From 2bf98e9273872f820481e01246f44bdc2566fec5 Mon Sep 17 00:00:00 2001 From: Oleksandr Stepanov Date: Tue, 19 Nov 2024 16:11:28 +0100 Subject: [PATCH 1/4] feat: Added optional postgres replication --- defaults/main.yml | 4 ++++ tasks/firewall.yml | 9 +++++++++ tasks/provision.yml | 14 ++++++++++++++ templates/docker-compose.yaml.j2 | 6 ++++++ 4 files changed, 33 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index 859f5ac..6f682ae 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -56,6 +56,10 @@ postgres_arguments: - max_parallel_maintenance_workers=4 - -c - checkpoint_timeout=1800 +enable_postgres_replication: false +# IP address of the interface replication +postgres_replication_bind_address: "" +postgres_replica_address: "" # Enable TLS for traefik enable_tls: false diff --git a/tasks/firewall.yml b/tasks/firewall.yml index 2a81b48..f348faf 100644 --- a/tasks/firewall.yml +++ b/tasks/firewall.yml @@ -57,6 +57,15 @@ destination_port: "{{ consensus_port }}" jump: ACCEPT +- name: Allow postgres replication traffic from replica only + when: enable_postgres_replication + ansible.builtin.iptables: + chain: INPUT + protocol: tcp + destination_port: 5432 + source: "{{ postgres_replication_bind_address }}" + jump: ACCEPT + - name: Set default policy to DROP ansible.builtin.iptables: chain: INPUT diff --git a/tasks/provision.yml b/tasks/provision.yml index 7a35120..1a73553 100644 --- a/tasks/provision.yml +++ b/tasks/provision.yml @@ -32,6 +32,20 @@ - l2_chain_id - l1_chain_id +- name: "Verify that required variables for replication is set" + when: enable_postgres_replication + ansible.builtin.assert: + that: + - required_var != "" + fail_msg: "{{ postgress_replication_required_var }} needs to be set for the role for postgres replication to work" + success_msg: "Required variable for postgres replication {{ postgress_replication_required_var }} isn't empty" + loop_control: + loop_var: postgress_replication_required_var + with_items: + - enable_postgres_replication + - postgres_replication_bind_address + - postgres_replica_address + - name: Check required en vars empty ansible.builtin.fail: msg: "Variable '{{ item }}' is empty" diff --git a/templates/docker-compose.yaml.j2 b/templates/docker-compose.yaml.j2 index 5e7f028..5e0fb22 100644 --- a/templates/docker-compose.yaml.j2 +++ b/templates/docker-compose.yaml.j2 @@ -43,6 +43,12 @@ services: - ./restore_dump.sh:/docker-entrypoint-initdb.d/restore_dump.sh env_file: - postgres.env +{% if enable_postgres_replication %} + environment: + POSTGRES_HOST_AUTH_METHOD: "host replication replicator {{ postgres_replica_address }}/32 md5" + ports: + - "{{ postgres_replication_interface }}:5432:5432" +{% endif %} command: - postgres - -c From f347a9173ecde63474641d26e8398f02de02b7e0 Mon Sep 17 00:00:00 2001 From: Oleksandr Stepanov Date: Tue, 19 Nov 2024 16:12:31 +0100 Subject: [PATCH 2/4] feat: Added optional postgres replication --- tasks/firewall.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/firewall.yml b/tasks/firewall.yml index f348faf..9b0951e 100644 --- a/tasks/firewall.yml +++ b/tasks/firewall.yml @@ -63,7 +63,7 @@ chain: INPUT protocol: tcp destination_port: 5432 - source: "{{ postgres_replication_bind_address }}" + source: "{{ postgres_replica_address }}" jump: ACCEPT - name: Set default policy to DROP From 6f1e0257851e436046e13d1c36a29590e40c6af9 Mon Sep 17 00:00:00 2001 From: Oleksandr Stepanov Date: Tue, 19 Nov 2024 16:26:57 +0100 Subject: [PATCH 3/4] Added replication flags --- defaults/main.yml | 1 + tasks/provision.yml | 1 + templates/docker-compose.yaml.j2 | 3 +++ 3 files changed, 5 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index 6f682ae..fbeb767 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -58,6 +58,7 @@ postgres_arguments: - checkpoint_timeout=1800 enable_postgres_replication: false # IP address of the interface replication +postgres_replications_arguments: [] postgres_replication_bind_address: "" postgres_replica_address: "" diff --git a/tasks/provision.yml b/tasks/provision.yml index 1a73553..ee526a0 100644 --- a/tasks/provision.yml +++ b/tasks/provision.yml @@ -45,6 +45,7 @@ - enable_postgres_replication - postgres_replication_bind_address - postgres_replica_address + - postgres_replications_arguments - name: Check required en vars empty ansible.builtin.fail: diff --git a/templates/docker-compose.yaml.j2 b/templates/docker-compose.yaml.j2 index 5e0fb22..75bf0dd 100644 --- a/templates/docker-compose.yaml.j2 +++ b/templates/docker-compose.yaml.j2 @@ -54,6 +54,9 @@ services: - -c {% for argument in postgres_arguments %} - {{ argument }} +{% endfor %} +{% for repl_argument in postgres_replications_arguments %} + - {{ repl_argument }} {% endfor %} external_node: {% if not external_node_raw_docker_tag %} From cfbaed74f0e696b8a0f0e4eb6d5a75021b77db42 Mon Sep 17 00:00:00 2001 From: Oleksandr Stepanov Date: Tue, 19 Nov 2024 16:28:13 +0100 Subject: [PATCH 4/4] Added replication flags --- templates/docker-compose.yaml.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/docker-compose.yaml.j2 b/templates/docker-compose.yaml.j2 index 75bf0dd..ee89a4f 100644 --- a/templates/docker-compose.yaml.j2 +++ b/templates/docker-compose.yaml.j2 @@ -55,9 +55,11 @@ services: {% for argument in postgres_arguments %} - {{ argument }} {% endfor %} +{% if enable_postgres_replication %} {% for repl_argument in postgres_replications_arguments %} - {{ repl_argument }} {% endfor %} +{% endif %} external_node: {% if not external_node_raw_docker_tag %} image: "matterlabs/external-node:v{{ external_node_version }}"