Skip to content

Commit

Permalink
Add postgresql option target_session_attrs (ansible#1847)
Browse files Browse the repository at this point in the history
Signed-off-by: Lars Wildemann <[email protected]>
  • Loading branch information
larsux authored May 15, 2024
1 parent b49d68c commit e98c913
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 0 deletions.
1 change: 1 addition & 0 deletions .helm/starter/templates/postgres-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ stringData:
username: {{ .username }}
password: {{ .password }}
sslmode: {{ .sslmode }}
target_session_attrs: {{ .target_session_attrs | default "any" }}
type: {{ .type }}
type: Opaque
{{- end }}
Expand Down
3 changes: 3 additions & 0 deletions docs/user-guide/database-configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ stringData:
username: <username to connect as>
password: <password to connect with>
sslmode: prefer
target_session_attrs: read-write
type: unmanaged
type: Opaque
```
Expand All @@ -37,6 +38,8 @@ type: Opaque

**Note**: The variable `sslmode` is valid for `external` databases only. The allowed values are: `prefer`, `disable`, `allow`, `require`, `verify-ca`, `verify-full`.

**Note**: The variable `target_session_attrs` is only useful for `clustered external` databases. The allowed values are: `any` (default), `read-write`, `read-only`, `primary`, `standby` and `prefer-standby`, whereby only `read-write` and `primary` really make sense in AWX use, as you want to connect to a database node that offers write support.

Once the secret is created, you can specify it on your spec:

```yaml
Expand Down
1 change: 1 addition & 0 deletions roles/installer/tasks/database_configuration.yml
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,7 @@
awx_postgres_port: "{{ pg_config['resources'][0]['data']['port'] | b64decode }}"
awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}"
awx_postgres_sslmode: "{{ pg_config['resources'][0]['data']['sslmode'] | default('prefer'|b64encode) | b64decode }}"
awx_postgres_target_session_attrs: "{{ pg_config['resources'][0]['data']['target_session_attrs'] | default('') | b64decode }}"
no_log: "{{ no_log }}"

- name: Set database as managed
Expand Down
6 changes: 6 additions & 0 deletions roles/installer/templates/settings/credentials.py.j2
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ DATABASES = {
'OPTIONS': { 'sslmode': '{{ awx_postgres_sslmode }}',
{% if awx_postgres_sslmode in ['verify-ca', 'verify-full'] %}
'sslrootcert': '{{ ca_trust_bundle }}',
{% endif %}
{% if awx_postgres_target_session_attrs %}
'target_session_attrs': '{{ awx_postgres_target_session_attrs }}',
{% endif %}
},
}
Expand All @@ -25,6 +28,9 @@ LISTENER_DATABASES = {
'keepalives_count': {{ postgres_keepalives_count }},
{% else %}
'keepalives': 0,
{% endif %}
{% if awx_postgres_target_session_attrs %}
'target_session_attrs': '{{ awx_postgres_target_session_attrs }}',
{% endif %}
},
}
Expand Down

0 comments on commit e98c913

Please sign in to comment.