Murat ÖZDEMİR
c568e31515
Add DB-specific StorageBox ownership variables and make the davfs mount role honor configurable uid and gid values so database containers can access mounted files. Extend the prod DB node role to sync StorageBox writes, generate and distribute the MongoDB replica set keyfile, wait for the keyfile on each node, and enforce keyfile permissions. Tune MongoDB and Patroni templates for quieter logging, correct secret variable names, local bootstrap trust, and production network pg_hba coverage. Refresh the production setup history with the current bootstrap sequence, DB stack deployment workflow, MongoDB replica set initialization, Patroni validation, and completed DB cluster status.
86 lines
2.2 KiB
Django/Jinja
86 lines
2.2 KiB
Django/Jinja
log:
|
|
level: WARNING
|
|
|
|
scope: iklim-postgres
|
|
namespace: /db/
|
|
name: postgresql-{{ inventory_hostname.split('-')[-1] }}
|
|
|
|
restapi:
|
|
listen: 0.0.0.0:8008
|
|
connect_address: patroni-{{ inventory_hostname.split('-')[-1] }}:8008
|
|
|
|
etcd3:
|
|
hosts:
|
|
- etcd-01:2379
|
|
- etcd-02:2379
|
|
- etcd-03:2379
|
|
|
|
bootstrap:
|
|
dcs:
|
|
ttl: 30
|
|
loop_wait: 10
|
|
retry_timeout: 10
|
|
maximum_lag_on_failover: 1048576
|
|
postgresql:
|
|
use_pg_rewind: true
|
|
parameters:
|
|
wal_level: replica
|
|
hot_standby: "on"
|
|
wal_keep_size: 512
|
|
max_wal_senders: 5
|
|
max_replication_slots: 5
|
|
shared_preload_libraries: 'pg_stat_statements'
|
|
pg_stat_statements.track: 'all'
|
|
|
|
initdb:
|
|
- encoding: UTF8
|
|
- data-checksums
|
|
|
|
pg_hba:
|
|
- local all all trust
|
|
- host all all 127.0.0.1/32 trust
|
|
- host replication replicator 127.0.0.1/32 trust
|
|
- host replication replicator 10.0.0.0/8 scram-sha-256
|
|
- host replication replicator 10.20.20.0/24 scram-sha-256
|
|
- host all all 10.0.0.0/8 scram-sha-256
|
|
- host all all 10.8.0.0/24 scram-sha-256
|
|
- host all all 10.20.10.0/24 scram-sha-256
|
|
- host all all 10.20.20.0/24 scram-sha-256
|
|
|
|
users:
|
|
postgres:
|
|
password: "${POSTGRES_PASSWORD}"
|
|
options:
|
|
- superuser
|
|
|
|
postgresql:
|
|
listen: 0.0.0.0:5432
|
|
connect_address: patroni-{{ inventory_hostname.split('-')[-1] }}:5432
|
|
data_dir: /var/lib/postgresql/data/pgdata
|
|
pgpass: /tmp/pgpass0
|
|
authentication:
|
|
replication:
|
|
username: replicator
|
|
password: "${REPLICATOR_PASSWORD}"
|
|
superuser:
|
|
username: postgres
|
|
password: "${POSTGRES_PASSWORD}"
|
|
parameters:
|
|
unix_socket_directories: "/var/run/postgresql"
|
|
pg_hba:
|
|
- local all all trust
|
|
- host all all 127.0.0.1/32 trust
|
|
- host replication replicator 127.0.0.1/32 trust
|
|
- host replication replicator 10.0.0.0/8 scram-sha-256
|
|
- host replication replicator 10.20.20.0/24 scram-sha-256
|
|
- host all all 10.0.0.0/8 scram-sha-256
|
|
- host all all 10.8.0.0/24 scram-sha-256
|
|
- host all all 10.20.10.0/24 scram-sha-256
|
|
- host all all 10.20.20.0/24 scram-sha-256
|
|
|
|
tags:
|
|
nofailover: false
|
|
noloadbalance: false
|
|
clonefrom: false
|
|
nosync: false
|