From 3066313182c6d389d556e2753d18b273bac2b2dc Mon Sep 17 00:00:00 2001 From: Michael Banck Date: Wed, 30 Jan 2019 12:59:01 +0100 Subject: [PATCH] * debian/README.Debian: Add sections on pg_hba.conf and pg_rewind/postgres database password. --- debian/README.Debian | 29 ++++++++++++++++++++++++++--- debian/changelog | 2 ++ 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/debian/README.Debian b/debian/README.Debian index 2216d7f..f309d1c 100644 --- a/debian/README.Debian +++ b/debian/README.Debian @@ -5,13 +5,13 @@ The Debian patroni package has been adjusted in order to interoperate with Debian's postgresql-common (pg-common) framework for the administration of PostgreSQL instances. A particular pg-common instance (or cluster) is identified by the PostgreSQL major version (e.g. 10) and the cluster name -(e.g. `main' as the dafault cluster), i.e. 10/main or 10-main. +(e.g. `main' as the default cluster), i.e. `10/main' or `10-main'. Automatic Patroni configuration generation ------------------------------------------ The Debian patroni package provides the pg_createconfig_patroni program that -allows to create a Patroni configuration for the desired Debian pg-common +allows one to create a Patroni configuration for the desired Debian pg-common cluster, e.g. /etc/patroni/10-main for the `10/main' or `10-main' cluster. The configuration is assembled from the /etc/patroni/dcs.yml fragment for the @@ -47,7 +47,7 @@ Cluster Bootstrap ----------------- After Patroni is started on a node for a particular cluster, it tried to acquire -the leader lock in the DCS. If it can aquire the lock, it will be the master of +the leader lock in the DCS. If it can acquire the lock, it will be the master of the cluster and bootstrap the instance. The pg_createconfig_patroni-generated configuration defines a custom bootstrap via the pg_createcluster_patroni script, which is a shell wrapper around the usual pg_createcluster utility. @@ -56,3 +56,26 @@ The standby nodes cannot be bootstrapped this way, as the cluster id is unique and Patroni expects a single cluster id among all members. To this end, the pg_clonecluster_patroni shell script is provided, which sets up a cluster and then clones from the master node via pg_basebackup. + +pg_hba.conf +----------- + +In order to have the identical pg_hba.conf on each cluster node, the default +pg_hba.conf gets overwritten by the lines specified in the +bootstrap.dcs.postgresql section of the Patroni configuration. By default, +replication connections from the local network and regular password (md5) based +connections from localhost are allowed. + +pg_rewind and postgres password +------------------------------- + +By default, no postgres database password is set; i.e. the postgres superuser +can only connect via the local socket. Likewise, pg_rewind is disabled (as +pg_rewind requires remote superuser access) and Patroni will re-clone a former +primary if its timeline has diverged from the cluster. + +If pg_rewind is to be used, then the `bootstrap.use_pg_rewind' parameter in +/etc/patroni/config.yml.in needs to be set to `true' and the +`postgresql.superuser.password' parameter needs to be set to the desired +postgres password. Finally, password (md5) connections need to be allowed on +the local network. diff --git a/debian/changelog b/debian/changelog index 80f75dc..d0ba55c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,6 +7,8 @@ patroni (1.5.4-5) UNRELEASED; urgency=medium instead of `Tests' and pass it the DCS as argument. * debian/tests/acceptance: Set DCS variable as provided by the command-line argument. + * debian/README.Debian: Add sections on pg_hba.conf and pg_rewind/postgres + database password. -- Debian PostgreSQL Maintainers Tue, 29 Jan 2019 11:22:38 +0100