From 419d6559dd33f5b0a1a91204197e2e5a7d938466 Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Fri, 2 Mar 2018 13:14:02 +0100
Subject: [PATCH] postgres: Merge config differences from soyuz
Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
roles/postgres/templates/pg_hba.conf.j2 | 28 +++----
roles/postgres/templates/postgresql.conf.j2 | 87 ++++++++++++---------
2 files changed, 63 insertions(+), 52 deletions(-)
diff --git a/roles/postgres/templates/pg_hba.conf.j2 b/roles/postgres/templates/pg_hba.conf.j2
index f8f7190a5..1d7602cb0 100644
--- a/roles/postgres/templates/pg_hba.conf.j2
+++ b/roles/postgres/templates/pg_hba.conf.j2
@@ -42,10 +42,10 @@
# or "samenet" to match any address in any subnet that the server is
# directly connected to.
#
-# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi",
-# "ident", "peer", "pam", "ldap", "radius" or "cert". Note that
-# "password" sends passwords in clear text; "md5" is preferred since
-# it sends encrypted passwords.
+# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256",
+# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert".
+# Note that "password" sends passwords in clear text; "md5" or
+# "scram-sha-256" are preferred since they send encrypted passwords.
#
# OPTIONS are a set of options for the authentication in the format
# NAME=VALUE. The available options depend on the different
@@ -59,11 +59,11 @@
# its special character, and just match a database or username with
# that name.
#
-# This file is read on server startup and when the postmaster receives
-# a SIGHUP signal. If you edit the file on a running system, you have
-# to SIGHUP the postmaster for the changes to take effect. You can
-# use "pg_ctl reload" to do that.
-
+# This file is read on server startup and when the server receives a
+# SIGHUP signal. If you edit the file on a running system, you have to
+# SIGHUP the server for the changes to take effect, run "pg_ctl reload",
+# or execute "SELECT pg_reload_conf()".
+#
# Put your actual configuration here
# ----------------------------------
#
@@ -72,10 +72,6 @@
# listen on a non-local interface via the listen_addresses
# configuration parameter, or via the -i or -h command line switches.
-# CAUTION: Configuring the system for local "trust" authentication
-# allows any local user to connect as any PostgreSQL user, including
-# the database superuser. If you do not trust all your local users,
-# use another authentication method.
# TYPE DATABASE USER ADDRESS METHOD
@@ -91,9 +87,9 @@ host all postgres ::1/128 md5
host sameuser all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
-#local replication postgres trust
-#host replication postgres 127.0.0.1/32 trust
-#host replication postgres ::1/128 trust
+#local replication all peer
+#host replication all 127.0.0.1/32 md5
+#host replication all ::1/128 md5
{% for host in postgres_ssl_hosts %}
hostssl all all {{ host }} md5
{% endfor %}
diff --git a/roles/postgres/templates/postgresql.conf.j2 b/roles/postgres/templates/postgresql.conf.j2
index f8dad38ed..8b4769490 100644
--- a/roles/postgres/templates/postgresql.conf.j2
+++ b/roles/postgres/templates/postgresql.conf.j2
@@ -16,9 +16,9 @@
#
# This file is read on server startup and when the server receives a SIGHUP
# signal. If you edit the file on a running system, you have to SIGHUP the
-# server for the changes to take effect, or use "pg_ctl reload". Some
-# parameters, which are marked below, require a server shutdown and restart to
-# take effect.
+# server for the changes to take effect, run "pg_ctl reload", or execute
+# "SELECT pg_reload_conf()". Some parameters, which are marked below,
+# require a server shutdown and restart to take effect.
#
# Any parameter can also be given as a command-line option to the server, e.g.,
# "postgres -c log_connections=on". Some parameters can be changed at run time
@@ -56,7 +56,7 @@
# - Connection Settings -
-listen_addresses = {{ postgres_listen_addresses }} # what IP address(es) to listen on;
+listen_addresses = '{{ postgres_listen_addresses }}' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
@@ -78,14 +78,14 @@ max_connections = {{ postgres_max_connections }} # (change requires restart)
#authentication_timeout = 1min # 1s-600s
ssl = {{ postgres_ssl }} # (change requires restart)
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
- # (change requires restart)
-ssl_prefer_server_ciphers = {{ postgres_ssl_prefer_server_ciphers }} # (change requires restart)
-#ssl_ecdh_curve = 'prime256v1' # (change requires restart)
-ssl_cert_file = '{{ postgres_ssl_cert_file }}' # (change requires restart)
-ssl_key_file = '{{ postgres_ssl_key_file }}' # (change requires restart)
-ssl_ca_file = '{{ postgres_ssl_ca_file }}' # (change requires restart)
-#ssl_crl_file = '' # (change requires restart)
-#password_encryption = on
+ssl_prefer_server_ciphers = {{ postgres_ssl_prefer_server_ciphers }}
+#ssl_ecdh_curve = 'prime256v1'
+#ssl_dh_params_file = ''
+ssl_cert_file = '{{ postgres_ssl_cert_file }}'
+ssl_key_file = '{{ postgres_ssl_key_file }}'
+ssl_ca_file = '{{ postgres_ssl_ca_file }}'
+#ssl_crl_file = ''
+#password_encryption = md5 # md5 or scram-sha-256
#db_user_namespace = off
#row_security = on
@@ -131,6 +131,7 @@ dynamic_shared_memory_type = posix # the default is the first option
# windows
# mmap
# use none to disable dynamic shared memory
+ # (change requires restart)
# - Disk -
@@ -156,17 +157,18 @@ dynamic_shared_memory_type = posix # the default is the first option
#bgwriter_delay = 200ms # 10-10000ms between rounds
#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round
#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round
-#bgwriter_flush_after = 0 # 0 disables,
- # default is 512kB on linux, 0 otherwise
+#bgwriter_flush_after = 512kB # measured in pages, 0 disables
# - Asynchronous Behavior -
#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching
#max_worker_processes = 8 # (change requires restart)
-#max_parallel_workers_per_gather = 0 # taken from max_worker_processes
+#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers
+#max_parallel_workers = 8 # maximum number of max_worker_processes that
+ # can be used in parallel queries
#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate
- # (change requires restart)
-#backend_flush_after = 0 # 0 disables, default is 0
+ # (change requires restart)
+#backend_flush_after = 0 # measured in pages, 0 disables
#------------------------------------------------------------------------------
@@ -175,11 +177,11 @@ dynamic_shared_memory_type = posix # the default is the first option
# - Settings -
-#wal_level = minimal # minimal, replica, or logical
+#wal_level = replica # minimal, replica, or logical
# (change requires restart)
#fsync = on # flush data to disk for crash safety
- # (turning this off can cause
- # unrecoverable data corruption)
+ # (turning this off can cause
+ # unrecoverable data corruption)
#synchronous_commit = on # synchronization level;
# off, local, remote_write, remote_apply, or on
#wal_sync_method = fsync # the default is the first option
@@ -196,7 +198,7 @@ dynamic_shared_memory_type = posix # the default is the first option
#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers
# (change requires restart)
#wal_writer_delay = 200ms # 1-10000 milliseconds
-#wal_writer_flush_after = 1MB # 0 disables
+#wal_writer_flush_after = 1MB # measured in pages, 0 disables
#commit_delay = 0 # range 0-100000, in microseconds
#commit_siblings = 5 # range 1-1000
@@ -207,8 +209,7 @@ dynamic_shared_memory_type = posix # the default is the first option
#max_wal_size = 1GB
#min_wal_size = 80MB
#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0
-#checkpoint_flush_after = 0 # 0 disables,
- # default is 256kB on linux, 0 otherwise
+#checkpoint_flush_after = 256kB # measured in pages, 0 disables
#checkpoint_warning = 30s # 0 disables
# - Archiving -
@@ -231,12 +232,12 @@ dynamic_shared_memory_type = posix # the default is the first option
# Set these on the master and on any standby that will send replication data.
-#max_wal_senders = 0 # max number of walsender processes
+#max_wal_senders = 10 # max number of walsender processes
# (change requires restart)
#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables
#wal_sender_timeout = 60s # in milliseconds; 0 disables
-#max_replication_slots = 0 # max number of replication slots
+#max_replication_slots = 10 # max number of replication slots
# (change requires restart)
#track_commit_timestamp = off # collect timestamp of transaction commit
# (change requires restart)
@@ -246,7 +247,8 @@ dynamic_shared_memory_type = posix # the default is the first option
# These settings are ignored on a standby server.
#synchronous_standby_names = '' # standby servers that provide sync rep
- # number of sync standbys and comma-separated list of application_name
+ # method to choose sync standbys, number of sync standbys,
+ # and comma-separated list of application_name
# from standby(s); '*' = all
#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed
@@ -254,7 +256,7 @@ dynamic_shared_memory_type = posix # the default is the first option
# These settings are ignored on a master server.
-#hot_standby = off # "on" allows queries during recovery
+#hot_standby = on # "off" disallows queries during recovery
# (change requires restart)
#max_standby_archive_delay = 30s # max delay before canceling queries
# when reading WAL from archive;
@@ -272,6 +274,14 @@ dynamic_shared_memory_type = posix # the default is the first option
#wal_retrieve_retry_interval = 5s # time to wait before retrying to
# retrieve WAL after a failed attempt
+# - Subscribers -
+
+# These settings are ignored on a publisher.
+
+#max_logical_replication_workers = 4 # taken from max_worker_processes
+ # (change requires restart)
+#max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers
+
#------------------------------------------------------------------------------
# QUERY TUNING
@@ -300,7 +310,8 @@ dynamic_shared_memory_type = posix # the default is the first option
#cpu_operator_cost = 0.0025 # same scale as above
#parallel_tuple_cost = 0.1 # same scale as above
#parallel_setup_cost = 1000.0 # same scale as above
-#min_parallel_relation_size = 8MB
+#min_parallel_table_scan_size = 8MB
+#min_parallel_index_scan_size = 512kB
#effective_cache_size = 4GB
# - Genetic Query Optimizer -
@@ -342,7 +353,7 @@ dynamic_shared_memory_type = posix # the default is the first option
# (change requires restart)
# These are only used if logging_collector is on:
-#log_directory = 'pg_log' # directory where log files are written,
+#log_directory = 'log' # directory where log files are written,
# can be absolute or relative to PGDATA
#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern,
# can include strftime() escapes
@@ -369,6 +380,7 @@ dynamic_shared_memory_type = posix # the default is the first option
#syslog_split_messages = on
# This is only relevant when logging to eventlog (win32):
+# (change requires restart)
#event_source = 'PostgreSQL'
# - When to Log -
@@ -430,7 +442,7 @@ dynamic_shared_memory_type = posix # the default is the first option
#log_duration = off
#log_error_verbosity = default # terse, default, or verbose messages
#log_hostname = off
-#log_line_prefix = '' # special values:
+#log_line_prefix = '%m [%p] ' # special values:
# %a = application name
# %u = user name
# %d = database name
@@ -538,7 +550,7 @@ log_timezone = 'UTC'
#session_replication_role = 'origin'
#statement_timeout = 0 # in milliseconds, 0 is disabled
#lock_timeout = 0 # in milliseconds, 0 is disabled
-#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled
+#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled
#vacuum_freeze_min_age = 50000000
#vacuum_freeze_table_age = 150000000
#vacuum_multixact_freeze_min_age = 5000000
@@ -566,11 +578,11 @@ timezone = 'UTC'
# encoding
# These settings are initialized by initdb, but they can be changed.
-lc_messages = 'en_US.UTF-8' # locale for system error message
+lc_messages = 'en_US.utf-8' # locale for system error message
# strings
-lc_monetary = 'en_US.UTF-8' # locale for monetary formatting
-lc_numeric = 'en_US.UTF-8' # locale for number formatting
-lc_time = 'en_US.UTF-8' # locale for time formatting
+lc_monetary = 'en_US.utf-8' # locale for monetary formatting
+lc_numeric = 'en_US.utf-8' # locale for number formatting
+lc_time = 'en_US.utf-8' # locale for time formatting
# default configuration for text search
default_text_search_config = 'pg_catalog.english'
@@ -591,6 +603,10 @@ default_text_search_config = 'pg_catalog.english'
# (change requires restart)
#max_pred_locks_per_transaction = 64 # min 10
# (change requires restart)
+#max_pred_locks_per_relation = -2 # negative values mean
+ # (max_pred_locks_per_transaction
+ # / -max_pred_locks_per_relation) - 1
+#max_pred_locks_per_page = 2 # min 0
#------------------------------------------------------------------------------
@@ -606,7 +622,6 @@ default_text_search_config = 'pg_catalog.english'
#lo_compat_privileges = off
#operator_precedence_warning = off
#quote_all_identifiers = off
-#sql_inheritance = on
#standard_conforming_strings = on
#synchronize_seqscans = on
--
GitLab