From 68baaddb52121359284a3128954bc133bac956ca Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Tue, 2 Dec 2025 13:30:49 -0500 Subject: [PATCH 1/3] refactor: Move read-replica.conf to conf.d The `read-replica.conf` file has been moved from `/etc/postgresql-custom/` to `/etc/postgresql-custom/conf.d/`. This change aligns with the standard practice of including configuration snippets from a `conf.d` directory. Changes include: - Dockerfiles: Adjusted to remove direct copy and update `sed` commands. - Ansible: Renamed configuration file and updated task to place it in `conf.d`. - Nix: Updated paths and substitutions to reflect the new location. --- Dockerfile-15 | 1 - Dockerfile-17 | 1 - Dockerfile-orioledb-17 | 1 - .../read_replica.conf} | 5 +++-- ansible/files/postgresql_config/postgresql.conf.j2 | 3 --- ansible/tasks/setup-postgres.yml | 8 ++++---- nix/packages/lib.nix | 6 ------ nix/tools/run-server.sh.in | 1 - 8 files changed, 7 insertions(+), 19 deletions(-) rename ansible/files/postgresql_config/{custom_read_replica.conf.j2 => conf.d/read_replica.conf} (99%) diff --git a/Dockerfile-15 b/Dockerfile-15 index 62e0308df..f4af30efa 100644 --- a/Dockerfile-15 +++ b/Dockerfile-15 @@ -214,7 +214,6 @@ COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh -COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_read_replica.conf.j2 /etc/postgresql-custom/read-replica.conf COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_walg.conf.j2 /etc/postgresql-custom/wal-g.conf COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh diff --git a/Dockerfile-17 b/Dockerfile-17 index 6c2f1c6bf..d56f57da7 100644 --- a/Dockerfile-17 +++ b/Dockerfile-17 @@ -218,7 +218,6 @@ COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh -COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_read_replica.conf.j2 /etc/postgresql-custom/read-replica.conf COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_walg.conf.j2 /etc/postgresql-custom/wal-g.conf COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh diff --git a/Dockerfile-orioledb-17 b/Dockerfile-orioledb-17 index b242a8527..422056f7a 100644 --- a/Dockerfile-orioledb-17 +++ b/Dockerfile-orioledb-17 @@ -218,7 +218,6 @@ COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh -COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_read_replica.conf.j2 /etc/postgresql-custom/read-replica.conf COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_walg.conf.j2 /etc/postgresql-custom/wal-g.conf COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh diff --git a/ansible/files/postgresql_config/custom_read_replica.conf.j2 b/ansible/files/postgresql_config/conf.d/read_replica.conf similarity index 99% rename from ansible/files/postgresql_config/custom_read_replica.conf.j2 rename to ansible/files/postgresql_config/conf.d/read_replica.conf index 7d52f92a7..aa4fcc4d9 100644 --- a/ansible/files/postgresql_config/custom_read_replica.conf.j2 +++ b/ansible/files/postgresql_config/conf.d/read_replica.conf @@ -1,5 +1,6 @@ # hot_standby = on -# restore_command = '/usr/bin/admin-mgr wal-fetch %f %p >> /var/log/wal-g/wal-fetch.log 2>&1' -# recovery_target_timeline = 'latest' # primary_conninfo = 'host=localhost port=6543 user=replication' + +# restore_command = '/usr/bin/admin-mgr wal-fetch %f %p >> /var/log/wal-g/wal-fetch.log 2>&1' +# recovery_target_timeline = 'latest' diff --git a/ansible/files/postgresql_config/postgresql.conf.j2 b/ansible/files/postgresql_config/postgresql.conf.j2 index 915e3677b..04378c3a4 100644 --- a/ansible/files/postgresql_config/postgresql.conf.j2 +++ b/ansible/files/postgresql_config/postgresql.conf.j2 @@ -761,9 +761,6 @@ jit_provider = 'llvmjit' # JIT library to use # WAL-G specific configurations #include = '/etc/postgresql-custom/wal-g.conf' -# read replica specific configurations -include = '/etc/postgresql-custom/read-replica.conf' - # supautils specific configurations #include = '/etc/postgresql-custom/supautils.conf' diff --git a/ansible/tasks/setup-postgres.yml b/ansible/tasks/setup-postgres.yml index 16e83eea2..465117031 100644 --- a/ansible/tasks/setup-postgres.yml +++ b/ansible/tasks/setup-postgres.yml @@ -167,13 +167,13 @@ loop_control: loop_var: 'pg_config_item' - - name: Move custom read-replica.conf file to /etc/postgresql-custom/read-replica.conf - ansible.builtin.template: - dest: '/etc/postgresql-custom/read-replica.conf' + - name: Move read-replica.conf file to /etc/postgresql-custom/conf.d/read-replica.conf + ansible.builtin.copy: + dest: '/etc/postgresql-custom/conf.d/read_replica.conf' mode: '0664' owner: 'postgres' group: 'postgres' - src: 'files/postgresql_config/custom_read_replica.conf.j2' + src: 'files/postgresql_config/conf.d/read_replica.conf' # Install extensions before init - name: Install Postgres extensions diff --git a/nix/packages/lib.nix b/nix/packages/lib.nix index 505eded02..cf541913d 100644 --- a/nix/packages/lib.nix +++ b/nix/packages/lib.nix @@ -48,10 +48,6 @@ name = "logging.conf"; path = ../../ansible/files/postgresql_config/postgresql-csvlog.conf; }; - readReplicaConfigFile = builtins.path { - name = "readreplica.conf"; - path = ../../ansible/files/postgresql_config/custom_read_replica.conf.j2; - }; pgHbaConfigFile = builtins.path { name = "pg_hba.conf"; path = ../../ansible/files/postgresql_config/pg_hba.conf.j2; @@ -91,7 +87,6 @@ POSTGRESQL_CONFIG_DIR = "${postgresqlConfigBaseDir}"; PSQLORIOLEDB17_BINDIR = "${psql_orioledb-17}"; PGSODIUM_GETKEY = "${paths.getkeyScript}"; - READREPL_CONF_FILE = "${paths.readReplicaConfigFile}"; LOGGING_CONF_FILE = "${paths.loggingConfigFile}"; SUPAUTILS_CONF_FILE = "${paths.supautilsConfigFile}"; PG_HBA = "${paths.pgHbaConfigFile}"; @@ -123,7 +118,6 @@ cp ${paths.supautilsConfigFile} $out/etc/postgresql-custom/supautils.conf || { echo "Failed to copy supautils.conf"; exit 1; } cp ${paths.pgconfigFile} $out/etc/postgresql/postgresql.conf || { echo "Failed to copy postgresql.conf"; exit 1; } cp ${paths.loggingConfigFile} $out/etc/postgresql-custom/logging.conf || { echo "Failed to copy logging.conf"; exit 1; } - cp ${paths.readReplicaConfigFile} $out/etc/postgresql-custom/read-replica.conf || { echo "Failed to copy read-replica.conf"; exit 1; } cp ${paths.pgHbaConfigFile} $out/etc/postgresql/pg_hba.conf || { echo "Failed to copy pg_hba.conf"; exit 1; } cp ${paths.pgIdentConfigFile} $out/etc/postgresql/pg_ident.conf || { echo "Failed to copy pg_ident.conf"; exit 1; } cp -r ${paths.postgresqlExtensionCustomScriptsPath}/* $out/extension-custom-scripts/ || { echo "Failed to copy custom scripts"; exit 1; } diff --git a/nix/tools/run-server.sh.in b/nix/tools/run-server.sh.in index 48ce41d26..5cd86fe31 100644 --- a/nix/tools/run-server.sh.in +++ b/nix/tools/run-server.sh.in @@ -240,7 +240,6 @@ vault.getkey_script = '$PGSODIUM_GETKEY_SCRIPT'" \ -e "s|hba_file = '/etc/postgresql/pg_hba.conf'|hba_file = '$DATDIR/pg_hba.conf'|" \ -e "s|ident_file = '/etc/postgresql/pg_ident.conf'|ident_file = '$DATDIR/pg_ident.conf'|" \ -e "s|include = '/etc/postgresql/logging.conf'|#&|" \ --e "s|include = '/etc/postgresql-custom/read-replica.conf'|include = '$DATDIR/read-replica.conf'|" \ -e "\$a\\ session_preload_libraries = 'supautils'" \ -e "s|include_dir = '/etc/postgresql-custom/conf.d'|include_dir = '$DATDIR/conf.d'|" \ From 51bdc1c7c2b3da70043b91f74074638caa60a56c Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Wed, 3 Dec 2025 08:38:52 -0500 Subject: [PATCH 2/3] chore: Update postgres and pgbouncer versions Updates the following versions for improved security and stability: - PostgreSQL 17 (orioledb-17) to 17.6.0.015 - PostgreSQL 17 to 17.6.1.058 - PostgreSQL 15 to 15.14.1.058 Also updates the checksum for Pgbouncer 1.19.0. --- ansible/vars.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index 84035bca5..784658ce3 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -10,9 +10,9 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.6.0.014-orioledb" - postgres17: "17.6.1.057" - postgres15: "15.14.1.057" + postgresorioledb-17: "17.6.0.015-orioledb" + postgres17: "17.6.1.058" + postgres15: "15.14.1.058" # Non Postgres Extensions pgbouncer_release: 1.19.0 From 48fe386bfa49198bb399868497319df98efcd53f Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Fri, 5 Dec 2025 13:26:22 -0500 Subject: [PATCH 3/3] refactor: Standardize WAL-G config inclusion depends on #1956 - WAL-G configuration is now managed by placing `wal-g.conf` in `/etc/postgresql-custom/conf.d/`. - This aligns with PostgreSQL's standard practice of including configuration files from `conf.d` subdirectories. - Direct inclusion of `wal-g.conf` in `postgresql.conf` has been removed. - PostgreSQL `archive_mode` is now explicitly set to `on` with a no-op `archive_command` in `postgresql.conf.j2`. --- Dockerfile-15 | 3 +-- Dockerfile-17 | 3 +-- Dockerfile-orioledb-17 | 3 +-- .../wal-g.conf} | 13 +++++------- .../postgresql_config/postgresql.conf.j2 | 14 +++++-------- ansible/tasks/setup-wal-g.yml | 21 +++++++------------ 6 files changed, 20 insertions(+), 37 deletions(-) rename ansible/files/postgresql_config/{custom_walg.conf.j2 => conf.d/wal-g.conf} (91%) diff --git a/Dockerfile-15 b/Dockerfile-15 index 8d9dfd8f8..c990acf1f 100644 --- a/Dockerfile-15 +++ b/Dockerfile-15 @@ -214,7 +214,6 @@ COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh -COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_walg.conf.j2 /etc/postgresql-custom/wal-g.conf COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh @@ -222,7 +221,7 @@ RUN sed -i \ -e "s|#unix_socket_directories = '/tmp'|unix_socket_directories = '/var/run/postgresql'|g" \ -e "s|#session_preload_libraries = ''|session_preload_libraries = 'supautils'|g" \ -e "s|#include = '/etc/postgresql-custom/supautils.conf'|include = '/etc/postgresql-custom/supautils.conf'|g" \ - -e "s|#include = '/etc/postgresql-custom/wal-g.conf'|include = '/etc/postgresql-custom/wal-g.conf'|g" /etc/postgresql/postgresql.conf && \ + /etc/postgresql/postgresql.conf && \ echo "pgsodium.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ echo "vault.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ usermod -aG postgres wal-g && \ diff --git a/Dockerfile-17 b/Dockerfile-17 index cb2a38809..847e9cda8 100644 --- a/Dockerfile-17 +++ b/Dockerfile-17 @@ -218,7 +218,6 @@ COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh -COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_walg.conf.j2 /etc/postgresql-custom/wal-g.conf COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh @@ -226,7 +225,7 @@ RUN sed -i \ -e "s|#unix_socket_directories = '/tmp'|unix_socket_directories = '/var/run/postgresql'|g" \ -e "s|#session_preload_libraries = ''|session_preload_libraries = 'supautils'|g" \ -e "s|#include = '/etc/postgresql-custom/supautils.conf'|include = '/etc/postgresql-custom/supautils.conf'|g" \ - -e "s|#include = '/etc/postgresql-custom/wal-g.conf'|include = '/etc/postgresql-custom/wal-g.conf'|g" /etc/postgresql/postgresql.conf && \ + /etc/postgresql/postgresql.conf && \ echo "pgsodium.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ echo "vault.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ usermod -aG postgres wal-g && \ diff --git a/Dockerfile-orioledb-17 b/Dockerfile-orioledb-17 index e7f5b5f7f..39b42a6f5 100644 --- a/Dockerfile-orioledb-17 +++ b/Dockerfile-orioledb-17 @@ -218,7 +218,6 @@ COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh -COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_walg.conf.j2 /etc/postgresql-custom/wal-g.conf COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh @@ -226,7 +225,7 @@ RUN sed -i \ -e "s|#unix_socket_directories = '/tmp'|unix_socket_directories = '/var/run/postgresql'|g" \ -e "s|#session_preload_libraries = ''|session_preload_libraries = 'supautils'|g" \ -e "s|#include = '/etc/postgresql-custom/supautils.conf'|include = '/etc/postgresql-custom/supautils.conf'|g" \ - -e "s|#include = '/etc/postgresql-custom/wal-g.conf'|include = '/etc/postgresql-custom/wal-g.conf'|g" /etc/postgresql/postgresql.conf && \ + /etc/postgresql/postgresql.conf && \ echo "pgsodium.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ echo "vault.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ usermod -aG postgres wal-g && \ diff --git a/ansible/files/postgresql_config/custom_walg.conf.j2 b/ansible/files/postgresql_config/conf.d/wal-g.conf similarity index 91% rename from ansible/files/postgresql_config/custom_walg.conf.j2 rename to ansible/files/postgresql_config/conf.d/wal-g.conf index 7ef7256d8..99d315507 100644 --- a/ansible/files/postgresql_config/custom_walg.conf.j2 +++ b/ansible/files/postgresql_config/conf.d/wal-g.conf @@ -1,21 +1,18 @@ # - Archiving - -#archive_mode = on #archive_command = '/usr/bin/admin-mgr wal-push %p >> /var/log/wal-g/wal-push.log 2>&1' #archive_timeout = 120 -# - Archive Recovery - - -#restore_command = '/usr/bin/admin-mgr wal-fetch %f %p >> /var/log/wal-g/wal-fetch.log 2>&1' +# - Hot Standby - +hot_standby = off # - Recovery Target - +#recovery_target_action = 'promote' +#recovery_target_inclusive = off #recovery_target_lsn = '' #recovery_target_time = '' -#recovery_target_action = 'promote' #recovery_target_timeline = 'current' -#recovery_target_inclusive = off -# - Hot Standby - -hot_standby = off +#restore_command = '/usr/bin/admin-mgr wal-fetch %f %p >> /var/log/wal-g/wal-fetch.log 2>&1' diff --git a/ansible/files/postgresql_config/postgresql.conf.j2 b/ansible/files/postgresql_config/postgresql.conf.j2 index 04378c3a4..0183482c8 100644 --- a/ansible/files/postgresql_config/postgresql.conf.j2 +++ b/ansible/files/postgresql_config/postgresql.conf.j2 @@ -242,12 +242,11 @@ checkpoint_flush_after = 256kB # measured in pages, 0 disables # - Archiving - -#archive_mode = off # enables archiving; off, on, or always - # (change requires restart) -#archive_command = '' # command to use to archive a logfile segment - # placeholders: %p = path of file to archive - # %f = file name only - # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +archive_mode = on # enables archiving; off, on, or always (change requires restart) +archive_command = '/bin/true' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' #archive_timeout = 0 # force a logfile segment switch after this # number of seconds; 0 disables @@ -758,9 +757,6 @@ jit_provider = 'llvmjit' # JIT library to use # User-supplied custom parameters, override any automatically generated ones #include = '/etc/postgresql-custom/custom-overrides.conf' -# WAL-G specific configurations -#include = '/etc/postgresql-custom/wal-g.conf' - # supautils specific configurations #include = '/etc/postgresql-custom/supautils.conf' diff --git a/ansible/tasks/setup-wal-g.yml b/ansible/tasks/setup-wal-g.yml index 7f8048f90..43af3803e 100644 --- a/ansible/tasks/setup-wal-g.yml +++ b/ansible/tasks/setup-wal-g.yml @@ -54,14 +54,6 @@ path: '/etc/wal-g/config.json' state: 'touch' - - name: Move custom wal-g.conf file to /etc/postgresql-custom/wal-g.conf - ansible.builtin.template: - dest: '/etc/postgresql-custom/wal-g.conf' - group: 'postgres' - mode: '0664' - owner: 'postgres' - src: 'files/postgresql_config/custom_walg.conf.j2' - - name: Add script to be run for restore_command ansible.builtin.template: dest: '/home/postgres/wal_fetch.sh' @@ -77,9 +69,10 @@ owner: 'root' src: 'files/walg_helper_scripts/wal_change_ownership.sh' - - name: Include /etc/postgresql-custom/wal-g.conf in postgresql.conf - ansible.builtin.replace: - path: '/etc/postgresql/postgresql.conf' - regexp: "#include = '/etc/postgresql-custom/wal-g.conf'" - replace: "include = '/etc/postgresql-custom/wal-g.conf'" - become: true + - name: Move custom wal-g.conf file to /etc/postgresql-custom/conf.d/wal-g.conf + ansible.builtin.copy: + dest: '/etc/postgresql-custom/conf.d/wal-g.conf' + group: 'postgres' + mode: '0664' + owner: 'postgres' + src: 'files/postgresql_config/conf.d/wal-g.conf'