Murat ÖZDEMİR
6f9d0d1588
- Ensure consistent directory and file permissions on StorageBox mounts for improved container access across application and database services. - Introduce application-specific `storagebox_uid`/`gid` variables for more granular ownership control. - Enhance StorageBox mount reliability by adding systemd reload and remount handlers for configuration changes. - Add root credentials to Patroni's etcd configuration for authenticated communication. - Update all relevant documentation and deployment scripts to use the `iklimco` Docker stack name for database services. - Re-encrypt production vault secrets to include the new etcd password.
88 lines
2.2 KiB
Django/Jinja
88 lines
2.2 KiB
Django/Jinja
log:
|
|
level: WARNING
|
|
|
|
scope: iklim-postgres
|
|
namespace: /db/
|
|
name: postgresql-{{ inventory_hostname.split('-')[-1] }}
|
|
|
|
restapi:
|
|
listen: 0.0.0.0:8008
|
|
connect_address: patroni-{{ inventory_hostname.split('-')[-1] }}:8008
|
|
|
|
etcd3:
|
|
hosts:
|
|
- etcd-01:2379
|
|
- etcd-02:2379
|
|
- etcd-03:2379
|
|
username: root
|
|
password: "{{ vault_etcd_root_password }}"
|
|
|
|
bootstrap:
|
|
dcs:
|
|
ttl: 30
|
|
loop_wait: 10
|
|
retry_timeout: 10
|
|
maximum_lag_on_failover: 1048576
|
|
postgresql:
|
|
use_pg_rewind: true
|
|
parameters:
|
|
wal_level: replica
|
|
hot_standby: "on"
|
|
wal_keep_size: 512
|
|
max_wal_senders: 5
|
|
max_replication_slots: 5
|
|
shared_preload_libraries: 'pg_stat_statements'
|
|
pg_stat_statements.track: 'all'
|
|
|
|
initdb:
|
|
- encoding: UTF8
|
|
- data-checksums
|
|
|
|
pg_hba:
|
|
- local all all trust
|
|
- host all all 127.0.0.1/32 trust
|
|
- host replication replicator 127.0.0.1/32 trust
|
|
- host replication replicator 10.0.0.0/8 scram-sha-256
|
|
- host replication replicator 10.20.20.0/24 scram-sha-256
|
|
- host all all 10.0.0.0/8 scram-sha-256
|
|
- host all all 10.8.0.0/24 scram-sha-256
|
|
- host all all 10.20.10.0/24 scram-sha-256
|
|
- host all all 10.20.20.0/24 scram-sha-256
|
|
|
|
users:
|
|
postgres:
|
|
password: "${POSTGRES_PASSWORD}"
|
|
options:
|
|
- superuser
|
|
|
|
postgresql:
|
|
listen: 0.0.0.0:5432
|
|
connect_address: patroni-{{ inventory_hostname.split('-')[-1] }}:5432
|
|
data_dir: /var/lib/postgresql/data/pgdata
|
|
pgpass: /tmp/pgpass0
|
|
authentication:
|
|
replication:
|
|
username: replicator
|
|
password: "${REPLICATOR_PASSWORD}"
|
|
superuser:
|
|
username: postgres
|
|
password: "${POSTGRES_PASSWORD}"
|
|
parameters:
|
|
unix_socket_directories: "/var/run/postgresql"
|
|
pg_hba:
|
|
- local all all trust
|
|
- host all all 127.0.0.1/32 trust
|
|
- host replication replicator 127.0.0.1/32 trust
|
|
- host replication replicator 10.0.0.0/8 scram-sha-256
|
|
- host replication replicator 10.20.20.0/24 scram-sha-256
|
|
- host all all 10.0.0.0/8 scram-sha-256
|
|
- host all all 10.8.0.0/24 scram-sha-256
|
|
- host all all 10.20.10.0/24 scram-sha-256
|
|
- host all all 10.20.20.0/24 scram-sha-256
|
|
|
|
tags:
|
|
nofailover: false
|
|
noloadbalance: false
|
|
clonefrom: false
|
|
nosync: false
|