Merge branch 'master' into cloud

vitabaks · Sep 26, 2023 · 0e94e47 · 0e94e47
2 parents 83d9ace + de4d400
commit 0e94e47
Show file tree

Hide file tree

Showing 38 changed files with 270 additions and 109 deletions.
diff --git a/README.md b/README.md
@@ -140,7 +140,7 @@ RedHat and Debian based distros (x86_64)
 ###### PostgreSQL versions: 
 all supported PostgreSQL versions
 
-:white_check_mark: tested, works fine: PostgreSQL 10, 11, 12, 13, 14, 15
+:white_check_mark: tested, works fine: PostgreSQL 10, 11, 12, 13, 14, 15, 16
 
 _Table of results of daily automated testing of cluster deployment:_
 | Distribution | Test result |

diff --git a/molecule/pg_upgrade/converge.yml b/molecule/pg_upgrade/converge.yml
@@ -15,7 +15,7 @@
         with_haproxy_load_balancing: true
         consul_node_role: server # if dcs_type: "consul"
         consul_bootstrap_expect: true # if dcs_type: "consul"
-        postgresql_version: "12" # redefine the version to install for the upgrade test
+        postgresql_version: "14" # redefine the version to install for the upgrade test
         cacheable: true
 
     - name: Set variables for custom PostgreSQL data and WAL directory test
@@ -25,15 +25,15 @@
 
     - name: Set variables for TimescaleDB cluster deployment test
       ansible.builtin.set_fact:
-        enable_timescale: true
+        enable_timescale: false # TODO (enable when adding PostgreSQL 16 support)
       when:
         - not (ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '<'))
         - not (ansible_distribution == 'Debian' and ansible_distribution_version is version('11', '>')) # TODO Debian 12
 
     - name: Set variables for PostgreSQL upgrade test
       ansible.builtin.set_fact:
-        pg_old_version: "12"
-        pg_new_version: "15"
+        pg_old_version: "14"
+        pg_new_version: "16"
 
     - name: Clean yum cache (molecule containers)
       ansible.builtin.command: yum clean all

diff --git a/requirements.txt b/requirements.txt
@@ -1,7 +1,7 @@
 ansible==7.6.0
 ansible-core==2.14.6
 cffi==1.15.1
-cryptography==41.0.3
+cryptography==41.0.4
 Jinja2==3.1.2
 MarkupSafe==2.1.2
 packaging==23.1

diff --git a/roles/confd/templates/confd.toml.j2 b/roles/confd/templates/confd.toml.j2
@@ -9,7 +9,15 @@ nodes = [
 {% endif %}
 {% if dcs_exists|bool and dcs_type == 'etcd' %}
   {% for etcd_hosts in patroni_etcd_hosts %}
-  "http://{{etcd_hosts.host}}:{{etcd_hosts.port}}",
+  "{{ patroni_etcd_protocol | default('http', true) }}://{{etcd_hosts.host}}:{{etcd_hosts.port}}",
   {% endfor %}
 {% endif %}
 ]
+{% if dcs_exists|bool and dcs_type == 'etcd' %}
+{% if patroni_etcd_username | default('') | length > 0 %}
+username = "{{ patroni_etcd_username | default('') }}"
+{% endif %}
+{% if patroni_etcd_password | default('') | length > 0 %}
+password = "{{ patroni_etcd_password }}"
+{% endif %}
+{% endif %}
diff --git a/roles/confd/templates/haproxy.toml.j2 b/roles/confd/templates/haproxy.toml.j2
@@ -1,5 +1,5 @@
 [template]
-prefix = "/service/{{ patroni_cluster_name }}"
+prefix = "/{{ patroni_etcd_namespace | default('service') }}/{{ patroni_cluster_name }}"
 src = "haproxy.tmpl"
 dest = "/etc/haproxy/haproxy.cfg"
 {% if haproxy_installation_method == "src" %}

diff --git a/roles/deploy-finish/tasks/main.yml b/roles/deploy-finish/tasks/main.yml
@@ -10,7 +10,7 @@
       become: true
       become_user: postgres
       ansible.builtin.command:
-        "{{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -c\"\\du\""
+        "{{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -Xc\"\\du\""
       register: users_result
       delegate_to: "{{ groups.master[0] }}"
       changed_when: false
@@ -29,7 +29,7 @@
       become: true
       become_user: postgres
       ansible.builtin.command:
-        "{{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -c
+        "{{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -Xc
         \"
           SELECT
           d.datname as name,

diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
@@ -44,7 +44,10 @@
       loop:
         - etcd
         - etcdctl
-  when: installation_method == "repo" and etcd_package_repo | length > 0
+  when:
+    - installation_method == "repo"
+    - etcd_package_repo | length > 0
+    - not ansible_check_mode
   tags: etcd, etcd_install
 
 - block:  # install etcd package from file
@@ -64,7 +67,10 @@
       loop:
         - etcd
         - etcdctl
-  when: installation_method == "file" and etcd_package_file | length > 0
+  when:
+    - installation_method == "file"
+    - etcd_package_file | length > 0
+    - not ansible_check_mode
   tags: etcd, etcd_install
 
 - name: Add etcd user
@@ -123,17 +129,24 @@
       ansible.builtin.command: >
         /usr/local/bin/etcdctl endpoint health
         --endpoints=http://{{ inventory_hostname }}:2379
+      environment:
+        ETCDCTL_API: "3"
       register: etcd_health_result
-      until: "'is healthy' in etcd_health_result.stdout"
+      until: >
+        'is healthy' in etcd_health_result.stdout or
+        'is healthy' in etcd_health_result.stderr
       retries: 10
       delay: 10
       changed_when: false
       ignore_errors: false
-      check_mode: false
 
     - name: cluster health
       ansible.builtin.debug:
-        msg: "{{ etcd_health_result.stdout }}"
+        msg: >
+          {{ etcd_health_result.stdout
+          if etcd_health_result.stdout | length > 0
+          else etcd_health_result.stderr }}
+  when: not ansible_check_mode
   tags: etcd, etcd_start, etcd_status
 
 ...
diff --git a/roles/patroni/config/tasks/main.yml b/roles/patroni/config/tasks/main.yml
@@ -57,6 +57,8 @@
         body_format: json
       loop: "{{ postgresql_parameters }}"
       when: item.value == "null"
+  environment:
+    no_proxy: "{{ inventory_hostname }}"
   when: is_master | bool
   tags: patroni, patroni_conf
 

diff --git a/roles/patroni/handlers/main.yml b/roles/patroni/handlers/main.yml
@@ -11,10 +11,10 @@
 - name: Reload postgres
   become: true
   become_user: postgres
-  ansible.builtin.command: "{{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -c 'SELECT pg_reload_conf()'"
-  register: psql_reload_result
-  changed_when: psql_reload_result.rc == 0
-  failed_when: false  # exec pg_reload_conf on all running postgres (to re-run with --tag pg_hba).
+  ansible.builtin.command: "{{ postgresql_bin_dir }}/pg_ctl reload -D {{ postgresql_data_dir }}"
+  register: pg_ctl_reload_result
+  changed_when: pg_ctl_reload_result.rc == 0
+  failed_when: false  # exec 'reload' on all running postgres (to re-run with --tag pg_hba).
   listen: "reload postgres"
 
 ...
diff --git a/roles/patroni/tasks/custom_wal_dir.yml b/roles/patroni/tasks/custom_wal_dir.yml
@@ -38,7 +38,8 @@
     - name: Execute CHECKPOINT before stopping PostgreSQL
       become: true
       become_user: postgres
-      ansible.builtin.command: psql -tAXc "CHECKPOINT"
+      ansible.builtin.command: >
+        psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -tAXc "CHECKPOINT"
 
     - name: Stop patroni service on the Replica (for create symlink)
       become: true

diff --git a/roles/patroni/tasks/main.yml b/roles/patroni/tasks/main.yml
@@ -527,9 +527,7 @@
         - name: Prepare PostgreSQL | reload for apply the pg_hba.conf
           become: true
           become_user: postgres
-          ansible.builtin.command: "{{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -c 'SELECT pg_reload_conf()'"
-          register: psql_reload_result
-          failed_when: psql_reload_result.rc != 0
+          ansible.builtin.command: "{{ postgresql_bin_dir }}/pg_ctl reload -D {{ postgresql_data_dir }}"
 
         - name: Prepare PostgreSQL | make sure the user "{{ patroni_superuser_username }}" are present, and password does not differ from the specified
           community.postgresql.postgresql_user:
@@ -571,7 +569,8 @@
     - name: Prepare PostgreSQL | waiting for CHECKPOINT to complete before stopping postgresql
       become: true
       become_user: postgres
-      ansible.builtin.command: "{{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -c 'CHECKPOINT'"
+      ansible.builtin.command: >
+        {{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -tAXc "CHECKPOINT"
       register: checkpoint_result
       until: checkpoint_result.rc == 0
       retries: 300
@@ -707,7 +706,9 @@
                 (not is_master | bool and 'pgbackrest' in patroni_create_replica_methods))
 
         - name: Waiting for PostgreSQL Recovery to complete (WAL apply)
-          ansible.builtin.command: "{{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -tAc 'SELECT pg_is_in_recovery()'"
+          ansible.builtin.command: >-
+            {{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -tAXc
+            "select pg_is_in_recovery()"
           register: pg_is_in_recovery
           until: pg_is_in_recovery.stdout != "t"
           retries: 1200  # timeout 10 hours
@@ -813,7 +814,9 @@
     - name: Wait for PostgreSQL Recovery to complete (WAL apply)
       become: true
       become_user: postgres
-      ansible.builtin.command: "{{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -tAc 'SELECT pg_is_in_recovery()'"
+      ansible.builtin.command: >-
+        {{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -tAXc
+        "select pg_is_in_recovery()"
       register: pg_is_in_recovery
       until: pg_is_in_recovery.stdout == "f"
       retries: 1200  # timeout 10 hours
@@ -862,17 +865,19 @@
     - name: Prepare PostgreSQL | reload for apply the pg_hba.conf
       become: true
       become_user: postgres
-      ansible.builtin.command: "{{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -c 'SELECT pg_reload_conf()'"
-      register: psql_reload_result
-      changed_when: psql_reload_result.rc == 0
-      failed_when: false  # exec pg_reload_conf on all running postgres (to re-run with --tag pg_hba).
+      ansible.builtin.command: "{{ postgresql_bin_dir }}/pg_ctl reload -D {{ postgresql_data_dir }}"
+      register: pg_ctl_reload_result
+      changed_when: pg_ctl_reload_result.rc == 0
+      failed_when: false  # exec 'reload' on all running postgres (to re-run with --tag pg_hba).
       when: generate_pg_hba is changed
   when: existing_pgcluster is not defined or not existing_pgcluster|bool
   tags: patroni, pg_hba, pg_hba_generate
 
 - block:  # PITR (custom bootstrap) - password reset for PostgreSQL users
     - name: Make sure the Master is not in recovery mode
-      ansible.builtin.command: "{{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -tAc 'SELECT pg_is_in_recovery()'"
+      ansible.builtin.command: >-
+        {{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -tAXc
+        "select pg_is_in_recovery()"
       register: pg_is_in_recovery
       until: pg_is_in_recovery.stdout != "t"
       retries: 1200  # timeout 10 hours

diff --git a/roles/patroni/templates/patroni.yml.j2 b/roles/patroni/templates/patroni.yml.j2
@@ -3,7 +3,7 @@
 
 scope: {{ patroni_cluster_name }}
 name: {{ ansible_hostname }}
-namespace: /service/
+namespace: /{{ patroni_etcd_namespace | default('service') }}
 
 {% if patroni_log_destination == 'logfile' %}
 log:
@@ -35,7 +35,16 @@ etcd3:
 {% endif %}
 {% if dcs_exists|bool and dcs_type == 'etcd' %}
 etcd3:
-  hosts: {% for etcd_hosts in patroni_etcd_hosts %}{{etcd_hosts.host}}:{{etcd_hosts.port}}{% if not loop.last %},{% endif %}{% endfor %}
+  hosts: {% for etcd_hosts in patroni_etcd_hosts %}{{etcd_hosts.host}}:{{etcd_hosts.port}}{% if not loop.last %},{% endif %}{% endfor +%}
+  {% if patroni_etcd_username | default('') | length > 0 %}
+  username: {{ patroni_etcd_username | default('') }}
+  {% endif %}
+  {% if patroni_etcd_password | default('') | length > 0 %}
+  password: {{ patroni_etcd_password }}
+  {% endif %}
+  {% if patroni_etcd_protocol | default('') | length > 0 %}
+  protocol: {{ patroni_etcd_protocol }}
+  {% endif %}
 {% endif %}
 
 {% if dcs_type == 'consul' %}

diff --git a/roles/pgbackrest/tasks/main.yml b/roles/pgbackrest/tasks/main.yml
@@ -166,6 +166,7 @@
     - pgbackrest_repo_type|lower == "posix"
     - pgbackrest_repo_host is defined
     - pgbackrest_repo_host | length > 0
+    - not ansible_check_mode
   tags: pgbackrest, pgbackrest_ssh_keys
 
 - ansible.builtin.import_tasks: cron.yml

diff --git a/roles/pgbouncer/config/tasks/main.yml b/roles/pgbouncer/config/tasks/main.yml
@@ -25,9 +25,9 @@
       run_once: true
       become: true
       become_user: postgres
-      ansible.builtin.command: >
-        {{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -Atq
-        -c "SELECT concat('\"', usename, '\" \"', passwd, '\"') FROM pg_shadow where usename != '{{ patroni_replication_username }}'"
+      ansible.builtin.command: >-
+        {{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -tAXcq
+        "SELECT concat('\"', usename, '\" \"', passwd, '\"') FROM pg_shadow where usename != '{{ patroni_replication_username }}'"
       register: pg_shadow_result
       changed_when: false
       delegate_to: "{{ groups.master[0] }}"
@@ -52,7 +52,7 @@
   become: true
   become_user: postgres
   ansible.builtin.shell: |
-    for db in $({{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -tAXc \
+    for db in $({{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -tAXc \
     "select datname from pg_catalog.pg_database where datname <> 'template0'"); do
       {{ postgresql_bin_dir }}/psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d "$db" -tAXc '
         CREATE OR REPLACE FUNCTION user_search(uname TEXT) RETURNS TABLE (usename name, passwd text) AS

diff --git a/roles/pgpass/tasks/main.yml b/roles/pgpass/tasks/main.yml
@@ -12,6 +12,7 @@
     owner: postgres
     group: postgres
     mode: "0600"
+  no_log: true
   when:
     - postgresql_pgpass is defined
     - postgresql_pgpass | length > 0

diff --git a/roles/update/tasks/extensions.yml b/roles/update/tasks/extensions.yml
@@ -8,7 +8,9 @@
   failed_when: false
 
 - name: Get a list of databases
-  ansible.builtin.command: psql -tAXc "select datname from pg_catalog.pg_database where datname <> 'template0'"
+  ansible.builtin.command: >-
+    psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -tAXc
+    "select datname from pg_catalog.pg_database where datname <> 'template0'"
   register: databases_list
   changed_when: false
   when:

diff --git a/roles/update/tasks/pre_checks.yml b/roles/update/tasks/pre_checks.yml
@@ -1,11 +1,13 @@
 ---
 - name: '[Pre-Check] (ALL) Test PostgreSQL DB Access'
-  ansible.builtin.command: psql -tAXc 'select 1'
+  ansible.builtin.command: >
+    psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -tAXc 'select 1'
   changed_when: false
 
 - name: '[Pre-Check] Make sure that physical replication is active'
   ansible.builtin.command: >-
-    psql -tAXc "select count(*) from pg_stat_replication
+    psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -tAXc
+    "select count(*) from pg_stat_replication
     where application_name != 'pg_basebackup'"
   register: pg_replication_state
   changed_when: false
@@ -22,8 +24,9 @@
 
 - name: '[Pre-Check] Make sure there is no high replication lag (more than {{ max_replication_lag_bytes | human_readable }})'
   ansible.builtin.command: >-
-    psql -tAXc "select pg_wal_lsn_diff(pg_current_wal_lsn(),
-    replay_lsn) pg_lag_bytes from pg_stat_replication
+    psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -tAXc
+    "select pg_wal_lsn_diff(pg_current_wal_lsn(),replay_lsn) pg_lag_bytes
+    from pg_stat_replication
     order by pg_lag_bytes desc limit 1"
   register: pg_lag_bytes
   changed_when: false
@@ -50,7 +53,8 @@
 
 - name: '[Pre-Check] Make sure there are no long-running transactions (more than {{ max_transaction_sec }} seconds)'
   ansible.builtin.command: >-
-    psql -tAXc "select pid, usename, client_addr, clock_timestamp() - xact_start as xact_age,
+    psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -tAXc
+    "select pid, usename, client_addr, clock_timestamp() - xact_start as xact_age,
       state, wait_event_type ||':'|| wait_event as wait_events,
       left(regexp_replace(query, E'[ \\t\\n\\r]+', ' ', 'g'),100) as query
       from pg_stat_activity

diff --git a/roles/update/tasks/stop_services.yml b/roles/update/tasks/stop_services.yml
@@ -15,7 +15,8 @@
     - name: Execute CHECKPOINT before stopping PostgreSQL
       become: true
       become_user: postgres
-      ansible.builtin.command: psql -tAXc "CHECKPOINT"
+      ansible.builtin.command: >
+        psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -tAXc "CHECKPOINT"
 
     - name: "Stop Patroni service on the Cluster Replica ({{ ansible_hostname }})"
       become: true
@@ -30,7 +31,8 @@
     - name: Execute CHECKPOINT before stopping PostgreSQL
       become: true
       become_user: postgres
-      ansible.builtin.command: psql -tAXc "CHECKPOINT"
+      ansible.builtin.command: >
+        psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -tAXc "CHECKPOINT"
 
     - name: "Stop Patroni service on the old Cluster Leader ({{ ansible_hostname }})"
       become: true

diff --git a/roles/update/tasks/stop_traffic.yml b/roles/update/tasks/stop_traffic.yml
@@ -31,8 +31,9 @@
   become: true
   become_user: postgres
   ansible.builtin.command: >-
-    psql -tAXc "select
-    count(*) from pg_stat_activity
+    psql -p {{ postgresql_port }} -U {{ patroni_superuser_username }} -d postgres -tAXc
+    "select count(*)
+    from pg_stat_activity
     where pid <> pg_backend_pid()
     and backend_type = 'client backend'
     and state = 'active'"