* debian/README.Debian: Add sections on pg_hba.conf and pg_rewind/postgres

database password.

debian/README.Debian

@@ -5,13 +5,13 @@ The Debian patroni package has been adjusted in order to interoperate with
 Debian's postgresql-common (pg-common) framework for the administration of
 PostgreSQL instances.  A particular pg-common instance (or cluster) is
 identified by the PostgreSQL major version (e.g. 10) and the cluster name
-(e.g. `main' as the dafault cluster), i.e. 10/main or 10-main.
+(e.g. `main' as the default cluster), i.e. `10/main' or `10-main'.
 
 Automatic Patroni configuration generation
 ------------------------------------------
 
 The Debian patroni package provides the pg_createconfig_patroni program that
-allows to create a Patroni configuration for the desired Debian pg-common
+allows one to create a Patroni configuration for the desired Debian pg-common
 cluster, e.g. /etc/patroni/10-main for the `10/main' or `10-main' cluster.
 
 The configuration is assembled from the /etc/patroni/dcs.yml fragment for the
@@ -47,7 +47,7 @@ Cluster Bootstrap
 -----------------
 
 After Patroni is started on a node for a particular cluster, it tried to acquire
-the leader lock in the DCS.  If it can aquire the lock, it will be the master of
+the leader lock in the DCS.  If it can acquire the lock, it will be the master of
 the cluster and bootstrap the instance. The pg_createconfig_patroni-generated
 configuration defines a custom bootstrap via the pg_createcluster_patroni
 script, which is a shell wrapper around the usual pg_createcluster utility.
@@ -56,3 +56,26 @@ The standby nodes cannot be bootstrapped this way, as the cluster id is
 unique and Patroni expects a single cluster id among all members.  To this end,
 the pg_clonecluster_patroni shell script is provided, which sets up a cluster
 and then clones from the master node via pg_basebackup.
+
+pg_hba.conf
+-----------
+
+In order to have the identical pg_hba.conf on each cluster node, the default
+pg_hba.conf gets overwritten by the lines specified in the
+bootstrap.dcs.postgresql section of the Patroni configuration. By default,
+replication connections from the local network and regular password (md5) based
+connections from localhost are allowed.
+
+pg_rewind and postgres password
+-------------------------------
+
+By default, no postgres database password is set; i.e. the postgres superuser
+can only connect via the local socket.  Likewise, pg_rewind is disabled (as
+pg_rewind requires remote superuser access) and Patroni will re-clone a former
+primary if its timeline has diverged from the cluster.
+
+If pg_rewind is to be used, then the `bootstrap.use_pg_rewind' parameter in
+/etc/patroni/config.yml.in needs to be set to `true' and the
+`postgresql.superuser.password' parameter needs to be set to the desired
+postgres password.  Finally, password (md5) connections need to be allowed on
+the local network.

debian/changelog

@@ -7,6 +7,8 @@ patroni (1.5.4-5) UNRELEASED; urgency=medium
     instead of `Tests' and pass it the DCS as argument.
   * debian/tests/acceptance: Set DCS variable as provided by the command-line
     argument.
+  * debian/README.Debian: Add sections on pg_hba.conf and pg_rewind/postgres
+    database password.
 
  -- Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>  Tue, 29 Jan 2019 11:22:38 +0100