* debian/config.yml.in: Add commented out section on a rewind user, that can

be used on PostgreSQL 11+ to run pg_rewind as a non-superuser.

debian/changelog

@@ -3,6 +3,8 @@ patroni (1.6.5-3) UNRELEASED; urgency=medium
   [ Michael Banck ]
   * debian/pg_clonecluster_patroni: Always use explicit pg_basebackup version,
     in case more than one major version of PostgreSQL is installed.
+  * debian/config.yml.in: Add commented out section on a rewind user, that can
+    be used on PostgreSQL 11+ to run pg_rewind as a non-superuser.
 
  -- Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>  Thu, 07 May 2020 13:41:58 +0200
 

debian/config.yml.in

@@ -99,8 +99,8 @@ postgresql:
   pgpass: /var/lib/postgresql/@VERSION@-@CLUSTER@.pgpass
   authentication:
     replication:
-      username: replicator
-      password: rep-pass
+      username: "replicator"
+      password: "rep-pass"
 # A superuser role is required in order for Patroni to manage the local
 # Postgres instance.  If the option `use_unix_socket' is set to `true', then
 # specifying an empty password results in no md5 password for the superuser
@@ -108,8 +108,16 @@ postgresql:
 # nevertheless required.  Note that pg_rewind will not work if no md5 password
 # is set.
     superuser:
-      username: postgres
+      username: "postgres"
       password:
+# A rewind role can be specified in order for Patroni to use on PostgreSQL 11
+# or later for pg_rewind, i.e. rewinding a former primary after failover
+# without having to re-clone it. Patroni will assign this user the necessary
+# permissions (that only exist from PostgreSQL)
+#    rewind:
+#      username: "rewind"
+#      password: "rewind-pass"
+
   parameters:
     unix_socket_directories: '/var/run/postgresql/'
     # Emulate default Debian/Ubuntu logging