From cc86621becab760fc7e1b77cd0c28b7bd5b95bac Mon Sep 17 00:00:00 2001 From: Vonng Date: Wed, 19 May 2021 21:35:18 +0800 Subject: [PATCH] update default configuration templates and document --- Makefile | 41 +- README.md | 40 +- configure | 6 +- templates/config/pigsty-demo.yml | 8 +- templates/config/pigsty-demo4.yml | 8 +- templates/config/pigsty-oltp.yml | 6 +- templates/config/pigsty-pg14.yml | 844 ++++++++++++++++++++++++++++++ templates/config/pigsty-pro.yml | 840 +++++++++++++++++++++++++++++ templates/config/pigsty-prod.yml | 6 +- templates/config/pigsty-tiny.yml | 8 +- 10 files changed, 1741 insertions(+), 66 deletions(-) create mode 100644 templates/config/pigsty-pg14.yml create mode 100644 templates/config/pigsty-pro.yml diff --git a/Makefile b/Makefile index 8dc445e90..bfd9d4171 100644 --- a/Makefile +++ b/Makefile @@ -132,14 +132,6 @@ c: configure conf: ./configure --ip ${IP} --mode ${MODE} --download -# use default demo (1 node) config template -demo: - ./configure --ip 10.10.10.10 --mode demo - -# use full demo (4 node) config template -demo4: - ./configure --ip 10.10.10.10 --mode demo4 - ############################################################### @@ -325,7 +317,7 @@ pg-db: # (1). make deps (once) Install MacOS deps with homebrew # (2). make dns (once) Write static DNS # (3). make start (once) Pull-up vm nodes and setup ssh access -# (4). make meta Boot meta node same as Quick-Start +# (4). make demo Boot meta node same as Quick-Start #=============================================================# #------------------------------# @@ -354,19 +346,21 @@ ssh: # add node ssh config to your ~/.ssh/config bin/ssh #------------------------------# -# meta +# demo #------------------------------# # tips: (make fetch & make upload will accelerate next vm bootstrap) # ssh meta and run standard install procedure same as Quick-Start -meta: +demo: ssh meta '/home/vagrant/pigsty/configure --ip 10.10.10.10 -m demo --non-interactive --download' - ssh meta 'cd /home/vagrant/pigsty; make install' + ssh meta 'cd ~/pigsty; make install' # 4-node version -meta4: +demo4: ssh meta '/home/vagrant/pigsty/configure --ip 10.10.10.10 -m demo4 --non-interactive --download' - ssh meta 'cd /home/vagrant/pigsty; make install' + ssh meta 'cd ~/pigsty; make install' + ssh meta 'cd ~/pigsty; ./pgsql.yml -l pg-test' + #==============================================================# # VM Management # @@ -407,7 +401,7 @@ dw4: cd vagrant && vagrant halt del4: cd vagrant && vagrant destroy -f -new4: del up +new4: del4 up4 s4: # sync time echo meta node-1 node-2 node-3 | xargs -n1 -P4 -I{} ssh {} 'sudo ntpdate -u pool.ntp.org'; true @@ -576,6 +570,17 @@ publish-beta: svg: bin/play_svg +# make cache from meta node and put into release dir +release-pkg: + mkdir -p files/release/v${VERSION}/ + ssh meta '~/pigsty/bin/cache' + scp meta:/tmp/pkg.tgz files/release/v${VERSION}/pkg.tgz + +# make pkg cache from meta node +cache-pkg: + ssh meta '~/pigsty/bin/cache' + scp meta:/tmp/pkg.tgz files/pkg.tgz + ############################################################### @@ -595,13 +600,13 @@ svg: pgsql-business pgsql-monitor pgsql-service pgsql-promtail \ node-remove dcs-remove pgsql-remove \ pg-user pg-db \ - deps dns start start4 ssh fetch upload \ + deps dns start start4 ssh \ up dw del new s up-test dw-test del-test new-test s-test \ up4 dw4 del4 new4 s4 \ st status suspend resume \ rl ri rw ro rw2 ro2 r1 r2 r3 \ - copy copy-all copy-src copy-pro copy-pkg copy-ui copy-fui copy-cf \ + fetch upload copy copy-all copy-src copy-pro copy-pkg copy-ui copy-fui copy-cf \ r release p publish pb publish-beta \ - svg + svg release-pkg cache-pkg ############################################################### diff --git a/README.md b/README.md index 2a749003e..5a09e90b3 100644 --- a/README.md +++ b/README.md @@ -14,17 +14,27 @@ Check [**OFFICIAL SITE**](https://pigsty.cc/en/ ) for more information:[**htt > > The final 1.0 GA version will be released near June~July 2021 + + ## Quick Start -Prepare a CentOS 7.x meta node with root or sudo access. +Run on a fresh CentOS 7 node to install pigsty (user must have nopass sudo privilege) ```bash curl -fsSL https://pigsty.cc/pigsty.tgz | gzip -d | tar -xC ~; cd ~/pigsty # DOWNLOAD -./configure # CONFIGURE (interactive wizard) +make config # CONFIGURE (interactive wizard) make install # INSTALL infrasturcture on meta node ``` -And you will have everything ready. Check documentation for more information. +Run on your **Mac** to get CentOS 7.8 nodes on your laptop (Pigsty Demo Env), + +```bash +make deps # Install MacOS deps with homebrew +make dns # Write static DNS +make start # Pull-up vm nodes and setup ssh access (start4 for 4-node demo) +make demo # install pigsty on 'meta' as above (demo4 for 4-node demo) +``` + ## Highlights @@ -38,30 +48,6 @@ And you will have everything ready. Check documentation for more information. -## Get Node - -Consider running pigsty sandbox demo with virtualbox & vagrant. - -
-Run pigsty on your laptop - -> The easiest way to get a node is using cloud-services. But if you wish to run pigsty on your laptop. You can either create CentOS 7.8 vm nodes with software such as vmware, parallel desktop, virtualbox manually. Or just leave it to [vagrant](https://github.com/Vonng/pigsty/blob/master/vagrant/Vagrantfile). For MacOS users, these makefile shortcuts will setup a vm node (ip: 10.10.10.10) on your Mac host using [virtualbox](https://www.virtualbox.org/wiki/Downloads). After that everything is same as [Quick Start](#quick-start). -> -> ```bash -> cd /tmp && git clone git@github.com:Vonng/pigsty.git && cd pigsty -> make deps # Install MacOS deps with homebrew: vagrant virtualbox ansible -> make download # Download packages to files/release/v*.*/{pkg,pigsty}.tgz -> make start # launch vagrant vm nodes based on vagrant/Vagrantfile -> make dns # write static DNS record to your host (sudo required) -> make copy # copy pigsty resource to vagrant meta vm node -> ``` -> -> Verified Environment:: MacOS 11, Vagrant 2.2.14, Virtualbox 6.1.16 - -
- - - ## Features ### Monitoring diff --git a/configure b/configure index 587bb6557..c80d065e1 100755 --- a/configure +++ b/configure @@ -150,7 +150,7 @@ function can_nopass_ssh(){ local current_user=$(whoami) local user=${1-${current_user}} local ipaddr=${2-'127.0.0.1'} - if ssh -o "StrictHostKeyChecking no" ${user}@${ipaddr} 'ls' 1>/dev/null 2>/dev/null; then + if ssh -oBatchMode=yes -o "StrictHostKeyChecking no" ${user}@${ipaddr} 'ls' 1>/dev/null 2>/dev/null; then return 0 else return 1 @@ -234,13 +234,13 @@ function check_ipaddr(){ fi local ipCount=$(get_ip_count) - if ((ipCount<=1)); then + if ((ipCount<1)); then log_error "primary_ip = probe failed" exit 8 fi if ((ipCount==1)); then log_info "primary_ip = $(hostname --all-ip-addresses) (from probe)" - PRIMARY_IP=$(hostname --all-ip-addresses) + PRIMARY_IP=$(hostname --all-ip-addresses | egrep -o '(([0-9]|[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])') return 0 fi diff --git a/templates/config/pigsty-demo.yml b/templates/config/pigsty-demo.yml index 5729fbb68..845afd440 100644 --- a/templates/config/pigsty-demo.yml +++ b/templates/config/pigsty-demo.yml @@ -199,7 +199,7 @@ all: # top-level namespace - name: grafana description: Grafana - enabled: no + enabled: yes gpgcheck: no baseurl: - https://mirrors.tuna.tsinghua.edu.cn/grafana/yum/rpm # tuna mirror @@ -207,7 +207,7 @@ all: # top-level namespace - name: grafana-beta description: Grafana Beta - enabled: yes + enabled: no gpgcheck: no baseurl: - https://mirrors.tuna.tsinghua.edu.cn/grafana/yum/rpm-beta/ # tuna mirror @@ -237,8 +237,8 @@ all: # top-level namespace enabled: no gpgcheck: no baseurl: - - https://mirrors.tuna.tsinghua.edu.cn/postgresql/repos/yum/testing/14/redhat/rhel-$releasever-$basearch # tuna - - https://download.postgresql.org/pub/repos/yum/13/redhat/rhel-$releasever-$basearch # official + - https://mirrors.tuna.tsinghua.edu.cn/postgresql/repos/yum/testing/14/redhat/rhel-$releasever-$basearch # tuna + - https://download.postgresql.org/pub/repos/yum/testing/14/redhat/rhel-$releasever-$basearch # official - name: centos-sclo description: CentOS-$releasever - SCLo diff --git a/templates/config/pigsty-demo4.yml b/templates/config/pigsty-demo4.yml index e219becc4..35f9f1821 100644 --- a/templates/config/pigsty-demo4.yml +++ b/templates/config/pigsty-demo4.yml @@ -260,7 +260,7 @@ all: # top-level namespace - name: grafana description: Grafana - enabled: no + enabled: yes gpgcheck: no baseurl: - https://mirrors.tuna.tsinghua.edu.cn/grafana/yum/rpm # tuna mirror @@ -268,7 +268,7 @@ all: # top-level namespace - name: grafana-beta description: Grafana Beta - enabled: yes + enabled: no gpgcheck: no baseurl: - https://mirrors.tuna.tsinghua.edu.cn/grafana/yum/rpm-beta/ # tuna mirror @@ -298,8 +298,8 @@ all: # top-level namespace enabled: no gpgcheck: no baseurl: - - https://mirrors.tuna.tsinghua.edu.cn/postgresql/repos/yum/testing/14/redhat/rhel-$releasever-$basearch # tuna - - https://download.postgresql.org/pub/repos/yum/13/redhat/rhel-$releasever-$basearch # official + - https://mirrors.tuna.tsinghua.edu.cn/postgresql/repos/yum/testing/14/redhat/rhel-$releasever-$basearch # tuna + - https://download.postgresql.org/pub/repos/yum/testing/14/redhat/rhel-$releasever-$basearch # official - name: centos-sclo description: CentOS-$releasever - SCLo diff --git a/templates/config/pigsty-oltp.yml b/templates/config/pigsty-oltp.yml index 6da0aa803..271c755e3 100644 --- a/templates/config/pigsty-oltp.yml +++ b/templates/config/pigsty-oltp.yml @@ -166,7 +166,7 @@ all: # top-level namespace - name: grafana description: Grafana - enabled: no + enabled: yes gpgcheck: no baseurl: - https://mirrors.tuna.tsinghua.edu.cn/grafana/yum/rpm # tuna mirror @@ -174,7 +174,7 @@ all: # top-level namespace - name: grafana-beta description: Grafana Beta - enabled: yes + enabled: no gpgcheck: no baseurl: - https://mirrors.tuna.tsinghua.edu.cn/grafana/yum/rpm-beta/ # tuna mirror @@ -205,7 +205,7 @@ all: # top-level namespace gpgcheck: no baseurl: - https://mirrors.tuna.tsinghua.edu.cn/postgresql/repos/yum/testing/14/redhat/rhel-$releasever-$basearch # tuna - - https://download.postgresql.org/pub/repos/yum/13/redhat/rhel-$releasever-$basearch # official + - https://download.postgresql.org/pub/repos/yum/testing/14/redhat/rhel-$releasever-$basearch # official - name: centos-sclo description: CentOS-$releasever - SCLo diff --git a/templates/config/pigsty-pg14.yml b/templates/config/pigsty-pg14.yml new file mode 100644 index 000000000..cb978d869 --- /dev/null +++ b/templates/config/pigsty-pg14.yml @@ -0,0 +1,844 @@ +--- +###################################################################### +# File : pigsty.yml +# Desc : Pigsty Configuration (Default Tiny Template) +# Link : https://pigsty.cc/zh/docs/config/ +# Ctime : 2020-05-22 +# Mtime : 2021-05-18 +# Copyright (C) 2018-2021 Ruohang Feng +###################################################################### +# Here 10.10.10.10 is a placeholder + + +###################################################################### +# Development Environment Inventory # +###################################################################### +all: # top-level namespace + + #==================================================================# + # Clusters # + #==================================================================# + # postgres database clusters are defined as kv pair in `all.children` + # where the key is cluster name and the value is the object consist + # of cluster members (hosts) and cluster specific variables (vars) + # meta nodes are defined in special group "meta" with `meta_node=true` + + children: + + #----------------------------- + # meta controller + #----------------------------- + meta: # special group 'meta' defines the main controller machine + vars: + meta_node: true # mark node as meta controller + ansible_group_priority: 99 # meta group has top priority + hosts: + 10.10.10.10: {} + + #----------------------------- + # cluster: pg-meta + #----------------------------- + # pg-meta is a single-node pgsql cluster deployed on meta node (10.10.10.10) + pg-meta: + # - cluster members - # + hosts: + 10.10.10.10: {pg_seq: 1, pg_role: primary, pg_offline_query: true} + + # - cluster configs - # + vars: + pg_cluster: pg-meta # define actual cluster name + pg_version: 14 # define installed pgsql version + node_tune: tiny # tune node into oltp|olap|crit|tiny mode + pg_conf: tiny.yml # tune pgsql into oltp|olap|crit|tiny mode + patroni_watchdog_mode: off # disable watchdog (require|automatic|off) + pg_lc_ctype: en_US.UTF8 # enabled pg_trgm i18n char support + + # - defining business users - # + pg_users: + # default production read-write user dbuser_meta + - name: dbuser_meta # user's name is required + password: md5d3d10d8cad606308bdb180148bf663e1 # md5 password is acceptable + pgbouncer: true # add user to pgbouncer userlist + roles: [dbrole_readwrite] # grant roles to user + comment: default production read-write user for meta database + + # default production read-only user for grafana direct access + - name: dbuser_grafana + password: DBUser.Grafana + pgbouncer: true + roles: [dbrole_readonly] + comment: default readonly access for grafana datasource + + # complete example of user/role definition + - name: dbuser_pigsty # pigsty user have admin access (DDL|DML) + password: DBUser.Pigsty # example user's password, can be md5 encrypted + pgbouncer: true # add this user to pgbouncer? false by default (true for production user) + comment: pigsty admin user # comment on user/role + roles: [dbrole_admin] # dbrole_{admin,readonly,readwrite,offline} + parameters: # additional role level parameters with ALTER ROLE SET + search_path: pigsty,public # add pigsty schema into search_path + + # - defining business databases - # + pg_databases: + - name: meta # name is the only required field for a database + comment: pigsty meta database # optional, comment string for database + schemas: [pigsty] # optional, create additional schema + extensions: # optional, extension name and which schema to create + - {name: adminpack, schema: pg_catalog} + parameters: # optional, extra parameters with ALTER DATABASE + search_path: 'pigsty,public' # add pigsty to search_path + + pg_default_database: meta # default database will be used as primary monitor target + vip_mode: none # I dont't know if your network allows vip + + + #==================================================================# + # Globals # + #==================================================================# + vars: + + #------------------------------------------------------------------------------ + # CONNECTION PARAMETERS + #------------------------------------------------------------------------------ + # this section defines connection parameters + + # ansible_user: vagrant # admin user with ssh access and sudo privilege + + proxy_env: # global proxy env when downloading packages + no_proxy: "localhost,127.0.0.1,10.0.0.0/8,192.168.0.0/16,*.pigsty,*.aliyun.com,mirrors.*,*.myqcloud.com" + # http_proxy: '' + # https_proxy: '' + # all_proxy: '' + + #------------------------------------------------------------------------------ + # REPO PROVISION + #------------------------------------------------------------------------------ + # this section defines how to build a local repo + + # - repo basic - # + repo_enabled: true # build local yum repo on meta nodes? + repo_name: pigsty # local repo name + repo_address: yum.pigsty # repo external address (ip:port or url) + repo_port: 80 # listen address, must same as repo_address + repo_home: /www # default repo dir location + repo_rebuild: false # force re-download packages + repo_remove: true # remove existing repos + + # - where to download - # + repo_upstreams: + - name: base + description: CentOS-$releasever - Base + gpgcheck: no + baseurl: + - https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/os/$basearch/ # tuna + - http://mirrors.aliyun.com/centos/$releasever/os/$basearch/ + - http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/ + - http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/ # aliyun + - http://mirror.centos.org/centos/$releasever/os/$basearch/ # official + + - name: updates + description: CentOS-$releasever - Updates + gpgcheck: no + baseurl: + - https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/updates/$basearch/ # tuna + - http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/ + - http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/ + - http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/ # aliyun + - http://mirror.centos.org/centos/$releasever/updates/$basearch/ # official + + - name: extras + description: CentOS-$releasever - Extras + baseurl: + - https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/extras/$basearch/ # tuna + - http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/ + - http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/ + - http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/ # aliyun + - http://mirror.centos.org/centos/$releasever/extras/$basearch/ # official + gpgcheck: no + + - name: epel + description: CentOS $releasever - epel + gpgcheck: no + baseurl: + - https://mirrors.tuna.tsinghua.edu.cn/epel/$releasever/$basearch # tuna + - http://mirrors.aliyun.com/epel/$releasever/$basearch # aliyun + - http://download.fedoraproject.org/pub/epel/$releasever/$basearch # official + + - name: grafana + description: Grafana + enabled: no + gpgcheck: no + baseurl: + - https://mirrors.tuna.tsinghua.edu.cn/grafana/yum/rpm # tuna mirror + - https://packages.grafana.com/oss/rpm # official + + - name: grafana-beta + description: Grafana Beta + enabled: yes + gpgcheck: no + baseurl: + - https://mirrors.tuna.tsinghua.edu.cn/grafana/yum/rpm-beta/ # tuna mirror + - https://packages.grafana.com/oss/rpm-beta # official BETA! + + - name: prometheus + description: Prometheus and exporters + gpgcheck: no + baseurl: https://packagecloud.io/prometheus-rpm/release/el/$releasever/$basearch # no other mirrors, quite slow + + - name: pgdg-common + description: PostgreSQL common RPMs for RHEL/CentOS $releasever - $basearch + gpgcheck: no + baseurl: + - http://mirrors.tuna.tsinghua.edu.cn/postgresql/repos/yum/common/redhat/rhel-$releasever-$basearch # tuna + - https://download.postgresql.org/pub/repos/yum/common/redhat/rhel-$releasever-$basearch # official + + - name: pgdg13 + description: PostgreSQL 13 for RHEL/CentOS $releasever - $basearch + enabled: no + gpgcheck: no + baseurl: + - https://mirrors.tuna.tsinghua.edu.cn/postgresql/repos/yum/13/redhat/rhel-$releasever-$basearch # tuna + - https://download.postgresql.org/pub/repos/yum/13/redhat/rhel-$releasever-$basearch # official + + - name: pgdg14-beta + description: PostgreSQL 14 beta for RHEL/CentOS $releasever - $basearch + enabled: yes + gpgcheck: no + baseurl: + - https://mirrors.tuna.tsinghua.edu.cn/postgresql/repos/yum/testing/14/redhat/rhel-$releasever-$basearch # tuna + - https://download.postgresql.org/pub/repos/yum/testing/14/redhat/rhel-$releasever-$basearch # official + + - name: centos-sclo + description: CentOS-$releasever - SCLo + gpgcheck: no + baseurl: # mirrorlist: http://mirrorlist.centos.org?arch=$basearch&release=$releasever&repo=sclo-sclo + - http://mirrors.aliyun.com/centos/$releasever/sclo/$basearch/sclo/ + - http://repo.virtualhosting.hk/centos/$releasever/sclo/$basearch/sclo/ + + - name: centos-sclo-rh + description: CentOS-$releasever - SCLo rh + gpgcheck: no + baseurl: # mirrorlist: http://mirrorlist.centos.org?arch=$basearch&release=7&repo=sclo-rh + - http://mirrors.aliyun.com/centos/$releasever/sclo/$basearch/rh/ + - http://repo.virtualhosting.hk/centos/$releasever/sclo/$basearch/rh/ + + - name: nginx + description: Nginx Official Yum Repo + skip_if_unavailable: true + gpgcheck: no + baseurl: http://nginx.org/packages/centos/$releasever/$basearch/ + + - name: haproxy + description: Copr repo for haproxy + skip_if_unavailable: true + gpgcheck: no + baseurl: https://download.copr.fedorainfracloud.org/results/roidelapluie/haproxy/epel-$releasever-$basearch/ + + # for latest consul & kubernetes + - name: harbottle + description: Copr repo for main owned by harbottle + skip_if_unavailable: true + gpgcheck: no + baseurl: https://download.copr.fedorainfracloud.org/results/harbottle/main/epel-$releasever-$basearch/ + + + # - what to download - # + repo_packages: + # repo bootstrap packages + - epel-release nginx wget yum-utils yum createrepo sshpass unzip # bootstrap packages + + # node basic packages + - ntp chrony uuid lz4 nc pv jq vim-enhanced make patch bash lsof wget git tuned # basic system util + - readline zlib openssl libyaml libxml2 libxslt perl-ExtUtils-Embed ca-certificates # basic pg dependency + - numactl grubby sysstat dstat iotop bind-utils net-tools tcpdump socat ipvsadm telnet # system utils + + # dcs & monitor packages + - grafana prometheus2 pushgateway alertmanager # monitor and ui + - node_exporter postgres_exporter nginx_exporter blackbox_exporter # exporter + - consul consul_exporter consul-template etcd # dcs + + # python3 dependencies + - ansible python python-pip python-psycopg2 audit # ansible & python + - python3 python3-psycopg2 python36-requests python3-etcd python3-consul # python3 + - python36-urllib3 python36-idna python36-pyOpenSSL python36-cryptography # patroni extra deps + + # proxy and load balancer + - haproxy keepalived dnsmasq # proxy and dns + + # postgres common Packages + - patroni patroni-consul patroni-etcd pgbouncer pg_cli pgbadger pg_activity # major components + - pgcenter boxinfo check_postgres emaj pgbconsole pg_bloat_check pgquarrel # other common utils + - barman barman-cli pgloader pgFormatter pitrery pspg pgxnclient PyGreSQL pgadmin4 tail_n_mail + + # postgres 14 packages + - postgresql14* + + # postgres 13 packages + # - postgresql13* postgis31* citus_13 timescaledb_13 # pgrouting_13 # postgres 13 and postgis 31 + # - pg_repack13 pg_squeeze13 # maintenance extensions + # - pg_qualstats13 pg_stat_kcache13 system_stats_13 bgw_replstatus13 # stats extensions + # - plr13 plsh13 plpgsql_check_13 plproxy13 plr13 plsh13 plpgsql_check_13 pldebugger13 # PL extensions + # - hdfs_fdw_13 mongo_fdw13 mysql_fdw_13 ogr_fdw13 redis_fdw_13 pgbouncer_fdw13 # FDW extensions + # - wal2json13 count_distinct13 ddlx_13 geoip13 orafce13 # MISC extensions + # - rum_13 hypopg_13 ip4r13 jsquery_13 logerrors_13 periods_13 pg_auto_failover_13 pg_catcheck13 + # - pg_fkpart13 pg_jobmon13 pg_partman13 pg_prioritize_13 pg_track_settings13 pgaudit15_13 + # - pgcryptokey13 pgexportdoc13 pgimportdoc13 pgmemcache-13 pgmp13 pgq-13 + # - pguint13 pguri13 prefix13 safeupdate_13 semver13 table_version13 tdigest13 + + # build & devel packages (optional) + - gcc gcc-c++ clang coreutils diffutils rpm-build rpm-devel rpmlint rpmdevtools + - zlib-devel openssl-libs openssl-devel pam-devel libxml2-devel libxslt-devel openldap-devel systemd-devel tcl-devel python-devel + + repo_url_packages: + # additional rpm packages + - https://github.com/Vonng/pg_exporter/releases/download/v0.3.2/pg_exporter-0.3.2-1.el7.x86_64.rpm + - https://github.com/cybertec-postgresql/vip-manager/releases/download/v0.6/vip-manager_0.6-1_amd64.rpm + - http://guichaz.free.fr/polysh/files/polysh-0.4-1.noarch.rpm + + # tar.gz and zip binary packages + - https://github.com/prometheus/node_exporter/releases/download/v1.1.2/node_exporter-1.1.2.linux-amd64.tar.gz # monitor binary + - https://github.com/Vonng/pg_exporter/releases/download/v0.3.2/pg_exporter_v0.3.2_linux-amd64.tar.gz + - https://github.com/grafana/loki/releases/download/v2.2.1/loki-linux-amd64.zip # loki binary + - https://github.com/grafana/loki/releases/download/v2.2.1/promtail-linux-amd64.zip + - https://github.com/grafana/loki/releases/download/v2.2.1/logcli-linux-amd64.zip + - https://github.com/grafana/loki/releases/download/v2.2.1/loki-canary-linux-amd64.zip + + # mirror in mainland china (use commented packages to install from official site) + # - http://pigsty-1304147732.cos.accelerate.myqcloud.com/pkg/pg_exporter-0.3.2-1.el7.x86_64.rpm + # - http://pigsty-1304147732.cos.accelerate.myqcloud.com/pkg/vip-manager_0.6-1_amd64.rpm + # - http://pigsty-1304147732.cos.accelerate.myqcloud.com/pkg/polysh-0.4-1.noarch.rpm + + #------------------------------------------------------------------------------ + # NODE PROVISION + #------------------------------------------------------------------------------ + # this section defines how to provision nodes + # nodename: # if defined, node's hostname will be overwritten + + # - node dns - # + node_dns_hosts: # static dns records in /etc/hosts + - 10.10.10.10 yum.pigsty + node_dns_server: none # add (default) | none (skip) | overwrite (remove old settings) + node_dns_servers: # dynamic nameserver in /etc/resolv.conf + - 10.10.10.10 + node_dns_options: # dns resolv options + - options single-request-reopen timeout:1 rotate + - domain service.consul + + # - node repo - # + node_repo_method: local # none|local|public (use local repo for production env) + node_repo_remove: true # whether remove existing repo + node_local_repo_url: # local repo url (if method=local, make sure firewall is configured or disabled) + - http://yum.pigsty/pigsty.repo + + # - node packages - # + node_packages: # common packages for all nodes + - wget,yum-utils,sshpass,ntp,chrony,tuned,uuid,lz4,vim-minimal,make,patch,bash,lsof,wget,unzip,git,readline,zlib,openssl + - numactl,grubby,sysstat,dstat,iotop,bind-utils,net-tools,tcpdump,socat,ipvsadm,telnet,tuned,pv,jq + - python3,python3-psycopg2,python36-requests,python3-etcd,python3-consul + - python36-urllib3,python36-idna,python36-pyOpenSSL,python36-cryptography + - node_exporter,consul,consul-template,etcd,haproxy,keepalived,vip-manager + node_extra_packages: # extra packages for all nodes + - patroni,patroni-consul,patroni-etcd,pgbouncer,pgbadger,pg_activity + node_meta_packages: # packages for meta nodes only + - grafana,prometheus2,alertmanager,nginx_exporter,blackbox_exporter,pushgateway + - dnsmasq,nginx,ansible,pgbadger,polysh,python-psycopg2 + + # build & devel packages (add to repo_packages too if you want build database & extensions from source) + # - gcc,gcc-c++,clang,coreutils,diffutils,rpm-build,rpm-devel,rpmlint,rpmdevtools + # - zlib-devel,openssl-libs,openssl-devel,pam-devel,libxml2-devel,libxslt-devel,openldap-devel,systemd-devel,tcl-devel,python-devel + + + # - node features - # + node_disable_numa: false # disable numa, important for production database, reboot required + node_disable_swap: false # disable swap, important for production database + node_disable_firewall: true # disable firewall (required if using kubernetes) + node_disable_selinux: true # disable selinux (required if using kubernetes) + node_static_network: true # keep dns resolver settings after reboot + node_disk_prefetch: false # setup disk prefetch on HDD to increase performance + + # - node kernel modules - # + node_kernel_modules: [softdog, br_netfilter, ip_vs, ip_vs_rr, ip_vs_rr, ip_vs_wrr, ip_vs_sh] + + # - node tuned - # + node_tune: tiny # install and activate tuned profile: none|oltp|olap|crit|tiny + node_sysctl_params: {} # set additional sysctl parameters, k:v format + # net.bridge.bridge-nf-call-iptables: 1 # example kv parameters + + # - node user - # + node_admin_setup: true # setup an default admin user ? + node_admin_uid: 88 # uid and gid for admin user + node_admin_username: dba # default admin user: dba + node_admin_ssh_exchange: true # exchange admin's ssh key among cluster ? + node_admin_pk_current: false # add current user's ~/.ssh/id_rsa.pub to admin pk + node_admin_pks: # ssh public keys to be added to admin user + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC7IMAMNavYtWwzAJajKqwdn3ar5BhvcwCnBTxxEkXhGlCO2vfgosSAQMEflfgvkiI5nM1HIFQ8KINlx1XLO7SdL5KdInG5LIJjAFh0pujS4kNCT9a5IGvSq1BrzGqhbEcwWYdju1ZPYBcJm/MG+JD0dYCh8vfrYB/cYMD0SOmNkQ== vagrant@pigsty.com' + + # - node ntp - # + node_ntp_service: ntp # ntp or chrony + node_ntp_config: true # overwrite existing ntp config? + node_timezone: Asia/Shanghai # default node timezone + node_ntp_servers: # default NTP servers + - pool cn.pool.ntp.org iburst + - pool pool.ntp.org iburst + - pool time.pool.aliyun.com iburst + - server 10.10.10.10 iburst + - server ntp.tuna.tsinghua.edu.cn iburst + + + #------------------------------------------------------------------------------ + # META PROVISION + #------------------------------------------------------------------------------ + # - ca - # + ca_method: create # create|copy|recreate + ca_subject: "/CN=root-ca" # self-signed CA subject + ca_homedir: /ca # ca cert directory + ca_cert: ca.crt # ca public key/cert + ca_key: ca.key # ca private key + + # - nginx - # + nginx_upstream: + - { name: home, host: pigsty, url: "127.0.0.1:3000"} + - { name: consul, host: c.pigsty, url: "127.0.0.1:8500" } + - { name: grafana, host: g.pigsty, url: "127.0.0.1:3000" } + - { name: prometheus, host: p.pigsty, url: "127.0.0.1:9090" } + - { name: alertmanager, host: a.pigsty, url: "127.0.0.1:9093" } + - { name: haproxy, host: h.pigsty, url: "127.0.0.1:9091" } + - { name: server, host: s.pigsty, url: "127.0.0.1:9633" } + + # - nameserver - # + dns_records: # dynamic dns record resolved by dnsmasq + - 10.10.10.10 meta-1 # sandbox node meta-1 (node-0) + - 10.10.10.10 pigsty + - 10.10.10.10 y.pigsty yum.pigsty + - 10.10.10.10 c.pigsty consul.pigsty + - 10.10.10.10 g.pigsty grafana.pigsty + - 10.10.10.10 p.pigsty prometheus.pigsty + - 10.10.10.10 a.pigsty alertmanager.pigsty + - 10.10.10.10 n.pigsty ntp.pigsty + - 10.10.10.10 h.pigsty haproxy.pigsty + + # - prometheus - # + prometheus_data_dir: /data/prometheus/data # prometheus data dir + prometheus_options: '--storage.tsdb.retention=30d' + prometheus_reload: false # reload prometheus instead of recreate it + prometheus_sd_method: consul # service discovery method: static|consul|etcd + prometheus_scrape_interval: 5s # global scrape & evaluation interval + prometheus_scrape_timeout: 4s # scrape timeout + prometheus_sd_interval: 5s # service discovery refresh interval + + # - grafana - # + grafana_url: http://admin:admin@10.10.10.10:3000 # grafana url + grafana_admin_password: admin # default grafana admin user password + grafana_plugin: install # none|install|reinstall + grafana_cache: /www/pigsty/grafana/plugins.tgz # path to grafana plugins tarball + grafana_customize: true # customize grafana resources + grafana_plugins: # default grafana plugins list + - redis-datasource + - simpod-json-datasource + - fifemon-graphql-datasource + - sbueringer-consul-datasource + - camptocamp-prometheus-alertmanager-datasource + - ryantxu-ajax-panel + - marcusolsson-hourly-heatmap-panel + - michaeldmoore-multistat-panel + - marcusolsson-treemap-panel + - pr0ps-trackmap-panel + - dalvany-image-panel + - magnesium-wordcloud-panel + - cloudspout-button-panel + - speakyourcode-button-panel + - jdbranham-diagram-panel + - grafana-piechart-panel + - snuids-radar-panel + - digrich-bubblechart-panel + grafana_git_plugins: + - https://github.com/Vonng/grafana-echarts + + # - loki - # + loki_clean: false # whether remove existing loki data + loki_data_dir: /data/loki # default loki data dir + + + #------------------------------------------------------------------------------ + # DCS PROVISION + #------------------------------------------------------------------------------ + service_registry: consul # where to register services: none | consul | etcd | both + dcs_type: consul # consul | etcd | both + dcs_name: pigsty # consul dc name | etcd initial cluster token + dcs_servers: # dcs server dict in name:ip format + meta-1: 10.10.10.10 # you could use existing dcs cluster + dcs_exists_action: clean # abort|skip|clean if dcs server already exists + dcs_disable_purge: false # set to true to disable purge functionality for good (force dcs_exists_action = abort) + consul_data_dir: /var/lib/consul # consul data dir (/var/lib/consul by default) + etcd_data_dir: /var/lib/etcd # etcd data dir (/var/lib/consul by default) + + + #------------------------------------------------------------------------------ + # POSTGRES INSTALLATION + #------------------------------------------------------------------------------ + # - dbsu - # + pg_dbsu: postgres # os user for database, postgres by default (change it is not recommended!) + pg_dbsu_uid: 26 # os dbsu uid and gid, 26 for default postgres users and groups + pg_dbsu_sudo: limit # none|limit|all|nopass (Privilege for dbsu, limit is recommended) + pg_dbsu_home: /var/lib/pgsql # postgresql binary + pg_dbsu_ssh_exchange: false # exchange ssh key among same cluster + + # - postgres packages - # + pg_version: 14 # default postgresql version + pgdg_repo: false # use official pgdg yum repo (disable if you have local mirror) + pg_add_repo: false # add postgres related repo before install (useful if you want a simple install) + pg_bin_dir: /usr/pgsql/bin # postgres binary dir + pg_packages: # 14 is under beta now + - postgresql${pg_version}* + # - postgis31_${pg_version}* + # - pgbouncer patroni pg_exporter pgbadger + # - patroni patroni-consul patroni-etcd pgbouncer pgbadger pg_activity + # - python3 python3-psycopg2 python36-requests python3-etcd python3-consul + # - python36-urllib3 python36-idna python36-pyOpenSSL python36-cryptography + + pg_extensions: [] + # - pg_repack${pg_version} pg_qualstats${pg_version} pg_stat_kcache${pg_version} wal2json${pg_version} + # - ogr_fdw${pg_version} mysql_fdw_${pg_version} redis_fdw_${pg_version} mongo_fdw${pg_version} hdfs_fdw_${pg_version} + # - count_distinct${version} ddlx_${version} geoip${version} orafce${version} # popular features + # - hypopg_${version} ip4r${version} jsquery_${version} logerrors_${version} periods_${version} pg_auto_failover_${version} pg_catcheck${version} + # - pg_fkpart${version} pg_jobmon${version} pg_partman${version} pg_prioritize_${version} pg_track_settings${version} pgaudit15_${version} + # - pgcryptokey${version} pgexportdoc${version} pgimportdoc${version} pgmemcache-${version} pgmp${version} pgq-${version} pgquarrel pgrouting_${version} + # - pguint${version} pguri${version} prefix${version} safeupdate_${version} semver${version} table_version${version} tdigest${version} + + + + #------------------------------------------------------------------------------ + # POSTGRES PROVISION + #------------------------------------------------------------------------------ + # - identity - # + # pg_cluster: # [REQUIRED] cluster name (cluster level, validated during pg_preflight) + # pg_seq: 0 # [REQUIRED] instance seq (instance level, validated during pg_preflight) + # pg_role: replica # [REQUIRED] service role (instance level, validated during pg_preflight) + # pg_shard: # [OPTIONAL] shard name (cluster level) + # pg_sindex: # [OPTIONAl] shard index (cluster level) + + # - identity option -# + pg_hostname: false # overwrite node hostname with pg instance name + pg_nodename: true # overwrite consul nodename with pg instance name + + # - retention - # + # pg_exists_action, available options: abort|clean|skip + # - abort: abort entire play's execution (default) + # - clean: remove existing cluster (dangerous) + # - skip: end current play for this host + # pg_exists: false # auxiliary flag variable (DO NOT SET THIS) + pg_exists_action: clean + pg_disable_purge: false # set to true to disable pg purge functionality for good (force pg_exists_action = abort) + + # - storage - # + pg_data: /pg/data # postgres data directory + pg_fs_main: /data # data disk mount point /pg -> {{ pg_fs_main }}/postgres/{{ pg_instance }} + pg_fs_bkup: /data/backups # backup disk mount point /pg/* -> {{ pg_fs_bkup }}/postgres/{{ pg_instance }}/* + + # - connection - # + pg_listen: '0.0.0.0' # postgres listen address, '0.0.0.0' by default (all ipv4 addr) + pg_port: 5432 # postgres port (5432 by default) + pg_localhost: /var/run/postgresql # localhost unix socket dir for connection + # pg_upstream: # [OPTIONAL] specify replication upstream (set on primary transform cluster into a standby cluster) + + # - patroni - # + # patroni_mode, available options: default|pause|remove + # - default: default ha mode + # - pause: into maintenance mode + # - remove: remove patroni after bootstrap + patroni_mode: default # pause|default|remove + pg_namespace: /pg # top level key namespace in dcs + patroni_port: 8008 # default patroni port + patroni_watchdog_mode: automatic # watchdog mode: off|automatic|required + pg_conf: tiny.yml # user provided patroni config template path + + # - flags - # + pg_backup: false # store base backup on this node + pg_delay: 0 # apply delay for offline|delayed instance + + # - localization - # + pg_encoding: UTF8 # default to UTF8 + pg_locale: C # default to C + pg_lc_collate: C # default to C + pg_lc_ctype: en_US.UTF8 # default to en_US.UTF8 + + # - pgbouncer - # + pgbouncer_port: 6432 # pgbouncer port (6432 by default) + pgbouncer_poolmode: transaction # pooling mode: (transaction pooling by default) + pgbouncer_max_db_conn: 100 # important! do not set this larger than postgres max conn or conn limit + + + #------------------------------------------------------------------------------ + # POSTGRES TEMPLATE + #------------------------------------------------------------------------------ + # - template - # + pg_init: pg-init # init script for cluster template + + # - system roles - # + pg_replication_username: replicator # system replication user + pg_replication_password: DBUser.Replicator # system replication password + pg_monitor_username: dbuser_monitor # system monitor user + pg_monitor_password: DBUser.Monitor # system monitor password + pg_admin_username: dbuser_dba # system admin user + pg_admin_password: DBUser.DBA # system admin password + + # - default roles - # + # chekc http://pigsty.cc/zh/docs/concepts/provision/acl/ for more detail + pg_default_roles: + + # common production readonly user + - name: dbrole_readonly # production read-only roles + login: false + comment: role for global readonly access + + # common production read-write user + - name: dbrole_readwrite # production read-write roles + login: false + roles: [dbrole_readonly] # read-write includes read-only access + comment: role for global read-write access + + # offline have same privileges as readonly, but with limited hba access on offline instance only + # for the purpose of running slow queries, interactive queries and perform ETL tasks + - name: dbrole_offline + login: false + comment: role for restricted read-only access (offline instance) + + # admin have the privileges to issue DDL changes + - name: dbrole_admin + login: false + bypassrls: true + comment: role for object creation + roles: [dbrole_readwrite,pg_monitor,pg_signal_backend] + + # dbsu, name is designated by `pg_dbsu`. It's not recommend to set password for dbsu + - name: postgres + superuser: true + comment: system superuser + + # default replication user, name is designated by `pg_replication_username`, and password is set by `pg_replication_password` + - name: replicator + replication: true # for replication user + bypassrls: true # logical replication require bypassrls + roles: [pg_monitor, dbrole_readonly] # logical replication require select privileges + comment: system replicator + + # default monitor user, name is designated by `pg_monitor_username`, and password is set by `pg_monitor_password` + - name: dbuser_monitor + connlimit: 16 + comment: system monitor user + roles: [pg_monitor, dbrole_readonly] + parameters: + log_min_duration_statement: 1000 + + # default admin super user, name is designated by `pg_admin_username`, and password is set by `pg_admin_password` + - name: dbuser_dba + superuser: true + comment: system admin user + roles: [dbrole_admin] + + # default stats user, for ETL and slow queries + - name: dbuser_stats + password: DBUser.Stats + comment: business offline user for offline queries and ETL + roles: [dbrole_offline] + + + # - privileges - # + # object created by dbsu and admin will have their privileges properly set + pg_default_privileges: + - GRANT USAGE ON SCHEMAS TO dbrole_readonly + - GRANT SELECT ON TABLES TO dbrole_readonly + - GRANT SELECT ON SEQUENCES TO dbrole_readonly + - GRANT EXECUTE ON FUNCTIONS TO dbrole_readonly + - GRANT USAGE ON SCHEMAS TO dbrole_offline + - GRANT SELECT ON TABLES TO dbrole_offline + - GRANT SELECT ON SEQUENCES TO dbrole_offline + - GRANT EXECUTE ON FUNCTIONS TO dbrole_offline + - GRANT INSERT, UPDATE, DELETE ON TABLES TO dbrole_readwrite + - GRANT USAGE, UPDATE ON SEQUENCES TO dbrole_readwrite + - GRANT TRUNCATE, REFERENCES, TRIGGER ON TABLES TO dbrole_admin + - GRANT CREATE ON SCHEMAS TO dbrole_admin + + # - schemas - # + pg_default_schemas: [monitor] # default schemas to be created + + # - extension - # + pg_default_extensions: # default extensions to be created + - { name: 'pg_stat_statements', schema: 'monitor' } + - { name: 'pgstattuple', schema: 'monitor' } + - { name: 'pg_qualstats', schema: 'monitor' } + - { name: 'pg_buffercache', schema: 'monitor' } + - { name: 'pageinspect', schema: 'monitor' } + - { name: 'pg_prewarm', schema: 'monitor' } + - { name: 'pg_visibility', schema: 'monitor' } + - { name: 'pg_freespacemap', schema: 'monitor' } + - { name: 'pg_repack', schema: 'monitor' } + - name: postgres_fdw + - name: file_fdw + - name: btree_gist + - name: btree_gin + - name: pg_trgm + - name: intagg + - name: intarray + + # - hba - # + pg_offline_query: false # set to true to enable offline query on instance + pg_reload: true # reload postgres after hba changes + pg_hba_rules: # postgres host-based authentication rules + - title: allow meta node password access + role: common + rules: + - host all all 10.10.10.10/32 md5 + + - title: allow intranet admin password access + role: common + rules: + - host all +dbrole_admin 10.0.0.0/8 md5 + - host all +dbrole_admin 172.16.0.0/12 md5 + - host all +dbrole_admin 192.168.0.0/16 md5 + + - title: allow intranet password access + role: common + rules: + - host all all 10.0.0.0/8 md5 + - host all all 172.16.0.0/12 md5 + - host all all 192.168.0.0/16 md5 + + - title: allow local read/write (local production user via pgbouncer) + role: common + rules: + - local all +dbrole_readonly md5 + - host all +dbrole_readonly 127.0.0.1/32 md5 + + - title: allow offline query (ETL,SAGA,Interactive) on offline instance + role: offline + rules: + - host all +dbrole_offline 10.0.0.0/8 md5 + - host all +dbrole_offline 172.16.0.0/12 md5 + - host all +dbrole_offline 192.168.0.0/16 md5 + + pg_hba_rules_extra: [] # extra hba rules (for cluster/instance overwrite) + + pgbouncer_hba_rules: # pgbouncer host-based authentication rules + - title: local password access + role: common + rules: + - local all all md5 + - host all all 127.0.0.1/32 md5 + + - title: intranet password access + role: common + rules: + - host all all 10.0.0.0/8 md5 + - host all all 172.16.0.0/12 md5 + - host all all 192.168.0.0/16 md5 + + pgbouncer_hba_rules_extra: [] # extra pgbouncer hba rules (for cluster/instance overwrite) + # pg_users: [] # business users + # pg_databases: [] # business databases + + #------------------------------------------------------------------------------ + # MONITOR PROVISION + #------------------------------------------------------------------------------ + # - install - # + exporter_install: none # none|yum|binary, none by default + exporter_repo_url: '' # if set, repo will be added to /etc/yum.repos.d/ before yum installation + + # - collect - # + exporter_metrics_path: /metrics # default metric path for pg related exporter + + # - node exporter - # + node_exporter_enabled: true # setup node_exporter on instance + node_exporter_port: 9100 # default port for node exporter + node_exporter_options: '--no-collector.softnet --collector.systemd --collector.ntp --collector.tcpstat --collector.processes' + + # - pg exporter - # + pg_exporter_config: pg_exporter-demo.yaml # default config files for pg_exporter + pg_exporter_enabled: true # setup pg_exporter on instance + pg_exporter_port: 9630 # default port for pg exporter + pg_exporter_url: '' # optional, if not set, generate from reference parameters + + # - pgbouncer exporter - # + pgbouncer_exporter_enabled: true # setup pgbouncer_exporter on instance (if you don't have pgbouncer, disable it) + pgbouncer_exporter_port: 9631 # default port for pgbouncer exporter + pgbouncer_exporter_url: '' # optional, if not set, generate from reference parameters + + # - promtail - # # promtail is a beta feature which requires manual deployment + promtail_enabled: true # enable promtail logging collector? + promtail_clean: false # remove promtail status file? false by default + promtail_port: 9080 # default listen address for promtail + promtail_status_file: /tmp/promtail-status.yml + promtail_send_url: http://10.10.10.10:3100/loki/api/v1/push # loki url to receive logs + + #------------------------------------------------------------------------------ + # SERVICE PROVISION + #------------------------------------------------------------------------------ + pg_weight: 100 # default load balance weight (instance level) + + # - service - # + pg_services: # how to expose postgres service in cluster? + # primary service will route {ip|name}:5433 to primary pgbouncer (5433->6432 rw) + - name: primary # service name {{ pg_cluster }}-primary + src_ip: "*" + src_port: 5433 + dst_port: pgbouncer # 5433 route to pgbouncer + check_url: /primary # primary health check, success when instance is primary + selector: "[]" # select all instance as primary service candidate + + # replica service will route {ip|name}:5434 to replica pgbouncer (5434->6432 ro) + - name: replica # service name {{ pg_cluster }}-replica + src_ip: "*" + src_port: 5434 + dst_port: pgbouncer + check_url: /read-only # read-only health check. (including primary) + selector: "[]" # select all instance as replica service candidate + selector_backup: "[? pg_role == `primary`]" # primary are used as backup server in replica service + + # default service will route {ip|name}:5436 to primary postgres (5436->5432 primary) + - name: default # service's actual name is {{ pg_cluster }}-default + src_ip: "*" # service bind ip address, * for all, vip for cluster virtual ip address + src_port: 5436 # bind port, mandatory + dst_port: postgres # target port: postgres|pgbouncer|port_number , pgbouncer(6432) by default + check_method: http # health check method: only http is available for now + check_port: patroni # health check port: patroni|pg_exporter|port_number , patroni by default + check_url: /primary # health check url path, / as default + check_code: 200 # health check http code, 200 as default + selector: "[]" # instance selector + haproxy: # haproxy specific fields + maxconn: 3000 # default front-end connection + balance: roundrobin # load balance algorithm (roundrobin by default) + default_server_options: 'inter 3s fastinter 1s downinter 5s rise 3 fall 3 on-marked-down shutdown-sessions slowstart 30s maxconn 3000 maxqueue 128 weight 100' + + # offline service will route {ip|name}:5438 to offline postgres (5438->5432 offline) + - name: offline # service name {{ pg_cluster }}-offline + src_ip: "*" + src_port: 5438 + dst_port: postgres + check_url: /replica # offline MUST be a replica + selector: "[? pg_role == `offline` || pg_offline_query ]" # instances with pg_role == 'offline' or instance marked with 'pg_offline_query == true' + selector_backup: "[? pg_role == `replica` && !pg_offline_query]" # replica are used as backup server in offline service + + pg_services_extra: [] # extra services to be added + + # - haproxy - # + haproxy_enabled: true # enable haproxy among every cluster members + haproxy_reload: true # reload haproxy after config + haproxy_admin_auth_enabled: false # enable authentication for haproxy admin? + haproxy_admin_username: admin # default haproxy admin username + haproxy_admin_password: admin # default haproxy admin password + haproxy_exporter_port: 9101 # default admin/exporter port + haproxy_client_timeout: 3h # client side connection timeout + haproxy_server_timeout: 3h # server side connection timeout + + # - vip - # + vip_mode: none # none | l2 | l4 + vip_reload: true # whether reload service after config + # vip_address: 127.0.0.1 # virtual ip address ip (l2 or l4) + # vip_cidrmask: 24 # virtual ip address cidr mask (l2 only) + # vip_interface: eth0 # virtual ip network interface (l2 only) + + # - dns - # # NOT IMPLEMENTED + # dns_mode: vip # vip|all|selector: how to resolve cluster DNS? + # dns_selector: '[]' # if dns_mode == vip, filter instances been resolved + +... diff --git a/templates/config/pigsty-pro.yml b/templates/config/pigsty-pro.yml new file mode 100644 index 000000000..af1ba9071 --- /dev/null +++ b/templates/config/pigsty-pro.yml @@ -0,0 +1,840 @@ +--- +###################################################################### +# File : pigsty.yml +# Desc : Pigsty Configuration (Default Tiny Template) +# Link : https://pigsty.cc/zh/docs/config/ +# Ctime : 2020-05-22 +# Mtime : 2021-05-18 +# Copyright (C) 2018-2021 Ruohang Feng +###################################################################### +# Here 10.10.10.10 is a placeholder + + +###################################################################### +# Development Environment Inventory # +###################################################################### +all: # top-level namespace + + #==================================================================# + # Clusters # + #==================================================================# + # postgres database clusters are defined as kv pair in `all.children` + # where the key is cluster name and the value is the object consist + # of cluster members (hosts) and cluster specific variables (vars) + # meta nodes are defined in special group "meta" with `meta_node=true` + + children: + + #----------------------------- + # meta controller + #----------------------------- + meta: # special group 'meta' defines the main controller machine + vars: + meta_node: true # mark node as meta controller + ansible_group_priority: 99 # meta group has top priority + hosts: + 10.10.10.10: {} + + #----------------------------- + # cluster: pg-meta + #----------------------------- + # pg-meta is a single-node pgsql cluster deployed on meta node (10.10.10.10) + pg-meta: + # - cluster members - # + hosts: + 10.10.10.10: {pg_seq: 1, pg_role: primary, pg_offline_query: true} + + # - cluster configs - # + vars: + pg_cluster: pg-meta # define actual cluster name + pg_version: 13 # define installed pgsql version + node_tune: tiny # tune node into oltp|olap|crit|tiny mode + pg_conf: tiny.yml # tune pgsql into oltp|olap|crit|tiny mode + patroni_watchdog_mode: off # disable watchdog (require|automatic|off) + pg_lc_ctype: en_US.UTF8 # enabled pg_trgm i18n char support + + # - defining business users - # + pg_users: + # default production read-write user dbuser_meta + - name: dbuser_meta # user's name is required + password: md5d3d10d8cad606308bdb180148bf663e1 # md5 password is acceptable + pgbouncer: true # add user to pgbouncer userlist + roles: [dbrole_readwrite] # grant roles to user + comment: default production read-write user for meta database + + # default production read-only user for grafana direct access + - name: dbuser_grafana + password: DBUser.Grafana + pgbouncer: true + roles: [dbrole_readonly] + comment: default readonly access for grafana datasource + + # complete example of user/role definition + - name: dbuser_pigsty # pigsty user have admin access (DDL|DML) + password: DBUser.Pigsty # example user's password, can be md5 encrypted + pgbouncer: true # add this user to pgbouncer? false by default (true for production user) + comment: pigsty admin user # comment on user/role + roles: [dbrole_admin] # dbrole_{admin,readonly,readwrite,offline} + parameters: # additional role level parameters with ALTER ROLE SET + search_path: pigsty,public # add pigsty schema into search_path + + # - defining business databases - # + pg_databases: + - name: meta # name is the only required field for a database + comment: pigsty meta database # optional, comment string for database + schemas: [pigsty] # optional, create additional schema + extensions: # optional, extension name and which schema to create + - {name: adminpack, schema: pg_catalog} + parameters: # optional, extra parameters with ALTER DATABASE + search_path: 'pigsty,public' # add pigsty to search_path + + pg_default_database: meta # default database will be used as primary monitor target + vip_mode: none # I dont't know if your network allows vip + + + #==================================================================# + # Globals # + #==================================================================# + vars: + + #------------------------------------------------------------------------------ + # CONNECTION PARAMETERS + #------------------------------------------------------------------------------ + # this section defines connection parameters + + # ansible_user: vagrant # admin user with ssh access and sudo privilege + + proxy_env: # global proxy env when downloading packages + no_proxy: "localhost,127.0.0.1,10.0.0.0/8,192.168.0.0/16,*.pigsty,*.aliyun.com,mirrors.*,*.myqcloud.com" + # http_proxy: '' + # https_proxy: '' + # all_proxy: '' + + #------------------------------------------------------------------------------ + # REPO PROVISION + #------------------------------------------------------------------------------ + # this section defines how to build a local repo + + # - repo basic - # + repo_enabled: true # build local yum repo on meta nodes? + repo_name: pigsty # local repo name + repo_address: yum.pigsty # repo external address (ip:port or url) + repo_port: 80 # listen address, must same as repo_address + repo_home: /www # default repo dir location + repo_rebuild: false # force re-download packages + repo_remove: true # remove existing repos + + # - where to download - # + repo_upstreams: + - name: base + description: CentOS-$releasever - Base + gpgcheck: no + baseurl: + - https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/os/$basearch/ # tuna + - http://mirrors.aliyun.com/centos/$releasever/os/$basearch/ + - http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/ + - http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/ # aliyun + - http://mirror.centos.org/centos/$releasever/os/$basearch/ # official + + - name: updates + description: CentOS-$releasever - Updates + gpgcheck: no + baseurl: + - https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/updates/$basearch/ # tuna + - http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/ + - http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/ + - http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/ # aliyun + - http://mirror.centos.org/centos/$releasever/updates/$basearch/ # official + + - name: extras + description: CentOS-$releasever - Extras + baseurl: + - https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/extras/$basearch/ # tuna + - http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/ + - http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/ + - http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/ # aliyun + - http://mirror.centos.org/centos/$releasever/extras/$basearch/ # official + gpgcheck: no + + - name: epel + description: CentOS $releasever - epel + gpgcheck: no + baseurl: + - https://mirrors.tuna.tsinghua.edu.cn/epel/$releasever/$basearch # tuna + - http://mirrors.aliyun.com/epel/$releasever/$basearch # aliyun + - http://download.fedoraproject.org/pub/epel/$releasever/$basearch # official + + - name: grafana + description: Grafana + enabled: yes + gpgcheck: no + baseurl: + - https://mirrors.tuna.tsinghua.edu.cn/grafana/yum/rpm # tuna mirror + - https://packages.grafana.com/oss/rpm # official + + - name: grafana-beta + description: Grafana Beta + enabled: no + gpgcheck: no + baseurl: + - https://mirrors.tuna.tsinghua.edu.cn/grafana/yum/rpm-beta/ # tuna mirror + - https://packages.grafana.com/oss/rpm-beta # official BETA! + + - name: prometheus + description: Prometheus and exporters + gpgcheck: no + baseurl: https://packagecloud.io/prometheus-rpm/release/el/$releasever/$basearch # no other mirrors, quite slow + + - name: pgdg-common + description: PostgreSQL common RPMs for RHEL/CentOS $releasever - $basearch + gpgcheck: no + baseurl: + - http://mirrors.tuna.tsinghua.edu.cn/postgresql/repos/yum/common/redhat/rhel-$releasever-$basearch # tuna + - https://download.postgresql.org/pub/repos/yum/common/redhat/rhel-$releasever-$basearch # official + + - name: pgdg13 + description: PostgreSQL 13 for RHEL/CentOS $releasever - $basearch + gpgcheck: no + baseurl: + - https://mirrors.tuna.tsinghua.edu.cn/postgresql/repos/yum/13/redhat/rhel-$releasever-$basearch # tuna + - https://download.postgresql.org/pub/repos/yum/13/redhat/rhel-$releasever-$basearch # official + + - name: pgdg14-beta + description: PostgreSQL 14 beta for RHEL/CentOS $releasever - $basearch + enabled: no + gpgcheck: no + baseurl: + - https://mirrors.tuna.tsinghua.edu.cn/postgresql/repos/yum/testing/14/redhat/rhel-$releasever-$basearch # tuna + - https://download.postgresql.org/pub/repos/yum/testing/14/redhat/rhel-$releasever-$basearch # official + + - name: centos-sclo + description: CentOS-$releasever - SCLo + gpgcheck: no + baseurl: # mirrorlist: http://mirrorlist.centos.org?arch=$basearch&release=$releasever&repo=sclo-sclo + - http://mirrors.aliyun.com/centos/$releasever/sclo/$basearch/sclo/ + - http://repo.virtualhosting.hk/centos/$releasever/sclo/$basearch/sclo/ + + - name: centos-sclo-rh + description: CentOS-$releasever - SCLo rh + gpgcheck: no + baseurl: # mirrorlist: http://mirrorlist.centos.org?arch=$basearch&release=7&repo=sclo-rh + - http://mirrors.aliyun.com/centos/$releasever/sclo/$basearch/rh/ + - http://repo.virtualhosting.hk/centos/$releasever/sclo/$basearch/rh/ + + - name: nginx + description: Nginx Official Yum Repo + skip_if_unavailable: true + gpgcheck: no + baseurl: http://nginx.org/packages/centos/$releasever/$basearch/ + + - name: haproxy + description: Copr repo for haproxy + skip_if_unavailable: true + gpgcheck: no + baseurl: https://download.copr.fedorainfracloud.org/results/roidelapluie/haproxy/epel-$releasever-$basearch/ + + # for latest consul & kubernetes + - name: harbottle + description: Copr repo for main owned by harbottle + skip_if_unavailable: true + gpgcheck: no + baseurl: https://download.copr.fedorainfracloud.org/results/harbottle/main/epel-$releasever-$basearch/ + + + # - what to download - # + repo_packages: + # repo bootstrap packages + - epel-release nginx wget yum-utils yum createrepo sshpass unzip # bootstrap packages + + # node basic packages + - ntp chrony uuid lz4 nc pv jq vim-enhanced make patch bash lsof wget git tuned # basic system util + - readline zlib openssl libyaml libxml2 libxslt perl-ExtUtils-Embed ca-certificates # basic pg dependency + - numactl grubby sysstat dstat iotop bind-utils net-tools tcpdump socat ipvsadm telnet # system utils + + # dcs & monitor packages + - grafana prometheus2 pushgateway alertmanager # monitor and ui + - node_exporter postgres_exporter nginx_exporter blackbox_exporter # exporter + - consul consul_exporter consul-template etcd # dcs + + # python3 dependencies + - ansible python python-pip python-psycopg2 audit # ansible & python + - python3 python3-psycopg2 python36-requests python3-etcd python3-consul # python3 + - python36-urllib3 python36-idna python36-pyOpenSSL python36-cryptography # patroni extra deps + + # proxy and load balancer + - haproxy keepalived dnsmasq # proxy and dns + + # postgres common Packages + - patroni patroni-consul patroni-etcd pgbouncer pg_cli pgbadger pg_activity # major components + - pgcenter boxinfo check_postgres emaj pgbconsole pg_bloat_check pgquarrel # other common utils + - barman barman-cli pgloader pgFormatter pitrery pspg pgxnclient PyGreSQL pgadmin4 tail_n_mail + + # postgres 13 packages + - postgresql13* postgis31* citus_13 timescaledb_13 # pgrouting_13 # postgres 13 and postgis 31 + - pg_repack13 pg_squeeze13 # maintenance extensions + - pg_qualstats13 pg_stat_kcache13 system_stats_13 bgw_replstatus13 # stats extensions + - plr13 plsh13 plpgsql_check_13 plproxy13 plr13 plsh13 plpgsql_check_13 pldebugger13 # PL extensions + - hdfs_fdw_13 mongo_fdw13 mysql_fdw_13 ogr_fdw13 redis_fdw_13 pgbouncer_fdw13 # FDW extensions + - wal2json13 count_distinct13 ddlx_13 geoip13 orafce13 # MISC extensions + - rum_13 hypopg_13 ip4r13 jsquery_13 logerrors_13 periods_13 pg_auto_failover_13 pg_catcheck13 + - pg_fkpart13 pg_jobmon13 pg_partman13 pg_prioritize_13 pg_track_settings13 pgaudit15_13 + - pgcryptokey13 pgexportdoc13 pgimportdoc13 pgmemcache-13 pgmp13 pgq-13 + - pguint13 pguri13 prefix13 safeupdate_13 semver13 table_version13 tdigest13 + + # build & devel packages (optional) + - gcc gcc-c++ clang coreutils diffutils rpm-build rpm-devel rpmlint rpmdevtools + - zlib-devel openssl-libs openssl-devel pam-devel libxml2-devel libxslt-devel openldap-devel systemd-devel tcl-devel python-devel + + repo_url_packages: + # additional rpm packages + - https://github.com/Vonng/pg_exporter/releases/download/v0.3.2/pg_exporter-0.3.2-1.el7.x86_64.rpm + - https://github.com/cybertec-postgresql/vip-manager/releases/download/v0.6/vip-manager_0.6-1_amd64.rpm + - http://guichaz.free.fr/polysh/files/polysh-0.4-1.noarch.rpm + + # tar.gz and zip binary packages + - https://github.com/prometheus/node_exporter/releases/download/v1.1.2/node_exporter-1.1.2.linux-amd64.tar.gz # monitor binary + - https://github.com/Vonng/pg_exporter/releases/download/v0.3.2/pg_exporter_v0.3.2_linux-amd64.tar.gz + - https://github.com/grafana/loki/releases/download/v2.2.1/loki-linux-amd64.zip # loki binary + - https://github.com/grafana/loki/releases/download/v2.2.1/promtail-linux-amd64.zip + - https://github.com/grafana/loki/releases/download/v2.2.1/logcli-linux-amd64.zip + - https://github.com/grafana/loki/releases/download/v2.2.1/loki-canary-linux-amd64.zip + + # mirror in mainland china (use commented packages to install from official site) + # - http://pigsty-1304147732.cos.accelerate.myqcloud.com/pkg/pg_exporter-0.3.2-1.el7.x86_64.rpm + # - http://pigsty-1304147732.cos.accelerate.myqcloud.com/pkg/vip-manager_0.6-1_amd64.rpm + # - http://pigsty-1304147732.cos.accelerate.myqcloud.com/pkg/polysh-0.4-1.noarch.rpm + + #------------------------------------------------------------------------------ + # NODE PROVISION + #------------------------------------------------------------------------------ + # this section defines how to provision nodes + # nodename: # if defined, node's hostname will be overwritten + + # - node dns - # + node_dns_hosts: # static dns records in /etc/hosts + - 10.10.10.10 yum.pigsty + node_dns_server: none # add (default) | none (skip) | overwrite (remove old settings) + node_dns_servers: # dynamic nameserver in /etc/resolv.conf + - 10.10.10.10 + node_dns_options: # dns resolv options + - options single-request-reopen timeout:1 rotate + - domain service.consul + + # - node repo - # + node_repo_method: local # none|local|public (use local repo for production env) + node_repo_remove: true # whether remove existing repo + node_local_repo_url: # local repo url (if method=local, make sure firewall is configured or disabled) + - http://yum.pigsty/pigsty.repo + + # - node packages - # + node_packages: # common packages for all nodes + - wget,yum-utils,sshpass,ntp,chrony,tuned,uuid,lz4,vim-minimal,make,patch,bash,lsof,wget,unzip,git,readline,zlib,openssl + - numactl,grubby,sysstat,dstat,iotop,bind-utils,net-tools,tcpdump,socat,ipvsadm,telnet,tuned,pv,jq + - python3,python3-psycopg2,python36-requests,python3-etcd,python3-consul + - python36-urllib3,python36-idna,python36-pyOpenSSL,python36-cryptography + - node_exporter,consul,consul-template,etcd,haproxy,keepalived,vip-manager + node_extra_packages: # extra packages for all nodes + - patroni,patroni-consul,patroni-etcd,pgbouncer,pgbadger,pg_activity + node_meta_packages: # packages for meta nodes only + - grafana,prometheus2,alertmanager,nginx_exporter,blackbox_exporter,pushgateway + - dnsmasq,nginx,ansible,pgbadger,polysh,python-psycopg2 + + # build & devel packages (add to repo_packages too if you want build database & extensions from source) + # - gcc,gcc-c++,clang,coreutils,diffutils,rpm-build,rpm-devel,rpmlint,rpmdevtools + # - zlib-devel,openssl-libs,openssl-devel,pam-devel,libxml2-devel,libxslt-devel,openldap-devel,systemd-devel,tcl-devel,python-devel + + + # - node features - # + node_disable_numa: false # disable numa, important for production database, reboot required + node_disable_swap: false # disable swap, important for production database + node_disable_firewall: true # disable firewall (required if using kubernetes) + node_disable_selinux: true # disable selinux (required if using kubernetes) + node_static_network: true # keep dns resolver settings after reboot + node_disk_prefetch: false # setup disk prefetch on HDD to increase performance + + # - node kernel modules - # + node_kernel_modules: [softdog, br_netfilter, ip_vs, ip_vs_rr, ip_vs_rr, ip_vs_wrr, ip_vs_sh] + + # - node tuned - # + node_tune: tiny # install and activate tuned profile: none|oltp|olap|crit|tiny + node_sysctl_params: {} # set additional sysctl parameters, k:v format + # net.bridge.bridge-nf-call-iptables: 1 # example kv parameters + + # - node user - # + node_admin_setup: true # setup an default admin user ? + node_admin_uid: 88 # uid and gid for admin user + node_admin_username: dba # default admin user: dba + node_admin_ssh_exchange: true # exchange admin's ssh key among cluster ? + node_admin_pk_current: false # add current user's ~/.ssh/id_rsa.pub to admin pk + node_admin_pks: # ssh public keys to be added to admin user + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC7IMAMNavYtWwzAJajKqwdn3ar5BhvcwCnBTxxEkXhGlCO2vfgosSAQMEflfgvkiI5nM1HIFQ8KINlx1XLO7SdL5KdInG5LIJjAFh0pujS4kNCT9a5IGvSq1BrzGqhbEcwWYdju1ZPYBcJm/MG+JD0dYCh8vfrYB/cYMD0SOmNkQ== vagrant@pigsty.com' + + # - node ntp - # + node_ntp_service: ntp # ntp or chrony + node_ntp_config: true # overwrite existing ntp config? + node_timezone: Asia/Shanghai # default node timezone + node_ntp_servers: # default NTP servers + - pool cn.pool.ntp.org iburst + - pool pool.ntp.org iburst + - pool time.pool.aliyun.com iburst + - server 10.10.10.10 iburst + - server ntp.tuna.tsinghua.edu.cn iburst + + + #------------------------------------------------------------------------------ + # META PROVISION + #------------------------------------------------------------------------------ + # - ca - # + ca_method: create # create|copy|recreate + ca_subject: "/CN=root-ca" # self-signed CA subject + ca_homedir: /ca # ca cert directory + ca_cert: ca.crt # ca public key/cert + ca_key: ca.key # ca private key + + # - nginx - # + nginx_upstream: + - { name: home, host: pigsty, url: "127.0.0.1:3000"} + - { name: consul, host: c.pigsty, url: "127.0.0.1:8500" } + - { name: grafana, host: g.pigsty, url: "127.0.0.1:3000" } + - { name: prometheus, host: p.pigsty, url: "127.0.0.1:9090" } + - { name: alertmanager, host: a.pigsty, url: "127.0.0.1:9093" } + - { name: haproxy, host: h.pigsty, url: "127.0.0.1:9091" } + - { name: server, host: s.pigsty, url: "127.0.0.1:9633" } + + # - nameserver - # + dns_records: # dynamic dns record resolved by dnsmasq + - 10.10.10.10 meta-1 # sandbox node meta-1 (node-0) + - 10.10.10.10 pigsty + - 10.10.10.10 y.pigsty yum.pigsty + - 10.10.10.10 c.pigsty consul.pigsty + - 10.10.10.10 g.pigsty grafana.pigsty + - 10.10.10.10 p.pigsty prometheus.pigsty + - 10.10.10.10 a.pigsty alertmanager.pigsty + - 10.10.10.10 n.pigsty ntp.pigsty + - 10.10.10.10 h.pigsty haproxy.pigsty + + # - prometheus - # + prometheus_data_dir: /data/prometheus/data # prometheus data dir + prometheus_options: '--storage.tsdb.retention=30d' + prometheus_reload: false # reload prometheus instead of recreate it + prometheus_sd_method: consul # service discovery method: static|consul|etcd + prometheus_scrape_interval: 5s # global scrape & evaluation interval + prometheus_scrape_timeout: 4s # scrape timeout + prometheus_sd_interval: 5s # service discovery refresh interval + + # - grafana - # + grafana_url: http://admin:admin@10.10.10.10:3000 # grafana url + grafana_admin_password: admin # default grafana admin user password + grafana_plugin: install # none|install|reinstall + grafana_cache: /www/pigsty/grafana/plugins.tgz # path to grafana plugins tarball + grafana_customize: true # customize grafana resources + grafana_plugins: # default grafana plugins list + - redis-datasource + - simpod-json-datasource + - fifemon-graphql-datasource + - sbueringer-consul-datasource + - camptocamp-prometheus-alertmanager-datasource + - ryantxu-ajax-panel + - marcusolsson-hourly-heatmap-panel + - michaeldmoore-multistat-panel + - marcusolsson-treemap-panel + - pr0ps-trackmap-panel + - dalvany-image-panel + - magnesium-wordcloud-panel + - cloudspout-button-panel + - speakyourcode-button-panel + - jdbranham-diagram-panel + - grafana-piechart-panel + - snuids-radar-panel + - digrich-bubblechart-panel + grafana_git_plugins: + - https://github.com/Vonng/grafana-echarts + + # - loki - # + loki_clean: false # whether remove existing loki data + loki_data_dir: /data/loki # default loki data dir + + + #------------------------------------------------------------------------------ + # DCS PROVISION + #------------------------------------------------------------------------------ + service_registry: consul # where to register services: none | consul | etcd | both + dcs_type: consul # consul | etcd | both + dcs_name: pigsty # consul dc name | etcd initial cluster token + dcs_servers: # dcs server dict in name:ip format + meta-1: 10.10.10.10 # you could use existing dcs cluster + dcs_exists_action: clean # abort|skip|clean if dcs server already exists + dcs_disable_purge: false # set to true to disable purge functionality for good (force dcs_exists_action = abort) + consul_data_dir: /var/lib/consul # consul data dir (/var/lib/consul by default) + etcd_data_dir: /var/lib/etcd # etcd data dir (/var/lib/consul by default) + + + #------------------------------------------------------------------------------ + # POSTGRES INSTALLATION + #------------------------------------------------------------------------------ + # - dbsu - # + pg_dbsu: postgres # os user for database, postgres by default (change it is not recommended!) + pg_dbsu_uid: 26 # os dbsu uid and gid, 26 for default postgres users and groups + pg_dbsu_sudo: limit # none|limit|all|nopass (Privilege for dbsu, limit is recommended) + pg_dbsu_home: /var/lib/pgsql # postgresql binary + pg_dbsu_ssh_exchange: false # exchange ssh key among same cluster + + # - postgres packages - # + pg_version: 13 # default postgresql version + pgdg_repo: false # use official pgdg yum repo (disable if you have local mirror) + pg_add_repo: false # add postgres related repo before install (useful if you want a simple install) + pg_bin_dir: /usr/pgsql/bin # postgres binary dir + pg_packages: + - postgresql${pg_version}* + - postgis31_${pg_version}* + - pgbouncer patroni pg_exporter pgbadger + - patroni patroni-consul patroni-etcd pgbouncer pgbadger pg_activity + - python3 python3-psycopg2 python36-requests python3-etcd python3-consul + - python36-urllib3 python36-idna python36-pyOpenSSL python36-cryptography + + pg_extensions: + - pg_repack${pg_version} pg_qualstats${pg_version} pg_stat_kcache${pg_version} wal2json${pg_version} + # - ogr_fdw${pg_version} mysql_fdw_${pg_version} redis_fdw_${pg_version} mongo_fdw${pg_version} hdfs_fdw_${pg_version} + # - count_distinct${version} ddlx_${version} geoip${version} orafce${version} # popular features + # - hypopg_${version} ip4r${version} jsquery_${version} logerrors_${version} periods_${version} pg_auto_failover_${version} pg_catcheck${version} + # - pg_fkpart${version} pg_jobmon${version} pg_partman${version} pg_prioritize_${version} pg_track_settings${version} pgaudit15_${version} + # - pgcryptokey${version} pgexportdoc${version} pgimportdoc${version} pgmemcache-${version} pgmp${version} pgq-${version} pgquarrel pgrouting_${version} + # - pguint${version} pguri${version} prefix${version} safeupdate_${version} semver${version} table_version${version} tdigest${version} + + + + #------------------------------------------------------------------------------ + # POSTGRES PROVISION + #------------------------------------------------------------------------------ + # - identity - # + # pg_cluster: # [REQUIRED] cluster name (cluster level, validated during pg_preflight) + # pg_seq: 0 # [REQUIRED] instance seq (instance level, validated during pg_preflight) + # pg_role: replica # [REQUIRED] service role (instance level, validated during pg_preflight) + # pg_shard: # [OPTIONAL] shard name (cluster level) + # pg_sindex: # [OPTIONAl] shard index (cluster level) + + # - identity option -# + pg_hostname: false # overwrite node hostname with pg instance name + pg_nodename: true # overwrite consul nodename with pg instance name + + # - retention - # + # pg_exists_action, available options: abort|clean|skip + # - abort: abort entire play's execution (default) + # - clean: remove existing cluster (dangerous) + # - skip: end current play for this host + # pg_exists: false # auxiliary flag variable (DO NOT SET THIS) + pg_exists_action: clean + pg_disable_purge: false # set to true to disable pg purge functionality for good (force pg_exists_action = abort) + + # - storage - # + pg_data: /pg/data # postgres data directory + pg_fs_main: /data # data disk mount point /pg -> {{ pg_fs_main }}/postgres/{{ pg_instance }} + pg_fs_bkup: /data/backups # backup disk mount point /pg/* -> {{ pg_fs_bkup }}/postgres/{{ pg_instance }}/* + + # - connection - # + pg_listen: '0.0.0.0' # postgres listen address, '0.0.0.0' by default (all ipv4 addr) + pg_port: 5432 # postgres port (5432 by default) + pg_localhost: /var/run/postgresql # localhost unix socket dir for connection + # pg_upstream: # [OPTIONAL] specify replication upstream (set on primary transform cluster into a standby cluster) + + # - patroni - # + # patroni_mode, available options: default|pause|remove + # - default: default ha mode + # - pause: into maintenance mode + # - remove: remove patroni after bootstrap + patroni_mode: default # pause|default|remove + pg_namespace: /pg # top level key namespace in dcs + patroni_port: 8008 # default patroni port + patroni_watchdog_mode: automatic # watchdog mode: off|automatic|required + pg_conf: tiny.yml # user provided patroni config template path + + # - flags - # + pg_backup: false # store base backup on this node + pg_delay: 0 # apply delay for offline|delayed instance + + # - localization - # + pg_encoding: UTF8 # default to UTF8 + pg_locale: C # default to C + pg_lc_collate: C # default to C + pg_lc_ctype: en_US.UTF8 # default to en_US.UTF8 + + # - pgbouncer - # + pgbouncer_port: 6432 # pgbouncer port (6432 by default) + pgbouncer_poolmode: transaction # pooling mode: (transaction pooling by default) + pgbouncer_max_db_conn: 100 # important! do not set this larger than postgres max conn or conn limit + + + #------------------------------------------------------------------------------ + # POSTGRES TEMPLATE + #------------------------------------------------------------------------------ + # - template - # + pg_init: pg-init # init script for cluster template + + # - system roles - # + pg_replication_username: replicator # system replication user + pg_replication_password: DBUser.Replicator # system replication password + pg_monitor_username: dbuser_monitor # system monitor user + pg_monitor_password: DBUser.Monitor # system monitor password + pg_admin_username: dbuser_dba # system admin user + pg_admin_password: DBUser.DBA # system admin password + + # - default roles - # + # chekc http://pigsty.cc/zh/docs/concepts/provision/acl/ for more detail + pg_default_roles: + + # common production readonly user + - name: dbrole_readonly # production read-only roles + login: false + comment: role for global readonly access + + # common production read-write user + - name: dbrole_readwrite # production read-write roles + login: false + roles: [dbrole_readonly] # read-write includes read-only access + comment: role for global read-write access + + # offline have same privileges as readonly, but with limited hba access on offline instance only + # for the purpose of running slow queries, interactive queries and perform ETL tasks + - name: dbrole_offline + login: false + comment: role for restricted read-only access (offline instance) + + # admin have the privileges to issue DDL changes + - name: dbrole_admin + login: false + bypassrls: true + comment: role for object creation + roles: [dbrole_readwrite,pg_monitor,pg_signal_backend] + + # dbsu, name is designated by `pg_dbsu`. It's not recommend to set password for dbsu + - name: postgres + superuser: true + comment: system superuser + + # default replication user, name is designated by `pg_replication_username`, and password is set by `pg_replication_password` + - name: replicator + replication: true # for replication user + bypassrls: true # logical replication require bypassrls + roles: [pg_monitor, dbrole_readonly] # logical replication require select privileges + comment: system replicator + + # default monitor user, name is designated by `pg_monitor_username`, and password is set by `pg_monitor_password` + - name: dbuser_monitor + connlimit: 16 + comment: system monitor user + roles: [pg_monitor, dbrole_readonly] + parameters: + log_min_duration_statement: 1000 + + # default admin super user, name is designated by `pg_admin_username`, and password is set by `pg_admin_password` + - name: dbuser_dba + superuser: true + comment: system admin user + roles: [dbrole_admin] + + # default stats user, for ETL and slow queries + - name: dbuser_stats + password: DBUser.Stats + comment: business offline user for offline queries and ETL + roles: [dbrole_offline] + + + # - privileges - # + # object created by dbsu and admin will have their privileges properly set + pg_default_privileges: + - GRANT USAGE ON SCHEMAS TO dbrole_readonly + - GRANT SELECT ON TABLES TO dbrole_readonly + - GRANT SELECT ON SEQUENCES TO dbrole_readonly + - GRANT EXECUTE ON FUNCTIONS TO dbrole_readonly + - GRANT USAGE ON SCHEMAS TO dbrole_offline + - GRANT SELECT ON TABLES TO dbrole_offline + - GRANT SELECT ON SEQUENCES TO dbrole_offline + - GRANT EXECUTE ON FUNCTIONS TO dbrole_offline + - GRANT INSERT, UPDATE, DELETE ON TABLES TO dbrole_readwrite + - GRANT USAGE, UPDATE ON SEQUENCES TO dbrole_readwrite + - GRANT TRUNCATE, REFERENCES, TRIGGER ON TABLES TO dbrole_admin + - GRANT CREATE ON SCHEMAS TO dbrole_admin + + # - schemas - # + pg_default_schemas: [monitor] # default schemas to be created + + # - extension - # + pg_default_extensions: # default extensions to be created + - { name: 'pg_stat_statements', schema: 'monitor' } + - { name: 'pgstattuple', schema: 'monitor' } + - { name: 'pg_qualstats', schema: 'monitor' } + - { name: 'pg_buffercache', schema: 'monitor' } + - { name: 'pageinspect', schema: 'monitor' } + - { name: 'pg_prewarm', schema: 'monitor' } + - { name: 'pg_visibility', schema: 'monitor' } + - { name: 'pg_freespacemap', schema: 'monitor' } + - { name: 'pg_repack', schema: 'monitor' } + - name: postgres_fdw + - name: file_fdw + - name: btree_gist + - name: btree_gin + - name: pg_trgm + - name: intagg + - name: intarray + + # - hba - # + pg_offline_query: false # set to true to enable offline query on instance + pg_reload: true # reload postgres after hba changes + pg_hba_rules: # postgres host-based authentication rules + - title: allow meta node password access + role: common + rules: + - host all all 10.10.10.10/32 md5 + + - title: allow intranet admin password access + role: common + rules: + - host all +dbrole_admin 10.0.0.0/8 md5 + - host all +dbrole_admin 172.16.0.0/12 md5 + - host all +dbrole_admin 192.168.0.0/16 md5 + + - title: allow intranet password access + role: common + rules: + - host all all 10.0.0.0/8 md5 + - host all all 172.16.0.0/12 md5 + - host all all 192.168.0.0/16 md5 + + - title: allow local read/write (local production user via pgbouncer) + role: common + rules: + - local all +dbrole_readonly md5 + - host all +dbrole_readonly 127.0.0.1/32 md5 + + - title: allow offline query (ETL,SAGA,Interactive) on offline instance + role: offline + rules: + - host all +dbrole_offline 10.0.0.0/8 md5 + - host all +dbrole_offline 172.16.0.0/12 md5 + - host all +dbrole_offline 192.168.0.0/16 md5 + + pg_hba_rules_extra: [] # extra hba rules (for cluster/instance overwrite) + + pgbouncer_hba_rules: # pgbouncer host-based authentication rules + - title: local password access + role: common + rules: + - local all all md5 + - host all all 127.0.0.1/32 md5 + + - title: intranet password access + role: common + rules: + - host all all 10.0.0.0/8 md5 + - host all all 172.16.0.0/12 md5 + - host all all 192.168.0.0/16 md5 + + pgbouncer_hba_rules_extra: [] # extra pgbouncer hba rules (for cluster/instance overwrite) + # pg_users: [] # business users + # pg_databases: [] # business databases + + #------------------------------------------------------------------------------ + # MONITOR PROVISION + #------------------------------------------------------------------------------ + # - install - # + exporter_install: none # none|yum|binary, none by default + exporter_repo_url: '' # if set, repo will be added to /etc/yum.repos.d/ before yum installation + + # - collect - # + exporter_metrics_path: /metrics # default metric path for pg related exporter + + # - node exporter - # + node_exporter_enabled: true # setup node_exporter on instance + node_exporter_port: 9100 # default port for node exporter + node_exporter_options: '--no-collector.softnet --collector.systemd --collector.ntp --collector.tcpstat --collector.processes' + + # - pg exporter - # + pg_exporter_config: pg_exporter-demo.yaml # default config files for pg_exporter + pg_exporter_enabled: true # setup pg_exporter on instance + pg_exporter_port: 9630 # default port for pg exporter + pg_exporter_url: '' # optional, if not set, generate from reference parameters + + # - pgbouncer exporter - # + pgbouncer_exporter_enabled: true # setup pgbouncer_exporter on instance (if you don't have pgbouncer, disable it) + pgbouncer_exporter_port: 9631 # default port for pgbouncer exporter + pgbouncer_exporter_url: '' # optional, if not set, generate from reference parameters + + # - promtail - # # promtail is a beta feature which requires manual deployment + promtail_enabled: true # enable promtail logging collector? + promtail_clean: false # remove promtail status file? false by default + promtail_port: 9080 # default listen address for promtail + promtail_status_file: /tmp/promtail-status.yml + promtail_send_url: http://10.10.10.10:3100/loki/api/v1/push # loki url to receive logs + + #------------------------------------------------------------------------------ + # SERVICE PROVISION + #------------------------------------------------------------------------------ + pg_weight: 100 # default load balance weight (instance level) + + # - service - # + pg_services: # how to expose postgres service in cluster? + # primary service will route {ip|name}:5433 to primary pgbouncer (5433->6432 rw) + - name: primary # service name {{ pg_cluster }}-primary + src_ip: "*" + src_port: 5433 + dst_port: pgbouncer # 5433 route to pgbouncer + check_url: /primary # primary health check, success when instance is primary + selector: "[]" # select all instance as primary service candidate + + # replica service will route {ip|name}:5434 to replica pgbouncer (5434->6432 ro) + - name: replica # service name {{ pg_cluster }}-replica + src_ip: "*" + src_port: 5434 + dst_port: pgbouncer + check_url: /read-only # read-only health check. (including primary) + selector: "[]" # select all instance as replica service candidate + selector_backup: "[? pg_role == `primary`]" # primary are used as backup server in replica service + + # default service will route {ip|name}:5436 to primary postgres (5436->5432 primary) + - name: default # service's actual name is {{ pg_cluster }}-default + src_ip: "*" # service bind ip address, * for all, vip for cluster virtual ip address + src_port: 5436 # bind port, mandatory + dst_port: postgres # target port: postgres|pgbouncer|port_number , pgbouncer(6432) by default + check_method: http # health check method: only http is available for now + check_port: patroni # health check port: patroni|pg_exporter|port_number , patroni by default + check_url: /primary # health check url path, / as default + check_code: 200 # health check http code, 200 as default + selector: "[]" # instance selector + haproxy: # haproxy specific fields + maxconn: 3000 # default front-end connection + balance: roundrobin # load balance algorithm (roundrobin by default) + default_server_options: 'inter 3s fastinter 1s downinter 5s rise 3 fall 3 on-marked-down shutdown-sessions slowstart 30s maxconn 3000 maxqueue 128 weight 100' + + # offline service will route {ip|name}:5438 to offline postgres (5438->5432 offline) + - name: offline # service name {{ pg_cluster }}-offline + src_ip: "*" + src_port: 5438 + dst_port: postgres + check_url: /replica # offline MUST be a replica + selector: "[? pg_role == `offline` || pg_offline_query ]" # instances with pg_role == 'offline' or instance marked with 'pg_offline_query == true' + selector_backup: "[? pg_role == `replica` && !pg_offline_query]" # replica are used as backup server in offline service + + pg_services_extra: [] # extra services to be added + + # - haproxy - # + haproxy_enabled: true # enable haproxy among every cluster members + haproxy_reload: true # reload haproxy after config + haproxy_admin_auth_enabled: false # enable authentication for haproxy admin? + haproxy_admin_username: admin # default haproxy admin username + haproxy_admin_password: admin # default haproxy admin password + haproxy_exporter_port: 9101 # default admin/exporter port + haproxy_client_timeout: 3h # client side connection timeout + haproxy_server_timeout: 3h # server side connection timeout + + # - vip - # + vip_mode: none # none | l2 | l4 + vip_reload: true # whether reload service after config + # vip_address: 127.0.0.1 # virtual ip address ip (l2 or l4) + # vip_cidrmask: 24 # virtual ip address cidr mask (l2 only) + # vip_interface: eth0 # virtual ip network interface (l2 only) + + # - dns - # # NOT IMPLEMENTED + # dns_mode: vip # vip|all|selector: how to resolve cluster DNS? + # dns_selector: '[]' # if dns_mode == vip, filter instances been resolved + +... diff --git a/templates/config/pigsty-prod.yml b/templates/config/pigsty-prod.yml index 9bbafbd39..862c1b2f7 100644 --- a/templates/config/pigsty-prod.yml +++ b/templates/config/pigsty-prod.yml @@ -248,7 +248,7 @@ all: # top-level namespace - name: grafana description: Grafana - enabled: no + enabled: yes gpgcheck: no baseurl: - https://mirrors.tuna.tsinghua.edu.cn/grafana/yum/rpm # tuna mirror @@ -256,7 +256,7 @@ all: # top-level namespace - name: grafana-beta description: Grafana Beta - enabled: yes + enabled: no gpgcheck: no baseurl: - https://mirrors.tuna.tsinghua.edu.cn/grafana/yum/rpm-beta/ # tuna mirror @@ -287,7 +287,7 @@ all: # top-level namespace gpgcheck: no baseurl: - https://mirrors.tuna.tsinghua.edu.cn/postgresql/repos/yum/testing/14/redhat/rhel-$releasever-$basearch # tuna - - https://download.postgresql.org/pub/repos/yum/13/redhat/rhel-$releasever-$basearch # official + - https://download.postgresql.org/pub/repos/yum/testing/14/redhat/rhel-$releasever-$basearch # official - name: centos-sclo description: CentOS-$releasever - SCLo diff --git a/templates/config/pigsty-tiny.yml b/templates/config/pigsty-tiny.yml index 080497f38..ab02bb6ee 100644 --- a/templates/config/pigsty-tiny.yml +++ b/templates/config/pigsty-tiny.yml @@ -166,7 +166,7 @@ all: # top-level namespace - name: grafana description: Grafana - enabled: no + enabled: yes gpgcheck: no baseurl: - https://mirrors.tuna.tsinghua.edu.cn/grafana/yum/rpm # tuna mirror @@ -174,7 +174,7 @@ all: # top-level namespace - name: grafana-beta description: Grafana Beta - enabled: yes + enabled: no gpgcheck: no baseurl: - https://mirrors.tuna.tsinghua.edu.cn/grafana/yum/rpm-beta/ # tuna mirror @@ -204,8 +204,8 @@ all: # top-level namespace enabled: no gpgcheck: no baseurl: - - https://mirrors.tuna.tsinghua.edu.cn/postgresql/repos/yum/testing/14/redhat/rhel-$releasever-$basearch # tuna - - https://download.postgresql.org/pub/repos/yum/13/redhat/rhel-$releasever-$basearch # official + - https://mirrors.tuna.tsinghua.edu.cn/postgresql/repos/yum/testing/14/redhat/rhel-$releasever-$basearch # tuna + - https://download.postgresql.org/pub/repos/yum/testing/14/redhat/rhel-$releasever-$basearch # official - name: centos-sclo description: CentOS-$releasever - SCLo