├── .gitignore ├── README.md ├── defaults ├── main.yml └── repo.yml ├── group_vars ├── os_Debian.yml └── os_RedHat.yml ├── inventory ├── meta └── main.yml ├── role.yml ├── tasks ├── configure-master.yml ├── configure-slaves.yml ├── databases.yml ├── install.yml ├── install_deb.yml ├── install_rhel.yml └── users.yml └── templates ├── pg_hba.conf.j2 └── recovery.conf.j2 /.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore vim editor swapfiles 2 | .*.sw* 3 | .sw* 4 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ### README: install PostgreSQL and configure Streaming Replication 2 | 3 | Features: 4 | - based on [postgresql-on-el6](https://galaxy.ansible.com/list#/roles/766) role. 5 | - supported distributions: 6 | - RedHat, CentOS, Scientific Linux version 6 and 7 7 | - Oracle Linux also supported but uses RHEL repositories 8 | - Debian 8 9 | - Ubuntu 14.04 10 | - supported PostgreSQL versions: 9.0, 9.1, 9.2, 9.3, 9.4. 11 | - allows specify users, and dedicated replication user and databases which would be created after install. 12 | - ability to determine a set of postgresql.conf parameters and absense postgresql.conf template. Template is not used due to the fact that the postgresql.conf differs from version to version on a set of parameters. 13 | - ability to specify another cluster directory and setup symlink into original data location. 14 | - ability to specify extension list for created databases (only for versions >= 9.0). 15 | 16 | Known issues: 17 | - RHEL 6: packages from pgdg repo does not install due to repo configuration parsing error. Workaround: replace $releasever variable to your specific release version. This issue does not occurs on the others distributions. 18 | - RHEL 6: posqtgresqlXY-contrib doesn't install due to dependency error. In my case, this may be caused by the use of an unregistered RedHat distribution and unofficial third-party repositories. On the Oracle Enterprise Linux this issue does not occur. 19 | 20 | How-to use: 21 | - download repo with git clone; 22 | - cd into role directory; 23 | - specify master and slaves ip addresses in inventory file; 24 | - specify master and slaves ip addresses and other configuration in defaults/main.yml file; 25 | - change hosts: variable in role.yml; 26 | - start ansible-playbook with role.yml and your inventory file. 27 | ``` 28 | ansible-playbook -i inventory role.yml 29 | ``` 30 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | # file: defaults/main.yml -- main variables 2 | 3 | # Basic settings 4 | postgresql_version: 9.4 5 | 6 | # Specify database cluster location in case when /var/lib/pgsql/x.y/data directory should be replaced with symlink. 7 | postgresql_cluster_symlink_src: "" 8 | 9 | # Stop postgresql service if started and drop cluster if existing. 10 | postgresql_drop_old_cluster: false 11 | 12 | # Enable some options for streaming replication purposes 13 | postgresql_streaming_user: 14 | name: replica 15 | pass: replica1234 16 | postgresql_streaming_master: 192.168.122.12 17 | postgresql_streaming_slaves: 18 | - 192.168.122.13 19 | 20 | # Specify a directory for the logs if the default directory does not plan to use 21 | #postgresql_log_directory: /var/log/postgresql 22 | 23 | # PostgreSQL users and roles 24 | postgresql_admin_user: "postgres" 25 | postgresql_users: 26 | # - { name: "johndoe", pass: "test1234", flags: "LOGIN,SUPERUSER" } 27 | 28 | # PostgreSQL databases and settings. Do not remove template, encoding, collate, ctype options from postgresql_database because it most certainly lead to Ansible role inoperability. 29 | postgresql_encoding: UTF8 30 | postgresql_locale: en_US.UTF-8 31 | postgresql_databases: 32 | # - { name: "db1", owner: "postgres", template: "template0", encoding: "{{ postgresql_encoding }}", collate: "{{ postgresql_locale }}", ctype: "{{ postgresql_locale }}" } 33 | 34 | # Extensions which will be installed into databases. This list of extensions will be installed to all databases within postgresql_databases. 35 | postgresql_extensions: 36 | - hstore 37 | - pg_stat_statements 38 | 39 | # Settings related to the pg_hba rules 40 | postgresql_default_unix_auth_method: "trust" 41 | postgresql_default_ipv4_auth_method: "md5" 42 | postgresql_default_ipv6_auth_method: "md5" 43 | 44 | # Specify default rules for pg_hba.conf. Change them only if it is really necessary. 45 | postgresql_pg_hba_default: 46 | - { type: local, database: all, role: "{{ postgresql_admin_user }}", address: "", method: "{{ postgresql_default_unix_auth_method }}", comment: '"local" is for Unix domain socket connections only' } 47 | - { type: host, database: all, role: all, address: "127.0.0.1/32", method: "{{ postgresql_default_ipv4_auth_method }}", comment: 'IPv4 local connections:' } 48 | - { type: host, database: all, role: all, address: "::1/128", method: "{{ postgresql_default_ipv6_auth_method }}", comment: 'IPv6 local connections:' } 49 | 50 | # Specify custom rules for pg_hba.conf. Specify here all necessary pg_hba rules. 51 | postgresql_pg_hba_custom: 52 | - { type: host, database: replication, role: "{{ postgresql_admin_user }}", address: "127.0.0.1/32", method: "{{ postgresql_default_ipv4_auth_method }}", comment: '' } 53 | 54 | # PostgreSQL parameters which will appears in the postgresql.conf. Be aware, some parameters from newer postgresql versions, does not supported in the elder postrgesql versions, and may lead to the case when postgresql service does not start 55 | postgresql_conf_default_guc: 56 | - { regexp: "^#?listen_addresses = .*$", guc: "listen_addresses = '*'" } 57 | - { regexp: "^#?wal_level = .*$", guc: "wal_level = {{'hot_standby'}}" } 58 | - { regexp: "^#?max_wal_senders = .*$", guc: "max_wal_senders = {{ postgresql_streaming_slaves|length + 1 }}" } 59 | - { regexp: "^#?wal_keep_segments = .*$", guc: "wal_keep_segments = {{ 256 }}" } 60 | - { regexp: "^#?hot_standby = .*$", guc: "hot_standby = {{ 'on' }}" } 61 | -------------------------------------------------------------------------------- /defaults/repo.yml: -------------------------------------------------------------------------------- 1 | # file: defaults/repo.yml -- here are the variables that you don't want to change unnecessarily. 2 | 3 | postgresql_repo_RedHat: 4 | - { version: "9.4", repo: "http://yum.postgresql.org/9.4/redhat/rhel-{{ ansible_lsb.major_version }}-x86_64/pgdg-redhat94-9.4-1.noarch.rpm" } 5 | - { version: "9.3", repo: "http://yum.postgresql.org/9.3/redhat/rhel-{{ ansible_lsb.major_version }}-x86_64/pgdg-redhat93-9.3-1.noarch.rpm" } 6 | - { version: "9.2", repo: "http://yum.postgresql.org/9.2/redhat/rhel-{{ ansible_lsb.major_version }}-x86_64/pgdg-redhat92-9.2-7.noarch.rpm" } 7 | - { version: "9.1", repo: "http://yum.postgresql.org/9.1/redhat/rhel-{{ ansible_lsb.major_version }}-x86_64/pgdg-redhat91-9.1-5.noarch.rpm" } 8 | - { version: "9.0", repo: "http://yum.postgresql.org/9.0/redhat/rhel-{{ ansible_lsb.major_version }}-x86_64/pgdg-redhat90-9.0-5.noarch.rpm" } 9 | 10 | postgresql_repo_Scientific: 11 | - { version: "9.4", repo: "http://yum.postgresql.org/9.4/redhat/rhel-{{ ansible_lsb.major_version }}-x86_64/pgdg-sl94-9.4-1.noarch.rpm" } 12 | - { version: "9.3", repo: "http://yum.postgresql.org/9.3/redhat/rhel-{{ ansible_lsb.major_version }}-x86_64/pgdg-sl93-9.3-1.noarch.rpm" } 13 | - { version: "9.2", repo: "http://yum.postgresql.org/9.2/redhat/rhel-{{ ansible_lsb.major_version }}-x86_64/pgdg-sl92-9.2-8.noarch.rpm" } 14 | - { version: "9.1", repo: "http://yum.postgresql.org/9.1/redhat/rhel-{{ ansible_lsb.major_version }}-x86_64/pgdg-sl91-9.1-6.noarch.rpm" } 15 | - { version: "9.0", repo: "http://yum.postgresql.org/9.0/redhat/rhel-{{ ansible_lsb.major_version }}-x86_64/pgdg-sl90-9.0-6.noarch.rpm" } 16 | 17 | postgresql_repo_CentOS: 18 | - { version: "9.4", repo: "http://yum.postgresql.org/9.4/redhat/rhel-{{ ansible_lsb.major_version }}-x86_64/pgdg-centos94-9.4-1.noarch.rpm" } 19 | - { version: "9.3", repo: "http://yum.postgresql.org/9.3/redhat/rhel-{{ ansible_lsb.major_version }}-x86_64/pgdg-centos93-9.3-1.noarch.rpm" } 20 | - { version: "9.2", repo: "http://yum.postgresql.org/9.2/redhat/rhel-{{ ansible_lsb.major_version }}-x86_64/pgdg-centos92-9.2-6.noarch.rpm" } 21 | - { version: "9.1", repo: "http://yum.postgresql.org/9.1/redhat/rhel-{{ ansible_lsb.major_version }}-x86_64/pgdg-centos91-9.1-4.noarch.rpm" } 22 | - { version: "9.0", repo: "http://yum.postgresql.org/9.0/redhat/rhel-{{ ansible_lsb.major_version }}-x86_64/pgdg-centos90-9.0-5.noarch.rpm" } 23 | -------------------------------------------------------------------------------- /group_vars/os_Debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | postgresql_service_name: postgresql 3 | postgresql_data_dir: /var/lib/postgresql/{{ postgresql_version }}/main 4 | postgresql_conf_dir: /etc/postgresql/{{ postgresql_version }}/main 5 | postgresql_exec_dir: /usr/lib/postgresql/{{ postgresql_version }}/bin 6 | -------------------------------------------------------------------------------- /group_vars/os_RedHat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | postgresql_service_name: postgresql-{{ postgresql_version }} 3 | postgresql_data_dir: /var/lib/postgresql/{{ postgresql_version }}/data 4 | postgresql_conf_dir: /var/lib/postgresql/{{ postgresql_version }}/data 5 | postgresql_exec_dir: /usr/pgsql-{{ postgresql_version }}/bin 6 | -------------------------------------------------------------------------------- /inventory: -------------------------------------------------------------------------------- 1 | # file: inventory -- exmaple inventory file. 2 | 3 | [streaming-master] 4 | vm12-centos7-pgdb ansible_ssh_host=192.168.122.12 ansible_ssh_user=lesovsky 5 | 6 | [streaming-slaves] 7 | vm13-centos7-pgdb ansible_ssh_host=192.168.122.13 ansible_ssh_user=lesovsky 8 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | # file: meta/main.yml 2 | 3 | galaxy_info: 4 | author: "Alexey Lesovsky" 5 | description: A role to install and setup PostgreSQL 9.x Streaming Replication on RedHat/CentOS/Scientific/Oracle Enterprise Linux. 6 | license: as-is 7 | min_ansible_version: 1.4 8 | version: 1.0 9 | platforms: 10 | - name: EL 11 | versions: 12 | - 7 13 | - 6 14 | categories: 15 | - database 16 | - database:sql 17 | dependencies: [] 18 | -------------------------------------------------------------------------------- /role.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Install and setup PostgreSQL with Streaming Replication 3 | - hosts: all 4 | sudo: yes 5 | sudo_user: root 6 | vars_files: 7 | - 'defaults/main.yml' 8 | - 'defaults/repo.yml' 9 | tasks: 10 | - include: 'tasks/install.yml' 11 | 12 | - hosts: streaming-master 13 | sudo: yes 14 | sudo_user: root 15 | vars_files: 16 | - 'defaults/main.yml' 17 | tasks: 18 | - group_by: key=os_{{ ansible_os_family }} 19 | - include: 'tasks/configure-master.yml' 20 | - include: 'tasks/users.yml' 21 | - include: 'tasks/databases.yml' 22 | 23 | - hosts: streaming-slaves 24 | sudo: yes 25 | sudo_user: root 26 | vars_files: 27 | - 'defaults/main.yml' 28 | tasks: 29 | - group_by: key=os_{{ ansible_os_family }} 30 | - include: 'tasks/configure-slaves.yml' 31 | -------------------------------------------------------------------------------- /tasks/configure-master.yml: -------------------------------------------------------------------------------- 1 | # file: tasks/configure-master.yml -- postgresql pre-start configuration of master server and startup 2 | 3 | - name: "Stage 2: stop old postgresql service" 4 | service: name="{{ postgresql_service_name }}" state=stopped 5 | when: postgresql_drop_old_cluster 6 | 7 | - name: "Stage 2: remove old postgresql cluster" 8 | file: path="{{ postgresql_data_dir }}" state=absent 9 | when: postgresql_drop_old_cluster 10 | 11 | - name: "Stage 2: cluster directory replacement with symlink, check destination directory" 12 | file: 13 | path: "{{ postgresql_cluster_symlink_src }}" 14 | state: directory 15 | owner: "{{ postgresql_admin_user }}" 16 | group: "{{ postgresql_admin_user }}" 17 | mode: 0700 18 | when: postgresql_cluster_symlink_src|length > 0 19 | 20 | - name: "Stage 2: cluster directory replacement with symlink, create symlink" 21 | file: 22 | src: "{{ postgresql_cluster_symlink_src }}" 23 | dest: "{{ postgresql_data_dir }}" 24 | state: link 25 | owner: "{{ postgresql_admin_user }}" 26 | group: "{{ postgresql_admin_user }}" 27 | when: postgresql_cluster_symlink_src|length > 0 28 | 29 | - name: "Stage 2: check cluster directory" 30 | stat: path={{ postgresql_data_dir }} 31 | register: postgresql_data_stat 32 | 33 | - name: "Stage 2: initialize new postgresql cluster" 34 | sudo: yes 35 | sudo_user: "{{ postgresql_admin_user }}" 36 | command: "{{ postgresql_exec_dir }}/initdb -D {{ postgresql_data_dir }}" 37 | when: postgresql_data_stat.stat.exists == False 38 | 39 | - name: "Stage 2: configure pg_hba.conf" 40 | template: 41 | src: pg_hba.conf.j2 42 | dest: "{{ postgresql_conf_dir }}/pg_hba.conf" 43 | owner: "{{ postgresql_admin_user }}" 44 | group: "{{ postgresql_admin_user }}" 45 | mode: 0640 46 | 47 | - name: "Stage 2: configure postgresql.conf" 48 | lineinfile: 49 | dest: "{{ postgresql_conf_dir }}/postgresql.conf" 50 | state: present 51 | regexp: "{{ item.regexp }}" 52 | line: "{{ item.guc }}" 53 | with_items: "{{ postgresql_conf_default_guc }}" 54 | 55 | - name: "Stage 2: create postgresql log directory" 56 | file: 57 | path: "{{ postgresql_log_directory }}" 58 | state: directory 59 | owner: "{{ postgresql_admin_user }}" 60 | group: "{{ postgresql_admin_user }}" 61 | mode: 0755 62 | when: postgresql_log_directory is defined 63 | 64 | - name: "Stage 2: start postgresql service" 65 | service: name="{{ postgresql_service_name }}" state=started enabled=yes 66 | -------------------------------------------------------------------------------- /tasks/configure-slaves.yml: -------------------------------------------------------------------------------- 1 | # file: tasks/configure-slaves.yml -- postgresql pre-start configuration of the slave servers and startup 2 | 3 | - name: "Stage 3: stop old postgresql service" 4 | service: name="{{ postgresql_service_name }}" state=stopped 5 | 6 | - name: "Stage 3: remove old postgresql cluster" 7 | file: path="{{ postgresql_data_dir }}" state=absent 8 | 9 | - name: "Stage 3: cluster directory replacement with symlink, check destination directory" 10 | file: 11 | path: "{{ postgresql_cluster_symlink_src }}" 12 | state: directory 13 | owner: "{{ postgresql_admin_user }}" 14 | group: "{{ postgresql_admin_user }}" 15 | mode: 0700 16 | when: postgresql_cluster_symlink_src|length > 0 17 | 18 | - name: "Stage 3: cluster directory replacement with symlink, create symlink" 19 | file: 20 | src: "{{ postgresql_cluster_symlink_src }}" 21 | dest: "{{ postgresql_data_dir }}" 22 | state: link 23 | owner: "{{ postgresql_admin_user }}" 24 | group: "{{ postgresql_admin_user }}" 25 | when: postgresql_cluster_symlink_src|length > 0 26 | 27 | - name: "Stage 3: write .pgpass for postgres user" 28 | shell: "echo '*:*:*:{{ postgresql_streaming_user.name }}:{{ postgresql_streaming_user.pass }}' > ~postgres/.pgpass" 29 | 30 | - name: "Stage 3: change permissions on .pgpass" 31 | file: 32 | path: ~postgres/.pgpass 33 | state: file 34 | owner: "{{ postgresql_admin_user }}" 35 | group: "{{ postgresql_admin_user }}" 36 | mode: 0600 37 | 38 | - name: "Stage 3: initialize new postgresql cluster" 39 | command: "sudo -u postgres pg_basebackup -c fast -X stream -h {{ postgresql_streaming_master }} -U {{ postgresql_streaming_user.name }} -D {{ postgresql_data_dir }}" 40 | 41 | - name: "Stage 3: configure pg_hba.conf" 42 | template: 43 | src: pg_hba.conf.j2 44 | dest: "{{ postgresql_conf_dir }}/pg_hba.conf" 45 | owner: "{{ postgresql_admin_user }}" 46 | group: "{{ postgresql_admin_user }}" 47 | mode: 0640 48 | 49 | - name: "Stage 3: configure postgresql.conf" 50 | lineinfile: 51 | dest: "{{ postgresql_conf_dir }}/postgresql.conf" 52 | state: present 53 | regexp: "{{ item.regexp }}" 54 | line: "{{ item.guc }}" 55 | with_items: "{{ postgresql_conf_default_guc }}" 56 | 57 | - name: "Stage 3: configure recovery.conf" 58 | template: 59 | src: recovery.conf.j2 60 | dest: "{{ postgresql_data_dir }}/recovery.conf" 61 | owner: "{{ postgresql_admin_user }}" 62 | group: "{{ postgresql_admin_user }}" 63 | mode: 0640 64 | 65 | - name: "Stage 3: create postgresql log directory" 66 | file: 67 | path: "{{ postgresql_log_directory }}" 68 | state: directory 69 | owner: "{{ postgresql_admin_user }}" 70 | group: "{{ postgresql_admin_user }}" 71 | mode: 0755 72 | when: postgresql_log_directory is defined 73 | 74 | - name: "Stage 3: start postgresql service" 75 | service: name="{{postgresql_service_name }}" state=started enabled=yes 76 | -------------------------------------------------------------------------------- /tasks/databases.yml: -------------------------------------------------------------------------------- 1 | # file: tasks/databases.yml -- manage databases 2 | 3 | - name: "Stage 4: add databases" 4 | postgresql_db: 5 | state: present 6 | name: "{{ item.name }}" 7 | template: "{{ item.template }}" 8 | encoding: "{{ item.encoding }}" 9 | lc_collate: "{{ item.collate }}" 10 | lc_ctype: "{{ item.ctype }}" 11 | owner: "{{ item.owner }}" 12 | with_items: "{{ postgresql_databases }}" 13 | when: postgresql_databases and postgresql_databases|length > 0 14 | 15 | - name: "Stage: 4: add extensions" 16 | sudo: yes 17 | sudo_user: "{{ postgresql_admin_user }}" 18 | command: "psql {{ item[0].name }} -c 'CREATE EXTENSION IF NOT EXISTS {{ item[1] }}'" 19 | with_nested: 20 | - "{{ postgresql_databases }}" 21 | - "{{ postgresql_extensions }}" 22 | when: postgresql_databases and postgresql_databases|length > 0 and postgresql_extensions and postgresql_extensions|length > 0 and postgresql_version != '8.4' 23 | -------------------------------------------------------------------------------- /tasks/install.yml: -------------------------------------------------------------------------------- 1 | # file: tasks/install.yml -- install postgresql packages 2 | 3 | - name: "Stage 1: install PostgreSQL on RedHat/CentOS" 4 | include: 'install_rhel.yml' 5 | when: ansible_os_family == 'RedHat' 6 | 7 | - name: "Stage 1: install PostgreSQL on Debian/Ubuntu" 8 | include: 'install_deb.yml' 9 | when: ansible_os_family == 'Debian' 10 | 11 | - name: 'Stage 1: install Ansible postgresql dependency package' 12 | package: state='latest' pkg='python-psycopg2' 13 | 14 | -------------------------------------------------------------------------------- /tasks/install_deb.yml: -------------------------------------------------------------------------------- 1 | # file: tasks/install_deb.yml -- install postgresql packages for Debian/Ubuntu 2 | --- 3 | - name: "Stage 1: install postgresql package" 4 | apt: 5 | state: latest 6 | pkg: "{{ item }}" 7 | with_items: 8 | - postgresql-{{ postgresql_version }} 9 | -------------------------------------------------------------------------------- /tasks/install_rhel.yml: -------------------------------------------------------------------------------- 1 | # file: tasks/install_rhel.yml -- install postgresql packages for RedHat/CentOS 2 | 3 | - name: Check OS support 4 | debug: msg="The following OS family {{ ansible_os_family }} {{ ansible_architecture }} is not supported" fail=yes 5 | when: not ansible_os_family == "RedHat" or not ansible_architecture == "x86_64" 6 | 7 | - name: Check package manager support 8 | debug: msg="The following package manager {{ ansible_pkg_mgr }} is not supported" fail=yes 9 | when: not ansible_pkg_mgr == "yum" 10 | 11 | - name: "Stage 1: install repository package" 12 | yum: 13 | state: present 14 | pkg: "{{ item.repo }}" 15 | when: item.version == "{{ postgresql_version }}" 16 | with_items: postgresql_repo_{{ ansible_distribution }} 17 | 18 | - name: "Stage 1: install postgresql packages" 19 | yum: 20 | state: latest 21 | pkg: "{{ item }}" 22 | with_items: 23 | - postgresql{{ postgresql_version |replace('.', '') }}-server 24 | 25 | - name: "Stage 1: install postgresql contrib package" 26 | yum: 27 | state: latest 28 | pkg: postgresql{{ postgresql_version |replace('.', '') }}-contrib 29 | -------------------------------------------------------------------------------- /tasks/users.yml: -------------------------------------------------------------------------------- 1 | # file: tasks/users.yml -- manage postgresql roles 2 | 3 | - name: "Stage 3: add postgresql roles" 4 | postgresql_user: 5 | state: present 6 | name: "{{ item.name }}" 7 | encrypted: no 8 | password: "{{ item.pass }}" 9 | role_attr_flags: "{{ item.flags }}" 10 | with_items: "{{ postgresql_users }}" 11 | when: postgresql_users and postgresql_users|length > 0 12 | 13 | - name: "Stage 3: add postgresql replication roles" 14 | postgresql_user: 15 | state: present 16 | name: "{{ postgresql_streaming_user.name }}" 17 | encrypted: no 18 | password: "{{ postgresql_streaming_user.pass }}" 19 | role_attr_flags: REPLICATION 20 | when: postgresql_streaming_user and postgresql_streaming_user|length > 0 21 | -------------------------------------------------------------------------------- /templates/pg_hba.conf.j2: -------------------------------------------------------------------------------- 1 | # PostgreSQL Client Authentication Configuration File 2 | # =================================================== 3 | # 4 | # Refer to the "Client Authentication" section in the PostgreSQL 5 | # documentation for a complete description of this file. A short 6 | # synopsis follows. 7 | # 8 | # This file controls: which hosts are allowed to connect, how clients 9 | # are authenticated, which PostgreSQL user names they can use, which 10 | # databases they can access. Records take one of these forms: 11 | # 12 | # local DATABASE USER METHOD [OPTIONS] 13 | # host DATABASE USER ADDRESS METHOD [OPTIONS] 14 | # hostssl DATABASE USER ADDRESS METHOD [OPTIONS] 15 | # hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] 16 | # 17 | # (The uppercase items must be replaced by actual values.) 18 | # 19 | # The first field is the connection type: "local" is a Unix-domain 20 | # socket, "host" is either a plain or SSL-encrypted TCP/IP socket, 21 | # "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a 22 | # plain TCP/IP socket. 23 | # 24 | # DATABASE can be "all", "sameuser", "samerole", "replication", a 25 | # database name, or a comma-separated list thereof. The "all" 26 | # keyword does not match "replication". Access to replication 27 | # must be enabled in a separate record (see example below). 28 | # 29 | # USER can be "all", a user name, a group name prefixed with "+", or a 30 | # comma-separated list thereof. In both the DATABASE and USER fields 31 | # you can also write a file name prefixed with "@" to include names 32 | # from a separate file. 33 | # 34 | # ADDRESS specifies the set of hosts the record matches. It can be a 35 | # host name, or it is made up of an IP address and a CIDR mask that is 36 | # an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that 37 | # specifies the number of significant bits in the mask. A host name 38 | # that starts with a dot (.) matches a suffix of the actual host name. 39 | # Alternatively, you can write an IP address and netmask in separate 40 | # columns to specify the set of hosts. Instead of a CIDR-address, you 41 | # can write "samehost" to match any of the server's own IP addresses, 42 | # or "samenet" to match any address in any subnet that the server is 43 | # directly connected to. 44 | # 45 | # METHOD can be "trust", "reject", "md5", "password", "gss", "sspi", 46 | # "krb5", "ident", "peer", "pam", "ldap", "radius" or "cert". Note that 47 | # "password" sends passwords in clear text; "md5" is preferred since 48 | # it sends encrypted passwords. 49 | # 50 | # OPTIONS are a set of options for the authentication in the format 51 | # NAME=VALUE. The available options depend on the different 52 | # authentication methods -- refer to the "Client Authentication" 53 | # section in the documentation for a list of which options are 54 | # available for which authentication methods. 55 | # 56 | # Database and user names containing spaces, commas, quotes and other 57 | # special characters must be quoted. Quoting one of the keywords 58 | # "all", "sameuser", "samerole" or "replication" makes the name lose 59 | # its special character, and just match a database or username with 60 | # that name. 61 | # 62 | # This file is read on server startup and when the postmaster receives 63 | # a SIGHUP signal. If you edit the file on a running system, you have 64 | # to SIGHUP the postmaster for the changes to take effect. You can 65 | # use "pg_ctl reload" to do that. 66 | 67 | # Put your actual configuration here 68 | # ---------------------------------- 69 | # 70 | # If you want to allow non-local connections, you need to add more 71 | # "host" records. In that case you will also need to make PostgreSQL 72 | # listen on a non-local interface via the listen_addresses 73 | # configuration parameter, or via the -i or -h command line switches. 74 | 75 | 76 | 77 | # TYPE DATABASE USER ADDRESS METHOD 78 | 79 | {% for connection in postgresql_pg_hba_default %} 80 | # {{ connection.comment }} 81 | {{ connection.type }} {{ connection.database }} {{ connection.role }} {{ connection.address }} {{ connection.method }} 82 | {% endfor %} 83 | 84 | {% for slave in postgresql_streaming_slaves %} 85 | host replication {{ postgresql_streaming_user.name }} {{ slave }}/32 {{ postgresql_default_ipv4_auth_method }} 86 | {% endfor %} 87 | 88 | # Custom 89 | {% for connection in postgresql_pg_hba_custom %} 90 | {{ connection.type }} {{ connection.database }} {{ connection.role }} {{ connection.address }} {{ connection.method }} 91 | {% endfor %} 92 | -------------------------------------------------------------------------------- /templates/recovery.conf.j2: -------------------------------------------------------------------------------- 1 | standby_mode = 'on' 2 | primary_conninfo = 'host={{ postgresql_streaming_master }} port=5432 user={{ postgresql_streaming_user.name }}' 3 | trigger_file = '{{ postgresql_data_dir }}/failover' 4 | --------------------------------------------------------------------------------