Remove PgBouncer standalone installation (#2770)

* Remove standalone PgBouncer

* Update changelog

ansible/playbooks/roles/filebeat/templates/filebeat.yml.j2

@@ -99,7 +99,6 @@ filebeat.inputs:
 - type: log
   enabled: true
   paths:
-    - {{ postgresql_defaults.pgbouncer.logfile[ansible_os_family] }}*
     - /var/log/postgresql/repmgr.log*
   exclude_files: [".gz$"]
 {% endif %}

ansible/playbooks/roles/postgresql/defaults/main.yml

@@ -56,20 +56,3 @@ repmgr:
   version:
     Debian: "5.2.1"
     RedHat: "5.2.1"
-
-pgbouncer:
-  group:
-    Debian: postgres
-    RedHat: pgbouncer
-  logfile:
-    Debian: /var/log/postgresql/pgbouncer.log
-    RedHat: /var/log/pgbouncer/pgbouncer.log
-  pidfile:
-    Debian: /var/run/postgresql/pgbouncer.pid
-    RedHat: /var/run/pgbouncer/pgbouncer.pid
-  user:
-    Debian: postgres
-    RedHat: pgbouncer
-  version:
-    Debian: "1.16.0"
-    RedHat: "1.16.0"

ansible/playbooks/roles/postgresql/molecule/add-repos-redhat.sh

@@ -148,6 +148,5 @@ EOF
 )
 
 add_repo_as_file 'postgresql-13' "$POSTGRESQL_REPO_CONF"
-add_repo_as_file 'postgresql-common' "$POSTGRESQL_COMMON_REPO_CONF"          # for pgbouncer
 add_repo_from_script 'https://dl.2ndquadrant.com/default/release/get/13/rpm' # for repmgr
 disable_repo '2ndquadrant-dl-default-release-pg13-debug'                     # script adds 2 repositories, only 1 is required

ansible/playbooks/roles/postgresql/molecule/vars-repmgr.yml

@@ -82,8 +82,6 @@ specification:
         pgaudit.log_relation: 'on # separate log entry for each relation'
         pgaudit.log_statement_once: off
         pgaudit.log_parameter: on
-    pgbouncer:
-      enabled: true
     replication:
       replication_user_name: epi_repmgr
       replication_user_password: PASSWORD_TO_CHANGE
@@ -93,9 +91,6 @@ specification:
       shared_preload_libraries:
         - repmgr
   logrotate:
-    pgbouncer:
-      period: weekly
-      rotations: 5
     postgresql: |-
       /var/log/postgresql/postgresql*.log {
           maxsize 10M

ansible/playbooks/roles/postgresql/molecule/verify-common.yml

@@ -13,15 +13,6 @@
       - "{{ _services[ansible_os_family] in ansible_facts.services }}"
       - "{{ ansible_facts.services[_services[ansible_os_family]].state == 'running' }}"
 
-# PgBouncer is installed only on one of nodes
-- name: Verify that pgbouncer service exists and is running
-  delegate_to: groups.postgresql[0]
-  run_once: true
-  assert:
-    that:
-      - "{{ 'pgbouncer.service' in ansible_facts.services }}"
-      - "{{ ansible_facts.services['pgbouncer.service'].state == 'running' }}"
-
 # required for 'listen_ports_facts' module
 - name: Ensure net-tools package is installed
   package:
@@ -38,13 +29,3 @@
             | selectattr('port', 'equalto', 5432)
             | selectattr('address', 'equalto', '0.0.0.0')
             | length == 1 }}"
-
-- name: Verify PgBouncer port
-  delegate_to: groups.postgresql[0]
-  run_once: true
-  assert:
-    that:
-      - "{{ ansible_facts.tcp_listen
-            | selectattr('port', 'equalto', 6432)
-            | selectattr('address', 'equalto', '127.0.0.1')
-            | length == 1 }}"

ansible/playbooks/roles/postgresql/tasks/upgrade/nodes/common/prepare-upgrade.yml

@@ -56,16 +56,6 @@
   include_tasks: upgrade/extensions/pgaudit/packages.yml
   when: is_pgaudit_used
 
-- name: Extensions | PgBouncer | Upgrade
-  when: is_pgbouncer_used
-  block:
-    - include_tasks: upgrade/extensions/pgbouncer/packages.yml
-
-    - name: Extensions | PgBouncer | Ensure that systemd service is started
-      systemd:
-        name: pgbouncer
-        state: started
-
 - name: Extensions | repmgr | Include package(s) installation tasks
   include_tasks: upgrade/extensions/replication/pg-new/packages.yml
   when: is_repmgr_used

ansible/playbooks/roles/postgresql/tasks/upgrade/nodes/common/set-facts.yml

@@ -9,7 +9,6 @@
 - name: Set facts on installed extensions
   set_fact:
     is_pgaudit_used: "{{ ansible_facts.packages.keys() | intersect(_packages.pgaudit) | count > 0 }}"
-    is_pgbouncer_used: "{{ ansible_facts.packages.pgbouncer is defined }}"  # package name is the same for all versions
     is_repmgr_used: "{{ ansible_facts.packages.keys() | intersect(_packages.repmgr) | count > 0 }}"
   vars:
     _packages:

ansible/playbooks/roles/postgresql/tasks/upgrade/run-upgrade.yml

@@ -21,7 +21,6 @@
 #    - pg_primary_node
 # 2) extensions
 #    - is_pgaudit_used
-#    - is_pgbouncer_used
 #    - is_repmgr_used
 - include_tasks: upgrade/nodes/common/set-facts.yml
 

ansible/playbooks/roles/preflight/defaults/main.yml

@@ -102,4 +102,3 @@ unsupported_postgres_extensions:
   x86_64: []
   aarch64:
     - replication
-    - pgbouncer

ansible/playbooks/roles/repository/files/download-requirements/centos-7/add-repositories.multiarch.sh

@@ -114,5 +114,4 @@ add_repo_as_file 'elasticsearch-curator-5' "$ELASTICSEARCH_CURATOR_REPO_CONF"
 add_repo_as_file 'kubernetes' "$KUBERNETES_REPO_CONF"
 add_repo_as_file 'opendistroforelasticsearch' "$OPENDISTRO_REPO_CONF"
 add_repo_as_file 'postgresql-13' "$POSTGRESQL_REPO_CONF"
-add_repo_as_file 'postgresql-common' "$POSTGRESQL_COMMON_REPO_CONF" # for pgbouncer
 add_repo_as_file 'rabbitmq' "$RABBITMQ_SERVER_REPO_CONF"

ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.aarch64.txt

@@ -23,7 +23,6 @@ https://github.com/google/go-containerregistry/releases/download/v0.4.1/go-conta
 [packages]
 audit # for docker-ce
 bash-completion
-#c-ares # for pgbouncer
 ca-certificates
 cifs-utils
 conntrack-tools # for kubelet

ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.x86_64.txt

@@ -23,7 +23,6 @@ https://github.com/google/go-containerregistry/releases/download/v0.4.1/go-conta
 [packages]
 audit # for docker-ce
 bash-completion
-c-ares # for pgbouncer
 ca-certificates
 cifs-utils
 conntrack-tools # for kubelet
@@ -80,7 +79,6 @@ perl-Pod-Perldoc # for vim
 perl-Pod-Simple # for vim
 perl-Pod-Usage # for vim
 pgaudit15_13-1.5.0
-pgbouncer-1.16.0
 policycoreutils-python # for container-selinux
 pyldb # for cifs-utils
 python-cffi # for python2-cryptography

ansible/playbooks/roles/repository/files/download-requirements/redhat-7/add-repositories.multiarch.sh

@@ -114,5 +114,4 @@ add_repo_as_file 'elasticsearch-curator-5' "$ELASTICSEARCH_CURATOR_REPO_CONF"
 add_repo_as_file 'kubernetes' "$KUBERNETES_REPO_CONF"
 add_repo_as_file 'opendistroforelasticsearch' "$OPENDISTRO_REPO_CONF"
 add_repo_as_file 'postgresql-13' "$POSTGRESQL_REPO_CONF"
-add_repo_as_file 'postgresql-common' "$POSTGRESQL_COMMON_REPO_CONF" # for pgbouncer
 add_repo_as_file 'rabbitmq' "$RABBITMQ_SERVER_REPO_CONF"

ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.x86_64.txt

@@ -21,7 +21,6 @@ https://github.com/google/go-containerregistry/releases/download/v0.4.1/go-conta
 [packages]
 audit # for docker-ce
 bash-completion
-c-ares # for pgbouncer
 ca-certificates
 cifs-utils
 conntrack-tools # for kubelet
@@ -78,7 +77,6 @@ perl-Pod-Perldoc # for vim
 perl-Pod-Simple # for vim
 perl-Pod-Usage # for vim
 pgaudit15_13-1.5.0
-pgbouncer-1.16.0
 policycoreutils-python # for container-selinux
 pyldb # for cifs-utils
 python-cffi # for python2-cryptography

ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/requirements.x86_64.txt

@@ -143,7 +143,6 @@ libsmbclient
 
 # postgres related packages
 # if version is not specified, it's not related to postgres version and the latest is used
-pgbouncer 1.16.0
 pgdg-keyring
 postgresql-13-pgaudit 1.5.0
 postgresql-10-repmgr 5.2.1

docs/changelogs/CHANGELOG-1.3.md

@@ -43,8 +43,14 @@
 - [#2180](https://github.com/epiphany-platform/epiphany/issues/2180) - [documentation] Missing clear information about supported CNI plugins
 - [#2755](https://github.com/epiphany-platform/epiphany/issues/2755) - Upgrade Python dependencies to the latest
 
+### Removed
+
+- [#2680](https://github.com/epiphany-platform/epiphany/issues/2680) - Remove PgBouncer standalone installation
+
 ### Deprecated
 
 ### Breaking changes
 
+- PgBouncer available only as Kubernetes service
+
 ### Known issues

docs/home/ARM.md

@@ -200,10 +200,6 @@ specification:
   extensions:
     pgaudit:
       enabled: yes
-    pgbouncer:
-      enabled: no
-    replication:
-      enabled: no
 title: Postgresql
 ---        
 kind: configuration/rabbitmq

docs/home/COMPONENTS.md

@@ -36,7 +36,6 @@ Note that versions are default versions and can be changed in certain cases thro
 | PostgreSQL                 | 13       | https://www.postgresql.org/                           | [PostgreSQL license](http://www.postgresql.org/about/licence/)    |
 | HAProxy                    | 2.2.2    | https://www.haproxy.org/                              | [GNU General Public License 2.0](https://www.gnu.org/licenses/old-licenses/gpl-2.0.html) |
 | PgAudit                    | 1.5.0    | https://github.com/pgaudit/pgaudit                    | [PostgreSQL license](http://www.postgresql.org/about/licence/)    |
-| PgBouncer                  | 1.16.0   | https://github.com/pgbouncer/pgbouncer                | [ISC License](https://opensource.org/licenses/isc)                |
 | repmgr                     | 5.2.1    | https://github.com/EnterpriseDB/repmgr                | [GNU General Public License 3.0](https://github.com/EnterpriseDB/repmgr/blob/master/LICENSE) |
 | Pgpool                     | 4.2.4    | https://www.pgpool.net/                               | [License](https://www.pgpool.net/mediawiki/index.php/pgpool-II_License) |
 | Alertmanager               | 0.17.0   | https://github.com/prometheus/alertmanager            | [Apache License 2.0](https://github.com/prometheus/alertmanager/blob/master/LICENSE) |

docs/home/RESOURCES.md

@@ -50,7 +50,7 @@ Here are some materials concerning Epiphany tooling and cluster components - bot
     1. [HaProxy](http://www.haproxy.org/)
 7. Databases
     1. [PostgreSQL](https://www.postgresql.org/docs/)
-        - [Repmng](https://repmgr.org/)
+        - [repmgr](https://repmgr.org/)
         - [PGBouncer](https://www.pgbouncer.org/)
         - [PGPool](https://www.pgpool.net/mediawiki/index.php/Main_Page)
         - [PGAudit](https://www.pgaudit.org/)

docs/home/SECURITY.md

@@ -96,7 +96,6 @@ The list does not include ports that are bound to the loopback interface (localh
 11. PostgreSQL:
 
     - 5432 - PostgreSQL server
-    - 6432 - PgBouncer
 
 12. Kubernetes:
 

docs/home/howto/DATABASES.md

@@ -16,31 +16,8 @@ For this reason, MD5 password encryption is set up and this is not configurable
 
 ## How to set up PostgreSQL connection pooling
 
-PostgreSQL connection pooling in Epiphany is served by PgBouncer application. It is available as Kubernetes `ClusterIP` or standalone package.
-The [Kubernetes based installation](#how-to-set-up-pgbouncer-pgpool-and-postgresql-parameters) works together with PgPool so it supports PostgreSQL HA setup.
-The standalone installation (described below) is deprecated and **will be removed** in the next release.
-
----
-**NOTE**
-
-PgBouncer extension is not supported on ARM.
-
----
-
-PgBouncer is installed only on PostgreSQL primary node. This needs to be enabled in configuration yaml file:
-
-```yaml
-kind: configuration/postgresql
-specification:
-  extensions:
-    ...
-    pgbouncer:
-      enabled: yes
-    ...
-```
-
-PgBouncer listens on standard port 6432. Basic configuration is just template, with very limited access to database.
-This is because of security reasons. [Configuration needs to be tailored according component documentation and stick to security rules and best practices](http://www.pgbouncer.org/).
+PostgreSQL connection pooling in Epiphany is served by [PgBouncer K8s application](#how-to-set-up-pgbouncer-pgpool-and-postgresql-parameters).
+It is available as `ClusterIP` service and works together with PgPool so it supports PostgreSQL HA setup.
 
 ## How to set up PostgreSQL HA replication with repmgr cluster
 

docs/home/howto/KUBERNETES.md

@@ -385,7 +385,7 @@ To set specific database host IP address for Keycloak you have to provide additi
 
 Note: If `database address` is not specified, epicli assumes that database instance doesn't exist and will create it.
 
-By default, if `database address` is not specified and if Postgres is HA mode, Keycloak uses PGBouncer ClusterIP service
+By default, if `database address` is not specified and if Postgres is HA mode, Keycloak uses PGBouncer `ClusterIP` service
 name as database address.  
 If Postgres is in standalone mode, and `database address` is not specified, then it uses first Postgres host address
 from `inventory`.

docs/home/howto/MODULES.md

@@ -231,10 +231,7 @@ AWS:
           pgaudit.log_relation: 'on # separate log entry for each relation'
           pgaudit.log_statement_once: 'off'
           pgaudit.log_parameter: 'on'
-      pgbouncer:
-        enabled: false
       replication:
-        enabled: false
         replication_user_name: epi_repmgr
         replication_user_password: PASSWORD_TO_CHANGE
         privileged_user_name: epi_repmgr_admin

schema/common/defaults/configuration/firewall.yml

@@ -92,7 +92,6 @@ specification:
       enabled: true
       ports:
         - 5432/tcp
-        - 6432/tcp #PGBouncer
     prometheus:
       enabled: true
       ports: