------------------------------------------
1 | $ModLoad imudp
2 | $UDPServerRun 514
3 |
--------------------------------------------------------------------------------
/docs/src/images/m1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EnterpriseDB/tpa/HEAD/docs/src/images/m1.png
--------------------------------------------------------------------------------
/lib/tests/checksums/tampered_missing_test_directory/test_file_2.json:
--------------------------------------------------------------------------------
1 | {
2 | "hello": "EDB"
3 | }
--------------------------------------------------------------------------------
/roles/efm/update/templates/efm.notification.sh.j2:
--------------------------------------------------------------------------------
1 | ../../config/templates/efm.notification.sh.j2
--------------------------------------------------------------------------------
/lib/tests/checksums/tampered_nested_test_directory/test_file_2.json:
--------------------------------------------------------------------------------
1 | {
2 | "hello": "world"
3 | }
--------------------------------------------------------------------------------
/lib/tests/checksums/tampered_nested_test_directory/test_file_3.yml:
--------------------------------------------------------------------------------
1 | ---
2 | hello:
3 | - world
4 |
--------------------------------------------------------------------------------
/docs/src/images/Cluster1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EnterpriseDB/tpa/HEAD/docs/src/images/Cluster1.jpg
--------------------------------------------------------------------------------
/lib/tests/checksums/test_directory/dir/nested_file_3.yml:
--------------------------------------------------------------------------------
1 | ---
2 | hello:
3 | nested:
4 | - world
5 |
--------------------------------------------------------------------------------
/.actrc:
--------------------------------------------------------------------------------
1 | -P self-hosted=nektos/act-environments-ubuntu:18.04
2 | --eventpath .github/act-events/default.json
3 |
--------------------------------------------------------------------------------
/architectures/BDR-Always-ON/_metadata:
--------------------------------------------------------------------------------
1 | STATUS="production"
2 | DESCRIPTION="BDR in an Always-ON configuration"
3 |
--------------------------------------------------------------------------------
/architectures/PGD-S/_metadata:
--------------------------------------------------------------------------------
1 | STATUS="production"
2 | DESCRIPTION="EDB Postgres Distributed, Essential edition"
3 |
--------------------------------------------------------------------------------
/architectures/PGD-X/_metadata:
--------------------------------------------------------------------------------
1 | STATUS="production"
2 | DESCRIPTION="EDB Postgres Distributed 6, Expanded edition"
3 |
--------------------------------------------------------------------------------
/docs/src/images/bdr-always-on.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EnterpriseDB/tpa/HEAD/docs/src/images/bdr-always-on.png
--------------------------------------------------------------------------------
/.idea/copyright/profiles_settings.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
--------------------------------------------------------------------------------
/lib/tests/checksums/tampered_nested_test_directory/dir/nested_file_3.yml:
--------------------------------------------------------------------------------
1 | ---
2 | hello:
3 | nested:
4 | - edb
5 |
--------------------------------------------------------------------------------
/roles/patroni/api/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
--------------------------------------------------------------------------------
/architectures/Images/_metadata:
--------------------------------------------------------------------------------
1 | STATUS="experimental"
2 | DESCRIPTION="Generate distribution images with preinstalled packages"
3 |
--------------------------------------------------------------------------------
/architectures/Lightweight/_metadata:
--------------------------------------------------------------------------------
1 | STATUS="production"
2 | DESCRIPTION="EDB Postgres Distributed in a Lightweight configuration"
3 |
--------------------------------------------------------------------------------
/architectures/M1/_metadata:
--------------------------------------------------------------------------------
1 | STATUS="production"
2 | DESCRIPTION="Postgres with streaming replication (one primary, n replicas)"
3 |
--------------------------------------------------------------------------------
/roles/beacon-agent/config/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 |
--------------------------------------------------------------------------------
/roles/sys/rsyslog/files/55-barman.conf:
--------------------------------------------------------------------------------
1 | module(load="imfile")
2 | input(type="imfile" file="/var/log/barman/barman.log" Tag="barman")
--------------------------------------------------------------------------------
/.github/actions/initialise_integration_test/efm_ping.yml:
--------------------------------------------------------------------------------
1 | cluster_vars:
2 | efm_conf_settings:
3 | ping.server.command: /bin/true
4 |
--------------------------------------------------------------------------------
/architectures/PGD-Always-ON/_metadata:
--------------------------------------------------------------------------------
1 | STATUS="production"
2 | DESCRIPTION="EDB Postgres Distributed in an Always-ON configuration"
3 |
--------------------------------------------------------------------------------
/lib/tests/checksums/test_directory/dir/nested_file_2.json:
--------------------------------------------------------------------------------
1 | {
2 | "hello": [
3 | "nested",
4 | "world"
5 | ]
6 | }
--------------------------------------------------------------------------------
/requirements-ppc64le.in:
--------------------------------------------------------------------------------
1 | cryptography==46.0.3
2 | pyyaml==6.0.3
3 | markupsafe==3.0.3
4 | psutil==7.1.3
5 | cffi==2.0.0
6 | pycparser==2.23
7 |
--------------------------------------------------------------------------------
/requirements-s390x.in:
--------------------------------------------------------------------------------
1 | cryptography==46.0.3
2 | pyyaml==6.0.3
3 | markupsafe==3.0.3
4 | psutil==7.1.3
5 | cffi==2.0.0
6 | pycparser==2.23
7 |
--------------------------------------------------------------------------------
/roles/efm/pkg/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _all_efm_packages: []
6 |
--------------------------------------------------------------------------------
/roles/etcd/pkg/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _all_etcd_packages: []
6 |
--------------------------------------------------------------------------------
/roles/harp/pkg/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _all_harp_packages: []
6 |
--------------------------------------------------------------------------------
/architectures/Images/templates/platforms/docker/instance_defaults.yml.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 |
--------------------------------------------------------------------------------
/lib/tests/checksums/tampered_nested_test_directory/dir/nested_file_2.json:
--------------------------------------------------------------------------------
1 | {
2 | "hello": [
3 | "nested",
4 | "EDB"
5 | ]
6 | }
--------------------------------------------------------------------------------
/lib/tpa/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | # -*- coding: utf-8 -*-
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
--------------------------------------------------------------------------------
/platforms/bare/deprovision.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # Nothing to do here.
6 |
--------------------------------------------------------------------------------
/roles/barman/pkg/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _all_barman_packages: []
6 |
--------------------------------------------------------------------------------
/roles/pgdcli/pkg/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _all_pgdcli_packages: []
6 |
--------------------------------------------------------------------------------
/roles/repmgr/pkg/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _all_repmgr_packages: []
6 |
--------------------------------------------------------------------------------
/lib/tpa/commands/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | # -*- coding: utf-8 -*-
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
--------------------------------------------------------------------------------
/requirements/document.txt:
--------------------------------------------------------------------------------
1 | mkdocs
2 | mkdocs-material
3 | mdx-gh-links
4 | mkdocs-redirects
5 | mkdocs-minify-plugin
6 | mkdocs-with-pdf
7 | mkdocs-exclude
8 |
--------------------------------------------------------------------------------
/roles/haproxy/pkg/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _all_haproxy_packages: []
6 |
--------------------------------------------------------------------------------
/roles/pem/agent/pkg/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _all_pem_agent_packages: []
6 |
--------------------------------------------------------------------------------
/roles/pgbackupapi/pkg/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _all_pgbapi_packages: []
6 |
--------------------------------------------------------------------------------
/roles/pgbouncer/pkg/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _all_pgbouncer_packages: []
6 |
--------------------------------------------------------------------------------
/roles/pgd_proxy/pkg/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _all_pgd_proxy_packages: []
6 |
--------------------------------------------------------------------------------
/roles/postgres/pkg/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _all_postgres_packages: []
6 |
--------------------------------------------------------------------------------
/roles/sys/openvpn/pkg/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _all_openvpn_packages: []
6 |
--------------------------------------------------------------------------------
/roles/pem/server/pkg/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _all_pem_server_packages: []
6 |
--------------------------------------------------------------------------------
/platforms/bare/_metadata:
--------------------------------------------------------------------------------
1 | STATUS="production"
2 | DESCRIPTION="Servers accessible via SSH (e.g., bare metal, or already-provisioned servers on any cloud provider)"
3 |
--------------------------------------------------------------------------------
/requirements/lint.in:
--------------------------------------------------------------------------------
1 | # tox dependencies for lint environment
2 | PyYAML>=6.0
3 | prospector~=1.17.1
4 | pylint~=3.3.7
5 | pylint-django~=2.6.1
6 | pyfakefs~=5.10.0
7 |
--------------------------------------------------------------------------------
/roles/beacon-agent/pkg/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _all_beacon_agent_packages: []
6 |
--------------------------------------------------------------------------------
/roles/haproxy/final/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_role: name=haproxy/restart
6 |
--------------------------------------------------------------------------------
/roles/etcd/service/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | etcd_user: etcd
6 | etcd_group: etcd
7 |
--------------------------------------------------------------------------------
/roles/secret/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _vault_dir: "{{ tpa_dir }}/architectures/lib/"
6 |
--------------------------------------------------------------------------------
/roles/postgres/pkg/tasks/os/RedHat/list-packages.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # Nothing to do here (yet).
6 |
--------------------------------------------------------------------------------
/roles/postgres/pkg/tasks/os/SUSE/list-packages.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # Nothing to do here (yet).
6 |
--------------------------------------------------------------------------------
/runtime.txt:
--------------------------------------------------------------------------------
1 | # This file is used by Dependabot to select runtime version of python it should
2 | # use to run and generate requirements files for its PRs.
3 | python-3.9.16
4 |
--------------------------------------------------------------------------------
/docs/pdf/.gitignore:
--------------------------------------------------------------------------------
1 | # Ignore everything in this directory
2 | *
3 | # Except this file. This directory is used
4 | # when generating a PDF via `make tpaexec.pdf`
5 | !.gitignore
6 |
--------------------------------------------------------------------------------
/roles/pkg/download/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _download_dir: "{{ package_download_dir|mandatory }}"
6 |
--------------------------------------------------------------------------------
/.prospector.yaml:
--------------------------------------------------------------------------------
1 | pep257:
2 | disable:
3 | - D202
4 | - D203
5 | - D212
6 | - D406
7 | - D407
8 | ignore-patterns:
9 | - platforms/.*/inventory/.*.py
10 |
--------------------------------------------------------------------------------
/lib/tpa/platforms/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | # -*- coding: utf-8 -*-
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | all_platforms = {}
6 |
--------------------------------------------------------------------------------
/roles/efm/config/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | efm_conf_settings: {}
6 | efm_bind_by_hostname: false
7 |
--------------------------------------------------------------------------------
/roles/postgres/pgpass/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | default_pgpass_users:
6 | - "{{ postgres_user }}"
7 |
--------------------------------------------------------------------------------
/roles/sys/openvpn/server/templates/ccd.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | ifconfig-push {{ hostvars[item].openvpn_ip }} {{ openvpn_ip }}
3 |
--------------------------------------------------------------------------------
/roles/efm/config/templates/efm.notification.sh.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | #!/bin/bash
3 |
4 | # Add any custom code here
5 | exit 0
6 |
--------------------------------------------------------------------------------
/roles/sys/upgrade/tasks/os/Debian.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - apt:
6 | update_cache: yes
7 | upgrade: dist
8 |
--------------------------------------------------------------------------------
/roles/test/tasks/failures/none.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # This is the best kind of failure, where nothing goes wrong.
6 |
--------------------------------------------------------------------------------
/roles/pkg/download/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_tasks:
6 | file: "os/{{ ansible_os_family }}/download.yml"
7 |
--------------------------------------------------------------------------------
/roles/postgres/update/tasks/src.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - fail:
6 | msg: "Please redeploy to update a source installation"
7 |
--------------------------------------------------------------------------------
/roles/efm/pkg/vars/SLES.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | efm_dependency_packages:
6 | - java-11-openjdk
7 | - iputils
8 | - procps
9 |
--------------------------------------------------------------------------------
/roles/postgres/update/tasks/pkg.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_role:
6 | name: postgres/pkg
7 | tasks_from: update.yml
8 |
--------------------------------------------------------------------------------
/roles/sys/upgrade/tasks/os/RedHat.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - yum:
6 | update_cache: yes
7 | name: "*"
8 | state: latest
9 |
--------------------------------------------------------------------------------
/roles/efm/pkg/vars/Debian-12.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | efm_dependency_packages:
6 | - openjdk-17-jre
7 | - iputils-ping
8 | - procps
9 |
--------------------------------------------------------------------------------
/roles/efm/pkg/vars/Debian-9.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | efm_dependency_packages:
6 | - openjdk-8-jre
7 | - iputils-ping
8 | - procps
9 |
--------------------------------------------------------------------------------
/roles/efm/pkg/vars/Debian.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | efm_dependency_packages:
6 | - openjdk-11-jre
7 | - iputils-ping
8 | - procps
9 |
--------------------------------------------------------------------------------
/roles/efm/pkg/vars/RedHat-7.6.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | efm_dependency_packages:
6 | - java-11-openjdk
7 | - iputils
8 | - procps
9 |
--------------------------------------------------------------------------------
/roles/efm/pkg/vars/Ubuntu.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | efm_dependency_packages:
6 | - openjdk-11-jre
7 | - iputils-ping
8 | - procps
9 |
--------------------------------------------------------------------------------
/roles/pgd_proxy/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | pgd_proxy_config_directory: /etc/edb/pgd-proxy
6 | pgd_proxy_home: /home/pgdproxy
7 |
--------------------------------------------------------------------------------
/roles/test/tasks/compliance/cis.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # Tests for CIS compliance. WIP.
6 |
7 | - include_tasks: compliance/fips.yml
8 |
--------------------------------------------------------------------------------
/roles/efm/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Note efm restart required
6 | set_fact:
7 | efm_service_end_state: restarted
8 |
--------------------------------------------------------------------------------
/roles/etcd/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Note etcd restart required
6 | set_fact:
7 | etcd_service_end_state: restarted
8 |
--------------------------------------------------------------------------------
/roles/sys/locale/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Install user locale
6 | include_tasks: "os/{{ ansible_os_family }}/locale.yml"
7 |
--------------------------------------------------------------------------------
/roles/sys/sysstat/templates/sysstat-collect.timer.j2:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Run system activity accounting tool every minute
3 |
4 | [Timer]
5 | OnCalendar=*:00/1
6 |
7 | [Install]
8 | WantedBy=sysstat.service
9 |
--------------------------------------------------------------------------------
/roles/sys/fs/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | default_fstype: 'ext4'
6 | default_readahead: 32768
7 | default_mountopts: 'defaults,noatime'
8 |
--------------------------------------------------------------------------------
/roles/sys/repositories/tasks/repositories.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_tasks:
6 | file: "os/{{ ansible_os_family }}/repositories.yml"
7 |
--------------------------------------------------------------------------------
/roles/sys/repositories/templates/2ndquadrant-pins.j2:
--------------------------------------------------------------------------------
1 | Package: barman*
2 | Pin: origin "*.2ndquadrant.com"
3 | Pin-Priority: 600
4 |
5 | Package: python3-barman
6 | Pin: origin "*.2ndquadrant.com"
7 | Pin-Priority: 600
8 |
--------------------------------------------------------------------------------
/roles/sys/sysstat/templates/sysstat-summary.timer.j2:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Generate summary of yesterday's process accounting
3 |
4 | [Timer]
5 | OnCalendar=00:07:00
6 |
7 | [Install]
8 | WantedBy=sysstat.service
9 |
--------------------------------------------------------------------------------
/.idea/.gitignore:
--------------------------------------------------------------------------------
1 | # Default ignored files
2 | /shelf/
3 | /workspace.xml
4 | # Datasource local storage ignored files
5 | /dataSources/
6 | /dataSources.local.xml
7 | # Editor-based HTTP Client requests
8 | /httpRequests/
9 |
--------------------------------------------------------------------------------
/roles/efm/config/templates/efm.nodes.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | {% if efm_bind_by_hostname %}
3 | {{ node_hostnames }}
4 | {% else %}
5 | {{ node_ips }}
6 | {% endif %}
7 |
--------------------------------------------------------------------------------
/roles/haproxy/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Note haproxy reload required
6 | set_fact:
7 | haproxy_service_end_state: reloaded
8 |
--------------------------------------------------------------------------------
/roles/repmgr/common/templates/follow_command.sh.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | #!/bin/sh
3 |
4 | {{ postgres_bin_dir }}/repmgr standby follow -f "{{ repmgr_conf_file }}"
5 |
--------------------------------------------------------------------------------
/roles/repmgr/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Note repmgrd restart required
6 | set_fact:
7 | repmgr_service_end_state: restarted
8 |
--------------------------------------------------------------------------------
/roles/sys/openvpn/pkg/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | openvpn_packages:
6 | Debian:
7 | - openvpn
8 | RedHat:
9 | - openvpn
10 |
--------------------------------------------------------------------------------
/roles/zabbix_agent/config/templates/userparameters/pgbouncer.j2:
--------------------------------------------------------------------------------
1 | {% raw %}
2 |
3 | # GENERAL INFORMATION #
4 | UserParameter=pgbouncer.version[*],psql -qAtX $1 -c "SHOW version" | awk '{print $$2}'
5 |
6 | {% endraw %}
7 |
8 |
--------------------------------------------------------------------------------
/roles/pgbouncer/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Note pgbouncer restart required
6 | set_fact:
7 | pgbouncer_service_end_state: restarted
8 |
--------------------------------------------------------------------------------
/roles/pgbouncer/redirect/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | pgbouncer_database_config: /etc/pgbouncer/pgbouncer.databases.ini
6 | revert_redirect: false
7 |
--------------------------------------------------------------------------------
/roles/pgbouncer/service/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | default_pgbouncer_paths:
6 | Debian: /usr/sbin/pgbouncer
7 | RedHat: /usr/bin/pgbouncer
8 |
--------------------------------------------------------------------------------
/roles/pgd_proxy/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Note pgd-proxy restart required
6 | set_fact:
7 | pgd_proxy_service_end_state: restarted
8 |
--------------------------------------------------------------------------------
/roles/sys/openvpn/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Note openvpn restart required
6 | set_fact:
7 | openvpn_service_end_state: restarted
8 |
--------------------------------------------------------------------------------
/roles/sys/rsyslog/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Note rsyslog restart required
6 | set_fact:
7 | rsyslog_service_end_state: restarted
8 |
--------------------------------------------------------------------------------
/architectures/lib/selftest.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - hosts: localhost
6 | tasks:
7 | - include_role:
8 | name: selftest
9 | tags: always
10 |
--------------------------------------------------------------------------------
/roles/efm/pkg/vars/RedHat.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | efm_dependency_packages:
6 | - java-11-openjdk
7 | - tzdata-java
8 | - iputils
9 | - procps
10 |
--------------------------------------------------------------------------------
/roles/patroni/service/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Note patroni restart required
6 | set_fact:
7 | patroni_service_end_state: restarted
8 |
--------------------------------------------------------------------------------
/roles/sys/openvpn/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _vpn_name: "{{ vpn_name|default(cluster_name)|lower }}"
6 | _local_cert_dir: "{{ cluster_dir }}/certs"
7 |
--------------------------------------------------------------------------------
/.idea/inspectionProfiles/profiles_settings.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/roles/watchdog/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | watchdog_user: "{{ postgres_user|default('root') }}"
6 | watchdog_group: "{{ postgres_group|default('root') }}"
7 |
--------------------------------------------------------------------------------
/roles/zabbix_agent/vars/Debian.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | zabbix_agent: zabbix-agent
6 | zabbix_agent_service: zabbix-agent
7 | zabbix_agent_conf: zabbix_agentd.conf
8 |
--------------------------------------------------------------------------------
/roles/zabbix_agent/vars/RedHat.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | zabbix_agent: zabbix-agent
6 | zabbix_agent_service: zabbix-agent
7 | zabbix_agent_conf: zabbix_agentd.conf
8 |
--------------------------------------------------------------------------------
/.yamllint.yaml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | extends: default
4 |
5 | ignore: |
6 | .github/
7 | tpa-venv/
8 | collections/
9 | .prospector.yaml
10 |
11 | rules:
12 | line-length: disable
13 | indentation: disable
14 | truthy: disable
15 |
--------------------------------------------------------------------------------
/roles/efm/config/vars/log-server-defined.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | syslog_efm_conf_settings:
6 | 'syslog.enabled': true
7 | 'syslog.host': "{{ inventory_hostname }}"
8 |
--------------------------------------------------------------------------------
/roles/pgbench/init/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | pgbench_scale_factor: 5
6 | default_global_lock_timeout: '600s'
7 | default_global_lock_statement_timeout: '3600s'
8 |
--------------------------------------------------------------------------------
/lib/tpaexec/platforms/bare.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | # -*- coding: utf-8 -*-
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | from . import Platform
6 |
7 |
8 | class bare(Platform):
9 | pass
10 |
--------------------------------------------------------------------------------
/roles/sys/ssl/ca/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | default_ssl_ca_cert_expiry: +3650d
6 |
7 | ssl_user: root
8 | ssl_group: root
9 |
10 | ssl_dir: "/etc/tpa"
11 |
--------------------------------------------------------------------------------
/lib/tpa/platforms/bare.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | # -*- coding: utf-8 -*-
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | from ..platform import Platform
6 |
7 |
8 | class bare(Platform):
9 | pass
10 |
--------------------------------------------------------------------------------
/roles/patroni/api/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _patroni_api_scheme: "{{ patroni_ssl_enabled|ternary('https', 'http') }}"
6 | _patroni_ssl_ca_path: "{{ patroni_ssl_ca_file }}"
7 |
--------------------------------------------------------------------------------
/roles/pgbouncer/config/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | pgbouncer_auth_user_password_encryption: "{{ (pgbouncer_use_cert_authentication == true) | ternary('scram-sha-256', 'md5') }}"
--------------------------------------------------------------------------------
/roles/pgbouncer/config/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | default_pgbouncer_pool_mode: session
6 | default_pgbouncer_default_pool_size: 20
7 |
8 | userlist: /etc/pgbouncer/userlist.txt
9 |
--------------------------------------------------------------------------------
/roles/test/tasks/sys.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_tasks: sys/package-list.yml
6 | vars:
7 | package_pattern: 'postgres*'
8 |
9 | - include_tasks: sys/locale.yml
10 |
--------------------------------------------------------------------------------
/lib/tpa/architectures/m1.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | # -*- coding: utf-8 -*-
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | from ..architecture import Architecture
6 |
7 |
8 | class M1(Architecture):
9 | pass
10 |
--------------------------------------------------------------------------------
/platforms/aws/prehydrate-vars.yml.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | {% for h in ansible_play_hosts %}
3 | {% set v = hostvars[h] %}
4 | instance_{{ v['node'] }}_private_ip: {{ v['private_ip'] }}
5 | {% endfor %}
6 |
--------------------------------------------------------------------------------
/roles/barman/first_backup/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | ## Barman first backup command --wait-timeout
6 |
7 | backup_wait_timeout: "{{ ('replica' in role)| ternary('90', '30') }}"
8 |
--------------------------------------------------------------------------------
/roles/zabbix_agent/pkg/tasks/list-packages.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # Nothing here, because the zabbix_agent/pkg role doesn't quite follow
6 | # the same conventions as the other pkg roles.
7 |
--------------------------------------------------------------------------------
/roles/pem/agent/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Restart pemagent service
6 | service:
7 | name: pemagent
8 | state: restarted
9 | listen: "Restart pemagent"
10 |
--------------------------------------------------------------------------------
/roles/pgbouncer/config/templates/pgbouncer.databases.ini.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | {% for d in pgbouncer_databases %}
3 | {{ d['name'] }} = {{ d.get('dsn', d.get('options')|conninfo_string) }}
4 | {% endfor %}
5 |
--------------------------------------------------------------------------------
/roles/repmgr/common/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _repmgr_cluster_cleanup_interval: "{{ (repmgr_cluster_cleanup_interval|default(default_repmgr_cluster_cleanup_interval)).split(' ')|list }}"
6 |
--------------------------------------------------------------------------------
/.idea/copyright/EDB.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/roles/sys/sysstat/templates/sysstat-collect.service.j2:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=system activity accounting tool
3 | Documentation=man:sa1(8)
4 | After=sysstat.service
5 |
6 | [Service]
7 | Type=oneshot
8 | User=root
9 | ExecStart={{ sysstat_sa1_bin }} -S XALL 60 1
10 |
--------------------------------------------------------------------------------
/roles/init/platforms/bare/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Disable manage_ssh_hostkeys by default
6 | set_fact:
7 | manage_ssh_hostkeys:
8 | "{{ manage_ssh_hostkeys|default(False) }}"
9 |
--------------------------------------------------------------------------------
/roles/pgd_proxy/final/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Start or restart pgd-proxy service
6 | include_role:
7 | name: pgd_proxy/restart
8 | when: >
9 | 'pgd-proxy' in role
10 |
--------------------------------------------------------------------------------
/roles/sys/ssl/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | local_ssl_dir: "{{ cluster_dir }}/ssl"
6 | local_ca_certificate_path: "{{ local_ssl_dir }}/CA.crt"
7 | local_ca_privatekey_path: "{{ local_ssl_dir }}/CA.key"
8 |
--------------------------------------------------------------------------------
/roles/sys/sysstat/templates/sysstat-summary.service.j2:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Generate a daily summary of process accounting
3 | Documentation=man:sa2(8)
4 | After=sysstat.service
5 |
6 | [Service]
7 | Type=oneshot
8 | User=root
9 | ExecStart={{ sysstat_sa2_bin }} -A
10 |
--------------------------------------------------------------------------------
/lib/tpa/architectures/bdr_always_on.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | # -*- coding: utf-8 -*-
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | from ..architecture import Architecture
6 |
7 |
8 | class BDRAlwaysON(Architecture):
9 | pass
10 |
--------------------------------------------------------------------------------
/lib/tpa/architectures/pgd_always_on.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | # -*- coding: utf-8 -*-
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | from ..architecture import Architecture
6 |
7 |
8 | class PGDAlwaysON(Architecture):
9 | pass
10 |
--------------------------------------------------------------------------------
/lib/tpaexec/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | # -*- coding: utf-8 -*-
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 | """Trusted Platform Architectures module."""
5 |
6 | from tpaexec.architectures import configure
7 |
8 | __all__ = [configure]
9 |
--------------------------------------------------------------------------------
/roles/sys/ssl/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Notify of change to SSL configuration
6 | debug:
7 | msg: "SSL configuration has been updated"
8 | listen: "Note SSL configuration changed"
9 |
--------------------------------------------------------------------------------
/roles/test/tasks/sys/package-list.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - set_fact:
6 | package_pattern: "{{ package_pattern|default('postgres*') }}"
7 |
8 | - include_tasks: "os/{{ ansible_os_family }}/package-list.yml"
9 |
--------------------------------------------------------------------------------
/architectures/lib/templates/platforms/docker/instance_defaults.yml.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 |
3 | image: {{ image['name'] }}
4 | {% if local_sources %}
5 | local_source_directories: {{ local_sources.values()|list }}
6 | {% endif %}
7 |
--------------------------------------------------------------------------------
/platforms/aws/user-data/authorized-key.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | cat >> /root/.ssh/authorized_keys <.yml files that aren't needed are symlinked to this
8 | # file, so that they can be unconditionally included by main.yml.
9 |
--------------------------------------------------------------------------------
/sonar-project.properties:
--------------------------------------------------------------------------------
1 | sonar.python.coverage.reportPaths=coverage-reports/coverage.xml
2 | sonar.python.xunit.reportPath=coverage-reports/results.xml
3 | sonar.coverage.exclusions=**/lib/tests/**/*.*, **/docs/**/*.*
4 | sonar.exclusions=**/docs/**/*.*
5 | sonar.test.exclusions=**/lib/tests/**/*.*
6 |
--------------------------------------------------------------------------------
/roles/repmgr/common/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | repmgr_failover: automatic
6 |
7 | default_repmgr_use_slots: 1
8 |
9 | default_repmgr_cluster_cleanup_interval: '36 5 * * *'
10 |
11 | repmgr_conf_settings: []
12 |
--------------------------------------------------------------------------------
/roles/zabbix_agent/config/templates/userparameters/barman.j2:
--------------------------------------------------------------------------------
1 | {% raw %}
2 |
3 | # GENERAL INFORMATION #
4 | UserParameter=barman.version[*],sudo -u barman barman -v | head -1
5 | UserParameter=barman.server.status[*],sudo -u barman barman check all --nagios | awk '{print $$2}'
6 |
7 | {% endraw %}
8 |
9 |
--------------------------------------------------------------------------------
/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/docs/src/images/m1.dot:
--------------------------------------------------------------------------------
1 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
2 |
3 | digraph M1 {
4 | backup [shape=box];
5 | primary -> replica;
6 | primary -> backup;
7 | replica -> replica_2;
8 | replica -> replica_…;
9 | replica -> replica_N;
10 | }
11 |
--------------------------------------------------------------------------------
/roles/harp/final/tasks/restart-one-proxy.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Start or restart harp-proxy
6 | systemd:
7 | name: harp-proxy
8 | state: "{{ harp_service_end_state|default('started') }}"
9 | enabled: yes
10 |
--------------------------------------------------------------------------------
/roles/postgres/config/templates/variable.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | # Please do not edit this file. Your changes will be overwritten. Put
3 | # your configuration overrides into conf.d/9999-override.conf instead.
4 |
5 | {{ variable }} = {{ value }}
6 |
--------------------------------------------------------------------------------
/roles/sys/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _rc_local_path:
6 | Debian:
7 | "/etc/rc.local"
8 | RedHat:
9 | "/etc/rc.local"
10 | Ubuntu:
11 | "/etc/rc.local"
12 | SUSE:
13 | "/etc/init.d/boot.local"
14 |
--------------------------------------------------------------------------------
/pyrightconfig.json:
--------------------------------------------------------------------------------
1 | {
2 | "strict": [],
3 | "include": [
4 | "lib",
5 | "library",
6 | "architectures"
7 | ],
8 | "exclude": [
9 | "tpa-venv",
10 | "platforms/aws/inventory"
11 | ],
12 | "venvPath": ".",
13 | "venv": "tpa-venv"
14 | }
15 |
--------------------------------------------------------------------------------
/requirements/testing.in:
--------------------------------------------------------------------------------
1 | # tox dependencies for test env
2 | certifi>=2023.7.22
3 | coverage>=4.0.1
4 | PyYAML>=6
5 | pytest==4.6.5; python_version <= '3.4'
6 | pytest~=8.4.1; python_version > '3.4'
7 | pytest-cov~=7.0.0
8 | pytest-html~=4.1.1
9 | requests_mock~=1.12.1
10 | pytest-mock~=3.15.1
11 | jq~=1.8.0
--------------------------------------------------------------------------------
/roles/repmgr/src/templates/rebuild-sources.sh.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | #!/bin/sh
3 |
4 | set -e
5 |
6 | cd {{ repmgr_src_dir }}
7 | findmnt . > /dev/null || git pull
8 |
9 | cd {{ repmgr_build_dir }}
10 | make -s USE_PGXS=1 with_llvm=no install
11 |
--------------------------------------------------------------------------------
/roles/pem/agent/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_role:
6 | name: pem/agent/pkg
7 | vars:
8 | _allowerasing: "{{ ansible_os_family == 'RedHat' }}"
9 | when: >
10 | task_selector|selects('pem-agent', 'pkg')
11 |
--------------------------------------------------------------------------------
/roles/sys/repositories/tasks/os/RedHat/add-repository-rpm.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Install YUM repository package for {{ repo_name }}
6 | yum:
7 | name: "{{ repo.rpm_url }}"
8 | state: present
9 | disable_gpg_check: yes
10 |
--------------------------------------------------------------------------------
/roles/test/tasks/proxy-monitor/stop.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Stop running proxy-monitor, if any
6 | command:
7 | pkill -TERM -f proxy-monitor
8 | become_user: "{{ postgres_user }}"
9 | become: yes
10 | ignore_errors: yes
11 |
--------------------------------------------------------------------------------
/architectures/Images/templates/platforms/aws/instance_defaults.yml.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 |
3 | type: {{ instance_type }}
4 |
5 | default_volumes:
6 | - device_name: root
7 | volume_type: gp2
8 | volume_size: {{ root_volume_size }}
9 | encrypted: yes
10 |
--------------------------------------------------------------------------------
/architectures/PGD-X/upgrade_major_4to6.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 | #
5 | # This is a placeholder
6 |
7 | - name: Placeholder
8 | hosts: localhost
9 | gather_facts: false
10 | tasks:
11 | - name: Placeholder
12 | ansible.builtin.meta: noop
13 |
--------------------------------------------------------------------------------
/roles/barman/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # This handler is an effective noop but adds a listener that other roles
4 | # (namely pgbackupapi) can also listen to.
5 |
6 | - name: Handle notifications from barman final tasks
7 | debug:
8 | msg: Barman setup complete
9 | listen: Barman configuration changed
10 |
--------------------------------------------------------------------------------
/roles/pem/server/config/webserver/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Restart apache for pem
6 | service:
7 | name: "{{ pem_web_server_service_name[ansible_os_family] }}"
8 | state: restarted
9 | listen: Restart apache for pem
10 |
--------------------------------------------------------------------------------
/roles/postgres/config/templates/pg_hba.lines.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | # Automatically generated by postgres/config from postgres_hba_settings.
3 | #
4 | # Any changes made to this file may be overwritten.
5 |
6 | {% for l in postgres_hba_settings %}
7 | {{l}}
8 | {% endfor %}
9 |
--------------------------------------------------------------------------------
/roles/sys/hostkeys/templates/known_hosts.j2:
--------------------------------------------------------------------------------
1 | {% for h in known_hosts_and_keys %}
2 | {% for host in known_hosts_and_keys[h].hosts %}
3 | {% set hostkeys = known_hosts_and_keys[h].hostkeys or managed_hostkeys %}
4 | {% for key in hostkeys %}
5 | {{ host }} {{ key }}
6 | {% endfor %}
7 | {% endfor %}
8 | {% endfor %}
9 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/config.yml:
--------------------------------------------------------------------------------
1 | blank_issues_enabled: false
2 | contact_links:
3 | - name: TPAexec Jira project
4 | url: https://enterprisedb.atlassian.net/jira/software/c/projects/TPA/boards/459
5 | about:
6 | Please create new TPAexec issues at
7 | https://enterprisedb.atlassian.net/jira/software/c/projects/TPA/boards/459
8 |
--------------------------------------------------------------------------------
/roles/barman/tasks/server-start-receive-wal.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Install /etc/tpa/barman-home-ok
6 | include_tasks:
7 | file: server-install-barman-home-ok.yml
8 |
9 | - name: Start wal receiver on barman nodes
10 | command: "barman cron"
--------------------------------------------------------------------------------
/roles/sys/ssh/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _ssh_key_dir: "{{ ssh_key_dir|default(cluster_dir+'/keys') }}"
6 | _ssh_key_name: "{{ ssh_key_name|default('id_'+ssh_username) }}"
7 | _ssh_key_comment: "{{ ssh_key_name|default(ssh_username ~'@'~ cluster_name) }}"
8 |
--------------------------------------------------------------------------------
/roles/beacon-agent/pkg/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | beacon_agent_packages:
6 | Debian: &beacon_agent_packages
7 | - beacon-agent
8 | RedHat: *beacon_agent_packages
9 | Ubuntu: *beacon_agent_packages
10 | SLES: *beacon_agent_packages
11 |
12 |
--------------------------------------------------------------------------------
/roles/post_deploy/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Include post-deploy hook
6 | include_tasks: "{{ hook }}"
7 | when:
8 | lookup('first_found', dict(files=hook, skip=True))
9 | vars:
10 | hook: "{{ cluster_dir }}/hooks/post-deploy.yml"
11 |
--------------------------------------------------------------------------------
/roles/sys/rebuild-sources.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
3 |
4 | shopt -s nullglob
5 | set -e
6 |
7 | for file in /etc/tpa/rebuild-scripts/*.sh; do
8 | "${file}"
9 | done
10 |
11 | if systemctl is-active postgres; then
12 | systemctl restart postgres
13 | fi
14 |
--------------------------------------------------------------------------------
/roles/test/tasks/haproxy.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - assert:
6 | msg: "This test may be applied only to haproxy instances"
7 | that:
8 | - role|contains('haproxy')
9 |
10 | - name: Run basic haproxy tests
11 | include_tasks:
12 | file: haproxy/basic.yml
13 |
--------------------------------------------------------------------------------
/.github/examples/bdr-always-on-event.json:
--------------------------------------------------------------------------------
1 | {
2 | "act": true,
3 | "action": "workflow_dispatch",
4 | "inputs": {
5 | "tpa_architecture": "BDR-Always-ON",
6 | "tpa_os_image": "tpa/debian:10",
7 | "tpa_postgres_flavour": "pgextended",
8 | "tpa_postgres_version": "15",
9 | "tpa_platform": "docker"
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/roles/beacon-agent/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_role:
6 | name: beacon-agent/pkg
7 | when: >
8 | task_selector|permits('pkg')
9 |
10 |
11 | - include_role:
12 | name: beacon-agent/config
13 | when: >
14 | task_selector|permits('config')
15 |
--------------------------------------------------------------------------------
/roles/patroni/pkg/tasks/list-dependency-packages.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_role: name=pkg/add_to_list
6 | vars:
7 | list_contents: "{{
8 | patroni_dependency_packages|packages_for(ansible_os_family)
9 | }}"
10 | when: >
11 | 'patroni' in role
12 |
--------------------------------------------------------------------------------
/roles/pgbench/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | default_pgbench_rw_opts: "-v -c 10 -j 5 -T 180"
6 | default_pgbench_ro_opts: "-n -c 10 -j 5 -T 180 -S"
7 |
8 | default_pgbench_bdr_rw_opts: "-v -c 10 -j 5 -T 180"
9 | default_pgbench_bdr_ro_opts: "-n -c 10 -j 5 -T 180 -S"
10 |
--------------------------------------------------------------------------------
/roles/sys/openvpn/pkg/tasks/list-packages.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_role: name=pkg/add_to_list
6 | vars:
7 | list_contents: "{{
8 | openvpn_packages|packages_for(ansible_os_family)
9 | }}"
10 | when: >
11 | 'role_openvpn-server' in groups
12 |
--------------------------------------------------------------------------------
/roles/efm/pkg/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | efm_packages:
6 | Debian: &debian_efm_packages
7 | - "edb-efm{{ efm_versionNN }}"
8 | RedHat:
9 | - "edb-efm{{ efm_versionNN }}"
10 | SUSE:
11 | - "edb-efm{{ efm_versionNN }}"
12 | Ubuntu: *debian_efm_packages
13 |
--------------------------------------------------------------------------------
/roles/test/tasks/barman/check-running-backup.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Ensure backup is not in progress on Barman server {{ inventory_hostname }} for {{ target_backup_name }}
4 | shell: >
5 | /usr/bin/barman list-backup {{ target_backup_name }} | grep STARTED
6 | become_user: "{{ barman_user }}"
7 | register: result
8 | failed_when: result.rc == 0
9 |
--------------------------------------------------------------------------------
/roles/test/tasks/pgbouncer.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - assert:
6 | msg: "This test may be applied only to pgbouncer instances"
7 | that:
8 | - role|contains('pgbouncer')
9 |
10 | - name: Run basic pgbouncer tests
11 | include_tasks:
12 | file: pgbouncer/basic.yml
13 |
--------------------------------------------------------------------------------
/roles/test/tasks/pgd-proxy.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - assert:
6 | msg: "This test may be applied only to pgd-proxy instances"
7 | that:
8 | - role|contains('pgd-proxy')
9 |
10 | - name: Run basic pgd-proxy tests
11 | include_tasks:
12 | file: pgd-proxy/basic.yml
13 |
--------------------------------------------------------------------------------
/roles/efm/pkg/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_tasks: list-packages.yml
6 | vars:
7 | list_varname: _all_efm_packages
8 |
9 | - include_role: name=pkg/install
10 | vars:
11 | package_list_name: "efm packages"
12 | package_list: "{{ _all_efm_packages }}"
13 |
--------------------------------------------------------------------------------
/roles/etcd/pkg/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_tasks: list-packages.yml
6 | vars:
7 | list_varname: _all_etcd_packages
8 |
9 | - include_role: name=pkg/install
10 | vars:
11 | package_list_name: "etcd packages"
12 | package_list: "{{ _all_etcd_packages }}"
13 |
--------------------------------------------------------------------------------
/roles/haproxy/config/files/49-haproxy.conf:
--------------------------------------------------------------------------------
1 | # Create an additional socket in haproxy's chroot in order to allow logging via
2 | # /dev/log to chroot'ed HAProxy processes
3 | $AddUnixListenSocket /var/lib/haproxy/dev/log
4 |
5 | # Send HAProxy messages to a dedicated logfile
6 | :syslogtag, startswith, "haproxy" {
7 | /var/log/haproxy.log
8 | stop
9 | }
10 |
--------------------------------------------------------------------------------
/roles/pgbouncer/final/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_role:
6 | name: pgbouncer/service
7 | when: >
8 | task_selector|permits('service')
9 |
10 | - include_role:
11 | name: pgbouncer/restart
12 | when: >
13 | task_selector|permits('service', 'restart')
14 |
--------------------------------------------------------------------------------
/roles/test/tasks/harp-proxy.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - assert:
6 | msg: "This test may be applied only to harp-proxy instances"
7 | that:
8 | - role|contains('harp-proxy')
9 |
10 | - name: Run basic harp-proxy tests
11 | include_tasks:
12 | file: harp-proxy/basic.yml
13 |
--------------------------------------------------------------------------------
/roles/barman/templates/barman-home-ok.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | #!/bin/bash
3 |
4 | test -x /usr/bin/barman || exit 1
5 | {% if barman_volume_mountable|default(false) %}
6 | findmnt {{ barman_home }} &>/dev/null || exit 1
7 | {% else %}
8 | test -d {{ barman_home }} || exit 1
9 | {% endif %}
10 | exit 0
11 |
--------------------------------------------------------------------------------
/roles/beacon-agent/service/files/beacon-agent.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Beacon Agent
3 | After=network.target
4 | After=postgres.service
5 |
6 | [Service]
7 | Type=simple
8 | User=beacon
9 | WorkingDirectory=/home/beacon
10 | ExecStart=/usr/local/bin/beacon-agent
11 | Restart=on-failure
12 | RestartSec=60
13 |
14 | [Install]
15 | WantedBy=multi-user.target
16 |
--------------------------------------------------------------------------------
/roles/harp/service/templates/harp-postgres.target.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | [Unit]
3 | Description=Postgres managed by HARP
4 | Wants=harp-manager.service postgres.service postgres-monitor.service
5 | After=harp-manager.service postgres.service postgres-monitor.service
6 |
7 | [Install]
8 | WantedBy=multi-user.target
9 |
--------------------------------------------------------------------------------
/roles/postgres/config/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _include_dir: "{{ include_dir|default(postgres_conf_dir+'/conf.d') }}"
6 |
7 | _preload_extensions: "{{ preload_extensions|default([])|union(default_preload_extensions) }}"
8 | _pgpassfile: "{{ pgpassfile|default('%s/.pgpass' % postgres_home) }}"
9 |
--------------------------------------------------------------------------------
/.github/examples/bdrao-pg.json:
--------------------------------------------------------------------------------
1 | {
2 | "act": true,
3 | "action": "workflow_dispatch",
4 | "inputs": {
5 | "tpa_architecture": "BDR-Always-ON",
6 | "tpa_os_image": "tpa/debian:10",
7 | "tpa_postgres_flavour": "postgresql",
8 | "tpa_postgres_version": "15",
9 | "tpa_platform": "docker",
10 | "tpa_layout": "silver"
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/roles/sys/locale/pkg/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_tasks: list-packages.yml
6 | vars:
7 | list_varname: _all_locale_packages
8 |
9 | - include_role: name=pkg/install
10 | vars:
11 | package_list_name: "locale packages"
12 | package_list: "{{ _all_locale_packages }}"
13 |
--------------------------------------------------------------------------------
/roles/pgbouncer/pkg/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_tasks: list-packages.yml
6 | vars:
7 | list_varname: _all_pgbouncer_packages
8 |
9 | - include_role: name=pkg/install
10 | vars:
11 | package_list_name: "pgbouncer packages"
12 | package_list: "{{ _all_pgbouncer_packages }}"
13 |
--------------------------------------------------------------------------------
/roles/sys/openvpn/pkg/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_tasks: list-packages.yml
6 | vars:
7 | list_varname: _all_openvpn_packages
8 |
9 | - include_role: name=pkg/install
10 | vars:
11 | package_list_name: "OpenVPN packages"
12 | package_list: "{{ _all_openvpn_packages }}"
13 |
--------------------------------------------------------------------------------
/.github/actions/update-requirements/body.template.md:
--------------------------------------------------------------------------------
1 | Update dependencies to the latest available versions
2 |
3 | PR submitted by the update-requirements GH action.
4 |
5 | {{ .additional_body }}
6 |
7 | Ansible Galaxy collection update changelog links:
8 | {{ .collections_changelogs }}
9 |
10 | Triggered by PR#{{ .pr_number }} at ref {{ .ref }} being merged into
11 | main.
12 |
--------------------------------------------------------------------------------
/.github/examples/README.md:
--------------------------------------------------------------------------------
1 | # Running act with workflows
2 |
3 | ## Single workflow events
4 |
5 | If you want to run a single integration test with inputs use one of the event files in this directory, or create
6 | your own.
7 |
8 | ```shell
9 | act -W .github/workflows/single_integration_test.yml --eventpath .github/examples/bdr-always-on-event.json workflow_dispatch
10 | ```
11 |
--------------------------------------------------------------------------------
/roles/etcd/config/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 |
6 | # This should reload the webserver that provides the https probes for etcd
7 | - name: Notify etcd SSL configuration changed
8 | debug:
9 | msg: Note etcd SSL configuration changed
10 | listen:
11 | - Note etcd SSL configuration changed
12 |
--------------------------------------------------------------------------------
/roles/pgbackupapi/service/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Restart Apache for pg-backup-api
6 | service:
7 | name: "{{ apache_conf[ansible_os_family]['service'] }}"
8 | state: restarted
9 | listen:
10 | - Restart apache pgbapi
11 | - Note pg-backup-api SSL configuration changed
12 |
--------------------------------------------------------------------------------
/roles/pgd_proxy/pkg/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | pgd_proxy_packages:
6 | Debian: &debian_pgdproxy_package
7 | - edb-pgd{{ bdr_version }}-proxy
8 | RedHat:
9 | - edb-pgd{{ bdr_version }}-proxy
10 | Ubuntu: *debian_pgdproxy_package
11 | SUSE:
12 | - edb-pgd{{ bdr_version }}-proxy
13 |
--------------------------------------------------------------------------------
/roles/sys/openvpn/client/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Install main client configuration file
6 | template:
7 | src: client.conf.j2
8 | dest: "{{ openvpn_config }}.conf"
9 | owner: root
10 | group: root
11 | mode: "0644"
12 | notify:
13 | - Note openvpn restart required
14 |
--------------------------------------------------------------------------------
/roles/sys/sysstat/templates/sysstat.service.j2:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Resets System Activity Logs
3 | Documentation=man:sa1(8) man:sadc(8) man:sar(1)
4 |
5 | [Service]
6 | Type=oneshot
7 | RemainAfterExit=yes
8 | User=root
9 | ExecStart={{ sysstat_sa1_bin }} --boot
10 |
11 | [Install]
12 | WantedBy=multi-user.target
13 | Also=sysstat-collect.timer
14 | Also=sysstat-summary.timer
15 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/03-question.yml:
--------------------------------------------------------------------------------
1 | name: "❓ Question"
2 | description: Create a new ticket to ask for help
3 | title: "❓ [Question] - "
4 | labels: [
5 | "question"
6 | ]
7 | body:
8 | - type: textarea
9 | id: context
10 | attributes:
11 | label: "Question"
12 | description: What can we help you with?
13 | validations:
14 | required: true
15 |
--------------------------------------------------------------------------------
/.github/workflows/relnotes/relnotes/exceptions.py:
--------------------------------------------------------------------------------
1 | """Define exceptions that can occur when using this module."""
2 |
3 |
4 | class RelNoteInvalidType(Exception):
5 | """Raise if :class:`RelNote` ``type`` is invalid."""
6 |
7 | pass
8 |
9 |
10 | class RelNoteNoTicket(Exception):
11 | """Raised if :class:`RelNote` contains no Jira/Support tickets."""
12 |
13 | pass
14 |
--------------------------------------------------------------------------------
/lib/tests/architectures/lib/hostnames:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | #
4 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
5 | #
6 | #
7 |
8 | num=$1
9 |
10 | hostnames=(
11 | one
12 | two
13 | three
14 | four
15 | five
16 | six
17 | seven
18 | eight
19 | nine
20 | ten
21 | )
22 |
23 | printf '%s\n' "${hostnames[@]:0:$num}"
24 |
--------------------------------------------------------------------------------
/roles/pgbackupapi/pkg/templates/pg-backup-api.service.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | [Unit]
3 | Description=Postgres Backup API
4 |
5 | [Service]
6 | Type=simple
7 | User= {{ barman_user }}
8 | Group= {{ barman_group }}
9 | ExecStart=/usr/bin/pg-backup-api serve
10 | Restart=always
11 |
12 | [Install]
13 | WantedBy=multi-user.target
14 |
--------------------------------------------------------------------------------
/roles/sys/locale/tasks/os/SUSE/locale.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # Make sure the desired language and character set locale is installed
6 |
7 | - name: Install system packages for the selected user locale
8 | include_role:
9 | name: sys/locale/pkg
10 | when:
11 | ansible_distribution_major_version|int > 7
12 |
--------------------------------------------------------------------------------
/roles/beacon-agent/pkg/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_tasks: list-packages.yml
6 | vars:
7 | list_varname: _all_beacon_agent_packages
8 |
9 | - include_role: name=pkg/install
10 | vars:
11 | package_list_name: "beacon agent packages"
12 | package_list: "{{ _all_beacon_agent_packages }}"
13 |
--------------------------------------------------------------------------------
/roles/etcd/pkg/templates/etcd.service.j2:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Etcd distributed store
3 | After=syslog.target
4 | After=network.target
5 |
6 | [Service]
7 | Type=notify
8 | User=root
9 | StandardOutput=syslog
10 | WorkingDirectory=/var/lib/etcd/
11 | EnvironmentFile=-/etc/etcd/etcd.conf
12 | ExecStart=/usr/bin/etcd
13 | LimitNOFILE=40000
14 |
15 | [Install]
16 | WantedBy=multi-user.target
17 |
--------------------------------------------------------------------------------
/roles/sys/hosts/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Add entries to /etc/hosts
6 | hosts_lines:
7 | path: /etc/hosts
8 | platform: "{{ platform }}"
9 | lines:
10 | "{{ etc_hosts_lines
11 | |default(default_etc_hosts_lines)
12 | |union(extra_etc_hosts_lines|default([])) }}"
13 |
--------------------------------------------------------------------------------
/roles/sys/locale/tasks/os/RedHat/locale.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # Make sure the desired language and character set locale is installed
6 |
7 | - name: Install system packages for the selected user locale
8 | include_role:
9 | name: sys/locale/pkg
10 | when:
11 | ansible_distribution_major_version|int > 7
12 |
--------------------------------------------------------------------------------
/roles/zabbix_agent/pkg/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: "Include OS-specific variables"
6 | include_vars: "{{ ansible_os_family }}.yml"
7 |
8 | - name: "Install the correct repository"
9 | include_tasks: "os/{{ ansible_distribution }}.yml"
10 | when: >
11 | task_selector|permits('config', 'service')
12 |
--------------------------------------------------------------------------------
/roles/haproxy/config/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 |
6 | # This should reload the webserver that provides the https probes for haproxy
7 | - name: Notify haproxy SSL configuration changed
8 | debug:
9 | msg: Note haproxy SSL configuration changed
10 | listen:
11 | - Note haproxy SSL configuration changed
12 |
--------------------------------------------------------------------------------
/roles/patroni/config/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | use_ssl_cert_authentication: no
6 |
7 | patroni_ssl_service: patroni
8 | patroni_ssl_dir: "/etc/tpa/{{ patroni_ssl_service }}"
9 | patroni_local_ssl_dir: "{{
10 | use_ssl_cert_authentication|
11 | ternary(cluster_dir ~ '/ssl', cluster_dir ~ '/ssl/patroni') }}"
12 |
--------------------------------------------------------------------------------
/roles/pgbouncer/restart/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - meta: flush_handlers
6 |
7 | - name: Start or restart pgbouncer
8 | service:
9 | name: pgbouncer
10 | state: "{{ pgbouncer_service_end_state|default('started') }}"
11 | become_user: root
12 | become: yes
13 | when: >
14 | 'pgbouncer' in role
15 |
--------------------------------------------------------------------------------
/roles/postgres/initdb/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | postgres_initdb_opts:
6 | - --data-checksums
7 |
8 | default_postgres_data_dirs:
9 | Debian: "/var/lib/postgresql/{{ postgres_version }}/main"
10 | RedHat: "/var/lib/pgsql/{{ postgres_version }}/data"
11 | SUSE: "/var/lib/pgsql/{{ postgres_version }}/data"
12 |
--------------------------------------------------------------------------------
/roles/beacon-agent/final/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - meta: flush_handlers
6 |
7 | - include_role:
8 | name: beacon-agent/service
9 | when: >
10 | task_selector|permits('service')
11 |
12 | - include_role:
13 | name: beacon-agent/restart
14 | when: >
15 | task_selector|permits('service', 'restart')
16 |
--------------------------------------------------------------------------------
/roles/beacon-agent/restart/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Start or restart beacon agent
6 | service:
7 | name: beacon-agent
8 | state: "{{ beacon_agent_service_end_state|default('started') }}"
9 | become_user: root
10 | become: yes
11 | when: >
12 | task_selector|permits('service', 'restart')
13 |
14 |
--------------------------------------------------------------------------------
/roles/pem/server/config/final/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | pem_support_email: support@enterprisedb.com
6 |
7 | pem_cert_common_name: PEM
8 | pem_cert_country: US
9 | pem_cert_state: MA
10 | pem_cert_city: Bedford
11 | pem_cert_org_unit: "EDB Postgres Enterprise Manager"
12 | pem_cert_email: "{{ pem_support_email }}"
13 |
--------------------------------------------------------------------------------
/roles/postgres/config/templates/override.conf.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | # If you want to override any settings defined in the default TPA
3 | # configuration, do so here. This file will take precedence, and
4 | # will not be overwritten automatically.
5 | #
6 | # https://www.postgresql.org/docs/{{ postgres_version }}/static/runtime-config.html
7 | #
8 |
9 |
--------------------------------------------------------------------------------
/architectures/lib/tests/default.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Run default cluster tests
6 | any_errors_fatal: true
7 | max_fail_percentage: 0
8 | environment: "{{ target_environment }}"
9 | hosts: all
10 | tasks:
11 | - include_role:
12 | name: test
13 | apply:
14 | tags: test
15 | tags: always
16 |
--------------------------------------------------------------------------------
/roles/pgd_proxy/config/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 |
6 | # This should reload the webserver that provides the https probes for pgd_proxy
7 | - name: Notify pgd_proxy SSL configuration changed
8 | debug:
9 | msg: Note pgd_proxy SSL configuration changed
10 | listen:
11 | - Note pgd_proxy SSL configuration changed
12 |
--------------------------------------------------------------------------------
/roles/repmgr/service/tasks/status.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Display cluster status
6 | command: >
7 | {{ postgres_bin_dir }}/repmgr cluster show --verbose -f {{ repmgr_conf_file }}
8 | become_user: "{{ postgres_user }}"
9 | become: yes
10 | when: >
11 | inventory_hostname == target|default(inventory_hostname)
12 |
--------------------------------------------------------------------------------
/roles/harp/config/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | use_ssl_cert_authentication: no
6 |
7 | harp_proxy_ssl_service: harp_proxy
8 | harp_proxy_ssl_dir: "/etc/tpa/{{ harp_proxy_ssl_service }}"
9 | harp_proxy_local_ssl_dir: "{{
10 | use_ssl_cert_authentication|
11 | ternary(cluster_dir ~ '/ssl', cluster_dir ~ '/ssl/harp-proxy') }}"
12 |
--------------------------------------------------------------------------------
/roles/patroni/pkg/tasks/dependencies.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_tasks: list-dependency-packages.yml
6 | vars:
7 | list_varname: _all_patroni_dependency_packages
8 |
9 | - include_role: name=pkg/install
10 | vars:
11 | package_list_name: "patroni packages"
12 | package_list: "{{ _all_patroni_dependency_packages }}"
13 |
--------------------------------------------------------------------------------
/roles/pgd_proxy/config/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | use_ssl_cert_authentication: no
6 |
7 | pgd_proxy_ssl_service: pgd_proxy
8 | pgd_proxy_ssl_dir: "/etc/tpa/{{ pgd_proxy_ssl_service }}"
9 | pgd_proxy_local_ssl_dir: "{{
10 | use_ssl_cert_authentication|
11 | ternary(cluster_dir ~ '/ssl', cluster_dir ~ '/ssl/pgd-proxy') }}"
12 |
--------------------------------------------------------------------------------
/roles/pgdcli/config/templates/pgd-cli-config.j2:
--------------------------------------------------------------------------------
1 | cluster:
2 | name: {{ pgd_cluster_name }}
3 | endpoints:
4 | {% for h in groups[bdr_node_group] %}
5 | {% set v = hostvars[h] %}
6 | - "{{ v.pgd_cli_dsn }}"
7 | {% endfor %}
8 | {% if bdr_version is version('5', '>=') and pgd_ssl_password_command|default(None) %}
9 | ssl:
10 | ssl_password_command: {{ pgd_ssl_password_command }}
11 | {% endif %}
12 |
--------------------------------------------------------------------------------
/.git-ignore-revs:
--------------------------------------------------------------------------------
1 | 50ed4880a3e312d649c0fb824bf8af0e6aa94bfd
2 | 2f419b07d5c9b004e2a87f25c972b64b60586969
3 | bf78892aae8cbd27d328e5d8dcd49b3646a57143
4 | 5f7d5b7e93aa9a539606ddfe69753a90f7a8f7a9
5 | a765a2c829d4c5fa110d8cc833a16c7bac7e42e5
6 | 3e1d5cfdfd5edbf970f53b8f8b499c40f379d01b
7 | b5bff2c0c76727daf12b846efe42fe697a7676f0
8 | 9d1f67e80fcc72c67a9340913664ae72fe24dd0f
9 | c8d2c6f89f339233e17c8007b746aa49f1523262
10 |
--------------------------------------------------------------------------------
/architectures/lib/commands/stop-containers.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Stop containers
6 | hosts: all
7 | tasks:
8 | - docker_container:
9 | name: "{{ inventory_hostname }}"
10 | state: stopped
11 | comparisons:
12 | '*': ignore
13 | delegate_to: localhost
14 | when:
15 | platform in ['docker']
16 |
--------------------------------------------------------------------------------
/lib/tpa/architectures/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | # -*- coding: utf-8 -*-
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | from .bdr_always_on import BDRAlwaysON
6 | from .pgd_always_on import PGDAlwaysON
7 | from .pgd_s import PGDS
8 | from .pgd_x import PGDX
9 | from .m1 import M1
10 |
11 | all_architectures = {
12 | "PGD-S": PGDS,
13 | "PGD-X": PGDX,
14 | }
15 |
--------------------------------------------------------------------------------
/architectures/lib/commands/start-containers.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Start containers
6 | hosts: all
7 | tasks:
8 | - docker_container:
9 | name: "{{ inventory_hostname }}"
10 | state: started
11 | comparisons:
12 | '*': ignore
13 | delegate_to: localhost
14 | when:
15 | platform in ['docker']
16 |
--------------------------------------------------------------------------------
/collections/requirements.yml:
--------------------------------------------------------------------------------
1 | collections:
2 | - name: community.crypto
3 | version: 2.26.1
4 | - name: community.aws
5 | version: 9.3.0
6 | - name: amazon.aws
7 | version: 9.5.2
8 | - name: community.postgresql
9 | version: 3.14.2
10 | - name: community.general
11 | version: 11.4.1
12 | - name: ansible.posix
13 | version: 2.1.0
14 | - name: community.docker
15 | version: 4.8.1
16 |
--------------------------------------------------------------------------------
/roles/etcd/final/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_role:
6 | name: etcd/start
7 | when: >
8 | task_selector|selects('etcd', 'service')
9 |
10 | - include_role:
11 | name: etcd/authentication
12 |
13 | - include_role:
14 | name: etcd/restart
15 | when: >
16 | task_selector|selects('etcd', 'service', 'restart')
17 |
--------------------------------------------------------------------------------
/roles/postgres/config/tasks/bdr.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Install BDR-specific configuration file
6 | template:
7 | src: bdr.conf.j2
8 | dest: "{{ _include_dir }}/3333-bdr.conf"
9 | owner: "{{ postgres_user }}"
10 | group: "{{ postgres_group }}"
11 | mode: "0644"
12 | notify:
13 | - Note Postgres reload required
14 |
--------------------------------------------------------------------------------
/roles/postgres/config/tasks/set_postgres_conf_settings_facts.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
3 |
4 | - name: Update postgres_config when `postgres_conf_settings` is defined
5 | include_role:
6 | name: config/add_to_obj
7 | vars:
8 | object_varname: postgres_config
9 | object_contents: "{{ postgres_conf_settings }}"
10 | when: postgres_conf_settings
11 |
--------------------------------------------------------------------------------
/roles/test/tasks/sys/os/Debian/package-list.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Run apt list
6 | command: apt list --installed '{{ package_pattern }}'
7 | register: package_list
8 | ignore_errors: true
9 |
10 | - include_tasks: output.yml
11 | vars:
12 | output_file: package-list.txt
13 | content: |
14 | {{ package_list.stdout }}
15 |
--------------------------------------------------------------------------------
/roles/etcd/config/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | etcd_user: etcd
6 | etcd_group: etcd
7 |
8 | use_ssl_cert_authentication: no
9 |
10 | etcd_ssl_service: etcd
11 | etcd_ssl_dir: "/etc/tpa/{{ etcd_ssl_service }}"
12 | etcd_local_ssl_dir: "{{
13 | use_ssl_cert_authentication|
14 | ternary(cluster_dir ~ '/ssl', cluster_dir ~ '/ssl/etcd') }}"
15 |
--------------------------------------------------------------------------------
/roles/harp/config/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # This should be used to notify a reload for harp webserver that provides https probes
6 | # for harp proxy.
7 | - name: Notify harp_proxy SSL configuration changed
8 | debug:
9 | msg: Note harp_proxy SSL configuration changed
10 | listen:
11 | - Note harp_proxy SSL configuration changed
12 |
--------------------------------------------------------------------------------
/roles/pem/agent/pkg/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | pem_agent_packages:
6 | Debian: &debian_pem_agent_packages
7 | - edb-pem-agent
8 | RedHat: *debian_pem_agent_packages
9 | SUSE: *debian_pem_agent_packages
10 |
11 | pem_agent_required_packages:
12 | RedHat:
13 | - libcurl-full
14 | Debian: []
15 | Ubuntu: []
16 | SUSE: []
17 |
--------------------------------------------------------------------------------
/roles/postgres/config/tasks/camo.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Install BDR configuration file on BDR nodes
6 | template:
7 | src: camo.conf.j2
8 | dest: "{{ _include_dir }}/3334-camo.conf"
9 | owner: "{{ postgres_user }}"
10 | group: "{{ postgres_group }}"
11 | mode: "0644"
12 | notify:
13 | - Note Postgres restart required
14 |
--------------------------------------------------------------------------------
/roles/postgres/config/tasks/set_preload_library_facts.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
3 |
4 | - name: Update postgres restart config fact with preload library settings
5 | include_role:
6 | name: config/add_to_obj
7 | vars:
8 | object_varname: postgres_restart_config
9 | object_contents:
10 | shared_preload_libraries: "{{ _preload_list|join(', ') }}"
11 |
--------------------------------------------------------------------------------
/roles/sys/ssl/ca/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | CA_CN: "{{ cluster_name }}.CA"
6 |
7 | local_ssl_dir: "{{ cluster_dir }}/ssl"
8 |
9 | local_ca_certificate_path: "{{ local_ssl_dir }}/CA.crt"
10 | local_ca_csr_path: "{{ local_ssl_dir }}/CA.csr"
11 | local_ca_privatekey_path: "{{ local_ssl_dir }}/CA.key"
12 |
13 | ca_path: "{{ ssl_dir }}/root.crt"
14 |
--------------------------------------------------------------------------------
/roles/sys/locale/tasks/os/Debian/locale.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # Make sure the desired language and character set locale is installed
6 |
7 | - name: Install system package for generating locales
8 | include_role:
9 | name: sys/locale/pkg
10 |
11 | - name: Add locale to system config and generate
12 | locale_gen:
13 | name: "{{ user_locale }}"
14 |
--------------------------------------------------------------------------------
/roles/sys/logrotate/templates/postgres.j2:
--------------------------------------------------------------------------------
1 | {{ logrotate_postgres }} {
2 | daily
3 | maxsize {{ logrotate_maxsize|default('1G') }}
4 | rotate {{ logrotate_rotate|default('7') }}
5 | missingok
6 | compress
7 | dateext
8 | copytruncate
9 | create 640 {{ postgres_user }} {{ postgres_group }}
10 | maxage {{ logrotate_maxage|default('28') }}
11 | su {{ postgres_user }} {{ postgres_group }}
12 | }
13 |
--------------------------------------------------------------------------------
/roles/test/tasks/compliance/stig.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # Tests for STIG compliance. WIP.
6 |
7 | - name: Check OS and version
8 | assert:
9 | that: "{{ ansible_os_family == 'RedHat' and ansible_distribution_major_version|int >= 8 }}"
10 | fail_msg: "STIG compliance requires RHEL version 8 or above"
11 |
12 | - include_tasks: compliance/fips.yml
13 |
--------------------------------------------------------------------------------
/.editorconfig:
--------------------------------------------------------------------------------
1 | # http://editorconfig.org
2 |
3 | root = true
4 |
5 | [*]
6 | indent_style = space
7 | indent_size = 4
8 | trim_trailing_whitespace = true
9 | insert_final_newline = true
10 | charset = utf-8
11 | end_of_line = lf
12 |
13 | [*.json]
14 | indent_size = 2
15 |
16 | [*.yaml]
17 | indent_size = 2
18 |
19 | [*.yml]
20 | indent_size = 2
21 |
22 | [Makefile]
23 | indent_style = tab
24 |
25 | [*.md]
26 | max_line_length = 72
27 |
--------------------------------------------------------------------------------
/roles/haproxy/restart/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - meta: flush_handlers
6 |
7 | - name: Start or restart haproxy
8 | service:
9 | name: haproxy
10 | state: "{{ haproxy_service_end_state|default('started') }}"
11 | become_user: root
12 | become: yes
13 | when: >
14 | 'haproxy' in role
15 | and task_selector|permits('service', 'restart')
16 |
--------------------------------------------------------------------------------
/roles/pem/final/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_role:
6 | name: pem/server/config/final
7 | when: >
8 | 'pem-server' in role
9 | and task_selector|permits('pem-server', 'config')
10 |
11 | - include_role:
12 | name: pem/agent/config/final
13 | when: >
14 | 'pem-agent' in role
15 | and task_selector|permits('pem-agent', 'config')
16 |
--------------------------------------------------------------------------------
/roles/efm/switchover/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # used to skip role check before switchover during upgrade scenario where TPA
6 | # is managing the switchover so we don't need to worry about this check that
7 | # would fail since roles are not up to date with actual cluster state due to
8 | # a first switchover earlier in the process.
9 | managed_switchover: false
10 |
--------------------------------------------------------------------------------
/roles/haproxy/config/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | haproxy_read_only_load_balancer_enabled: no
6 |
7 | use_ssl_cert_authentication: no
8 |
9 | haproxy_ssl_service: haproxy
10 | haproxy_ssl_dir: "/etc/tpa/{{ haproxy_ssl_service }}"
11 | haproxy_local_ssl_dir: "{{
12 | use_ssl_cert_authentication|
13 | ternary(cluster_dir ~ '/ssl', cluster_dir ~ '/ssl/haproxy') }}"
14 |
--------------------------------------------------------------------------------
/roles/pgd_proxy/restart/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - meta: flush_handlers
6 |
7 | - name: Start or restart pgd-proxy
8 | service:
9 | name: pgd-proxy
10 | state: "{{ pgd_proxy_service_end_state|default('started') }}"
11 | become_user: root
12 | become: yes
13 | when: >
14 | 'pgd-proxy' in role
15 | and task_selector|permits('service', 'restart')
16 |
--------------------------------------------------------------------------------
/platforms/common/set-provisioning-var.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # We add the given variable name and value to provisioning_vars and
6 | # write the result out to vars.json.
7 |
8 | - name: Set provisioning variable {{ name }}
9 | set_fact:
10 | provisioning_vars: >
11 | {{ provisioning_vars|combine({name: value}) }}
12 |
13 | - include_tasks: write-provisioning-vars.yml
14 |
--------------------------------------------------------------------------------
/roles/postgres/config/templates/bdr.conf.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | # Please do not edit this file. Your changes will be overwritten. Put
3 | # your configuration overrides into conf.d/9999-override.conf instead.
4 |
5 | synchronous_commit = {{ synchronous_commit|default('on') }}
6 | {% if synchronous_standby_names is defined %}
7 | synchronous_standby_names = {{ synchronous_standby_names }}
8 | {% endif %}
9 |
--------------------------------------------------------------------------------
/roles/postgres/config/templates/settings.conf.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | # Automatically generated by postgres/config from
3 | # postgres_conf_settings.
4 | #
5 | # Please do not edit this file. Your changes will be overwritten. Put
6 | # your configuration overrides into conf.d/9999-override.conf instead.
7 |
8 | {% for k,v in postgres_conf_settings.items() %}
9 | {{ k }} = {{ v }}
10 | {% endfor %}
11 |
--------------------------------------------------------------------------------
/roles/repmgr/src/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | repmgr_git_url: https://github.com/EnterpriseDB/repmgr.git
6 | repmgr_git_ref: "REL5_2_STABLE"
7 | repmgr_git_reference_repo: ""
8 |
9 | repmgr_src_dir: /opt/postgres/src/repmgr
10 | repmgr_build_dir: /opt/postgres/build/repmgr
11 | repmgr_install_dir: "{{ postgres_install_dir|default('/opt/postgres/' + postgres_version) }}"
12 |
--------------------------------------------------------------------------------
/roles/sys/local_repo/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Update/clean remote repository metadata after changes
6 | raw: >
7 | command {{ _commands[ansible_os_family] }}
8 | listen:
9 | - "Repo configuration changed"
10 | - "Repo contents changed"
11 | vars:
12 | _commands:
13 | RedHat: yum clean metadata
14 | Debian: apt-get -q -y update
15 |
--------------------------------------------------------------------------------
/roles/sys/sysctl/templates/hugepages.j2:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | test -f /sys/kernel/mm/transparent_hugepage/enabled &&
4 | echo {{ enabled }} > /sys/kernel/mm/transparent_hugepage/enabled
5 | test -f /sys/kernel/mm/transparent_hugepage/defrag &&
6 | echo {{ defrag }} > /sys/kernel/mm/transparent_hugepage/defrag
7 | test -f /sys/kernel/mm/transparent_hugepage/khugepaged/defrag &&
8 | echo {{ kdefrag }} > /sys/kernel/mm/transparent_hugepage/khugepaged/defrag
9 |
--------------------------------------------------------------------------------
/roles/test/tasks/sys/os/RedHat/package-list.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Run yum list
6 | command: yum list '{{ package_pattern }}'
7 | register: package_list
8 | ignore_errors: true
9 | become_user: root
10 | become: yes
11 |
12 | - include_tasks: output.yml
13 | vars:
14 | output_file: package-list.txt
15 | content: |
16 | {{ package_list.stdout }}
17 |
--------------------------------------------------------------------------------
/roles/test/tasks/sys/os/SUSE/package-list.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Run yum list
6 | command: zypper info '{{ package_pattern }}'
7 | register: package_list
8 | ignore_errors: true
9 | become_user: root
10 | become: yes
11 |
12 | - include_tasks: output.yml
13 | vars:
14 | output_file: package-list.txt
15 | content: |
16 | {{ package_list.stdout }}
17 |
--------------------------------------------------------------------------------
/roles/patroni/pkg/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_tasks: list-packages.yml
6 | vars:
7 | list_varname: _all_patroni_packages
8 |
9 | - include_tasks: replace-packages.yml
10 | when: >
11 | patroni_initialised
12 |
13 | - include_role: name=pkg/install
14 | vars:
15 | package_list_name: "patroni packages"
16 | package_list: "{{ _all_patroni_packages }}"
17 |
--------------------------------------------------------------------------------
/roles/sys/pkg/tasks/list-unwanted-packages.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_role: name=pkg/add_to_list
6 | vars:
7 | list_contents: "{{ package_lists|flatten }}"
8 | package_lists:
9 | - "{{ default_unwanted_packages[ansible_distribution] }}"
10 | - "{{ unwanted_packages[ansible_distribution]|default([]) }}"
11 | - "{{ unwanted_packages['common']|default([]) }}"
12 |
--------------------------------------------------------------------------------
/docs/src/legal-notice.md:
--------------------------------------------------------------------------------
1 | © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
2 |
3 | Confidential and private property of EDB. All rights reserved.
4 |
5 | This software and related documentation are protected by intellectual
6 | property laws. Except as allowed by law, you may not use, copy,
7 | reproduce, translate, broadcast, modify, license, transmit, distribute,
8 | exhibit, perform, publish, or display any part, in any form, or by any
9 | means.
10 |
--------------------------------------------------------------------------------
/roles/efm/final/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # Now that everything should be replicating as configured, we can
6 | # start efm.
7 |
8 | - meta: flush_handlers
9 |
10 | - include_role:
11 | name: efm/service
12 | when: >
13 | task_selector|permits('service')
14 |
15 | - include_role:
16 | name: efm/restart
17 | when: >
18 | task_selector|permits('service', 'restart')
19 |
--------------------------------------------------------------------------------
/roles/sys/ssl/server/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | local_ssl_dir: "{{ cluster_dir }}/ssl"
6 | local_ca_certificate_path: "{{ local_ssl_dir }}/CA.crt"
7 | local_ca_privatekey_path: "{{ local_ssl_dir }}/CA.key"
8 | local_csr_path: "{{ local_ssl_dir }}/{{ inventory_hostname }}/{{ ssl_service }}.csr"
9 | local_certificate_path: "{{ local_ssl_dir }}/{{ inventory_hostname }}/{{ ssl_service }}.crt"
10 |
--------------------------------------------------------------------------------
/roles/test/tasks/sys/locale.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Test that the system locale is present
6 | shell:
7 | cmd: "LANG={{ user_locale }}"
8 | failed_when: false
9 | changed_when: false
10 | register: locale_set
11 |
12 | - name: Validate locale set
13 | assert:
14 | that: locale_set.rc == 0
15 | fail_msg: "The requested system locale {{ user_locale }} is not installed."
16 |
--------------------------------------------------------------------------------
/roles/postgres/config/tasks/conf_ssn.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
3 |
4 | - name: Update postgres config fact with `synchronous_standby_names` settings if required
5 | include_role:
6 | name: config/add_to_obj
7 | vars:
8 | object_varname: postgres_config
9 | object_contents:
10 | synchronous_standby_names: "{{ synchronous_standby_names }}"
11 | when:
12 | synchronous_standby_names is defined
13 |
--------------------------------------------------------------------------------
/roles/sys/ssl/ca/final/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Copy CA to shared trusted CA
6 | copy:
7 | src: "{{ local_ca_certificate_path }}"
8 | dest: "{{ ca_trust[ansible_os_family]['ca_trust_dir'] }}/CA.crt"
9 | mode: "0644"
10 | owner: root
11 | group: root
12 |
13 | - name: Update CA certificate trust
14 | command: "{{ ca_trust[ansible_os_family]['ca_trust_cmd'] }}"
15 |
--------------------------------------------------------------------------------
/roles/postgres/service/templates/postgres-monitor.service.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | [Unit]
3 | Description=Postgres startup monitor
4 | After=postgres.service
5 | Requires=postgres.service
6 |
7 | [Service]
8 | Type=oneshot
9 | User={{ postgres_user }}
10 | Group={{ postgres_group }}
11 | ExecStart=/etc/tpa/postgres-monitor "{{ postgres_dsn }}"
12 | RemainAfterExit=yes
13 |
14 | [Install]
15 | WantedBy=multi-user.target
16 |
--------------------------------------------------------------------------------
/architectures/lib/commands/rebuild-sources.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Rebuild postgres on cluster {{ cluster_dir }}
6 | any_errors_fatal: true
7 | max_fail_percentage: 0
8 | become_user: root
9 | become: yes
10 | hosts: all
11 | tasks:
12 | - shell: test -x /etc/tpa/rebuild-sources.sh && /etc/tpa/rebuild-sources.sh
13 | changed_when: false
14 | become_user: root
15 | become: yes
16 |
--------------------------------------------------------------------------------
/platforms/common/set-provisioning-vars.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # We add the given dict of variable names and values to
6 | # provisioning_vars, and write the result out to vars.json.
7 |
8 | - name: Set provisioning variables {{ variables.keys()|join(', ') }}
9 | set_fact:
10 | provisioning_vars: >
11 | {{ provisioning_vars|combine(variables) }}
12 |
13 | - include_tasks: write-provisioning-vars.yml
14 |
--------------------------------------------------------------------------------
/roles/harp/config/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # HARP default configuration values
6 | #
7 | # See: https://documentation.enterprisedb.com/harp/release/latest/configuration/
8 | default_harp_safety_interval: 100
9 | default_harp_maximum_lag: 1048576
10 | default_harp_maximum_camo_lag: 1048576
11 | default_harp_lock_duration: 15
12 | default_harp_lock_interval: 5
13 | default_harp_external_lock_interval: 0
14 |
--------------------------------------------------------------------------------
/roles/test/tasks/postgres/controldata.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Run pg_controldata
6 | command: >
7 | {{ postgres_bin_dir }}/pg_controldata {{ postgres_data_dir }}
8 | register: controldata
9 | become_user: "{{ postgres_user }}"
10 | become: yes
11 |
12 | - include_tasks: output.yml
13 | vars:
14 | output_file: pg_controldata.txt
15 | content: |
16 | {{ controldata.stdout }}
17 |
--------------------------------------------------------------------------------
/roles/zabbix_agent/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_role:
6 | name: zabbix_agent/pkg
7 | when: >
8 | 'zabbix_agent' in role
9 | and platform not in ['shared']
10 | and task_selector|selects('zabbix-agent', 'pkg')
11 |
12 | - include_role:
13 | name: zabbix_agent/config
14 | when: >
15 | 'zabbix_agent' in role
16 | and task_selector|selects('zabbix-agent', 'config')
17 |
--------------------------------------------------------------------------------
/architectures/lib/commands/eval.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - import_playbook: "{{ tpa_dir }}/architectures/lib/init.yml"
6 | when: init|default('yes') == 'yes'
7 | tags: always
8 |
9 | - name: Evaluate expression
10 | any_errors_fatal: true
11 | max_fail_percentage: 0
12 | hosts: "{{ eval_hosts|default('all') }}"
13 | tasks:
14 | - action: debug
15 | args:
16 | msg: >-
17 | {{ expr }}
18 |
--------------------------------------------------------------------------------
/architectures/lib/password:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | # -*- coding: utf-8 -*-
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | from tpaexec.password import generate_password
6 |
7 |
8 | def main():
9 | """
10 | Prints a random password to stdout, generated using the tpaexec library
11 | function (which see). Does not take any options.
12 | """
13 | print(generate_password())
14 |
15 |
16 | if __name__ == "__main__":
17 | main()
18 |
--------------------------------------------------------------------------------
/roles/patroni/service/tasks/restart.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_tasks: transition.yml
6 | when: >
7 | 'primary' in role
8 | and 'pem-server' not in role
9 |
10 | - include_tasks: transition.yml
11 | when: >
12 | 'replica' in role
13 | and 'pem-server' not in role
14 |
15 | - include_tasks: postgres_restart.yml
16 | when: >
17 | 'postgres' in role
18 | and 'pem-server' not in role
19 |
--------------------------------------------------------------------------------
/roles/barman/final/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # Once Postgres is running, we have to perform certain tasks on the
6 | # barman server on behalf of each client, like creating replication
7 | # slots if required.
8 |
9 | - include_tasks: client.yml
10 | with_items: "{{ backup|default([]) }}"
11 | loop_control:
12 | loop_var: this_barman
13 | vars:
14 | slot_name: "{{ this_barman|backup_slot_name }}"
15 |
--------------------------------------------------------------------------------
/roles/efm/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_role:
6 | name: efm/pkg
7 | when: >
8 | task_selector|permits('pkg')
9 |
10 | - include_role: name=postgres/pgpass
11 | vars:
12 | pgpass_users:
13 | - "{{ replication_user }}"
14 | when:
15 | role|intersect(['primary','replica'])
16 |
17 | - include_role:
18 | name: efm/config
19 | when: >
20 | task_selector|permits('config')
21 |
--------------------------------------------------------------------------------
/roles/harp/pkg/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | harp_packages:
6 | "2":
7 | Debian: &debian_harp2_packages
8 | - harp-manager
9 | RedHat:
10 | - harp-manager
11 | Ubuntu: *debian_harp2_packages
12 |
13 | harp_proxy_packages:
14 | "2":
15 | Debian: &debian_harp2_proxy_packages
16 | - harp-proxy
17 | RedHat:
18 | - harp-proxy
19 | Ubuntu: *debian_harp2_proxy_packages
20 |
--------------------------------------------------------------------------------
/roles/pgbackupapi/service/templates/pg-backup-api.conf.j2:
--------------------------------------------------------------------------------
1 | <VirtualHost *:443>
2 | ServerName {{ inventory_hostname }}
3 | SSLEngine on
4 |
5 | SSLCertificateFile {{ pgbapi_ssl_cert_file }}
6 | SSLCertificateKeyFile {{ pgbapi_ssl_key_file }}
7 |
8 | SSLVerifyClient require
9 | SSLVerifyDepth 10
10 | SSLCACertificateFile {{ pgbapi_ssl_ca_file }}
11 |
12 | ProxyPass / http://localhost:7480/
13 | ProxyPassReverse / http://localhost:7480/
14 | </VirtualHost>
15 |
--------------------------------------------------------------------------------
/roles/pgbouncer/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_role:
6 | name: pgbouncer/pkg
7 | when: >
8 | task_selector|permits('pkg')
9 |
10 | - include_role:
11 | name: pgbouncer/config
12 | when: >
13 | 'postgres' in role
14 | or 'pgbouncer' in role
15 | and task_selector|permits('config')
16 |
17 | - set_fact:
18 | initialise_pgbouncer: true
19 | when: >
20 | 'pgbouncer' in role
21 |
--------------------------------------------------------------------------------
/architectures/lib/templates/platforms/aws/instance_defaults.yml.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 |
3 | type: {{ instance_type }}
4 |
5 | default_volumes:
6 | - device_name: root
7 | volume_type: gp2
8 | volume_size: {{ root_volume_size }}
9 | encrypted: yes
10 | - device_name: {{ volume_device_name + 'f' }}
11 | volume_type: gp2
12 | volume_size: {{ postgres_volume_size }}
13 | encrypted: yes
14 | vars:
15 | volume_for: postgres_data
16 |
--------------------------------------------------------------------------------
/roles/etcd/tasks/upgrade.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Stop/update/restart etcd
6 | when: >
7 | 'etcd' in role
8 | block:
9 | - include_role: name=etcd/restart
10 | vars:
11 | etcd_service_end_state: stopped
12 |
13 | - include_role: name=etcd/pkg
14 | vars:
15 | allow_package_upgrades: yes
16 |
17 | - include_role: name=etcd/restart
18 | vars:
19 | etcd_service_end_state: started
20 |
--------------------------------------------------------------------------------
/roles/pkg/add_to_list/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # Given the _name_ of a fact (e.g., "all_packages", or "_etcd_packages")
6 | # in list_varname and a list of packages in list_contents, adds the
7 | # given list to the _value_ of the fact.
8 |
9 | - action: set_fact
10 | args:
11 | "{{ list_varname|mandatory }}": "{{
12 | vars[list_varname]|default([])
13 | |union(list_contents|mandatory)
14 | }}"
15 |
--------------------------------------------------------------------------------
/roles/sys/openvpn/ip/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # Set the openvpn IP address for each host based on its node number. I
6 | # wish there were a more graceful way to do this. (Note that we cannot
7 | # assume that the openvpn server will be assigned the .1 address.)
8 |
9 | - name: Record openvpn IP address
10 | set_fact:
11 | openvpn_ip: "{{ vpn_network|ipaddr('network')|regex_replace('\\.[0-9]*$', '.'~node) }}"
12 |
--------------------------------------------------------------------------------
/roles/test/tasks/camo/bdr_camo_client_teardown.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - block:
6 | - name: Drop bdr_camo_client test table
7 | postgresql_query:
8 | conninfo: "{{ ping_conninfo }}"
9 | query: DROP TABLE camo_test
10 | become_user: "{{ postgres_user }}"
11 | become: yes
12 | vars:
13 | ping_conninfo: "{{ hostvars[ping].bdr_node_dsn }}"
14 | when: >
15 | inventory_hostname == tester_instance
16 |
--------------------------------------------------------------------------------
/platforms/common/inventory/inventory.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | [{{ cluster_tag }}]
3 | {% for h in instance_vars|selectattr("add_to_inventory") %}
4 | {% if h.platform == 'docker' %}
5 | {{ h.Name }} ansible_connection=docker node={{ h.node }} platform={{ h.platform }}
6 | {% else%}
7 | {{ h.Name }} {% if not ansible_tower %}ansible_host={{ h|deploy_ip_address }}{% endif %} node={{ h.node }} platform={{ h.platform }}
8 | {% endif%}
9 | {% endfor %}
10 |
--------------------------------------------------------------------------------
/requirements.in:
--------------------------------------------------------------------------------
1 | ansible-core==2.16.*
2 | Jinja2
3 | PyYAML>=6
4 | cryptography
5 | python-dateutil
6 | netaddr
7 | boto3>=1.5.31
8 | # certifi is an indirect dependency coming from
9 | # docker -> requests -> certifi and by default
10 | # it pulls a pretty old version. So adding it
11 | # here explicitly so we pull the latest always.
12 | # We can safely remove it after we upgrade to
13 | # Python >=3.9 as part of edb-python package.
14 | certifi>=2023.7.22
15 | docker
16 | passlib
17 | psutil
18 | keyring
--------------------------------------------------------------------------------
/roles/beacon-agent/pkg/tasks/list-packages.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - when: >
6 | 'beacon-agent' in role
7 | block:
8 | - include_role: name=pkg/add_to_list
9 | vars:
10 | list_contents: "{{
11 | beacon_agent_packages|packages_for(ansible_distribution, beacon_agent_package_version)
12 | }}"
13 |
14 | - include_role:
15 | name: postgres/pkg
16 | tasks_from: list-client-packages.yml
17 |
--------------------------------------------------------------------------------
/roles/patroni/config/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Note patroni config reload required
6 | set_fact:
7 | patroni_service_end_state: reloaded
8 |
9 | # This should reload the webserver that provides the https probes for Patroni
10 | - name: Notify patroni SSL configuration changed
11 | debug:
12 | msg: Note patroni SSL configuration changed
13 | listen:
14 | - Note patroni SSL configuration changed
15 |
--------------------------------------------------------------------------------
/roles/postgres/src/templates/rebuild-sources.sh.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | #!/bin/sh
3 |
4 | cd {{ postgres_src_dir }}
5 | findmnt . > /dev/null || git pull
6 |
7 | cd {{ postgres_build_dir }}
8 | {% for item in postgres_build_targets %}
9 | PATH={{ build_path }} {{ postgres_make_command }} {{ item }}
10 | {% endfor %}
11 | {% for item in postgres_install_targets %}
12 | PATH={{ build_path}} {{ postgres_make_command }} {{ item }}
13 | {% endfor %}
14 |
--------------------------------------------------------------------------------
/architectures/lib/commands/check_cis.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - import_playbook: "{{ tpa_dir }}/architectures/lib/init.yml"
6 |
7 |
8 | - name: Run CIS compliance tests
9 | any_errors_fatal: true
10 | max_fail_percentage: 0
11 | become_user: root
12 | become: yes
13 | environment: "{{ target_environment }}"
14 | hosts: all
15 | tasks:
16 |
17 | - include_role:
18 | name: test
19 | tasks_from: compliance/cis
20 |
--------------------------------------------------------------------------------
/roles/postgres/config/templates/syslog-postgres.conf.j2:
--------------------------------------------------------------------------------
1 | if $programname == 'postgres' then {
2 | action(
3 | type="omfile"
4 | DirOwner="{{ postgres_user }}"
5 | DirGroup="{{ postgres_group }}"
6 | DirCreateMode="0750"
7 | FileOwner="{{ postgres_user }}"
8 | FileGroup="{{ postgres_group }}"
9 | FileCreateMode="0640"
10 | File="{{ postgres_log_file }}"
11 | )
12 | {% if log_server is not defined %}
13 | stop
14 | {% endif -%}
15 | }
16 |
--------------------------------------------------------------------------------
/roles/postgres/pkg/tasks/src.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Install extra packages for Postgres source installations
6 | package:
7 | name: >
8 | {{ package_lists|flatten }}
9 | state: latest
10 | vars:
11 | package_lists:
12 | - "{{ src_extra_packages|packages_for(ansible_os_family) }}"
13 | - "{{ psycopg2_packages|packages_for(ansible_os_family) }}"
14 | when: >
15 | task_selector|permits('pkg')
16 |
--------------------------------------------------------------------------------
/roles/sys/logrotate/tasks/postgres.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - set_fact:
4 | enable_logrotate: yes
5 |
6 | - name: Add logrotate configuration for Postgres logfile
7 | template:
8 | src: postgres.j2
9 | dest: /etc/logrotate.d/postgres
10 | owner: root
11 | group: root
12 | mode: "0644"
13 | vars:
14 | logrotate_postgres: >-
15 | {{
16 | (log_destination == 'syslog')|ternary(
17 | postgres_log_file, '/var/log/postgresql/postgres.log'
18 | )
19 | }}
20 |
--------------------------------------------------------------------------------
/roles/sys/ssh/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # Enable password-less SSH access between all nodes for a given user.
6 | #
7 | # - include_role: name=sys/ssh
8 | # vars:
9 | # ssh_username: "{{ postgres_user }}"
10 | #
11 | # You can also invoke keygen/authorize/install directly; see comments
12 | # within the files below.
13 |
14 | - include_tasks: keygen.yml
15 | - include_tasks: authorize.yml
16 | - include_tasks: install.yml
17 |
--------------------------------------------------------------------------------
/architectures/lib/commands/check_stig.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - import_playbook: "{{ tpa_dir }}/architectures/lib/init.yml"
6 |
7 |
8 | - name: Run STIG compliance tests
9 | any_errors_fatal: true
10 | max_fail_percentage: 0
11 | become_user: root
12 | become: yes
13 | environment: "{{ target_environment }}"
14 | hosts: all
15 | tasks:
16 |
17 | - include_role:
18 | name: test
19 | tasks_from: compliance/stig
20 |
--------------------------------------------------------------------------------
/roles/pgbouncer/config/templates/userlist.txt.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | "pgbouncer" "{{ password_encryption|encrypted_password(
3 | vars['pgbouncer_password'], username='pgbouncer', existing_password=existing_pgbouncer_password)
4 | }}"
5 | "{{ pgbouncer_auth_user }}" "{{ pgbouncer_auth_user_password_encryption|encrypted_password(
6 | vars['%s_password' % pgbouncer_auth_user], username=pgbouncer_auth_user, existing_password=existing_auth_user_password)
7 | }}"
8 |
--------------------------------------------------------------------------------
/roles/postgres/pgpass/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _pgpassfile: "{{ pgpassfile|default('~%s/.pgpass' % postgres_user) }}"
6 | _pgpass_owner: "{{ pgpass_owner|default(postgres_user) }}"
7 | _pgpass_group: "{{ pgpass_group|default(postgres_group) }}"
8 | _pgpass_host: "{{ pgpass_host|default('*') }}"
9 | _pgpass_users: "{{ pgpass_users|default(default_pgpass_users) }}"
10 | _ssl_client_cert_dir: "{{ ssl_client_cert_dir|default('/') }}"
11 |
--------------------------------------------------------------------------------
/roles/repmgr/replica/final/tasks/recovery.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Check if recovery.conf exists
6 | stat:
7 | path: "{{ postgres_data_dir }}/recovery.conf"
8 | register: recoveryconf
9 |
10 | - name: Fail if recovery.conf does not exist
11 | fail:
12 | msg: "Couldn't find {{ postgres_data_dir }}/recovery.conf"
13 | when:
14 | not recoveryconf.stat.exists and
15 | not postgres_version is version('12', '>=')
16 |
--------------------------------------------------------------------------------
/platforms/docker/images/Dockerfile:
--------------------------------------------------------------------------------
1 | ARG BASE_IMAGE
2 | FROM ${BASE_IMAGE}
3 |
4 | # See common-systemd/Dockerfile for an explanation.
5 |
6 | ENV container docker
7 | STOPSIGNAL RTMIN+3
8 | ENV SYSTEMD_COLORS=0
9 | COPY common-systemd/systemctl-commands.sh /root/systemctl-commands.sh
10 | RUN bash /root/systemctl-commands.sh && rm -f /root/systemctl-commands.sh
11 | RUN echo "NAutoVTs=0" >> /etc/systemd/logind.conf
12 | RUN echo "ForwardToConsole=yes" >> /etc/systemd/logind.conf
13 | CMD ["/sbin/init", "--system"]
14 |
--------------------------------------------------------------------------------
/roles/efm/service/tasks/status.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Get EFM status
6 | command: "{{ efm_bin_dir }}/efm cluster-status {{ cluster_name }}"
7 | register: efm_status
8 | when: >
9 | 'primary' in role
10 | become_user: "{{ postgres_user }}"
11 |
12 | - name: Show cluster status
13 | pause:
14 | seconds: 0
15 | prompt: |
16 | EFM cluster status:
17 |
18 | {{ efm_status.stdout }}
19 | changed_when: false
20 |
--------------------------------------------------------------------------------
/roles/haproxy/pkg/tasks/list-packages.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - block:
6 | - include_role: name=pkg/add_to_list
7 | vars:
8 | list_contents: "{{
9 | haproxy_packages|packages_for(ansible_os_family, haproxy_package_version)
10 | }}"
11 |
12 | # test scripts require psycopg2
13 | - include_role:
14 | name: postgres/pkg
15 | tasks_from: list-client-packages.yml
16 | when: >
17 | 'haproxy' in role
18 |
--------------------------------------------------------------------------------
/roles/pem/agent/pkg/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_tasks: list-packages.yml
6 | vars:
7 | list_varname: _all_pem_agent_packages
8 |
9 | - include_role: name=pkg/install
10 | vars:
11 | package_list_name: "PEM agent packages"
12 | package_list: "{{ _all_pem_agent_packages }}"
13 | allow_package_upgrades: "{{ _allow_package_upgrades | default(false) }}"
14 | allowerasing: "{{ _allowerasing | default(false) }}"
15 |
--------------------------------------------------------------------------------
/roles/postgres/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Note Postgres reload required
6 | set_fact:
7 | postgres_service_end_state: reloaded
8 |
9 | - name: Note Postgres restart required
10 | set_fact:
11 | postgres_service_end_state: restarted
12 |
13 | - name: Restart Postgres when SSL configuration changes
14 | listen: Note postgres SSL configuration changed
15 | set_fact:
16 | postgres_service_end_state: restarted
17 |
--------------------------------------------------------------------------------
/roles/repmgr/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_role:
6 | name: "repmgr/{{ repmgr_installation_method|default(postgres_installation_method) }}"
7 | when: >
8 | 'postgres' in role
9 | and platform not in ['shared']
10 | and task_selector|permits(repmgr_installation_method)
11 |
12 | - include_role: name=repmgr/common
13 | when: >
14 | 'postgres' in role
15 |
16 | - set_fact:
17 | initialise_replication: true
18 |
--------------------------------------------------------------------------------
/roles/sys/ssl/client/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | default_ssl_client_cert_expiry: +365d
6 |
7 | local_ssl_dir: "{{ cluster_dir }}/ssl"
8 |
9 | local_ca_certificate_path: "{{ local_ssl_dir }}/CA.crt"
10 | local_ca_privatekey_path: "{{ local_ssl_dir }}/CA.key"
11 | local_csr_path: "{{ local_ssl_dir }}/{{ inventory_hostname }}/{{ username }}.csr"
12 | local_certificate_path: "{{ local_ssl_dir }}/{{ inventory_hostname }}/{{ username }}.crt"
13 |
--------------------------------------------------------------------------------
/roles/sys/tasks/artifact.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Install {{ _type }} artifact
6 | action: "{{ _module }}"
7 | args: "{{ _artifact }}"
8 | vars:
9 | artifact_types:
10 | path: file
11 | file: copy
12 | archive: unarchive
13 | directory: synchronize
14 | _type: "{{ artifact.type|default('file') }}"
15 | _module: "{{ artifact_types[_type] }}"
16 | _artifact: "{{ artifact|remove_keys(['type']) }}"
17 |
--------------------------------------------------------------------------------
/.dockerignore:
--------------------------------------------------------------------------------
1 | .git
2 | requirements*.in
3 | requirements
4 | *.pyc
5 | .env
6 | .tox
7 | .coverage
8 | nosetests.xml
9 | coverage.xml
10 | *.log
11 | .git
12 | .github
13 | tox.ini
14 | sonar-project.properties
15 | runtime.txt
16 | pyrightconfig.json
17 | Dockerfile
18 | .yamllint.yaml
19 | .prospector.yaml
20 | .idea
21 | .gitignore
22 | .gitattributes
23 | .git-ignore-revs
24 | .editorconfig
25 | .dockerignore
26 | .coveragerc
27 | .ansible-lint
28 | .actrc
29 | docs
30 | tpa-ee
31 | tpa-venv
32 | relnotes
33 | release_notes
--------------------------------------------------------------------------------
/docs/src/templates/styles.scss:
--------------------------------------------------------------------------------
1 | /*
2 | * for PDF Printing
3 | *
4 | */
5 |
6 | @page {
7 | @top-left {
8 | font-size: 8pt;
9 | content: "Information Classification: INTERNAL";
10 | text-align: left;
11 | }
12 |
13 | }
14 |
15 | code, pre code {
16 | font-family: Menlo,Monaco,Consolas,"Courier New",monospace !important;
17 | font-size: 0.9rem !important;
18 | }
19 |
20 | @media print {
21 | hr {
22 | display: none;
23 | }
24 | p {
25 | font-size: inherit;
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/platforms/aws/inventory/write.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Install customised aws_ec2.yml
6 | template:
7 | src: aws_ec2.yml.j2
8 | dest: "{{ cluster_dir }}/inventory/aws_ec2.yml"
9 | mode: "0644"
10 |
11 | - name: Remove old inventory cache
12 | file:
13 | path: "{{ item }}"
14 | state: absent
15 | with_fileglob:
16 | - "{{ cluster_dir }}/tmp/ansible-ec2*.cache"
17 | - "{{ cluster_dir }}/tmp/ansible-ec2*.index"
18 |
--------------------------------------------------------------------------------
/roles/pem/server/pkg/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_tasks: list-packages.yml
6 | vars:
7 | list_varname: _all_pem_server_packages
8 |
9 | - include_role: name=pkg/install
10 | vars:
11 | package_list_name: "PEM server packages"
12 | package_list: "{{ _all_pem_server_packages }}"
13 | allowerasing: "{{ _allowerasing | default(false) }}"
14 | allow_package_upgrades: "{{ _allow_package_upgrades | default(false) }}"
15 |
--------------------------------------------------------------------------------
/roles/pem/server/pkg/tasks/v10-packages.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_role: name=pkg/add_to_list
6 | vars:
7 | list_contents: "{{
8 | pem_server_v10_required_packages|packages_for(ansible_os_family)
9 | }}"
10 | list_varname: _v10_pem_server_packages
11 |
12 | - include_role: name=pkg/install
13 | vars:
14 | package_list_name: "Required PEM v10 server packages"
15 | package_list: "{{ _v10_pem_server_packages }}"
16 |
--------------------------------------------------------------------------------
/platforms/common/inventory/ssh_config.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | Host *
3 | Port {{ ansible_port }}
4 | IdentitiesOnly yes
5 | IdentityFile "{{ ssh_key_file }}"
6 | UserKnownHostsFile known_hosts tpa_known_hosts
7 | ServerAliveInterval 60
8 |
9 | {% for h in instance_vars %}
10 | Host {{ h.Name }}
11 | {% if 'ansible_user' in h.vars %}
12 | User {{ h.vars.ansible_user }}
13 | {% endif %}
14 | HostName {{ h|deploy_ip_address }}
15 | {% endfor %}
16 |
--------------------------------------------------------------------------------
/platforms/common/write-provisioning-vars.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # Dump the contents of provisioning_vars to vars.json. The values are
6 | # either the ones that were loaded by read-provisioning-vars.yml, or
7 | # those stored later by including set-provisioning-var.yml.
8 |
9 | - name: Write provisioning variables to a file
10 | copy:
11 | dest: "{{ cluster_dir }}/vars.json"
12 | content: "{{ provisioning_vars|to_json }}\n"
13 | mode: "0600"
14 |
--------------------------------------------------------------------------------
/roles/etcd/restart/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - meta: flush_handlers
6 |
7 | # We don't want to restart all running etcds at the same time, so we
8 | # loop over the list of all etcd instances and have each one restart
9 | # itself in turn.
10 |
11 | - name: Start or restart etcd service one-by-one on etcd instances
12 | include_tasks: restart-one.yml
13 | with_items: "{{ groups['role_etcd'] }}"
14 | when:
15 | inventory_hostname == item
16 |
--------------------------------------------------------------------------------
/roles/pgdcli/tasks/upgrade.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - assert:
6 | that: bdr_version is version('4', '>=')
7 | fail_msg: >-
8 | PGD CLI requires BDR version 4 or later
9 |
10 | - name: Remove pgd-cli v1 packages for BDR v5
11 | package:
12 | name: edb-pgd-cli
13 | state: absent
14 | when:
15 | bdr_version is version('5', '>=')
16 |
17 | - include_role:
18 | name: pgdcli/pkg
19 | vars:
20 | allow_package_upgrades: yes
21 |
--------------------------------------------------------------------------------
/roles/sys/ssl/ca/final/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | ca_trust:
6 | Debian:
7 | ca_trust_dir: /usr/local/share/ca-certificates
8 | ca_trust_cmd: update-ca-certificates
9 | RedHat:
10 | ca_trust_dir: /etc/pki/ca-trust/source/anchors
11 | ca_trust_cmd: update-ca-trust
12 | SUSE:
13 | ca_trust_dir: /etc/pki/trust/anchors
14 | ca_trust_cmd: update-ca-certificates
15 | local_ca_certificate_path: "{{ cluster_dir }}/ssl/CA.crt"
16 |
--------------------------------------------------------------------------------
/architectures/lib/commands/test.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Set test output directory
6 | hosts: all
7 | tasks:
8 | - set_fact:
9 | output_dir: >-
10 | {{ cluster_dir }}/test/{{ lookup('pipe', 'date +%s') }}
11 | run_once: yes
12 | tags: always
13 |
14 | - import_playbook: "{{ tpa_dir }}/architectures/lib/init.yml"
15 | tags: always
16 |
17 | - import_playbook: "{{ testpath }}"
18 | environment: "{{ target_environment }}"
19 |
--------------------------------------------------------------------------------
/roles/beacon-agent/service/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Install custom beacon agent service unit file
6 | copy:
7 | src: beacon-agent.service
8 | dest: "/etc/systemd/system/beacon-agent.service"
9 | owner: root
10 | group: root
11 | mode: "0644"
12 | register: unit
13 |
14 | - name: Enable beacon agent service
15 | systemd:
16 | name: "beacon-agent"
17 | enabled: yes
18 | daemon_reload: "{{ unit is changed }}"
19 |
--------------------------------------------------------------------------------
/roles/sys/fs/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | _device: "{{
6 | (_encryption == 'luks')|ternary(
7 | ('/dev/mapper/%s' % _luks_volume), volume.device
8 | )
9 | }}"
10 | _encryption: "{{ volume.encryption|default('none') }}"
11 | _luks_volume:
12 | "{{ volume.luks_volume|default('%s_crypt' % volume.device|basename) }}"
13 | _fstype: "{{ volume.fstype|default(default_fstype) }}"
14 | _readahead: "{{ volume.readahead|default(default_readahead) }}"
15 |
--------------------------------------------------------------------------------
/roles/pgd_proxy/tasks/upgrade.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Stop/update/restart pgd-proxy
6 | when: >
7 | 'pgd-proxy' in role
8 | block:
9 | - include_role: name=pgd_proxy/restart
10 | vars:
11 | pgd_proxy_service_end_state: stopped
12 |
13 | - include_role: name=pgd_proxy/pkg
14 | vars:
15 | allow_package_upgrades: yes
16 |
17 | - include_role: name=pgd_proxy/restart
18 | vars:
19 | pgd_proxy_service_end_state: started
20 |
--------------------------------------------------------------------------------
/roles/postgres/bdr/tasks/bdr3/create-node.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Create BDR node
6 | postgresql_query:
7 | conninfo: "{{ bdr_node_dsn }}"
8 | queries:
9 | - text: SELECT bdr.create_node(node_name := %s, local_dsn := %s) AS node_id
10 | args:
11 | - "{{ bdr_node_name }}"
12 | - "{{ bdr_node_dsn }}"
13 | become_user: "{{ postgres_user }}"
14 | become: yes
15 | register: new_bdr_node
16 | changed_when: true
17 |
--------------------------------------------------------------------------------
/roles/postgres/config/vars/conf_extensions.yml:
--------------------------------------------------------------------------------
1 | ---
2 | ## contrib/auto_explain
3 |
4 | auto_explain.log_min_duration: '60s'
5 | auto_explain.log_analyze: 'on'
6 | auto_explain.log_buffers: 'on'
7 | auto_explain.log_timing: 'on'
8 | auto_explain.log_verbose: 'on'
9 | auto_explain.log_format: 'text'
10 | auto_explain.log_nested_statements: 'on'
11 |
12 | ## contrib/pg_stat_statements
13 |
14 | pg_stat_statements.max: '1000'
15 | pg_stat_statements.track: 'all'
16 | pg_stat_statements.track_utility: 'on'
17 | pg_stat_statements.save: 'on'
18 |
--------------------------------------------------------------------------------
/roles/efm/restart/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Ensure EFM is stopped if not in use
6 | set_fact:
7 | efm_service_end_state: stopped
8 | when:
9 | failover_manager != 'efm'
10 |
11 | - name: Start or restart efm
12 | service:
13 | name: "edb-efm-{{ efm_version }}"
14 | state: "{{ efm_service_end_state|default('started') }}"
15 | become_user: root
16 | become: yes
17 | when: >
18 | task_selector|permits('service', 'restart')
19 |
--------------------------------------------------------------------------------
/roles/pgd_proxy/service/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Install custom pgd-proxy service unit file
6 | template:
7 | src: pgd-proxy.service.j2
8 | dest: /etc/systemd/system/pgd-proxy.service
9 | owner: root
10 | group: root
11 | mode: "0644"
12 | register: pgd_proxy_unit
13 |
14 | - name: Ensure pgd-proxy service is enabled on boot
15 | service:
16 | name: pgd-proxy
17 | enabled: yes
18 | when: >
19 | 'pgd-proxy' in role
20 |
--------------------------------------------------------------------------------
/roles/sys/ssl/client/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | CN: "{{ username }}"
6 |
7 | clientcert_owner: "{{ username }}"
8 | clientcert_group: "{{ username }}"
9 | clientcert_service: "{{ username }}"
10 |
11 | ssl_dir: "/etc/tpa/client"
12 | ca_path: "{{ ssl_dir }}/root.crt"
13 | csr_path: "{{ ssl_dir }}/{{ clientcert_service }}.csr"
14 | privatekey_path: "{{ ssl_dir }}/{{ clientcert_service }}.key"
15 | certificate_path: "{{ ssl_dir }}/{{ clientcert_service }}.crt"
16 |
--------------------------------------------------------------------------------
/roles/etcd/pkg/tasks/list-packages.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_role: name=pkg/add_to_list
6 | vars:
7 | _failover_manager_key: "{{
8 | (failover_manager|default('default') in etcd_packages.keys())
9 | |ternary(failover_manager, 'default')
10 | }}"
11 | list_contents: "{{
12 | etcd_packages[_failover_manager_key]
13 | |packages_for(ansible_os_family, etcd_package_version)
14 | }}"
15 | when: >
16 | 'etcd' in role
17 |
--------------------------------------------------------------------------------
/roles/init/platforms/aws/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # We don't need to parse the instance metadata at the moment, but if we
6 | # ever do, there's an example in the git history of how to go about it
7 | # (look for platforms/aws/tasks/metadata.yml).
8 |
9 | - include_tasks: hostvars.yml
10 |
11 | - include_tasks: wait.yml
12 | when:
13 | wait_for_instances|default(False)
14 |
15 | - include_tasks: firstboot.yml
16 | when:
17 | wait_for_instances|default(False)
18 |
--------------------------------------------------------------------------------
/roles/patroni/facts/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
3 |
4 | - block:
5 |
6 | - include_tasks: vars.yml
7 | when: >
8 | ('primary' in role or 'replica' in role or 'etcd' in role)
9 | - include_tasks: validate.yml
10 | when: >
11 | ('primary' in role or 'replica' in role or 'etcd' in role)
12 | - include_tasks: state.yml
13 | when: >
14 | ('primary' in role or 'replica' in role)
15 | when: >
16 | failover_manager == 'patroni' and 'pem-server' not in role
17 |
--------------------------------------------------------------------------------
/roles/pgbouncer/pkg/tasks/list-packages.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - when: >
6 | 'pgbouncer' in role
7 | or ('harp-proxy' in role and harp_proxy_mode == 'pgbouncer')
8 | block:
9 | - include_role: name=pkg/add_to_list
10 | vars:
11 | list_contents: "{{
12 | pgbouncer_packages|packages_for(ansible_distribution, pgbouncer_package_version)
13 | }}"
14 |
15 | - include_role:
16 | name: postgres/pkg
17 | tasks_from: list-client-packages.yml
18 |
--------------------------------------------------------------------------------
/roles/postgres/pkg/tasks/list-client-packages.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # Any instance might need Postgres client packages, so there's nothing
6 | # to double-check here.
7 |
8 | - include_role: name=pkg/add_to_list
9 | vars:
10 | list_contents: "{{ _packages|flatten }}"
11 | _packages:
12 | - "{{ postgres_client_packages[postgres_family]|packages_for(ansible_distribution, postgres_package_version) }}"
13 | - "{{ psycopg2_packages|packages_for(ansible_distribution) }}"
14 |
--------------------------------------------------------------------------------
/roles/sys/upgrade/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # Use with caution.
6 | #
7 | # This role runs "apt-get dist-upgrade" or "yum update" to upgrade all
8 | # packages to the latest available versions, and may involve stopping
9 | # and restarting arbitrary services.
10 | #
11 | # It's meant to be used from clusters/images when building new images,
12 | # and is probably not a good idea to include in any "normal" playbook.
13 |
14 | - include_tasks: "os/{{ ansible_os_family }}.yml"
15 |
--------------------------------------------------------------------------------
/lib/tests/test_password.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | # -*- coding: utf-8 -*-
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | from tpaexec.password import (
6 | generate_password,
7 | )
8 |
9 |
10 | def test_password():
11 | """
12 | Test that generate_password can actually generate different passwords of at
13 | least 32 characters each.
14 | """
15 | p1 = generate_password()
16 | assert len(p1) >= 32
17 |
18 | p2 = generate_password()
19 | assert len(p2) >= 32
20 | assert p1 != p2
21 |
--------------------------------------------------------------------------------
/roles/efm/service/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Install custom efm service unit file
6 | template:
7 | src: efm.service.j2
8 | dest: "/etc/systemd/system/edb-efm-{{ efm_version }}.service"
9 | owner: root
10 | group: root
11 | mode: "0644"
12 | register: unit
13 |
14 | - name: Enable efm service
15 | systemd:
16 | name: "edb-efm-{{ efm_version }}"
17 | enabled: "{{ failover_manager == 'efm' }}"
18 | daemon_reload: "{{ unit is changed }}"
19 |
--------------------------------------------------------------------------------
/roles/repmgr/service/tasks/pause.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Pause repmgr
6 | command: >
7 | {{ postgres_bin_dir }}/repmgr service pause -f {{ repmgr_conf_file }}
8 | register: repmgr_paused
9 | become_user: "{{ postgres_user }}"
10 | become: yes
11 | delay: "{{ delay|default(omit) }}"
12 |
13 |
14 | - name: Fail if repmgr pause failed
15 | fail:
16 | msg: "repmgrd could not be paused on one or more nodes."
17 | when:
18 | repmgr_paused is not successful
19 |
--------------------------------------------------------------------------------
/roles/barman/pkg/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | barman_packages:
6 | Debian: &debian_barman_packages
7 | - barman
8 | - "{{ python_pkg_prefix }}-barman"
9 | RedHat: &redhat_barman_packages
10 | - barman
11 | - file
12 | - "{{ python_pkg_prefix }}-barman"
13 | Ubuntu: *debian_barman_packages
14 | SUSE: *redhat_barman_packages
15 |
16 | barman_installation_method: pkg
17 | barman_src_dir: /opt/postgres/src/barman
18 | barman_build_dir: /opt/postgres/build/barman
19 |
--------------------------------------------------------------------------------
/roles/pgd_proxy/pkg/tasks/list-packages.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - block:
6 | - include_role: name=pkg/add_to_list
7 | vars:
8 | list_contents: "{{
9 | pgd_proxy_packages|packages_for(ansible_os_family, pgd_proxy_package_version)
10 | }}"
11 |
12 | # Our tests require psycopg2, included with the client packages.
13 | - include_role:
14 | name: postgres/pkg
15 | tasks_from: list-client-packages.yml
16 |
17 | when: >
18 | 'pgd-proxy' in role
19 |
--------------------------------------------------------------------------------
/roles/patroni/service/tasks/status.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Gather patroni cluster facts
6 | include_role:
7 | name: patroni/facts
8 | tasks_from: gather
9 |
10 | - name: Get cluster health from API
11 | include_role:
12 | name: patroni/api
13 | tasks_from: health
14 |
15 | - name: Report the status of the cluster
16 | debug:
17 | msg: "{{
18 | {
19 | 'api': patroni_health_api_output.json,
20 | 'facts': patroni_cluster
21 | }
22 | }}"
23 |
--------------------------------------------------------------------------------
/roles/pgbouncer/service/templates/pgbouncer.service.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | [Unit]
3 | Description=Postgres connection pooler
4 | After=syslog.target
5 | After=network.target
6 |
7 | [Service]
8 | Type=simple
9 | User={{ postgres_user }}
10 | Group={{ postgres_group }}
11 | ExecStart={{ default_pgbouncer_paths[ansible_os_family] }} /etc/pgbouncer/pgbouncer.ini
12 | ExecStop=/bin/kill -TERM $MAINPID
13 | ExecReload=/bin/kill -HUP $MAINPID
14 | LimitNOFILE=infinity
15 |
16 | [Install]
17 | WantedBy=multi-user.target
18 |
--------------------------------------------------------------------------------
/docs/Makefile:
--------------------------------------------------------------------------------
1 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
2 |
3 | # Output: $PDFBUILDDIR/tpaexec.pdf
4 |
5 | DOCDIR=$(shell pwd)
6 | PDFBUILDDIR=${DOCDIR}/pdf
7 |
8 | src/images/m1.png: src/images/m1.dot
9 | dot -Tpng $< -o $@
10 |
11 | tpaexec.pdf:
12 | mkdir -p "${PDFBUILDDIR}"
13 | ENABLE_PDF_EXPORT=1 mkdocs build -v -d "${PDFBUILDDIR}" -t material -f tpa.yml
14 |
15 | all: src/images/m1.png tpaexec.pdf
16 |
17 | clean:
18 | rm -rvf ${PDFBUILDDIR} src/images/m1.png
19 |
20 |
21 | .PHONY: all clean $(SUBDIRS)
22 | .DEFAULT_GOAL := all
23 |
--------------------------------------------------------------------------------
/roles/harp/tasks/upgrade.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Stop/update/restart harp
6 | when: >
7 | 'harp-proxy' in role
8 | or ('bdr' in role
9 | and failover_manager == 'harp')
10 | block:
11 | - include_role: name=harp/restart
12 | vars:
13 | harp_service_end_state: stopped
14 |
15 | - include_role: name=harp/pkg
16 | vars:
17 | allow_package_upgrades: yes
18 |
19 | - include_role: name=harp/restart
20 | vars:
21 | harp_service_end_state: started
22 |
--------------------------------------------------------------------------------
/roles/repmgr/service/tasks/unpause.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Unpause repmgr
6 | command: >
7 | {{ postgres_bin_dir }}/repmgr service unpause -f {{ repmgr_conf_file }}
8 | register: repmgr_unpaused
9 | become_user: "{{ postgres_user }}"
10 | become: yes
11 | delay: "{{ delay|default(omit) }}"
12 |
13 |
14 | - name: Fail if repmgr unpause failed
15 | fail:
16 | msg: "repmgrd could not be unpaused on one or more nodes."
17 | when:
18 | repmgr_unpaused is not successful
19 |
--------------------------------------------------------------------------------
/entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
3 |
4 | reset_perms() {
5 | [ -n "$USER_ID" ] && chown "$USER_ID" -R /work
6 | [ -n "$GROUP_ID" ] && chgrp "$GROUP_ID" -R /work
7 | }
8 | # Ensure the reset is ran if the container is stopped with `docker stop` or `docker kill`
9 | trap 'reset_perms' SIGTERM
10 |
11 | /usr/local/bin/tpaexec "$@" &
12 | wait $!
13 | # SIGINT whilst child proc is running is not seen by trap so we run a copy here instead of using
14 | # trap copy_output SIGINT EXIT
15 | reset_perms
16 |
--------------------------------------------------------------------------------
/platforms/common/inventory/known_hosts.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | {% for h in instance_vars if (h.platform != 'bare' or h.vars.get('manage_ssh_hostkeys', False)|bool) %}
3 | {% for k in ['rsa', 'ecdsa'] %}
4 | {% set hostname = h|deploy_ip_address %}
5 | {% if cluster_ssh_port|default(22) != 22 %}
6 | {% set hostname = '[%s]:%s' % (hostname, cluster_ssh_port) %}
7 | {% endif %}
8 | {{ hostname }} {{ lookup('file', '%s/hostkeys/ssh_host_%s_key.pub' % (cluster_dir, k)) }}
9 | {% endfor %}
10 | {% endfor %}
11 |
--------------------------------------------------------------------------------
/roles/pgd_proxy/dbuser/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_role:
6 | name: postgres/createuser
7 | vars:
8 | username: "{{ pgd_proxy_user }}"
9 | granted_roles: [bdr_superuser]
10 | conn_limit: "{{ (compliance|default('') == 'stig')|ternary(groups['role_pgd-proxy']|count, null) }}"
11 | when:
12 | failover_manager == 'pgd'
13 | and groups['role_pgd-proxy']|default([]) is not empty
14 | and 'pem-server' not in role
15 | and task_selector|selects('pgd_proxy', 'user')
16 |
--------------------------------------------------------------------------------
/platforms/deprovision.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Deprovision cluster
6 | hosts: localhost
7 | strategy: linear
8 | tasks:
9 | - import_tasks: load-config.yml
10 | tags: always
11 |
12 | - import_tasks: validate.yml
13 | vars:
14 | deprovision: true
15 | tags: always
16 |
17 | - include_tasks: "{{ platform }}/deprovision.yml"
18 | with_items:
19 | - "{{ cluster_platforms }}"
20 | - common
21 | loop_control:
22 | loop_var: platform
23 | tags: always
24 |
--------------------------------------------------------------------------------
/roles/etcd/service/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Ensure etcd systemd service is in place
6 | template:
7 | src: etcd.service.j2
8 | dest: /etc/systemd/system/etcd.service
9 | mode: "0644"
10 | owner: root
11 | group: root
12 | register: unit
13 | when: >
14 | 'etcd' in role
15 |
16 | - name: Ensure etcd service is enabled on boot
17 | service:
18 | name: etcd
19 | enabled: yes
20 | daemon_reload: "{{ unit is changed }}"
21 | when: >
22 | 'etcd' in role
23 |
--------------------------------------------------------------------------------
/roles/src/install/templates/general_rebuild_script.sh.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | #!/bin/sh
3 |
4 | # set up environment
5 | {% for k,v in build_script_environment.items() %}
6 | export {{ k }}={{ v }}
7 | {% endfor %}
8 |
9 | # git pull if we're not mounted from a container host
10 | cd {{ source_directory }}
11 | findmnt . > /dev/null || git pull
12 |
13 | # run build commands
14 | cd {{ build_directory }}
15 | {% for command in rebuild_commands %}
16 | PATH={{ build_path }} {{ command }} >> {{ build_log }} 2>&1
17 | {% endfor %}
18 |
--------------------------------------------------------------------------------
/roles/efm/update/tasks/cleanup.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: "Disable service for EFM version {{ target_version }}"
4 | systemd:
5 | name: "{{ service_name }}"
6 | enabled: false
7 |
8 | - name: "Remove custom service file for EFM version {{ target_version }}"
9 | file:
10 | path: "/etc/systemd/system/{{ service_name }}.service"
11 | state: absent
12 |
13 | - name: "Remove packages for EFM version {{ target_version }}"
14 | package:
15 | name:
16 | - "{{ package_name }}"
17 | state: absent
18 | vars:
19 | versionNN: "{{ target_version|replace('.','') }}"
20 |
--------------------------------------------------------------------------------
/roles/patroni/facts/tasks/gather.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
3 |
4 | - name: Gather facts about the patroni cluster
5 | patroni_cluster_facts:
6 | cluster: "{{ cluster_name }}"
7 | config_dir: "{{ patroni_etc }}"
8 | patronictl_path: "{{ patronictl_path }}"
9 | locale: "{{
10 | user_locale|default(
11 | (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int < 8)
12 | |ternary('en_US.utf-8', 'C.UTF-8')
13 | )
14 | }}"
15 | become: yes
16 | become_user: root
17 |
--------------------------------------------------------------------------------
/roles/pgbackupapi/pkg/tasks/list-packages.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - when: "'barman' in role and enable_pg_backup_api"
6 | block:
7 | - include_role:
8 | name: pkg/add_to_list
9 | vars:
10 | list_contents: "{{
11 | pgbapi_packages|packages_for(ansible_os_family, pg_backup_api_package_version)
12 | }}"
13 | - include_role:
14 | name: pkg/add_to_list
15 | vars:
16 | list_contents: "{{
17 | pgbapi_dependency_packages|packages_for(ansible_os_family)
18 | }}"
19 |
--------------------------------------------------------------------------------
/roles/postgres/bdr/tasks/bdr5/create-node.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Create BDR node
6 | postgresql_query:
7 | conninfo: "{{ bdr_node_dsn }}"
8 | queries:
9 | - text: SELECT bdr.create_node(node_name := %s, local_dsn := %s, node_kind := %s) AS node_id
10 | args:
11 | - "{{ bdr_node_name }}"
12 | - "{{ bdr_node_dsn }}"
13 | - "{{ role|bdr_node_kind }}"
14 | become_user: "{{ postgres_user }}"
15 | become: yes
16 | register: new_bdr_node
17 | changed_when: true
18 |
--------------------------------------------------------------------------------
/roles/postgres/bdr/tasks/bdr6/create-node.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Create BDR node
6 | postgresql_query:
7 | conninfo: "{{ bdr_node_dsn }}"
8 | queries:
9 | - text: SELECT bdr.create_node(node_name := %s, local_dsn := %s, node_kind := %s) AS node_id
10 | args:
11 | - "{{ bdr_node_name }}"
12 | - "{{ bdr_node_dsn }}"
13 | - "{{ role|bdr_node_kind }}"
14 | become_user: "{{ postgres_user }}"
15 | become: yes
16 | register: new_bdr_node
17 | changed_when: true
18 |
--------------------------------------------------------------------------------
/roles/sys/rsyslog/templates/23-postgres.conf.j2:
--------------------------------------------------------------------------------
1 | $FileOwner root
2 | $FileGroup root
3 | if $programname == 'postgres' then ?LOGPERHOST
4 | if $programname == 'pgbouncer' then ?LOGPERHOST
5 | {% if failover_manager == 'repmgr' %}
6 | if $programname == 'repmgrd' then ?LOGPERHOST
7 | {% endif %}
8 | if $programname == 'harp-manager' then ?LOGPERHOST
9 | if $programname == 'harp-proxy' then ?LOGPERHOST
10 | if $programname == 'pgbouncer' then ?LOGPERHOST
11 | if $programname == 'barman' then ?LOGPERHOST
12 | {% if failover_manager == 'efm' %}
13 | if $programname == 'efm' then ?LOGPERHOST
14 | {% endif %}
--------------------------------------------------------------------------------
/roles/haproxy/pkg/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_tasks: list-packages.yml
6 | vars:
7 | list_varname: _all_haproxy_packages
8 |
9 | - include_role: name=pkg/install
10 | vars:
11 | package_list_name: "haproxy packages"
12 | package_list: "{{ _all_haproxy_packages }}"
13 |
14 | - name: Ensure haproxy group exists
15 | group:
16 | state: present
17 | name: haproxy
18 |
19 | - name: Ensure haproxy user exists
20 | user:
21 | state: present
22 | name: haproxy
23 | group: haproxy
24 |
--------------------------------------------------------------------------------
/roles/pgd_proxy/service/templates/pgd-proxy.service.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 |
3 | [Unit]
4 | Description=PGD Proxy
5 | After=network-online.target
6 | Wants=network-online.target
7 |
8 | [Service]
9 | Type=simple
10 | User={{ pgd_proxy_user }}
11 | Group={{ pgd_proxy_group }}
12 | Restart=on-failure
13 | RestartSec=1s
14 | ExecStart=/usr/bin/pgd-proxy -f {{ pgd_proxy_config_directory }}/pgd-proxy-config.yml
15 | StandardOutput=syslog
16 | StandardError=syslog
17 | SyslogIdentifier=pgd-proxy
18 |
19 | [Install]
20 | WantedBy=multi-user.target
21 |
--------------------------------------------------------------------------------
/roles/postgres/bdr/tasks/version.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - action: set_fact
6 | args: >
7 | {{
8 | ('{"bdr_version_num": %s, "bdr_major_version": %s}' % (
9 | cluster_facts.databases[bdr_database].bdr.bdr_version_num,
10 | cluster_facts.databases[bdr_database].bdr.bdr_major_version,
11 | ))|from_json
12 | }}
13 |
14 | - assert:
15 | msg: "Unsupported BDR version: {{ cluster_facts.databases[bdr_database].bdr.bdr_version }}"
16 | that:
17 | bdr_major_version in [1, 2, 3, 4, 5, 6]
18 |
--------------------------------------------------------------------------------
/architectures/Images/README.md:
--------------------------------------------------------------------------------
1 | Images
2 | ======
3 |
4 | In order to speed up production deployments, we can generate images with
5 | an assortment of packages installed over the stock distribution images.
6 |
7 | For example:
8 |
9 | tpaexec configure images-20180718 -a Images \
10 | --regions eu-west-1 eu-west-2 eu-west-3 us-east-1 \
11 | --distributions Debian RedHat Ubuntu \
12 | --image-name 'TPA-{distribution}-{label}-{version}-{date}' \
13 | --image-label 'Postgres' --image-version '9.6' \
14 | --postgresql 14
15 |
16 | tpaexec build-images images-20180718 -v
17 |
--------------------------------------------------------------------------------
/architectures/common/playbooks/repository_update.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Update repository configuration, if required
6 | any_errors_fatal: true
7 | max_fail_percentage: 0
8 | become_user: root
9 | become: yes
10 | environment: "{{ target_environment }}"
11 | hosts: "{{ update_hosts|default('all') }}"
12 | tasks:
13 | - name: Configure local-repo, if available
14 | include_role:
15 | name: sys/local_repo
16 |
17 | - name: Set up repositories
18 | include_role:
19 | name: sys/repositories
20 |
--------------------------------------------------------------------------------
/roles/zabbix_agent/config/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: "Including userparameters"
6 | include_tasks: "userparameter.yml"
7 | when: zabbix_agent_userparameters|length > 0
8 |
9 | - name: "Install zabbix_agentd config file"
10 | include_tasks: "Linux.yml"
11 |
12 | - include_role: name=postgres/pgpass
13 | vars:
14 | pgpassfile: ~zabbix/.pgpass
15 | pgpass_owner: zabbix
16 | pgpass_group: zabbix
17 | pgpass_users: "{{ zabbix_pgpass_users }}"
18 | when: zabbix_pgpass_users|default([]) is not empty
19 |
--------------------------------------------------------------------------------
/lib/tests/checksums/checksums.json:
--------------------------------------------------------------------------------
1 | {
2 | "test_file_1.txt": "09ca7e4eaa6e8ae9c7d261167129184883644d07dfba7cbfbc4c8a2e08360d5b",
3 | "test_file_2.json": "9d04e1f31ecaf8f3ed0d7045d5ca5ed3f55a3f36ef84d48f7e8a457f67a70a86",
4 | "test_file_3.yml": "09df67fb867923d6ba1427ac60cbc6463a903057cb98a042476c7592a8493662",
5 | "dir/nested_file_1.txt": "048d14ea4eb5b1eeb26fa2faf36bbf266a0a09fca91f9ab6c042b77aee1753cf",
6 | "dir/nested_file_3.yml": "c6ccc102ce67649087ddf6f21f890cc803a6125c922a41fe152e31af2d71710d",
7 | "dir/nested_file_2.json": "31cce14a25dc97ebcf91cfc5647944a90c94cd84a7119e6fcfb8eb5260f49855"
8 | }
--------------------------------------------------------------------------------
/roles/pgbench/tasks/pgbench.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Run pgbench on database {{ pgbench_dbname }}
6 | command: >
7 | {{ postgres_bin_dir }}/pgbench -h {{ postgres_host }} -p {{ postgres_port }} {{ pgbench_opts }} {{ pgbench_dbname }}
8 | register: pgbench
9 | become_user: "{{ postgres_user }}"
10 | become: yes
11 |
12 | - include_role: name=test tasks_from=output.yml
13 | vars:
14 | output_file: "{{ pgbench_output }}"
15 | content: |
16 | {{ pgbench.stdout }}
17 | when: pgbench_output|default('') != ''
18 |
--------------------------------------------------------------------------------
/roles/sys/repositories/tasks/os/RedHat/add-repository.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Add YUM repository for {{ repo_name }}
6 | yum_repository:
7 | name: "{{ repo_name }}"
8 | description: "{{ repo.description|default(omit) }}"
9 | file: "{{ repo.file|default('enterprisedb-%s'|format(repo_name)) }}"
10 | baseurl: "{{ repo.baseurl }}"
11 | gpgkey: "{{ repo.gpgkey|default(omit) }}"
12 | repo_gpgcheck: "{{ repo.repo_gpgcheck|default('yes') }}"
13 | enabled: yes
14 | exclude: "{{ repo.exclude|default(omit) }}"
15 |
--------------------------------------------------------------------------------
/docs/src/pg_ident.conf.md:
--------------------------------------------------------------------------------
1 | ---
2 | description: Working with pg_ident.conf.
3 | ---
4 |
5 | # pg_ident.conf
6 |
7 | You should not normally need to change `pg_ident.conf`, and by default,
8 | TPA will not modify it.
9 |
10 | You can set `postgres_ident_template` to replace `pg_ident.conf` with
11 | whatever content you like.
12 |
13 | ```yaml
14 | cluster_vars:
15 | pg_ident_template: ident.j2
16 | ```
17 |
18 | You will also need to create `templates/ident.j2` in the cluster
19 | directory:
20 |
21 | ```jinja2
22 | {% for u in ['unixuser1', 'unixuser2'] %}
23 | mymap {{ u }} dbusername
24 | {% endfor %}
25 | ```
26 |
--------------------------------------------------------------------------------
/docs/src/locale.md:
--------------------------------------------------------------------------------
1 | ---
2 | description: Setting the locale for the target instance.
3 | ---
4 |
5 | # Locale
6 |
7 | For some platform images and environments it might be desirable to
8 | set the region and language settings.
9 |
10 | By default, TPAexec will install the `en_US.UTF-8` locale system files.
11 | You can set the desired locale in your `config.yml`:
12 |
13 | ```yaml
14 | user_locale: en_GB.UTF-8
15 | ```
16 |
17 | To find supported locales consult the output of the following command:
18 | ```shell
19 | localectl list-locales
20 | ```
21 | Or the contents of the file /etc/locales.defs on Debian or Ubuntu.
22 |
--------------------------------------------------------------------------------
/roles/postgres/config/tasks/ssn.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Write new value for synchronous_standby_names
6 | template:
7 | src: variable.j2
8 | dest: "{{ _include_dir }}/8888-synchronous_standby_names.conf"
9 | owner: "{{ postgres_user }}"
10 | group: "{{ postgres_group }}"
11 | mode: "0644"
12 | vars:
13 | variable: synchronous_standby_names
14 | value: "{{ synchronous_standby_names }}"
15 | when: _postgres_config_split
16 | notify:
17 | - Note Postgres reload required
18 |
19 | - include_tasks: conf_ssn.yml
20 |
--------------------------------------------------------------------------------
/roles/haproxy/facts/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | haproxy_backend_names:
6 | - be
7 | - be_check_queue
8 | - be_ro
9 |
10 | haproxy_default_server_options_by_failover_manager:
11 | default:
12 | - inter 1500 downinter 6s rise 5 fall 3
13 | - agent-inter 2000
14 | harp:
15 | - inter 100ms downinter 1s rise 5 fall 3
16 | - on-error mark-down
17 | - on-marked-down shutdown-sessions
18 | patroni:
19 | - inter 3s fall 3 rise 2
20 | - on-marked-down shutdown-sessions
21 |
22 | haproxy_default_server_extra_options: []
23 |
--------------------------------------------------------------------------------
/roles/postgres/pkg/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_tasks: list-packages.yml
6 | vars:
7 | list_varname: _all_postgres_packages
8 |
9 | - include_role: name=pkg/install
10 | vars:
11 | package_list_name: "postgres packages"
12 | package_list: "{{ _all_postgres_packages }}"
13 |
14 | - name: Disable default postgresql services
15 | systemd:
16 | name: "{{ default_postgres_service_names[postgres_family][ansible_os_family] }}"
17 | state: stopped
18 | masked: yes
19 | when: >
20 | task_selector|permits('service')
21 |
--------------------------------------------------------------------------------
/roles/test/tasks/compliance/fips.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Run FIPS crypto check
6 | command:
7 | cmd: "cat /proc/sys/crypto/fips_enabled"
8 | register: crypto_fips_enabled
9 |
10 | - assert:
11 | that: crypto_fips_enabled.stdout == "1"
12 | fail_msg: "FIPS crypto not enabled"
13 |
14 | - name: Run FIPS mode check
15 | command:
16 | cmd: "/usr/bin/fips-mode-setup --check"
17 | register: fips_mode
18 |
19 | - assert:
20 | that: fips_mode.stdout.startswith("FIPS mode is enabled")
21 | fail_msg: "FIPS mode not enabled"
22 |
--------------------------------------------------------------------------------
/.github/foundation/security/scan-hooks.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | set -e
4 |
5 | if [ "${FS_SCANNER}" = "blackduck" ]; then
6 | case "${FS_SCANNER_STAGE}" in
7 | "pre")
8 | echo "Setup for BlackDuck pre stage"
9 | # install ansible requirements for community use case only
10 | pip install -r requirements.txt
11 | echo DETECT_PIP_REQUIREMENTS_PATH="./source/requirements.txt" >> $GITHUB_ENV
12 | ;;
13 | "post")
14 | echo "Nothing to do for BlackDuck post stage"
15 | ;;
16 | *)
17 | echo "Stage not found"
18 | exit 1
19 | ;;
20 | esac
21 | fi
22 |
--------------------------------------------------------------------------------
/lib/filter_plugins/fnmatch.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | # -*- coding: utf-8 -*-
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | from typing import Dict, List, Any
6 | import fnmatch as fnm
7 |
8 | def fnmatch(string: str, pattern: str) -> bool:
9 | """Given a package version as returned by apt-cache, return True iff it
10 | matches the package_spec
11 | """
12 | if (fnm.fnmatch(string, pattern)):
13 | return True
14 | return False
15 |
16 | class FilterModule(object):
17 | def filters(self):
18 | return {
19 | "fnmatch": fnmatch,
20 | }
21 |
--------------------------------------------------------------------------------
/platforms/aws/user-data/attach-volumes.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | {#
3 | Attach existing EBS volumes.
4 | #}
5 |
6 | instance_id=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
7 |
8 | {% for v in item.volumes|select('has_subkey','volume_id') %}
9 | aws ec2 attach-volume --region {{ item.region }} --volume-id {{ v.volume_id }} --instance-id $instance_id --device {{ v.device_name }}
10 | {% endfor %}
11 | aws ec2 wait volume-in-use --region {{ item.region }} --volume-ids {{ item.volumes|select('has_subkey','volume_id')|map(attribute='volume_id')|list|join(" ") }}
12 |
--------------------------------------------------------------------------------
/roles/init/platforms/aws/tasks/firstboot.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Retrieve user-data failure log entries
6 | raw: >
7 | test -s {{ faillog }} && cat {{ faillog }}
8 |
9 | register: failures
10 | failed_when: false
11 | changed_when: >
12 | 'stdout' in failures and failures.stdout.strip() != ''
13 | vars:
14 | faillog: /var/log/tpa-firstboot-failures.log
15 |
16 | - name: Fail if user-data execution failed
17 | fail:
18 | msg: "{{ failures.stdout }}"
19 | when: >
20 | 'stdout' in failures and failures.stdout.strip() != ''
21 |
--------------------------------------------------------------------------------
/platforms/aws/ec2-tag-volumes.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Tag all volumes attached to the provisioned instances
6 | amazon.aws.ec2_tag:
7 | state: present
8 | region: "{{ item.region }}"
9 | resource: "{{ item.resource }}"
10 | tags: "{{ item.tags }}"
11 | with_items: "{{ ec2_attached_volumes }}"
12 | loop_control:
13 | label: >-
14 | {{ item.region }}:{{ item.resource }}
15 |
16 | - include_tasks: ../common/set-provisioning-var.yml
17 | vars:
18 | name: ec2_cached_attached_volumes
19 | value: "{{ ec2_attached_volumes }}"
20 |
--------------------------------------------------------------------------------
/roles/harp/restart/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - meta: flush_handlers
6 |
7 | - name: Start or restart harp services
8 | systemd:
9 | name: "{{ item }}"
10 | state: "{{ harp_service_end_state|default('started') }}"
11 | enabled: yes
12 | with_items: "{{ harp_services[harp_version] }}"
13 | vars:
14 | harp_services:
15 | "2":
16 | - "{{ ('postgres' in role)|ternary('harp-manager', []) }}"
17 | - "{{ ('harp-proxy' in role)|ternary('harp-proxy', []) }}"
18 | when: >
19 | task_selector|permits('service', 'restart')
20 |
--------------------------------------------------------------------------------
/roles/sys/paths/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # We create a common configuration directory in /etc, world-readable, where
6 | # various components can create their own subdirectories with appropriate
7 | # ownership and permissions. The directory name is hard-coded, because it is
8 | # also hardcoded in the packages that use it.
9 | - name: Create root configuration directory
10 | ansible.builtin.file:
11 | name: /etc/edb
12 | state: directory
13 | owner: root
14 | group: root
15 | mode: "0755"
16 | when:
17 | platform not in ['shared']
18 |
--------------------------------------------------------------------------------
/roles/etcd/service/templates/etcd.service.j2:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=etcd key-value store
3 | Documentation=https://github.com/etcd-io/etcd
4 | After=network-online.target local-fs.target remote-fs.target time-sync.target
5 | Wants=network-online.target local-fs.target remote-fs.target time-sync.target
6 |
7 | [Service]
8 | User={{ etcd_user }}
9 | Group={{ etcd_group }}
10 | Type=notify
11 | Environment=ETCD_DATA_DIR=/var/lib/etcd
12 | Environment=ETCD_NAME=%m
13 | ExecStart=/usr/bin/etcd
14 | EnvironmentFile=/etc/etcd/etcd.conf
15 | Restart=always
16 | RestartSec=10s
17 | LimitNOFILE=40000
18 |
19 | [Install]
20 | WantedBy=multi-user.target
21 |
--------------------------------------------------------------------------------
/roles/pgd_proxy/pkg/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Define pdg proxy package version if not defined in config.yml
6 | set_fact:
7 | pgd_proxy_package_version: "{{ bdr_package_version }}"
8 | when: >
9 | pgd_proxy_package_version is not defined
10 | and bdr_package_version is defined
11 |
12 | - include_tasks: list-packages.yml
13 | vars:
14 | list_varname: _all_pgd_proxy_packages
15 |
16 | - include_role: name=pkg/install
17 | vars:
18 | package_list_name: "pgd-proxy packages"
19 | package_list: "{{ _all_pgd_proxy_packages }}"
20 |
--------------------------------------------------------------------------------
/roles/sys/logrotate/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_tasks: postgres.yml
6 | when: >
7 | 'postgres' in role
8 |
9 | - name: Set up a cron job to run logrotate every 10 minutes
10 | cron:
11 | user: root
12 | cron_file: /etc/cron.d/tpa_logrotate
13 | name: Run logrotate every 10 minutes
14 | minute: "*/10"
15 | hour: "*"
16 | day: "*"
17 | month: "*"
18 | weekday: "*"
19 | job: >
20 | /usr/sbin/logrotate /etc/logrotate.conf
21 | state: present
22 | when:
23 | enable_logrotate|default('no')|bool is true
24 |
--------------------------------------------------------------------------------
/roles/sys/openvpn/common/templates/openssl.cnf.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | # X509 extensions for a client
3 |
4 | [ client_exts ]
5 |
6 | basicConstraints = CA:FALSE
7 | subjectKeyIdentifier = hash
8 | authorityKeyIdentifier = keyid,issuer:always
9 | extendedKeyUsage = clientAuth
10 | keyUsage = digitalSignature
11 |
12 |
13 | # X509 extensions for a server
14 |
15 | [ server_exts ]
16 |
17 | basicConstraints = CA:FALSE
18 | subjectKeyIdentifier = hash
19 | authorityKeyIdentifier = keyid,issuer:always
20 | extendedKeyUsage = serverAuth
21 | keyUsage = digitalSignature,keyEncipherment
22 |
--------------------------------------------------------------------------------
/lib/tests/test_tpa_platforms.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | # -*- coding: utf-8 -*-
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | """Tests for platform object."""
6 |
7 | import pytest
8 |
9 | from tpa.platform import Platform
10 |
11 |
12 | @pytest.fixture
13 | def basic_platform():
14 | """generate a basic platform"""
15 | return Platform("test", "dummy")
16 |
17 |
18 | class TestPlatform:
19 | """test suite for Platform class"""
20 |
21 | def test_platform_basic(self, basic_platform):
22 | """test basic Platform creation"""
23 |
24 | assert basic_platform.name == "test"
25 |
--------------------------------------------------------------------------------
/roles/sys/locale/pkg/tasks/list-packages.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_role:
6 | name: pkg/add_to_list
7 | vars:
8 | _lang_pack: "{{ user_locale|default('en_US.UTF-8')|regex_replace('_.*') }}"
9 | _locale_packages:
10 | Debian:
11 | - locales
12 | RedHat:
13 | - "glibc-langpack-{{ _lang_pack }}"
14 | - "langpacks-{{ _lang_pack }}"
15 | SUSE: []
16 | list_contents: "{{ _locale_packages[ansible_os_family] }}"
17 | when:
18 | not (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int == 7)
19 |
--------------------------------------------------------------------------------
/roles/harp/pkg/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_tasks: list-packages.yml
6 | vars:
7 | list_varname: _all_harp_packages
8 |
9 | - include_role: name=pkg/install
10 | vars:
11 | package_list_name: "harp packages"
12 | package_list: "{{ _all_harp_packages }}"
13 |
14 | - name: Disable pgbouncer service on harp-proxy instances
15 | systemd:
16 | name: pgbouncer
17 | state: stopped
18 | masked: true
19 | enabled: no
20 | when: >
21 | 'harp-proxy' in role
22 | and 'pgbouncer' not in role
23 | and harp_proxy_mode == "pgbouncer"
24 |
--------------------------------------------------------------------------------
/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8"?>
2 | <project version="4">
3 | <component name="CommitMessageInspectionProfile">
4 | <profile version="1.0">
5 | <inspection_tool class="BodyLimit" enabled="true" level="WARNING" enabled_by_default="true" />
6 | <inspection_tool class="SubjectBodySeparation" enabled="true" level="WARNING" enabled_by_default="true" />
7 | <inspection_tool class="SubjectLimit" enabled="true" level="WARNING" enabled_by_default="true" />
8 | </profile>
9 | </component>
10 | <component name="VcsDirectoryMappings">
11 | <mapping directory="$PROJECT_DIR$" vcs="Git" />
12 | </component>
13 | </project>
--------------------------------------------------------------------------------
/roles/pgdcli/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - assert:
6 | that: bdr_version is version('4', '>=')
7 | fail_msg: >-
8 | PGD CLI requires BDR version 4 or later
9 |
10 | - include_role:
11 | name: pgdcli/pkg
12 | when:
13 | - task_selector|permits('pkg')
14 | - ('bdr' in role and bdr_version is version('6', '<')) or
15 | ('pgd-proxy' in role and bdr_version is version('5')) or
16 | ('pgdcli' in role and bdr_version is version('4', '>='))
17 |
18 | - include_role:
19 | name: pgdcli/config
20 | when: >
21 | task_selector|permits('config')
22 |
--------------------------------------------------------------------------------
/roles/repmgr/service/templates/repmgrd.service.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | [Unit]
3 | Description=Postgres replication manager
4 | After={{ postgres_service_name }}-monitor.service
5 | Wants={{ postgres_service_name }}-monitor.service
6 |
7 | [Service]
8 | Type=simple
9 | User={{ postgres_user }}
10 | Group={{ postgres_group }}
11 | StandardOutput=syslog
12 | ExecStart={{ postgres_bin_dir }}/repmgrd -f {{ repmgr_conf_file }} --verbose {{ no_daemonize }}
13 | ExecStop=/bin/kill -TERM $MAINPID
14 | ExecReload=/bin/kill -HUP $MAINPID
15 | Restart=on-failure
16 |
17 | [Install]
18 | WantedBy=multi-user.target
19 |
--------------------------------------------------------------------------------
/roles/postgres/bdr/tasks/bdr2/join.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # The remaining hosts join the group… but they must do so one at a time,
6 | # because BDR does not support concurrent group joins (not in version 3,
7 | # nor in any earlier versions).
8 |
9 | - name: Join BDR groups on the other nodes
10 | include_tasks: join-inner.yml
11 | with_items: >
12 | {{ groups[bdr_node_group]|difference([first_bdr_primary]) }}
13 | loop_control:
14 | loop_var: bdr_node
15 | when:
16 | inventory_hostname == first_bdr_primary and
17 | hostvars[bdr_node].bdr2_node_tuples.rowcount == 0
18 |
--------------------------------------------------------------------------------
/roles/sys/cloudinit/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # If we're in the unenviable position of being on a host that's managed
6 | # by cloud-init, we have some configuration tweaks to apply.
7 |
8 | - name: Check if /etc/cloud/cloud.cfg.d exists
9 | stat:
10 | path: /etc/cloud/cloud.cfg.d
11 | register: cloudcfg
12 |
13 | - name: Disable manage_etc_hosts in cloud.cfg
14 | copy:
15 | dest: /etc/cloud/cloud.cfg.d/99_hosts.cfg
16 | owner: root
17 | group: root
18 | mode: "0644"
19 | content: >
20 | manage_etc_hosts: False
21 | when: cloudcfg.stat.exists
22 |
--------------------------------------------------------------------------------
/roles/patroni/update/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Include patroni-pre-update hook
6 | include_tasks: "{{ hook }}"
7 | when:
8 | lookup('first_found', dict(files=hook, skip=True))
9 | vars:
10 | hook: "{{ cluster_dir }}/hooks/patroni-pre-update.yml"
11 |
12 | - include_role:
13 | name: patroni/pkg
14 | tasks_from: main.yml
15 | vars:
16 | patroni_initialised: true
17 |
18 | - include_role:
19 | name: patroni/service
20 | tasks_from: restart.yml
21 | vars:
22 | patroni_service_name: "patroni@{{ cluster_name }}"
23 | to_state: "restarted"
24 |
--------------------------------------------------------------------------------
/roles/pem/server/tasks/upgrade.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - include_role:
6 | name: pem/server/pkg
7 | vars:
8 | _allowerasing: "{{ ansible_os_family == 'RedHat' }}"
9 | _allow_package_upgrades: yes
10 |
11 | - include_role:
12 | name: pem/server/facts
13 |
14 | - include_role:
15 | name: pem/server/pkg
16 | tasks_from: v10-packages.yml
17 | vars:
18 | _allowerasing: "{{ ansible_os_family == 'RedHat' }}"
19 | _allow_package_upgrades: yes
20 | when: pem_is_v10_or_higher | default(true)
21 |
22 | - include_role:
23 | name: pem/server/config/webserver
24 |
25 |
--------------------------------------------------------------------------------
/roles/pgbackupapi/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # This role can be safely applied to every instance.
6 | # It will set up pg-backup-api on the Barman instances.
7 |
8 | - name: Install Postgres Backup API
9 | include_role:
10 | name: pgbackupapi/pkg
11 | when: >
12 | 'barman' in role
13 | and platform not in ['shared']
14 | and task_selector|selects('pg-backup-api', 'pkg')
15 |
16 | - include_role:
17 | name: pgbackupapi/service
18 | when: >
19 | 'barman' in role
20 | and platform not in ['shared']
21 | and task_selector|selects('pg-backup-api', 'service')
22 |
--------------------------------------------------------------------------------
/roles/pgbouncer/update/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Include pgbouncer-pre-update hook
6 | include_tasks: "{{ hook }}"
7 | when:
8 | lookup('first_found', dict(files=hook, skip=True))
9 | vars:
10 | hook: "{{ cluster_dir }}/hooks/pgbouncer-pre-update.yml"
11 |
12 | - include_role:
13 | name: pgbouncer
14 | tasks_from: upgrade.yml
15 |
16 | - name: Include pgbouncer-post-update hook
17 | include_tasks: "{{ hook }}"
18 | when:
19 | lookup('first_found', dict(files=hook, skip=True))
20 | vars:
21 | hook: "{{ cluster_dir }}/hooks/pgbouncer-post-update.yml"
22 |
--------------------------------------------------------------------------------
/roles/postgres/cleanup/tasks/pglogical-extension.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Drop zombie pglogical extension
6 | postgresql_query:
7 | conninfo: "{{ dsn|dbname(item.key) }}"
8 | queries:
9 | - DROP EXTENSION IF EXISTS pglogical CASCADE
10 | - DROP SCHEMA IF EXISTS pglogical CASCADE
11 | with_dict: "{{ cluster_facts.databases }}"
12 | loop_control:
13 | label: >-
14 | {{ item.key }}
15 | when:
16 | - item.key != bdr_database
17 | - item.value.pglogical is defined
18 | - item.value.pglogical is empty
19 | become_user: "{{ postgres_user }}"
20 | become: yes
21 |
--------------------------------------------------------------------------------
/release_notes/relnote.yml.template:
--------------------------------------------------------------------------------
1 | - summary: Some short description to be used as the first line
2 | description: |
3 | A longer description which will explain in details what the change is and
4 | why it has been introduced
5 | # Possible types: notable_change, minor_change, bugfix or breaking_change
6 | type: notable_change
7 | # At least one between jira_tickets or support_tickets must be defined. You
8 | # can define both if you want
9 | # You must have at least one list item in each *_tickets section that is
10 | # defined
11 | jira_tickets:
12 | - TPA-123
13 | - TPA-456
14 | - TPA-789
15 | support_tickets:
16 | - CP12345
17 | - CP67890
18 |
--------------------------------------------------------------------------------
/roles/sys/ssl/server/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | selfsigned: "{{ not ssl_cert_authentication|default('yes') }}"
6 |
7 | ssl_user: root
8 | ssl_group: root
9 | ssl_service: "{{ inventory_hostname }}"
10 | # check_result_varname: "{{ (ssl_service == inventory_hostname)|ternary('default', ssl_service) }}"
11 |
12 | default_ssl_server_cert_expiry: +365d
13 |
14 | ssl_dir: "/etc/tpa"
15 |
16 | csr_path: "{{ ssl_dir }}/{{ ssl_service }}.csr"
17 | ca_path: "{{ ssl_dir }}/root.crt"
18 | privatekey_path: "{{ ssl_dir }}/{{ ssl_service }}.key"
19 | certificate_path: "{{ ssl_dir }}/{{ ssl_service }}.crt"
20 |
--------------------------------------------------------------------------------
/roles/harp/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Note HARP bootstrap required
6 | set_fact:
7 | harp_bootstrap_required: true
8 |
9 | - name: Note HARP restart required
10 | set_fact:
11 | harp_service_end_state: restarted
12 |
13 | # Copied from pgbouncer/handlers to satisfy pgbouncer/config's
14 | # userlist.yml, which we invoke from harp/config. (But we do not include
15 | # the pgbouncer role, so the value set below will not normally be acted
16 | # on by pgbouncer/restart).
17 |
18 | - name: Note pgbouncer restart required
19 | set_fact:
20 | pgbouncer_service_end_state: restarted
21 |
--------------------------------------------------------------------------------
/roles/pgdcli/update/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Include pgdcli-pre-update hook
6 | include_tasks: "{{ hook }}"
7 | when:
8 | lookup('first_found', dict(files=hook, skip=True))
9 | vars:
10 | hook: "{{ cluster_dir }}/hooks/pgdcli-pre-update.yml"
11 |
12 | - name: Upgrade pgdcli package
13 | include_role:
14 | name: pgdcli
15 | tasks_from: upgrade.yml
16 |
17 | - name: Include pgdcli-post-update hook
18 | include_tasks: "{{ hook }}"
19 | when:
20 | lookup('first_found', dict(files=hook, skip=True))
21 | vars:
22 | hook: "{{ cluster_dir }}/hooks/pgdcli-post-update.yml"
--------------------------------------------------------------------------------
/roles/pgbackupapi/pkg/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - block:
6 | - include_tasks: list-packages.yml
7 | vars:
8 | list_varname: _all_pgbapi_packages
9 |
10 | - include_role: name=pkg/install
11 | vars:
12 | package_list_name: "pgbapi packages"
13 | package_list: "{{ _all_pgbapi_packages }}"
14 |
15 | - name: Enable pg-backup-api
16 | service:
17 | name: pg-backup-api
18 | state: started
19 | enabled: true
20 |
21 | when: pg_backup_api_installation_method == 'pkg'
22 |
23 | - include_tasks: src.yml
24 | when: pg_backup_api_installation_method == 'src'
25 |
--------------------------------------------------------------------------------
/.github/workflows/sonarqube/configure-env.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 |
4 | ##########################
5 | # Setup build environment
6 | ##########################
7 | SetupEnv(){
8 | echo "Install Requirements"
9 | sudo apt-get -y install python3-pip libpq-dev python3-dev
10 | sudo apt install python3.8-venv
11 | sudo python3 -m pip install --upgrade pip
12 | sudo python3 -m pip install tox
13 | }
14 |
15 |
16 | ##################
17 | # Generate reports
18 | ##################
19 | GenerateReports(){
20 |
21 | echo "Create Coverage report"
22 | python3 -m tox -e py38-test
23 | }
24 |
25 |
26 | ########
27 | # Main
28 | ########
29 | SetupEnv
30 | GenerateReports
31 |
--------------------------------------------------------------------------------
/roles/beacon-agent/config/templates/beacon_agent.yaml.j2:
--------------------------------------------------------------------------------
1 | agent:
2 | access_key: {{ beacon_agent_access_key }}
3 | access_key_grpc_header: "x-access-key"
4 | batch:
5 | size: 100
6 | beacon_server: "beacon.biganimal.com:443"
7 | feature_flag_interval: 10m0s
8 | project_id: {{ beacon_agent_project_id }}
9 | providers:
10 | - "onprem"
11 | provider:
12 | onprem:
13 | databases:
14 | {{ beacon_db_name }}:
15 | dsn: "host=localhost port={{ postgres_port }} user=beacon dbname=postgres"
16 | tags:
17 | - tpa_cluster={{ cluster_name }}
18 | host:
19 | resource_id: ""
20 |
--------------------------------------------------------------------------------
/roles/pgbackupapi/update/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Include pg-backup-api-pre-update hook
6 | include_tasks: "{{ hook }}"
7 | when:
8 | lookup('first_found', dict(files=hook, skip=True))
9 | vars:
10 | hook: "{{ cluster_dir }}/hooks/pg-backup-api-pre-update.yml"
11 |
12 | - name: Upgrade pg-backup-api package
13 | include_role: name=pgbackupapi/pkg
14 |
15 | - name: Include pg-backup-api-post-update hook
16 | include_tasks: "{{ hook }}"
17 | when:
18 | lookup('first_found', dict(files=hook, skip=True))
19 | vars:
20 | hook: "{{ cluster_dir }}/hooks/pg-backup-api-post-update.yml"
21 |
--------------------------------------------------------------------------------
/roles/pgd_proxy/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - assert:
6 | that: bdr_version is version('5', '>=')
7 | fail_msg: >-
8 | pgd-proxy requires BDR version 5 or later
9 |
10 | - include_role:
11 | name: pgd_proxy/pkg
12 | when: >
13 | task_selector|permits('pkg')
14 |
15 | - include_role:
16 | name: pgd_proxy/user
17 | when: >
18 | task_selector|permits('user')
19 |
20 | - include_role:
21 | name: pgd_proxy/config
22 | when: >
23 | task_selector|permits('config')
24 |
25 | - include_role:
26 | name: pgd_proxy/service
27 | when: >
28 | task_selector|permits('service')
29 |
--------------------------------------------------------------------------------
/roles/init/tasks/distribution.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # Detect which distribution is in use, and fail if it's not supported.
6 | # (We use the minimal_setup module because we can't rely on a usable
7 | # Python interpreter being available yet.)
8 |
9 | - minimal_setup:
10 | preferred_python_version: "{{ preferred_python_version|default('python2') }}"
11 |
12 | - name: Ensure ansible_distribution is supported
13 | assert:
14 | msg: "ansible_distribution must be set to Debian/RedHat/Ubuntu/SLES"
15 | that:
16 | - ansible_distribution is defined
17 | - ansible_distribution in ('Debian', 'RedHat', 'Ubuntu', 'SLES')
18 |
--------------------------------------------------------------------------------
/roles/patroni/src/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | patroni_git_url: https://github.com/zalando/patroni.git
6 | patroni_git_ref: master
7 |
8 | patroni_src_dir: /opt/patroni/src
9 | patroni_build_dir: /opt/patroni/build
10 | patroni_install_dir: /opt/patroni
11 | patroni_build_commands:
12 | - "cp -a {{ patroni_src_dir }}/* {{ patroni_build_dir }}"
13 | - "{{ python }} -m venv {{ patroni_install_dir }}"
14 | - "{{ patroni_install_dir }}/bin/pip install --upgrade pip"
15 | - "{{ patroni_install_dir }}/bin/pip install -r requirements.txt -r requirements.dev.txt"
16 | - "{{ patroni_install_dir }}/bin/python3 setup.py install"
17 |
--------------------------------------------------------------------------------
/roles/pgbouncer/service/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Install custom pgbouncer service unit file
6 | template:
7 | src: pgbouncer.service.j2
8 | dest: /etc/systemd/system/pgbouncer.service
9 | owner: root
10 | group: root
11 | mode: "0644"
12 | register: unit
13 |
14 | - name: Disable existing pgbouncer service so our new unit gets enabled
15 | systemd:
16 | name: pgbouncer
17 | enabled: no
18 | daemon_reload: "{{ unit is changed }}"
19 |
20 | - name: Enable pgbouncer service
21 | systemd:
22 | name: pgbouncer
23 | enabled: yes
24 | daemon_reload: "{{ unit is changed }}"
25 |
--------------------------------------------------------------------------------
/roles/test/tasks/prereqs.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - assert:
6 | msg: "output_dir must be defined"
7 | that: output_dir is defined
8 |
9 | - name: Ensure that each instance has an output subdirectory
10 | file:
11 | path: "{{ output_dir }}/{{ inventory_hostname }}"
12 | state: directory
13 | mode: "0755"
14 | delegate_to: localhost
15 |
16 | - name: Check if destructive tests should be run
17 | assert:
18 | msg: "You must run ``tpaexec test … --destroy-this-cluster`` to run destructive tests"
19 | that:
20 | - destroy_cluster|default(False)
21 | when: destructive|default(False)
22 | run_once: true
23 |
--------------------------------------------------------------------------------
/roles/postgres/config/tasks/set-variable.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # This include file expects to be passed the name and (properly quoted)
6 | # value of a postgresql.conf parameter, and will write a file into the
7 | # Postgres include_dir.
8 |
9 | - assert:
10 | that:
11 | - variable is defined
12 | - value is defined
13 |
14 | - name: Set override for variable {{ name }}
15 | template:
16 | src: variable.j2
17 | dest: "{{ _include_dir }}/8888-{{ name }}.conf"
18 | owner: "{{ postgres_user }}"
19 | group: "{{ postgres_group }}"
20 | mode: "0644"
21 | notify:
22 | - Note Postgres restart required
23 |
--------------------------------------------------------------------------------
/platforms/aws/user-data/sshd-config.j2:
--------------------------------------------------------------------------------
1 | {# © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved. #}
2 | R=0
3 | CONF=/etc/ssh/sshd_config
4 |
5 | {% if ansible_user == 'root' %}
6 | R=1
7 | sed -i.bak 's/^PermitRootLogin no/PermitRootLogin yes/' $CONF
8 | {% endif %}
9 |
10 | {% if cluster_ssh_port|default(22) != 22 %}
11 | R=1
12 | $(type -p selinuxenabled) && semanage port -a -t ssh_port_t -p tcp {{ cluster_ssh_port }}
13 | echo "" >> $CONF
14 | echo "Port {{ cluster_ssh_port }}" >> $CONF
15 | {% endif %}
16 |
17 | if ! grep -q '^Port 22$' $CONF; then
18 | R=1
19 | echo "" >> $CONF
20 | echo "Port 22" >> $CONF
21 | fi
22 |
23 | if [ $R = 1 ]; then
24 | service sshd restart
25 | fi
26 |
--------------------------------------------------------------------------------
/roles/patroni/pkg/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | edb_patroni_packages:
6 | Debian: &all_patroni_packages
7 | - edb-patroni
8 | RedHat: *all_patroni_packages
9 | SUSE: *all_patroni_packages
10 |
11 | community_patroni_packages:
12 | Debian: &all_deb_patroni_packages
13 | - patroni
14 | RedHat: &all_rpm_patroni_packages
15 | - patroni
16 | - "patroni-{{ patroni_dcs|default('etcd') }}"
17 | SUSE: *all_rpm_patroni_packages
18 |
19 | patroni_dependency_packages:
20 | Debian: &all_patroni_dependency_packages
21 | - jq
22 | RedHat: *all_patroni_dependency_packages
23 | SUSE: *all_patroni_dependency_packages
24 |
--------------------------------------------------------------------------------
/roles/pgd_proxy/update/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Include pgd-proxy-pre-update hook
6 | include_tasks: "{{ hook }}"
7 | when:
8 | lookup('first_found', dict(files=hook, skip=True))
9 | vars:
10 | hook: "{{ cluster_dir }}/hooks/pgd-proxy-pre-update.yml"
11 |
12 | - name: Upgrade the pgd-proxy package
13 | include_role:
14 | name: pgd_proxy
15 | tasks_from: upgrade.yml
16 |
17 | - name: Include pgd-proxy-post-update hook
18 | include_tasks: "{{ hook }}"
19 | when:
20 | lookup('first_found', dict(files=hook, skip=True))
21 | vars:
22 | hook: "{{ cluster_dir }}/hooks/pgd-proxy-post-update.yml"
23 |
--------------------------------------------------------------------------------
/roles/sys/repositories/tasks/extension-repositories.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | - name: Automatically run additional repository setup commands for recognized extensions
6 | command: >
7 | {% for command in item.value.repository_setup_commands[ansible_distribution] %} {{ command }} {% endfor %}
8 | loop: "{{ lookup('dict', postgres_extensions_dictionary) }}"
9 | when: >
10 | 'repository_setup_commands' in item.value
11 | and
12 | item.value.repository_setup_commands[ansible_distribution] is defined
13 | and
14 | (item.key in postgres_extensions
15 | or item.key in postgres_databases|json_query('[*].extensions[*].name|[]'))
--------------------------------------------------------------------------------
/roles/sys/repositories/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # © Copyright EnterpriseDB UK Limited 2015-2025 - All rights reserved.
4 |
5 | # Replace expired 2ndQuadrant apt repository keys, if needed.
6 |
7 | - include_tasks: "os/{{ ansible_os_family }}/2ndquadrant-repository-keys.yml"
8 | when:
9 | ansible_os_family == "Debian"
10 | and not use_local_repo_only
11 |
12 | - include_tasks: repositories.yml
13 | when:
14 | not use_local_repo_only
15 |
16 | - name: Include post-repo hook
17 | include_tasks: "{{ hook }}"
18 | when: >
19 | lookup('first_found', dict(files=hook, skip=True))
20 | and task_selector|selects('post-repo')
21 | vars:
22 | hook: "{{ cluster_dir }}/hooks/post-repo.yml"
23 |
--------------------------------------------------------------------------------