├── .gitignore ├── CHANGELOG.md ├── LICENSE ├── README.md ├── defaults └── main.yml ├── examples ├── Vagrantfile ├── roles │ └── azavea.postgresql └── site.yml ├── handlers └── main.yml ├── meta └── main.yml ├── tasks └── main.yml └── templates ├── pg_hba.conf.j2 └── postgresql.conf.j2 /.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | ## 2.0.0 2 | - Update syntax for ansible 2.9. 3 | 4 | ## 1.0.0 5 | - Use default value of `default_text_search_config`. 6 | 7 | ## 0.5.0 8 | - Add Support for PostgreSQL 9.6 9 | - Update changes between the PostgreSQL 9.5 and 9.6 configuration files 10 | - Update default package version for PostgreSQL to `9.6.*-2.pgdg14.04+1`. 11 | 12 | ## 0.4.0 13 | 14 | - Update default package version for PostgreSQL to `9.5.*-1.pgdg14.04+1`. 15 | 16 | ## 0.3.5 17 | 18 | - Update default package version for PostgreSQL to `9.4.*.pgdg14.04+1`. 19 | 20 | ## 0.3.4 21 | 22 | - Update default package version for PostgreSQL to `9.4.*-2.pgdg14.04+1`. 23 | 24 | ## 0.3.3 25 | 26 | - Add variables for `max_connections`. 27 | 28 | ## 0.3.2 29 | 30 | - Add variables for `work_mem` and `shared_buffers`. 31 | 32 | ## 0.3.1 33 | 34 | - Add variable for setting `log_autovacuum_min_duration`. 35 | 36 | ## 0.3.0 37 | 38 | - Add support for PostgreSQL 9.4. 39 | - Update default package version for PostgreSQL to `9.4.*-1.pgdg14.04+1`. 40 | 41 | ## 0.2.1 42 | 43 | - Update default package version for PostgreSQL to `9.3.5-2.pgdg14.04+1`. 44 | 45 | ## 0.2.0 46 | 47 | - Add support for custom PostgreSQL host-based authentication (`postgresql_hba_mapping:`). 48 | 49 | ## 0.1.1 50 | 51 | - Made package version explicit on PostgreSQL installation (`postgresql_package_version`). 52 | 53 | ## 0.1.0 54 | 55 | - Initial release. 56 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright 2019 Azavea Inc. 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. 203 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ansible-postgresql 2 | 3 | An Ansible role for installing PostgreSQL. 4 | 5 | ## Role Variables 6 | 7 | - `postgresql_version` - PostgreSQL version (default: `9.6`) 8 | - `postgresql_package_version` - PostgreSQL package version (default: `"9.6.*-2.pgdg14.04+1"` 9 | - `postgresql_listen_addresses` - Address for PostgreSQL to bind to (default: `localhost`) 10 | - `postgresql_port` - Port for PostgreSQL to bind to (default: `5432`) 11 | - `postgresql_data_directory` - Default data directory (default: `/var/lib/postgresql/{{ postgresql_version }}/main`) 12 | - `postgresql_max_connections` - Maximum number of connections (default: `100`) 13 | - `postgresql_shared_buffers` - Memory for shared buffers (default: `128MB`) 14 | - `postgresql_work_mem` - Memory for worker processes (default: `4MB`) 15 | - `postgresql_log_autovacuum_min_duration` - Minimum duration for logging long automatic vacuuming (default: `-1`) 16 | - `postgresql_log_min_duration_statement` - Minimum duration for logging long queries (default: `-1`) 17 | - `postgresql_hba_mapping:` - A mapping of PostgreSQL host-based authentication rules 18 | 19 | ## Example Playbook 20 | 21 | See the [examples](./examples/) directory. 22 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | postgresql_version: "9.6" 3 | postgresql_package_version: "9.6.*" 4 | postgresql_listen_addresses: localhost 5 | postgresql_port: 5432 6 | postgresql_data_directory: /var/lib/postgresql/{{ postgresql_version }}/main 7 | postgresql_max_connections: 100 8 | postgresql_shared_buffers: "128MB" 9 | postgresql_work_mem: "4MB" 10 | postgresql_log_autovacuum_min_duration: -1 11 | postgresql_log_min_duration_statement: -1 12 | postgresql_hba_mapping: [] 13 | -------------------------------------------------------------------------------- /examples/Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | VAGRANTFILE_API_VERSION = "2" 5 | 6 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| 7 | config.vm.box = "bento/ubuntu-18.04" 8 | 9 | config.vm.network "forwarded_port", guest: 5432, host: 5433 10 | 11 | config.vm.provision "ansible" do |ansible| 12 | ansible.playbook = "site.yml" 13 | ansible.become = true 14 | end 15 | end 16 | -------------------------------------------------------------------------------- /examples/roles/azavea.postgresql: -------------------------------------------------------------------------------- 1 | ../../ -------------------------------------------------------------------------------- /examples/site.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | 4 | vars: 5 | postgresql_listen_addresses: "*" 6 | postgresql_hba_mapping: 7 | - { type: "host", database: "all", user: "all", address: "0.0.0.0/0", method: "md5" } 8 | - { type: "host", database: "all", user: "all", address: "10.0.2.0/24", method: "md5" } 9 | 10 | roles: 11 | - { role: "azavea.postgresql" } 12 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart PostgreSQL 3 | service: name=postgresql state=restarted 4 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: Hector Castro 4 | description: An Ansible role for installing PostgreSQL. 5 | company: Azavea Inc. 6 | license: Apache 7 | min_ansible_version: 2.5 8 | platforms: 9 | - name: Ubuntu 10 | versions: 11 | - trusty 12 | - xenial 13 | - bionic 14 | categories: 15 | - database:sql 16 | dependencies: [] 17 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Configure the PostgreSQL APT key 3 | apt_key: url=https://www.postgresql.org/media/keys/ACCC4CF8.asc state=present 4 | 5 | - name: Configure the PostgreSQL APT repositories 6 | apt_repository: repo="deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release}}-pgdg main" 7 | state=present 8 | 9 | - name: Install PostgreSQL 10 | apt: 11 | state: present 12 | pkg: 13 | - postgresql-{{ postgresql_version }}={{ postgresql_package_version }} 14 | - postgresql-server-dev-{{ postgresql_version }}={{ postgresql_package_version }} 15 | 16 | - name: Configure PostgreSQL host-based authentication 17 | template: src=pg_hba.conf.j2 dest=/etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf 18 | notify: 19 | - Restart PostgreSQL 20 | 21 | - name: Configure PostgreSQL 22 | template: src=postgresql.conf.j2 dest=/etc/postgresql/{{ postgresql_version }}/main/postgresql.conf 23 | notify: 24 | - Restart PostgreSQL 25 | -------------------------------------------------------------------------------- /templates/pg_hba.conf.j2: -------------------------------------------------------------------------------- 1 | # PostgreSQL Client Authentication Configuration File 2 | # =================================================== 3 | # 4 | # Refer to the "Client Authentication" section in the PostgreSQL 5 | # documentation for a complete description of this file. A short 6 | # synopsis follows. 7 | # 8 | # This file controls: which hosts are allowed to connect, how clients 9 | # are authenticated, which PostgreSQL user names they can use, which 10 | # databases they can access. Records take one of these forms: 11 | # 12 | # local DATABASE USER METHOD [OPTIONS] 13 | # host DATABASE USER ADDRESS METHOD [OPTIONS] 14 | # hostssl DATABASE USER ADDRESS METHOD [OPTIONS] 15 | # hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] 16 | # 17 | # (The uppercase items must be replaced by actual values.) 18 | # 19 | # The first field is the connection type: "local" is a Unix-domain 20 | # socket, "host" is either a plain or SSL-encrypted TCP/IP socket, 21 | # "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a 22 | # plain TCP/IP socket. 23 | # 24 | # DATABASE can be "all", "sameuser", "samerole", "replication", a 25 | # database name, or a comma-separated list thereof. The "all" 26 | # keyword does not match "replication". Access to replication 27 | # must be enabled in a separate record (see example below). 28 | # 29 | # USER can be "all", a user name, a group name prefixed with "+", or a 30 | # comma-separated list thereof. In both the DATABASE and USER fields 31 | # you can also write a file name prefixed with "@" to include names 32 | # from a separate file. 33 | # 34 | # ADDRESS specifies the set of hosts the record matches. It can be a 35 | # host name, or it is made up of an IP address and a CIDR mask that is 36 | # an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that 37 | # specifies the number of significant bits in the mask. A host name 38 | # that starts with a dot (.) matches a suffix of the actual host name. 39 | # Alternatively, you can write an IP address and netmask in separate 40 | # columns to specify the set of hosts. Instead of a CIDR-address, you 41 | # can write "samehost" to match any of the server's own IP addresses, 42 | # or "samenet" to match any address in any subnet that the server is 43 | # directly connected to. 44 | # 45 | # METHOD can be "trust", "reject", "md5", "password", "gss", "sspi", 46 | # "ident", "peer", "pam", "ldap", "radius" or "cert". Note that 47 | # "password" sends passwords in clear text; "md5" is preferred since 48 | # it sends encrypted passwords. 49 | # 50 | # OPTIONS are a set of options for the authentication in the format 51 | # NAME=VALUE. The available options depend on the different 52 | # authentication methods -- refer to the "Client Authentication" 53 | # section in the documentation for a list of which options are 54 | # available for which authentication methods. 55 | # 56 | # Database and user names containing spaces, commas, quotes and other 57 | # special characters must be quoted. Quoting one of the keywords 58 | # "all", "sameuser", "samerole" or "replication" makes the name lose 59 | # its special character, and just match a database or username with 60 | # that name. 61 | # 62 | # This file is read on server startup and when the postmaster receives 63 | # a SIGHUP signal. If you edit the file on a running system, you have 64 | # to SIGHUP the postmaster for the changes to take effect. You can 65 | # use "pg_ctl reload" to do that. 66 | 67 | # Put your actual configuration here 68 | # ---------------------------------- 69 | # 70 | # If you want to allow non-local connections, you need to add more 71 | # "host" records. In that case you will also need to make PostgreSQL 72 | # listen on a non-local interface via the listen_addresses 73 | # configuration parameter, or via the -i or -h command line switches. 74 | 75 | {% for rule in postgresql_hba_mapping %} 76 | {{ rule.type }} {{ rule.database }} {{ rule.user }} {{ rule.address }} {{ rule.method }} 77 | {% endfor %} 78 | 79 | # DO NOT DISABLE! 80 | # If you change this first entry you will need to make sure that the 81 | # database superuser can access the database using some other method. 82 | # Noninteractive access to all databases is required during automatic 83 | # maintenance (custom daily cronjobs, replication, and similar tasks). 84 | # 85 | # Database administrative login by Unix domain socket 86 | local all postgres peer 87 | 88 | {% if postgresql_version is version('9.3', '<=') %} 89 | # Database administrative login from localhost 90 | host all postgres 127.0.0.1/32 trust 91 | {% endif %} 92 | 93 | # TYPE DATABASE USER ADDRESS METHOD 94 | 95 | # "local" is for Unix domain socket connections only 96 | local all all peer 97 | # IPv4 local connections: 98 | host all all 127.0.0.1/32 md5 99 | # IPv6 local connections: 100 | host all all ::1/128 md5 101 | # Allow replication connections from localhost, by a user with the 102 | # replication privilege. 103 | #local replication postgres peer 104 | #host replication postgres 127.0.0.1/32 md5 105 | #host replication postgres ::1/128 md5 106 | -------------------------------------------------------------------------------- /templates/postgresql.conf.j2: -------------------------------------------------------------------------------- 1 | # ----------------------------- 2 | # PostgreSQL configuration file 3 | # ----------------------------- 4 | # 5 | # This file consists of lines of the form: 6 | # 7 | # name = value 8 | # 9 | # (The "=" is optional.) Whitespace may be used. Comments are introduced with 10 | # "#" anywhere on a line. The complete list of parameter names and allowed 11 | # values can be found in the PostgreSQL documentation. 12 | # 13 | # The commented-out settings shown in this file represent the default values. 14 | # Re-commenting a setting is NOT sufficient to revert it to the default value; 15 | # you need to reload the server. 16 | # 17 | # This file is read on server startup and when the server receives a SIGHUP 18 | # signal. If you edit the file on a running system, you have to SIGHUP the 19 | # server for the changes to take effect, or use "pg_ctl reload". Some 20 | # parameters, which are marked below, require a server shutdown and restart to 21 | # take effect. 22 | # 23 | # Any parameter can also be given as a command-line option to the server, e.g., 24 | # "postgres -c log_connections=on". Some parameters can be changed at run time 25 | # with the "SET" SQL command. 26 | # 27 | # Memory units: kB = kilobytes Time units: ms = milliseconds 28 | # MB = megabytes s = seconds 29 | # GB = gigabytes min = minutes 30 | # TB = terabytes h = hours 31 | # d = days 32 | 33 | 34 | #------------------------------------------------------------------------------ 35 | # FILE LOCATIONS 36 | #------------------------------------------------------------------------------ 37 | 38 | # The default values of these variables are driven from the -D command-line 39 | # option or PGDATA environment variable, represented here as ConfigDir. 40 | 41 | data_directory = '{{ postgresql_data_directory }}' # use data in another directory 42 | # (change requires restart) 43 | hba_file = '/etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf' # host-based authentication file 44 | # (change requires restart) 45 | ident_file = '/etc/postgresql/{{ postgresql_version }}/main/pg_ident.conf' # ident configuration file 46 | # (change requires restart) 47 | 48 | # If external_pid_file is not explicitly set, no extra PID file is written. 49 | external_pid_file = '/var/run/postgresql/{{ postgresql_version }}-main.pid' # write an extra PID file 50 | # (change requires restart) 51 | 52 | 53 | #------------------------------------------------------------------------------ 54 | # CONNECTIONS AND AUTHENTICATION 55 | #------------------------------------------------------------------------------ 56 | 57 | # - Connection Settings - 58 | 59 | listen_addresses = '{{ postgresql_listen_addresses }}' 60 | # what IP address(es) to listen on; 61 | # comma-separated list of addresses; 62 | # defaults to 'localhost'; use '*' for all 63 | # (change requires restart) 64 | port = {{ postgresql_port }} # (change requires restart) 65 | max_connections = {{ postgresql_max_connections }} # (change requires restart) 66 | # Note: Increasing max_connections costs ~400 bytes of shared memory per 67 | # connection slot, plus lock space (see max_locks_per_transaction). 68 | #superuser_reserved_connections = 3 # (change requires restart) 69 | unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories 70 | # (change requires restart) 71 | #unix_socket_group = '' # (change requires restart) 72 | #unix_socket_permissions = 0777 # begin with 0 to use octal notation 73 | # (change requires restart) 74 | #bonjour = off # advertise server via Bonjour 75 | # (change requires restart) 76 | #bonjour_name = '' # defaults to the computer name 77 | # (change requires restart) 78 | 79 | # - Security and Authentication - 80 | 81 | #authentication_timeout = 1min # 1s-600s 82 | ssl = true # (change requires restart) 83 | #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers 84 | # (change requires restart) 85 | #ssl_prefer_server_ciphers = on # (change requires restart) 86 | #ssl_ecdh_curve = 'prime256v1' # (change requires restart) 87 | #ssl_renegotiation_limit = 512MB # amount of data between renegotiations 88 | ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem' # (change requires restart) 89 | ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key' # (change requires restart) 90 | #ssl_ca_file = '' # (change requires restart) 91 | #ssl_crl_file = '' # (change requires restart) 92 | #password_encryption = on 93 | #db_user_namespace = off 94 | 95 | # GSSAPI using Kerberos 96 | #krb_server_keyfile = '' 97 | #krb_caseins_users = off 98 | 99 | # - TCP Keepalives - 100 | # see "man 7 tcp" for details 101 | 102 | #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; 103 | # 0 selects the system default 104 | #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; 105 | # 0 selects the system default 106 | #tcp_keepalives_count = 0 # TCP_KEEPCNT; 107 | # 0 selects the system default 108 | 109 | 110 | #------------------------------------------------------------------------------ 111 | # RESOURCE USAGE (except WAL) 112 | #------------------------------------------------------------------------------ 113 | 114 | # - Memory - 115 | 116 | shared_buffers = {{ postgresql_shared_buffers }} # min 128kB 117 | # (change requires restart) 118 | #huge_pages = try # on, off, or try 119 | # (change requires restart) 120 | #temp_buffers = 8MB # min 800kB 121 | #max_prepared_transactions = 0 # zero disables the feature 122 | # (change requires restart) 123 | # Note: Increasing max_prepared_transactions costs ~600 bytes of shared memory 124 | # per transaction slot, plus lock space (see max_locks_per_transaction). 125 | # It is not advisable to set max_prepared_transactions nonzero unless you 126 | # actively intend to use prepared transactions. 127 | work_mem = {{ postgresql_work_mem }} # min 64kB 128 | #maintenance_work_mem = 64MB # min 1MB 129 | #replacement_sort_tuples = 150000 # limits use of replacement selection sort 130 | #autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem 131 | #max_stack_depth = 2MB # min 100kB 132 | {% if postgresql_version is version('9.3', '>') %} 133 | dynamic_shared_memory_type = posix # the default is the first option 134 | # supported by the operating system: 135 | # posix 136 | # sysv 137 | # windows 138 | # mmap 139 | # use none to disable dynamic shared memory 140 | {% endif %} 141 | 142 | # - Disk - 143 | 144 | #temp_file_limit = -1 # limits per-process temp file space 145 | # in kB, or -1 for no limit 146 | 147 | # - Kernel Resource Usage - 148 | 149 | #max_files_per_process = 1000 # min 25 150 | # (change requires restart) 151 | #shared_preload_libraries = '' # (change requires restart) 152 | 153 | # - Cost-Based Vacuum Delay - 154 | 155 | #vacuum_cost_delay = 0 # 0-100 milliseconds 156 | #vacuum_cost_page_hit = 1 # 0-10000 credits 157 | #vacuum_cost_page_miss = 10 # 0-10000 credits 158 | #vacuum_cost_page_dirty = 20 # 0-10000 credits 159 | #vacuum_cost_limit = 200 # 1-10000 credits 160 | 161 | # - Background Writer - 162 | 163 | #bgwriter_delay = 200ms # 10-10000ms between rounds 164 | #bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round 165 | #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round 166 | #bgwriter_flush_after = 0 # 0 disables, 167 | # default is 512kB on linux, 0 otherwise 168 | 169 | # - Asynchronous Behavior - 170 | 171 | #effective_io_concurrency = 1 # 1-1000; 0 disables prefetching 172 | #max_worker_processes = 8 # (change requires restart) 173 | #max_parallel_workers_per_gather = 0 # taken from max_worker_processes 174 | #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate 175 | # (change requires restart) 176 | #backend_flush_after = 0 # 0 disables, default is 0 177 | 178 | #------------------------------------------------------------------------------ 179 | # WRITE AHEAD LOG 180 | #------------------------------------------------------------------------------ 181 | 182 | # - Settings - 183 | 184 | #wal_level = minimal # minimal, replica, or logical 185 | # (change requires restart) 186 | #fsync = on # flush data to disk for crash safety 187 | # (turning this off can cause 188 | # unrecoverable data corruption) 189 | #synchronous_commit = on # synchronization level; 190 | # off, local, remote_write, remote_apply, or on 191 | #wal_sync_method = fsync # the default is the first option 192 | # supported by the operating system: 193 | # open_datasync 194 | # fdatasync (default on Linux) 195 | # fsync 196 | # fsync_writethrough 197 | # open_sync 198 | #full_page_writes = on # recover from partial page writes 199 | #wal_log_hints = off # also do full page writes of non-critical updates 200 | # (change requires restart) 201 | #wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers 202 | # (change requires restart) 203 | #wal_writer_delay = 200ms # 1-10000 milliseconds 204 | #wal_writer_flush_after = 1MB # 0 disables 205 | 206 | #commit_delay = 0 # range 0-100000, in microseconds 207 | #commit_siblings = 5 # range 1-1000 208 | 209 | # - Checkpoints - 210 | 211 | #checkpoint_segments = 3 # in logfile segments, min 1, 16MB each 212 | #checkpoint_timeout = 5min # range 30s-1h 213 | #checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 214 | #checkpoint_flush_after = 0 # 0 disables, 215 | # default is 256kB on linux, 0 otherwise 216 | #checkpoint_warning = 30s # 0 disables 217 | 218 | # - Archiving - 219 | 220 | #archive_mode = off # allows archiving to be done 221 | # (change requires restart) 222 | #archive_command = '' # command to use to archive a logfile segment 223 | # placeholders: %p = path of file to archive 224 | # %f = file name only 225 | # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' 226 | #archive_timeout = 0 # force a logfile segment switch after this 227 | # number of seconds; 0 disables 228 | 229 | 230 | #------------------------------------------------------------------------------ 231 | # REPLICATION 232 | #------------------------------------------------------------------------------ 233 | 234 | # - Sending Server(s) - 235 | 236 | # Set these on the master and on any standby that will send replication data. 237 | 238 | #max_wal_senders = 0 # max number of walsender processes 239 | # (change requires restart) 240 | #wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables 241 | #wal_sender_timeout = 60s # in milliseconds; 0 disables 242 | 243 | #max_replication_slots = 0 # max number of replication slots 244 | # (change requires restart) 245 | 246 | # - Master Server - 247 | 248 | # These settings are ignored on a standby server. 249 | 250 | #synchronous_standby_names = '' # standby servers that provide sync rep 251 | # number of sync standbys and comma-separated list of application_name 252 | # from standby(s); '*' = all 253 | #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed 254 | 255 | # - Standby Servers - 256 | 257 | # These settings are ignored on a master server. 258 | 259 | #hot_standby = off # "on" allows queries during recovery 260 | # (change requires restart) 261 | #max_standby_archive_delay = 30s # max delay before canceling queries 262 | # when reading WAL from archive; 263 | # -1 allows indefinite delay 264 | #max_standby_streaming_delay = 30s # max delay before canceling queries 265 | # when reading streaming WAL; 266 | # -1 allows indefinite delay 267 | #wal_receiver_status_interval = 10s # send replies at least this often 268 | # 0 disables 269 | #hot_standby_feedback = off # send info from standby to prevent 270 | # query conflicts 271 | #wal_receiver_timeout = 60s # time that receiver waits for 272 | # communication from master 273 | # in milliseconds; 0 disables 274 | 275 | 276 | #------------------------------------------------------------------------------ 277 | # QUERY TUNING 278 | #------------------------------------------------------------------------------ 279 | 280 | # - Planner Method Configuration - 281 | 282 | #enable_bitmapscan = on 283 | #enable_hashagg = on 284 | #enable_hashjoin = on 285 | #enable_indexscan = on 286 | #enable_indexonlyscan = on 287 | #enable_material = on 288 | #enable_mergejoin = on 289 | #enable_nestloop = on 290 | #enable_seqscan = on 291 | #enable_sort = on 292 | #enable_tidscan = on 293 | 294 | # - Planner Cost Constants - 295 | 296 | #seq_page_cost = 1.0 # measured on an arbitrary scale 297 | #random_page_cost = 4.0 # same scale as above 298 | #cpu_tuple_cost = 0.01 # same scale as above 299 | #cpu_index_tuple_cost = 0.005 # same scale as above 300 | #cpu_operator_cost = 0.0025 # same scale as above 301 | #parallel_tuple_cost = 0.1 # same scale as above 302 | #parallel_setup_cost = 1000.0 # same scale as above 303 | #min_parallel_relation_size = 8MB 304 | #effective_cache_size = 4GB 305 | 306 | # - Genetic Query Optimizer - 307 | 308 | #geqo = on 309 | #geqo_threshold = 12 310 | #geqo_effort = 5 # range 1-10 311 | #geqo_pool_size = 0 # selects default based on effort 312 | #geqo_generations = 0 # selects default based on effort 313 | #geqo_selection_bias = 2.0 # range 1.5-2.0 314 | #geqo_seed = 0.0 # range 0.0-1.0 315 | 316 | # - Other Planner Options - 317 | 318 | #default_statistics_target = 100 # range 1-10000 319 | #constraint_exclusion = partition # on, off, or partition 320 | #cursor_tuple_fraction = 0.1 # range 0.0-1.0 321 | #from_collapse_limit = 8 322 | #join_collapse_limit = 8 # 1 disables collapsing of explicit 323 | # JOIN clauses 324 | #force_parallel_mode = off 325 | 326 | #------------------------------------------------------------------------------ 327 | # ERROR REPORTING AND LOGGING 328 | #------------------------------------------------------------------------------ 329 | 330 | # - Where to Log - 331 | 332 | #log_destination = 'stderr' # Valid values are combinations of 333 | # stderr, csvlog, syslog, and eventlog, 334 | # depending on platform. csvlog 335 | # requires logging_collector to be on. 336 | 337 | # This is used when logging to stderr: 338 | #logging_collector = off # Enable capturing of stderr and csvlog 339 | # into log files. Required to be on for 340 | # csvlogs. 341 | # (change requires restart) 342 | 343 | # These are only used if logging_collector is on: 344 | #log_directory = 'pg_log' # directory where log files are written, 345 | # can be absolute or relative to PGDATA 346 | #log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, 347 | # can include strftime() escapes 348 | #log_file_mode = 0600 # creation mode for log files, 349 | # begin with 0 to use octal notation 350 | #log_truncate_on_rotation = off # If on, an existing log file with the 351 | # same name as the new log file will be 352 | # truncated rather than appended to. 353 | # But such truncation only occurs on 354 | # time-driven rotation, not on restarts 355 | # or size-driven rotation. Default is 356 | # off, meaning append to existing files 357 | # in all cases. 358 | #log_rotation_age = 1d # Automatic rotation of logfiles will 359 | # happen after that time. 0 disables. 360 | #log_rotation_size = 10MB # Automatic rotation of logfiles will 361 | # happen after that much log output. 362 | # 0 disables. 363 | 364 | # These are relevant when logging to syslog: 365 | #syslog_facility = 'LOCAL0' 366 | #syslog_ident = 'postgres' 367 | #syslog_sequence_numbers = on 368 | #syslog_split_messages = on 369 | 370 | # This is only relevant when logging to eventlog (win32): 371 | #event_source = 'PostgreSQL' 372 | 373 | # - When to Log - 374 | 375 | #client_min_messages = notice # values in order of decreasing detail: 376 | # debug5 377 | # debug4 378 | # debug3 379 | # debug2 380 | # debug1 381 | # log 382 | # notice 383 | # warning 384 | # error 385 | 386 | #log_min_messages = warning # values in order of decreasing detail: 387 | # debug5 388 | # debug4 389 | # debug3 390 | # debug2 391 | # debug1 392 | # info 393 | # notice 394 | # warning 395 | # error 396 | # log 397 | # fatal 398 | # panic 399 | 400 | #log_min_error_statement = error # values in order of decreasing detail: 401 | # debug5 402 | # debug4 403 | # debug3 404 | # debug2 405 | # debug1 406 | # info 407 | # notice 408 | # warning 409 | # error 410 | # log 411 | # fatal 412 | # panic (effectively off) 413 | 414 | log_min_duration_statement = {{ postgresql_log_min_duration_statement }} 415 | # -1 is disabled, 0 logs all statements 416 | # and their durations, > 0 logs only 417 | # statements running at least this number 418 | # of milliseconds 419 | 420 | 421 | # - What to Log - 422 | 423 | #debug_print_parse = off 424 | #debug_print_rewritten = off 425 | #debug_print_plan = off 426 | #debug_pretty_print = on 427 | #log_checkpoints = off 428 | #log_connections = off 429 | #log_disconnections = off 430 | #log_duration = off 431 | #log_error_verbosity = default # terse, default, or verbose messages 432 | #log_hostname = off 433 | log_line_prefix = '%t [%p-%l] %q%u@%d ' # special values: 434 | # %a = application name 435 | # %u = user name 436 | # %d = database name 437 | # %r = remote host and port 438 | # %h = remote host 439 | # %p = process ID 440 | # %t = timestamp without milliseconds 441 | # %m = timestamp with milliseconds 442 | # %n = timestamp with milliseconds (as a Unix epoch) 443 | # %i = command tag 444 | # %e = SQL state 445 | # %c = session ID 446 | # %l = session line number 447 | # %s = session start timestamp 448 | # %v = virtual transaction ID 449 | # %x = transaction ID (0 if none) 450 | # %q = stop here in non-session 451 | # processes 452 | # %% = '%' 453 | # e.g. '<%u%%%d> ' 454 | #log_lock_waits = off # log lock waits >= deadlock_timeout 455 | #log_statement = 'none' # none, ddl, mod, all 456 | #log_temp_files = -1 # log temporary files equal or larger 457 | # than the specified size in kilobytes; 458 | # -1 disables, 0 logs all temp files 459 | log_timezone = 'UTC' 460 | 461 | 462 | #------------------------------------------------------------------------------ 463 | # RUNTIME STATISTICS 464 | #------------------------------------------------------------------------------ 465 | 466 | # - Query/Index Statistics Collector - 467 | 468 | #track_activities = on 469 | #track_counts = on 470 | #track_io_timing = off 471 | #track_functions = none # none, pl, all 472 | #track_activity_query_size = 1024 # (change requires restart) 473 | #update_process_title = on 474 | stats_temp_directory = '/var/run/postgresql/{{ postgresql_version }}-main.pg_stat_tmp' 475 | 476 | 477 | # - Statistics Monitoring - 478 | 479 | #log_parser_stats = off 480 | #log_planner_stats = off 481 | #log_executor_stats = off 482 | #log_statement_stats = off 483 | 484 | 485 | #------------------------------------------------------------------------------ 486 | # AUTOVACUUM PARAMETERS 487 | #------------------------------------------------------------------------------ 488 | 489 | #autovacuum = on # Enable autovacuum subprocess? 'on' 490 | # requires track_counts to also be on. 491 | log_autovacuum_min_duration = {{ postgresql_log_autovacuum_min_duration }} # -1 disables, 0 logs all actions and 492 | # their durations, > 0 logs only 493 | # actions running at least this number 494 | # of milliseconds. 495 | #autovacuum_max_workers = 3 # max number of autovacuum subprocesses 496 | # (change requires restart) 497 | #autovacuum_naptime = 1min # time between autovacuum runs 498 | #autovacuum_vacuum_threshold = 50 # min number of row updates before 499 | # vacuum 500 | #autovacuum_analyze_threshold = 50 # min number of row updates before 501 | # analyze 502 | #autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum 503 | #autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze 504 | #autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum 505 | # (change requires restart) 506 | #autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age 507 | # before forced vacuum 508 | # (change requires restart) 509 | #autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for 510 | # autovacuum, in milliseconds; 511 | # -1 means use vacuum_cost_delay 512 | #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for 513 | # autovacuum, -1 means use 514 | # vacuum_cost_limit 515 | 516 | 517 | #------------------------------------------------------------------------------ 518 | # CLIENT CONNECTION DEFAULTS 519 | #------------------------------------------------------------------------------ 520 | 521 | # - Statement Behavior - 522 | 523 | #search_path = '"$user",public' # schema names 524 | #default_tablespace = '' # a tablespace name, '' uses the default 525 | #temp_tablespaces = '' # a list of tablespace names, '' uses 526 | # only default tablespace 527 | #check_function_bodies = on 528 | #default_transaction_isolation = 'read committed' 529 | #default_transaction_read_only = off 530 | #default_transaction_deferrable = off 531 | #session_replication_role = 'origin' 532 | #statement_timeout = 0 # in milliseconds, 0 is disabled 533 | #lock_timeout = 0 # in milliseconds, 0 is disabled 534 | #idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled 535 | #vacuum_freeze_min_age = 50000000 536 | #vacuum_freeze_table_age = 150000000 537 | #vacuum_multixact_freeze_min_age = 5000000 538 | #vacuum_multixact_freeze_table_age = 150000000 539 | #bytea_output = 'hex' # hex, escape 540 | #xmlbinary = 'base64' 541 | #xmloption = 'content' 542 | 543 | # - Locale and Formatting - 544 | 545 | datestyle = 'iso, mdy' 546 | #intervalstyle = 'postgres' 547 | timezone = 'UTC' 548 | #timezone_abbreviations = 'Default' # Select the set of available time zone 549 | # abbreviations. Currently, there are 550 | # Default 551 | # Australia (historical usage) 552 | # India 553 | # You can create your own file in 554 | # share/timezonesets/. 555 | #extra_float_digits = 0 # min -15, max 3 556 | #client_encoding = sql_ascii # actually, defaults to database 557 | # encoding 558 | 559 | # These settings are initialized by initdb, but they can be changed. 560 | lc_messages = 'en_US.UTF-8' # locale for system error message 561 | # strings 562 | lc_monetary = 'en_US.UTF-8' # locale for monetary formatting 563 | lc_numeric = 'en_US.UTF-8' # locale for number formatting 564 | lc_time = 'en_US.UTF-8' # locale for time formatting 565 | 566 | # default configuration for text search 567 | #default_text_search_config = 'pg_catalog.english' 568 | 569 | # - Other Defaults - 570 | 571 | #dynamic_library_path = '$libdir' 572 | #local_preload_libraries = '' 573 | #session_preload_libraries = '' 574 | 575 | 576 | #------------------------------------------------------------------------------ 577 | # LOCK MANAGEMENT 578 | #------------------------------------------------------------------------------ 579 | 580 | #deadlock_timeout = 1s 581 | #max_locks_per_transaction = 64 # min 10 582 | # (change requires restart) 583 | # Note: Each lock table slot uses ~270 bytes of shared memory, and there are 584 | # max_locks_per_transaction * (max_connections + max_prepared_transactions) 585 | # lock table slots. 586 | #max_pred_locks_per_transaction = 64 # min 10 587 | # (change requires restart) 588 | 589 | 590 | #------------------------------------------------------------------------------ 591 | # VERSION/PLATFORM COMPATIBILITY 592 | #------------------------------------------------------------------------------ 593 | 594 | # - Previous PostgreSQL Versions - 595 | 596 | #array_nulls = on 597 | #backslash_quote = safe_encoding # on, off, or safe_encoding 598 | #default_with_oids = off 599 | #escape_string_warning = on 600 | #lo_compat_privileges = off 601 | #quote_all_identifiers = off 602 | #sql_inheritance = on 603 | #standard_conforming_strings = on 604 | #synchronize_seqscans = on 605 | 606 | # - Other Platforms and Clients - 607 | 608 | #transform_null_equals = off 609 | 610 | 611 | #------------------------------------------------------------------------------ 612 | # ERROR HANDLING 613 | #------------------------------------------------------------------------------ 614 | 615 | #exit_on_error = off # terminate session on any error? 616 | #restart_after_crash = on # reinitialize after backend crash? 617 | 618 | 619 | #------------------------------------------------------------------------------ 620 | # CONFIG FILE INCLUDES 621 | #------------------------------------------------------------------------------ 622 | 623 | # These options allow settings to be loaded from files other than the 624 | # default postgresql.conf. 625 | 626 | #include_dir = 'conf.d' # include files ending in '.conf' from 627 | # directory 'conf.d' 628 | #include_if_exists = 'exists.conf' # include file only if it exists 629 | #include = 'special.conf' # include file 630 | 631 | 632 | #------------------------------------------------------------------------------ 633 | # CUSTOMIZED OPTIONS 634 | #------------------------------------------------------------------------------ 635 | 636 | # Add settings for extensions here 637 | --------------------------------------------------------------------------------